An XP security tips feature recently appeared in PC Format Magazine. Most of what it said was complete common sense, some of which was obvious to most, and consisted of things we should all be doing anyway if we're interested in security. I've not copied the whole article, nor have I covered everything it said, but I have re-written parts of it here to offer the same advice to a wider audience, aiming particularly at less experienced users in a bid to try to help reduce the number of infections appearing. I'd have just copied it out, but it's three pages long, I don't have the images, and I dodn't want to breach copyright! Anyways, the advice...
Assuming you've just freshly installed XP (which we'll all do sooner or later), this will hopefully help make sure that your PC is secure, though I see no reason that even an old install shouldn't benefit from this. There are simple things you can do above and beyound anti-virus, firewall, and windows update. Allmost all of it is completely free too! The one and only thing that would cost money is this first point, here...
1, ...Consider, if you don't have one already, getting an ADSL router (if you have an ADSL connection that is). You can pick up a single port router for as little as £30/$40, and the security benefit for this one little investment is pretty substantial.
2, Disconnect the internet connection - If it's active, disconnect it. If you have a router, this doeasn't really matter all that much, unless of course you haven't yet changed the default passwords for it. Statistically, a computer is attacked within 2 minutes of going online on average, and your's isn't ready yet.
3, Use a limited account! - This can't be stressed enough. To be using an acount with administrator status for day to day stuff is just asking for trouble. Log into your administrative account, install the programs you intend to use, add a strong password to the account (ONE YOU CAN REMEMBER!), create a limited account for day to day use (browsing the web, using programs, etc), and add a password to that account too. After setting up your computer, only ever log into the administrative account if you need it's priviledges. For the most part, use the limited account.
4, Display hidden file extensions - open "my computer", and go to tools -> folder options. Under the view tab, scroll down a little and deselect the "hide extentions for known file types", and click apply. That way, you can see that files such as "this is funny.jpg.vbs" aren't what they appear to be.
5, Protect your guest account - The guest account can be used by hackers and/or malware to gain greater access to your machine, even when turned off. The guest account can't be removed. However, you can disable it, but this can affect the functionality of your computer. Instead, what you can do, and what you probably should do, is put a strong password on it, and then leave it safely turned off. You do this by opening a command window (start -> run -> type "cmd" and press enter). at the command prompt, type net user guest <password> (where <password> is your chosen password, being something you can remember). After hitting the enter key, the guest account will be password protected. If your machine is networked and authenticating as guest, then you'll need this password to access network shares - if you tell it to remeber the password, it will only ask the once.
6, disable memory dumps - when an application on your PC crashes, windows makes a note of it in a memory dump file by default. It's useful for troubleshooting, but can unfortunately store passwords used in applications, making it a prime target for Crackers (like hackers, but evil, and given that at least one variety of CoolWebSearch was recently discovered to send personal details to a remote server for ID theft, it may be a matter of time, however unlikely, that malware could be written to use such files for purposes of finding targets for cracking.) Right-click "my computer" -> properties -> advanced tab -> the "settings" button in the startup and recovery section. Where the window says "write debugging information", change the "small memory dump (64KB)" to "none" and click ok. If your computer ever starts crashing, you can re-enable it if you need the file to investigate.
7, Safeguard the "Administrator" account - All things nasty on the internet head straight for this account. It's not the same as an account with administrator status - It's far more powerful and is concerned with the inner workings of XP. Simply changing it's name can make it far more secure, detering all but the most determined of Crackers, and leaving a lot of malware completely confused.
For XP-Pro go to start --> run --> and type gpedit.msc, which will open the group policy editor window. Go to computer configuration -> windows settings -> security settings -> local policies -> security options. Double click on "accounts: rename administrator account" and give it a new name (but don't go making it obvious, like calling it admin or something.)
For XP-Home see the instructions here.
8, Clear the page file - The page file isn't cleaned out regularly, and as a result can accumulate data, personal info, and passwords, all of which can me extracted by someone with the right tools and knowledge. A quick registry change can have windows clear it out every time the machine is shut down. Open "regedit" and make your way to HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement. Create a new DWORD value called ClearPageFileAtShutdown if it's not already there, and set its value to 1. This will take effect the next time windows is restarted, and will purge the pagefile every time thereafter.
