Ways to secure a router — and other helpful tips

Fred Langa

In this special-edition LangaList Plus column, a half-dozen easily implemented settings can help make your Wi-Fi setup much harder to crack, snoop, or poach.

Plus: Scheduling Windows Defender malware scans in Win8, mirroring a solid-state drive, a DIY CPU-cooler repair, and recommending a free taskbar-tweaking utility.

Proven techniques to secure your Wi-Fi network

Information in a Microsoft TechNet article made Windows Secrets reader David Dooley wonder about some advice he’d read in Windows Secrets.

  • “In Fred’s article, ‘Routers using WPS are intrinsically unsafe’ [Dec. 13, 2012, Top Story], he suggests disabling a router’s service set identifier — in effect telling the device to not broadcast its SSID.

    “However, one of the TechNet links in Fred’s article states that some Windows computers will advertise the SSIDs of previously connected wireless networks.

    “Doesn’t this defeat the purpose of hiding or not broadcasting the SSID?”

A router’s human-friendly SSID name can make connecting PCs, tablets, and phones to a wireless network easier — especially if there are numerous active Wi-Fi networks nearby. But SSID broadcasting is a convenience, not a necessity. Wi-Fi networks work just fine without it.

Disabling SSID broadcasting makes it harder for casual snoops and Wi-Fi freeloaders to find (and possibly attack or exploit) wireless networks. Invoking the theory that thwarting any attack — even casual hacks and amateur snooping — is a good thing, I think disabling SSID is worthwhile.

That said, disabling SSID broadcasts will not stop attacks by knowledgeable, competent hackers who can sniff out Wi-Fi nets by various methods — regardless of whether a router is broadcasting its SSID.

So simply disabling SSID broadcasts is in no way a viable means of securing your router. But when combined with other security techniques, it can help protect your Wi-Fi setup from any level of hack attack — amateur to expert.

These four components are the heart of Wi-Fi security:

  • Router-administrator password: Secure access to the router’s setup menus with a long, unique, high-quality password. (For information on creating and testing strong passwords and passphrases, see the Jan. 10 Top Story, “Let your PC start the new year right!” Scroll down to “Do a thorough review of your PC’s defenses” and review the section on passwords.)
  • Wi-Fi security key: As with the admin password, use a long, unique, high-quality security key to prevent unauthorized connections to your router. (A tool such as Gibson Research Corporation’s free Ultra High Security Password Generator [site] can help. Or see the aforementioned Top Story’s section on passwords.)
  • WPA2 encryption: Set the router to use WPA2 (currently the strongest encryption available) to prevent hackers from snooping data you send and receive over Wi-Fi. Don’t use WEP, which today’s hacker tools can crack in minutes, or WPA — which is less easily cracked but fell to hackers back in 2008.
  • Wi-Fi Protected Setup: You should disable WPS, an automated setup technology included with many routers. As reported in the Dec. 13, 2012, Top Story, “Routers using WPS are intrinsically unsafe,” hackers can use WPS as a back door into your setup.

Disabling SSID is one of two secondary techniques for adding small, incremental levels of router security. The other is to apply MAC address filtering (Wikipedia definition), which will make it harder for unknown or unauthorized devices to connect to your router.

Although neither method is proof against serious, competent hacks, both will hinder common drive-by snoops, simple connection-poachers, and other forms of casual digital attack.

Used together, these six techniques will make your router much, much harder to crack than most (often minimally configured) Wi-Fi setups.

And that’s just what you want!

How to schedule malware scans in Win8

Reader Gerald Mingus noticed a missing feature in Windows 8’s built-in anti-malware tool, Windows Defender.

  • “Over the past several years (actually, since it came out), you’ve recommended — and I’ve quite happily used — Microsoft Security Essentials (MSE). I was pleased when MSE went to Version 2.

    “So I didn’t mind that Windows 8 is also using a version of MSE (now called by the old name — Windows Defender).

    “But I am wondering why there’s no ability to schedule scans. Am I missing something?”

No, you’re right; there’s no setting inside Windows Defender for conveniently scheduling malware scans. Instead, you can control the timing and frequency of Windows Defender’s scans via the Win8 Task Scheduler.

