The only way to achieve real security is through knowledge. Pressing a
shiny automated button is just going to implement what somebody else
thinks is good for the system they assume you're running. Find the
security websites, podcasts, newsletters, books. Learn what you really
need to do for your actual case, not what somebody else thinks you
should do. Learn what is superstitious paranoia that will never even
come close to a private personal system.
If you're going to run a public web server, mail server, or whatever,
one run of a script is not going to keep you secure. You need to know
what the actual attack vectors can be, and need to be prepared for a
threat that nobody's thought of yet.
Microsoft tells you all you have to do is click the little check box
that turns on the security they've built and you're all safe.
Microsoft lies.
Read.
--
Jonathan
