The operating system is the core part of your computer and links together the system's hardware and software. Operating systems are made up of thousands of items, software, services, registry and so on. And it's this amount of code and services that makes it vulnerable. The main thing to do is to keep your operating system up-to-date and only install what you need.
Keep it up-to-date
Make sure your OS is up to date by downloading and installing all available patches, hot fixes and service packs. With Microsoft Windows XP and upwards it is usually done for you and you can choose how often and what level of updates to download and install.
Use a user account
There are generally two types of accounts within Microsoft Windows, an Administrator account and a User account. Administrator accounts obviously have high privileges and can be used to install malicious software. A very simple tip is to log-in as a User account then malicious software can only do so much damage. When you wish to install something log-in as the Administrator or right-click and click 'run as' (saves you logging in and out, you only have to enter a password).
Consider full-disc encryption
Full-disc encryption is normally installed on laptops but if your computer contained highly-sensitive data then it might be an option. A burglar might target your home or office to steal data but with full-disc encryption it would be very difficult to extract data without the correct password.
Disable the guest account
A guest account is a default low-level User account which is intended for guests who wish to use the computer. It can also be used by hackers to exploit your operating system so it is advisable to make sure it is disabled at all times.
By default any password can be set, reused and does not expire. If you are a company you should change your password regularly, enable lock-out for a set number of failed attempts and enforce policies on minimum criteria: for example, 8 characters, with at least one upper case and one special character.
Disable what you do not need
Operating systems can be full of add-ons you do not need; the more you install and enable the more vulnerable you are. It's therefore advisable to turn off services you do not need like printer sharing, network discovery and file sharing, wireless networks, remote access and so on.
Be careful what you install
There are literally thousands (or maybe even millions) of software programmes available. Most are totally genuine but some pose as genuine programmes to make money or infect your computer. Before downloading and installing anything do a bit of research and find out what other users say.
Use the integrated firewall
Microsoft Windows XP, Vista and 7 come with integrated firewalls and it’s a good idea to enable these for extra protection. The options and security offered by integrated firewalls are not great so another option is to purchase a third-party suite that offers greater antivirus, firewall and anti-spam protection.
Run a vulnerability scanner
The amount of add-ons, services and software installed within any operating system makes it difficult to know what is secure and what could be exploited remotely. Vulnerability scanners can scan the software, registry, files, and services to see what is vulnerable and how it can be fixed.
Disconnect and turn off when not in use
The internet is the single biggest threat to computers. Take away the internet and computers are, in themselves, generally very secure but of course these days a computer without an internet connection would be a waste of time. When you have finished working turn off the computer and disconnect the internet to reduce exposure.