Here’s how you set it up:

  • Open Task Scheduler via Control Panel/System and Security/Administrative Tools/Task Scheduler or by opening the Charms bar; then search Settings, using the phrase: schedule tasks.
  • When Task Scheduler opens, navigate down the leftmost pane to the setting for Windows Defender (Task Scheduler Library/Microsoft/Windows/Windows Defender).
  • At the top of the middle pane, right-click Windows Defender Scheduled Scans and select Properties, as shown in Figure 1.

    Task Scheduler

    Figure 1. Control the timing of Windows Defender scans in Win8's Task Scheduler.

  • In the Windows Defender Scheduled Scans Properties dialog box, select the Triggers tab and then click the New button (see Figure 2). A New Trigger dialog box will open.

    New scan schedule

    Figure 2. Click New under the Trigger tab to set up a new scan schedule.

  • Task Scheduler offers many types of task triggers. In this case, you want to select On a schedule in the Begin the task option, as shown in Figure 3.

    Begin task on a schedule

    Figure 3. In Begin the task, select the On a schedule option.

  • Adjust the On a schedule options as you wish. For Windows Defender scans, I suggest using Daily or Weekly scans. Select an immediate Start date and set a time when your PC is likely to be on but not in heavy use. (See Figure 4.)

    Other scheduling settings

    Figure 4. Schedule daily or weekly malware scans at a convenient time.

When all the settings are to your liking, click OK and close Task Scheduler. You’re done!

For more information on using Task Scheduler, see the Oct. 11, 2012, Top Story, “Exploring Windows’ Administrative Tools: Part 4.” Although that article focuses on Win7, Win8’s Task Scheduler is nearly identical.

Note: As Gerald indicated, there are two totally different Microsoft products named “Windows Defender.” To add to the confusion, Microsoft also offers four other desktop security utilities — though not all of them work on all versions of Windows. If you need a summary of Microsoft’s anti-malware products, see the April 4 Top Story, “Microsoft’s six free desktop security tools.”

Pseudo-mirroring of a solid-state drive

Pierre Decrocq wants to undertake a form of disk-mirroring for his solid-state drive (SSD).

  • “I’d like to take advantage of the boosted performance of an SSD in my Win7 desktop system.

    “I plan to install an SSD of the same size as my current system hard disk and mirror the system disk to the SSD — then subsequently use the SSD as the system disk.

    “I will then apply updates (Windows and others) to the SSD instead of the now ‘old’ hard disk.

    “What will happen in case of SSD failure? I’d like to keep the former system disk up to date and be able to use it again as the active system disk, if needed.

    “What do you advise? Is there a way to mirror the SSD on the old hard drive?”

Disk-mirroring is a form of RAID setup (see Wikipedia article). It would work, but I think that’s overkill for what you need.

(At this point, I think RAID is almost never justified on desktop systems. It adds lots of complexity for very little actual benefit — but that’s another rant.)

Instead of mirroring (or any other RAID approach), I suggest simply imaging your SSD on a routine basis — weekly, monthly, or whatever — and saving the image file to your old, spinning-platter drive.

Then, if anything happens to the SSD, you can repair or replace the damaged drive, restore the saved image, and be back more or less where you were in one step. You’d then use your incremental backups to restore any files added or changed since the last full image was made.

Win7/8 and Vista have all the tools you need, built in. The May 12, 2011, Top Story, “Build a complete Windows 7 safety net,” has the specifics. (Vista’s built-in disk-imaging tool is similar to Win7’s, and Win8(.0)’s is essentially identical, as discussed in the March 28 LangaList Plus item, “Win8’s built-in, hidden, image/backup tool.”) Only XP requires use of a third-party disk-imaging tool.

With regular disk imaging, you’ll always be able to get back to a full, ready-to-use Windows setup — no matter what happens to the original drive!

Repairing a CPU cooling fan and fins

Robert Platt’s PC has suffered a dangerous hardware failure.

  • “I have a no-name, mongrel computer. Recently the CPU fan and cooling fins dropped off the CPU!

    “I took a closer look and found that the little catch on the fan’s side had broken off. I now have to lay the computer on its side to make it work.

    “Could I just Super Glue the fan and cooling fins back as they were? Thanks in advance for the help.”

