Mastertech 0 Posted January 15, 2005 Secure XP - A Windows XP Security Guide Improve Windows XP's Security on computers not connected to a Domain. Windows XP Home does not include all the security features Windows XP Professional does, so some security options may be unavailable to the Home user. Share this post Link to post
Mastertech 0 Posted January 16, 2005 Secure XP - A Windows XP Security Guide Share this post Link to post
ScinteX 0 Posted January 16, 2005 nice post Just a little 'alternative' regarding the open C$ shares- you dont actually need to fiddle about in the registry. I recommend this to anyone who a)uses a router but does not use file sharing between PCs b)does not run any out of the ordinary server services c) does not rely on NetBIOS or the LMHOSTS file for anything This *may* apply to those using dial-up - I am not sure since I am not quite sure how dial up is setup (i only had dial up on Win95 u see) On XP (probably 2000 too), go into Control Panel and click 'Network connections' Right click your lan connection and click properties Untick the options "file sharing for ms networks" and "client for MS networks" (you may also want to get rid of QoS if its there too) Click Apply If prompted to reboot after unticking them both do so, but return to this screen once done Highlight each option, and click uninstall. Click no to reboot Do the same for the other option (and QoS if applicable) Reboot Go back into this screen, highlight Internet Protocol Click Properties Click advanced Click the WINS tab Untick LMHOSTS lookup Tick "disable NetBIOS over TCP/IP" Click ok Close all screens Reboot This will secure your connection and also deactivate the Server and Workstation services as well. If you click on shares in Computer Management you will get an error since the server service isnt started- a bit more tidy than a Registry workaround other notes on that article: Not sure if it is nessesary to have the Windows Firewall enabled and a 3rd party one (such as Zonealarm) at the same time. I normally turn off the Windows one and also disable the "Windows Firewall/Internet Connection Sharing (ICS)" service. Also, they missed a biggie out! If you can, use an alternative to Internet Explorer such as Opera, Mozilla, FireFox. Also set this new browser as default browser in the 'Set program access and defaults' screen. S Share this post Link to post
Mastertech 0 Posted January 16, 2005 Quote: This will secure your connection and also deactivate the Server and Workstation services as well. If you click on shares in Computer Management you will get an error since the server service isnt started- a bit more tidy than a Registry workaround You would want to use the Registry File if you have file sharing enabled. Quote: Not sure if it is nessesary to have the Windows Firewall enabled and a 3rd party one (such as Zonealarm) at the same time. I normally turn off the Windows one and also disable the "Windows Firewall/Internet Connection Sharing (ICS)" service. It specifically mentions not use both at the same time. Quote: Also, they missed a biggie out! If you can, use an alternative to Internet Explorer such as Opera, Mozilla, FireFox. That is a personal preference. Share this post Link to post
shortbus 0 Posted January 17, 2005 You are absolutely right, to switch and use a different browser is a personal preference. However, as this is a thread on securing your operating system the entire conversation would get a low 'on a scale of one to ten' if it were not mentioned\recommended. You must admit, Internet Explorer is under attack, having its many holes exposed (called 'windows' for a reason). Had my arm twisted and gave in, said i'd try a different browser two months ago, shortly afterwards making it my default. Since then I have uninstalled Sygate firewall and use only the 'wet paper bag' microsoft supplies. I think nothing of searching Crackz\warez sites or [censored] as spyware is no longer an issue (friend is on 98, saw he is riddled spyware and hijackers and thats why I'm here). I went with Firefox, but Opera had its appeal also. Almost all scumware is designed to run on internet explorer, and internet explorer only. If you don't use IE, you can soon delete anything like 'CWShredder', and shortly afterwards laugh at anybody who feels thet need it. One rule of thumb that is not personal preference, but fact; the less you see 'Microsoft' in the registry, the stronger your computer is. `````````````````````````````` What you do yourself (obviously), is up to you, but I always advise an alternative to entering the registry if there is one. Screwing up your system is a drag - aiding in screwing up somebody elses, that's just wrong. Share this post Link to post
Mastertech 0 Posted January 17, 2005 Quote: You must admit, Internet Explorer is under attack, having its many holes exposed (called 'windows' for a reason). Yes I admit it is under attack but it can be secured, look at Steps 1, 2 and 3 of the Guide. The largest exploit that CWS and its variants exploit is MSJVM, once that is removed you are left with ActiveX Vulnerabilities. They are closed down with SP2 and Spyware Blaster. In the end a secure IE gets no more Spyware infections then you do with Firefox. Unless of course you are ad click happy . At which point recommending Firefox becomes just a personal preference and offers nothing more then Avant Browser has, actually Avant Browser has more features. Alot of people online are overly hyping Firefox when it is very easy to secure IE from spyware infections. Share this post Link to post