Securing Windows XP

What is computer security? And why should I care?

Computer security is the control of access to resources and the steps taken to achieve this.

Why do I need it?

Pretend that someone called Joe buys a personal computer to use the Internet and the concept of computer security does not exist. Any time Joe connects to the Internet, everybody else using the Internet at the same time would have total access to Joe's computer not only severely compromising Joe's privacy but also risking the working integrity of his computer. In short if you care at all about your computer working or any data you enter into it you need your computer to be as secure as possible.

Computer security is the control of access to resources and the steps taken to achieve this.
If you care about your computer working properly and any data you enter into it you need your computer to be as secure as possible.

Users

In Windows XP in order to use the operating system you must login as a user. Each user has information stored in a database (SAM). For each user the database must store a username, a password and at least one group. With these two pieces of information one can login to the operating system.

Permissions

Permissions define what resources may be accessed through Windows. Even for the most trivial tasks Windows XP requires access to computer resources. These resources are defined as "objects" and it is these "objects" that Windows XP screens access for. Common examples of "objects" include a file on a hard disk or the ability to add new users. Access to these objects is restricted to certain users or groups. Every time a user requests a resource or tries to perform an action Windows checks the ACL (Access Control Lists) to see if that particular user is allowed to, if for example the user is not allowed, access will be denied. Permissions are a fundamental concept in Windows XP and almost every other operating system.

Practical Steps To A Secure Windows XP

Provide Physical Security for the machine

This is self-evident. To prevent people from using your computer(s), deny them physical access. If you want to limit or monitor computer usage, physically monitor what they are doing with your computer! These simple steps alone can reduce a large number of potential threats.

Disable or Delete Unnecessary Users

Disable any accounts that are not used. For example always disable the Guest account (disabled by default on brand new computers or a "fresh" Windows XP install).

There are two ways to disable a user in Windows XP.

1. Click Start >> Settings >> Control Panel >> User Accounts
2. In the User accounts window there are two headings: "Pick a Task..." and "or pick an account to change".
3. If you select the user you want to disable under "pick an account to change" new links will appear. Choose "Turn off the [username] account".

or

1. Click Start >> Run... >> Enter "lusrmgr.msc" >> Click "Users" >>
2. Double-click the user you want to disable, check the "Account is Disabled" box and click "Ok".

Additionally it may well be worth renaming the "Administrator" account as this may be targeted in any attempt to breach security or run/install programs. There are two methods.

XP Home Edition

1. At a command prompt type control userpasswords
2. Select Administrator and click on Properties. Change the user name, NOT the full name.

XP Professional Edition

1. Type secpol.msc at a command prompt
2. Open Local Policies/Security Options
3. In the details pane, double click Accounts: Rename Administrator Account
4. Type the new name for the account

Keep Your OS Updated

Security vulnerabilities are continuously discovered and exploited by virus writers and crackers. Microsoft's policy is to regularly release cumulative patches, available on the Windows Update site.

SP2 Windows has an Automatic updates feature:

1. Right click on My Computer
2. Choose Properties
3. Select the Automatic updates tab.

Use Antivirus Software

A computer virus is a program that when executed attempts to "infect" other programs by modifying them (embedding a copy of themselves in the code) or by changing their execution path system-wise (so that a request to run program X causes the viral code to be executed too). Usually it stays active in memory, infecting programs run by the user.

Being self-replicating is damaging enough (they tend to clog the system's resources) but since virus writers are mostly malicious, they often include a payload - a damaging action triggered by an event the coder decided upon. The payload may cause data loss, damage to Windows' integrity and/or leakage of valuable information (passwords, email addresses, credit card numbers).

An active antivirus is a necessity when connected to the Internet, since some modern viruses try to exploit known security flaws to remotely infect a computer without any user interaction.

> read more on the computer virus here

Windows XP does not include built in antivirus functionality, but many products, free and commercial, exist to protect your computer in real time. Here is a short list of software that does the job.