No, adhesive won’t work. But there are a couple of repair options that just might get you going again.

Here’s why glue won’t work. Generally, the upper surface of most CPU carriers is flat metal. It’s mated to a similarly flat base of the cooling-fin/heat-exchanger/fan assembly. The flat, metal-to-metal contact lets heat flow from the CPU into the cooling fins, where the heat is carried away by the fan’s forced convection. (Often there’s a metallic paste to help the transfer; more on that below.)

The metal-to-metal contact is usually entirely mechanical: the cooling fin assembly is typically held firmly in place by springs, clips, or screws. No adhesives are used because they would act as an insulating layer between the CPU and the cooling fins, thus reducing the flow of heat out of the CPU and keeping the chip hotter than it should be.

If you’ve looked at the top of your CPU (or the bottom of your cooling-fin/cooling-fan assembly), you might have noticed a substance that looks like glue. It’s emphatically not! It’s thermal grease or paste (Wikipedia explanation) — a special-purpose, highly conductive goop that’s applied to the top of the CPU before the fin assembly is clamped on. The thermal grease enhances the flow of heat between the CPU and the heat exchanger.

Your best repair option? If the broken part of the clamp is on the fin/fan/heat-exchanger assembly, you probably can buy an identical replacement part from any of the larger PC parts suppliers (e.g., newegg.com, tigerdirect.com, and others). Basic fans and fin assemblies are not expensive.

If the broken part is on the base — the CPU socket that’s permanently mounted on the mainboard — your best option might be to gin up a nonadhesive, purely mechanical means to clamp the cooling fin assembly firmly to the top of the CPU.

As long as your CPU remains relatively cool, thin-gauge, lightweight plastic zip-ties might work. They’re flexible, easy to work with, easy to pull tight; they’re also nonconductive — safe to use around circuitry.

To maximize the heat flow through your jury-rigged setup, you might wish to purchase and use thermal grease in your new assembly, even if it wasn’t used in the original setup. Thermal grease is inexpensive — a few dollars will buy a small tube from the same sources that sell PC fans and heat exchangers — and a little goes a long way.

For information on using thermal grease, see the Hardware Secrets (no relation to Windows Secrets) article, “How to correctly apply thermal paste.”

Free taskbar-tweaking utility for Win7/8

Frequent contributor Douglas J. Ward wrote to tell us of a useful utility he found.

  • “In my daily grind, I edit multiple report files, compile them, and view the results. In no time, I have many windows open at once.

    “My problem is with the Windows taskbar popups. They constantly get in the way, should I ‘accidentally’ leave the confines of a window and touch the task bar. I applied some well-known Registry patches to disable them, but the little demons persist in popping up, vexing me no end.

    “The only other fix I could find was to increase the hover delay for all popup notifications. Unfortunately, it’s a global change (that might be OK for some folks), and I am concerned only with the taskbar.

    “An Internet search turned up 7+ Taskbar Tweaker (site).

    “This free utility provides a raft of features not available from within Windows — in particular, a way to disable the pesky taskbar popups. I can also show the seconds in the clock and, if I double-click in an unused portion of the taskbar (sometimes hard to find), it sends a CTRL-WIN-TAB key press [displaying all open windows in a stacked view].

    “It has many other features, but these three features are all I use. The first alone is enough for me to recommend this little gem to Windows Secrets!”

Thanks, Doug.

When you said, “many other features,” you weren’t kidding, as Figure 5 shows.

7+ Taskbar Tweaker

Figure 5. The free 7+ Taskbar Tweaker allows you to configure numerous aspects of the Windows 7/8 taskbar.

Thanks again, Doug!

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 10, Windows 8, Windows 7, Firefox, Internet Explorer, Google, etc. Join our 460,000 subscribers!

Enter your email above to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.
The Windows 7, Vol 3 (Excerpt)

Subscribe and get our monthly bonuses - free!

The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!

= Paid content

All Windows Secrets articles posted on 2013-09-05:

Fred Langa

About Fred Langa

Fred Langa is senior editor. His LangaList Newsletter merged with Windows Secrets on Nov. 16, 2006. Prior to that, Fred was editor of Byte Magazine (1987 to 1991) and editorial director of CMP Media (1991 to 1996), overseeing Windows Magazine and others.