Jump to content
Compatible Support Forums
Sign in to follow this  
Mastertech

Secure XP - A Windows XP Security Guide

Recommended Posts

nice post smile

 

Just a little 'alternative' regarding the open C$ shares- you dont actually need to fiddle about in the registry. I recommend this to anyone who

a)uses a router but does not use file sharing between PCs

b)does not run any out of the ordinary server services

c) does not rely on NetBIOS or the LMHOSTS file for anything

 

This *may* apply to those using dial-up - I am not sure since I am not quite sure how dial up is setup (i only had dial up on Win95 u see)

 

On XP (probably 2000 too), go into Control Panel and click 'Network connections'

Right click your lan connection and click properties

Untick the options "file sharing for ms networks" and "client for MS networks" (you may also want to get rid of QoS if its there too)

Click Apply

If prompted to reboot after unticking them both do so, but return to this screen once done

Highlight each option, and click uninstall. Click no to reboot

Do the same for the other option (and QoS if applicable)

Reboot

Go back into this screen, highlight Internet Protocol

Click Properties

Click advanced

Click the WINS tab

Untick LMHOSTS lookup

Tick "disable NetBIOS over TCP/IP"

Click ok

Close all screens

Reboot

 

smile

 

This will secure your connection and also deactivate the Server and Workstation services as well. If you click on shares in Computer Management you will get an error since the server service isnt started- a bit more tidy than a Registry workaround laugh

 

 

other notes on that article:

 

Not sure if it is nessesary to have the Windows Firewall enabled and a 3rd party one (such as Zonealarm) at the same time. I normally turn off the Windows one and also disable the "Windows Firewall/Internet Connection Sharing (ICS)" service.

 

Also, they missed a biggie out! If you can, use an alternative to Internet Explorer such as Opera, Mozilla, FireFox. Also set this new browser as default browser in the 'Set program access and defaults' screen.

 

S

 

 

 

 

Share this post


Link to post
Quote:
This will secure your connection and also deactivate the Server and Workstation services as well. If you click on shares in Computer Management you will get an error since the server service isnt started- a bit more tidy than a Registry workaround

You would want to use the Registry File if you have file sharing enabled.

Quote:
Not sure if it is nessesary to have the Windows Firewall enabled and a 3rd party one (such as Zonealarm) at the same time. I normally turn off the Windows one and also disable the "Windows Firewall/Internet Connection Sharing (ICS)" service.

It specifically mentions not use both at the same time.

Quote:
Also, they missed a biggie out! If you can, use an alternative to Internet Explorer such as Opera, Mozilla, FireFox.

That is a personal preference.

Share this post


Link to post

You are absolutely right, to switch and use a different browser is a personal preference.

 

However, as this is a thread on securing your operating system the entire conversation would get a low 'on a scale of one to ten' if it were not mentioned\recommended. You must admit, Internet Explorer is under attack, having its many holes exposed (called 'windows' for a reason).

 

Had my arm twisted and gave in, said i'd try a different browser two months ago, shortly afterwards making it my default.

 

Since then I have uninstalled Sygate firewall and use only the 'wet paper bag' microsoft supplies. I think nothing of searching Crackz\warez sites or [censored] as spyware is no longer an issue (friend is on 98, saw he is riddled spyware and hijackers and thats why I'm here).

 

I went with Firefox, but Opera had its appeal also. Almost all scumware is designed to run on internet explorer, and internet explorer only. If you don't use IE, you can soon delete anything like 'CWShredder', and shortly afterwards laugh at anybody who feels thet need it.

 

One rule of thumb that is not personal preference, but fact;

the less you see 'Microsoft' in the registry, the stronger your computer is.

 

``````````````````````````````

 

What you do yourself (obviously), is up to you, but I always advise an alternative to entering the registry if there is one.

Screwing up your system is a drag - aiding in screwing up somebody elses, that's just wrong.

Share this post


Link to post
Quote:
You must admit, Internet Explorer is under attack, having its many holes exposed (called 'windows' for a reason).

Yes I admit it is under attack but it can be secured, look at Steps 1, 2 and 3 of the Guide. The largest exploit that CWS and its variants exploit is MSJVM, once that is removed you are left with ActiveX Vulnerabilities. They are closed down with SP2 and Spyware Blaster. In the end a secure IE gets no more Spyware infections then you do with Firefox. Unless of course you are ad click happy smile. At which point recommending Firefox becomes just a personal preference and offers nothing more then Avant Browser has, actually Avant Browser has more features. Alot of people online are overly hyping Firefox when it is very easy to secure IE from spyware infections.



Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×