There are a few other things you can do before you go online, but in the interests of keeping it simple, these are probably the most effective and easiest, and are probably enough for your average user. Now it's about time to reconnect your internet connection and take windows online, but it's not quite finished yet - there are still a few more things to do...
9, Firewall first - You're about to connect to the internet. Windows update should NOT be the first thing on your mind. You need to do things in the following order. Get a Firewall (at the very least, XPSP2's integrated firewall), get an Antivirus and update it, and only THEN update windows.
10, Update your HOSTS file - Go to www.mvps.org/winhelp2002/hosts.txt and download the file. Use it to replace the original HOSTS file which can be found in "C:\windows\system32\drivers\etc". This will then stop many nasties that you could ever potentially contract from contacting their home server.
11, Ditch Internet Explorer and Outlook Express - Download and install Mozilla Firefox for your web browsing, and Mozilla Thunderbird for your email, unless you are paying for pop access to your hotmail account - Thunderbird doesn't play well with hotmail. You may also want to consider using an anonymous proxy server for your web browsing.
12, Immunise against malware - Download and install "Spybot search and destroy", update it, and hit the immunise button in the program. Self explanatory really. You may also want to download and install Lavasofts "Ad-aware" to occasionally scan with in order to clear lists of recently opened files etc, and to clear the minor nasties that firewalls and the like tend to miss (tracking cookjies and such rubbish, for example). This program, as with Spybot, should be updated periodically, if not before each scan.
So there you have it, a far more secure PC that is. Log out of that administrative account, and start using the limited account!
Of course, these aren't the only things you can do to make your PC more secure, and they are certainly not compulsory (though they all make sense in one way or other and are fairly advisable). There are other things you can do such as encrypting certain files (XP Pro only), disabling certain services, setting up audit policies and disabling "simple file sharing" etc, but I will leave services and simple file sharing for somebody else to advise on on account of the fact that I am unsure about how these may affect networking, or the functionality of certain applications/setups, and of course, I'm not all that sure that security auditing is all that useful to your average user. Hopefully following the above after your next re-install (or even now!) should give you a far more trouble free experience of your computer.
If anybody has anything to add or correct, feel free.
Should you be in the mood for more information on how to make XP even more secure, read the excellent Guide to Windows Online Security & Privacy @ Techspot.
Assuming you've just freshly installed XP (which we'll all do sooner or later), this will hopefully help make sure that your PC is secure, though I see no reason that even an old install shouldn't benefit from this. There are simple things you can do above and beyound anti-virus, firewall, and windows update. Allmost all of it is completely free too! The one and only thing that would cost money is this first point, here...
1, ...Consider, if you don't have one already, getting an ADSL router (if you have an ADSL connection that is). You can pick up a single port router for as little as £30/$40, and the security benefit for this one little investment is pretty substantial.
2, Disconnect the internet connection - If it's active, disconnect it. If you have a router, this doeasn't really matter all that much, unless of course you haven't yet changed the default passwords for it. Statistically, a computer is attacked within 2 minutes of going online on average, and your's isn't ready yet.
3, Use a limited account! - This can't be stressed enough. To be using an acount with administrator status for day to day stuff is just asking for trouble. Log into your administrative account, install the programs you intend to use, add a strong password to the account (ONE YOU CAN REMEMBER!), create a limited account for day to day use (browsing the web, using programs, etc), and add a password to that account too. After setting up your computer, only ever log into the administrative account if you need it's priviledges. For the most part, use the limited account.
4, Display hidden file extensions - open "my computer", and go to tools -> folder options. Under the view tab, scroll down a little and deselect the "hide extentions for known file types", and click apply. That way, you can see that files such as "this is funny.jpg.vbs" aren't what they appear to be.
5, Protect your guest account - The guest account can be used by hackers and/or malware to gain greater access to your machine, even when turned off. The guest account can't be removed. However, you can disable it, but this can affect the functionality of your computer. Instead, what you can do, and what you probably should do, is put a strong password on it, and then leave it safely turned off. You do this by opening a command window (start -> run -> type "cmd" and press enter). at the command prompt, type net user guest <password> (where <password> is your chosen password, being something you can remember). After hitting the enter key, the guest account will be password protected. If your machine is networked and authenticating as guest, then you'll need this password to access network shares - if you tell it to remeber the password, it will only ask the once.