Kaspersky Labs International Ltd.
is one of the world's top anti-virus companies, and well known all over the world as one of the leaders in the development of advanced anti-virus technologies. We produce anti-virus defense for home users, systems for workstations, file servers and application servers, e-mail gateways, firewalls, and Web servers. Kaspersky Labs also provides anti-spam solution for Small and Medium Businesses.

CA Anti-Virus provides complete protection against viruses, worms and Trojan horse programs. The easy-to-use interface and frequent automatic updates make it effortless to stay protected, and with quick scan times and efficient use of system resources, it won't bog down your PC.

Firewall

A firewall basically monitors and filters network activity directed to and from your computer. It is first of all a security concept which involves a security policy, software and/or hardware components.

The main feature of the personal firewalls (e.g. ZoneAlarm
etc.) is to block open ports so that they cannot be accessed from the Internet. This allows you to deny suspicious requests. The (very basic) Windows XP firewall does this too.

Since software firewalls also check outbound traffic, they should in theory prevent Trojan horse programs that have breached the system from sending data to their creator. Unfortunately certain advanced malware is capable once in control of disabling specific firewalls.

Hardware firewall is a physical device that interfaces two network segments. Most routers have one built-in that is sufficient for most home networks.

Most hardware firewalls also support VPN (Virtual Private Network) connections and are capable of NAT (Network Address Translation), a feature that hides the real IP addresses of your network's computers from the outside world.

Personal firewall programs:

CA PRIVACY PROTECTION

• Anti-Spyware
• Anti-Spam
• Personal Firewall
• PC Pitstop Erase

Anti-Spyware

The term spyware refers to a relatively new breed of malicious software (that first came under scrutiny around 1999) that focuses on stealing personal information and valuable data for unsavory purposes like identity theft. (Adware is a slightly tamer version of spyware that tracks your web surfing and sends you targeted advertisement, usually in the form of popup windows.)

Spyware typically installs on a computer without the user's informed consent, either bundled with another program or by exploiting one of the many bugs of Microsoft's Internet Explorer (the mammoth web browser bundled with Windows) to perform a "drive-by download" on visiting a specially crafted web page.

Antiviruses and firewalls have a hard time with these programs. Once compromised the computer may be instructed to download more spyware. The user will then experience massive slowdowns and system instability.

To cut a long story short, prevention is the best strategy. The point is to try reducing your computer's "window of exposure." A passable, free solution could consist in the following programs that complement each other:

Ad-Aware Can fix most spyware issues. To enable preemptive blocking you would have to buy the payed-for version.

Spybot S&D Slightly glitchy. Detects known malware using euristics. It has several features (mostly accessible in "Advanced mode"). Useful ones are the 'Immunize' function, the download-blocker BHO, and a blacklist of "bad" URLs that can be added to your HOSTS file.

Microsoft's Windows Defender (freely downloadable if you use a "genuine copy" of Windows).

Remove Unnecessary Windows Services

If you have a typical installation, many services are configured as "automatic" (that is, they start automatically when the system starts or when the service is called for the first time). If a service is configured as "manual," you must start the service manually before it can be loaded by the operating system and made available for use. If a service is configured as "disabled," it cannot be started automatically or manually.

A service is a program that is loaded on startup and provides some low-level functionality in the background. It can be started and stopped on request via:

1. Control Panel
2. Administrative tools
3. Services window.

Unneeded Windows services use up a small amount of resources, but may also cause problems. For example, if you do not use TELNET you can disable the service so as to deny other people an opportunity to remotely log on your computer and send commands to it to see what happens.

Deactivating unneeded Windows services requires some caution, since stopping the wrong services may render your computer unusable. Be sure of what you're doing.

The following table lists the default services for a typical installation of Windows XP Professional, along with their default startup settings. Your list of services might be different, depending on the components selected during installation and any additional programs that have been installed.

Default settings for services