6, disable memory dumps - when an application on your PC crashes, windows makes a note of it in a memory dump file by default. It's useful for troubleshooting, but can unfortunately store passwords used in applications, making it a prime target for Crackers (like hackers, but evil, and given that at least one variety of CoolWebSearch was recently discovered to send personal details to a remote server for ID theft, it may be a matter of time, however unlikely, that malware could be written to use such files for purposes of finding targets for cracking.) Right-click "my computer" -> properties -> advanced tab -> the "settings" button in the startup and recovery section. Where the window says "write debugging information", change the "small memory dump (64KB)" to "none" and click ok. If your computer ever starts crashing, you can re-enable it if you need the file to investigate.
7, Safeguard the "Administrator" account - All things nasty on the internet head straight for this account. It's not the same as an account with administrator status - It's far more powerful and is concerned with the inner workings of XP. Simply changing it's name can make it far more secure, detering all but the most determined of Crackers, and leaving a lot of malware completely confused.
For XP-Pro go to start --> run --> and type gpedit.msc, which will open the group policy editor window. Go to computer configuration -> windows settings -> security settings -> local policies -> security options. Double click on "accounts: rename administrator account" and give it a new name (but don't go making it obvious, like calling it admin or something.)
For XP-Home see the instructions here.
8, Clear the page file - The page file isn't cleaned out regularly, and as a result can accumulate data, personal info, and passwords, all of which can me extracted by someone with the right tools and knowledge. A quick registry change can have windows clear it out every time the machine is shut down. Open "regedit" and make your way to HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement. Create a new DWORD value called ClearPageFileAtShutdown if it's not already there, and set its value to 1. This will take effect the next time windows is restarted, and will purge the pagefile every time thereafter.
There are a few other things you can do before you go online, but in the interests of keeping it simple, these are probably the most effective and easiest, and are probably enough for your average user. Now it's about time to reconnect your internet connection and take windows online, but it's not quite finished yet - there are still a few more things to do...
9, Firewall first - You're about to connect to the internet. Windows update should NOT be the first thing on your mind. You need to do things in the following order. Get a Firewall (at the very least, XPSP2's integrated firewall), get an Antivirus and update it, and only THEN update windows.
10, Update your HOSTS file - Go to www.mvps.org/winhelp2002/hosts.txt and download the file. Use it to replace the original HOSTS file which can be found in "C:\windows\system32\drivers\etc". This will then stop many nasties that you could ever potentially contract from contacting their home server.
11, Ditch Internet Explorer and Outlook Express - Download and install Mozilla Firefox for your web browsing, and Mozilla Thunderbird for your email, unless you are paying for pop access to your hotmail account - Thunderbird doesn't play well with hotmail. You may also want to consider using an anonymous proxy server for your web browsing.
12, Immunise against malware - Download and install "Spybot search and destroy", update it, and hit the immunise button in the program. Self explanatory really. You may also want to download and install Lavasofts "Ad-aware" to occasionally scan with in order to clear lists of recently opened files etc, and to clear the minor nasties that firewalls and the like tend to miss (tracking cookjies and such rubbish, for example). This program, as with Spybot, should be updated periodically, if not before each scan.
So there you have it, a far more secure PC that is. Log out of that administrative account, and start using the limited account!
Of course, these aren't the only things you can do to make your PC more secure, and they are certainly not compulsory (though they all make sense in one way or other and are fairly advisable). There are other things you can do such as encrypting certain files (XP Pro only), disabling certain services, setting up audit policies and disabling "simple file sharing" etc, but I will leave services and simple file sharing for somebody else to advise on on account of the fact that I am unsure about how these may affect networking, or the functionality of certain applications/setups, and of course, I'm not all that sure that security auditing is all that useful to your average user. Hopefully following the above after your next re-install (or even now!) should give you a far more trouble free experience of your computer.
If anybody has anything to add or correct, feel free.
Should you be in the mood for more information on how to make XP even more secure, read the excellent Guide to Windows Online Security & Privacy @ Techspot.
