Best Security Methods For Windows XP

[okcpulse]

One of our moderators, Keith, recently had his web site accounts compromised by an attacker. The cause was most likely a trojan designed to change passwords and delete valuable information on websites such as blogs, pictures and reference information. It's always a good idea to practice good password habits on websites in use.

The same thing can and will happen with Windows. To those not in the know, Windows was designed poorly in the arena of security. Microsoft builds its operating system with the kernel (or core) of the OS exposed to make it easy for us to install or remove software and hardware. While Windows is the easiest in terms of installing software, especially remotely, it's a disaster waiting to happen. And it does thousands of times a day.

There are hundreds of good software programs out there designed to secure your Windows computer, namely the new Windows Live One Care, for malware removal and other services that can help protect Windows. But nothing beats a method few home users bother to mess with, and it's one that can REALLY help.

Almost everyone runs Windows under the computer administrator account. The administrator account is granted permission to modify every single setting for Windows XP, including the registry, which is at the kernel level. It's wise to run Windows XP under the user account, and keep the admin account seperate. Do not log into the admin account unless you need to install or remove software or add new hardware. This method adds another barrier to outsiders trying to gain access to your PC, as they can only do so through the admin account. Here's how you set up your Windows XP system for your daily use under the user account.

Click Start, then go to the Control Panel, and open it. Then, click User Accounts and select Add New User Account. Give the account your name. Then, under the Computer Administrator account, give it another name and a password that is at least 8 characters, a combination of alphanumeric characters. Be sure and write the password down so that you do not forget it, and your computer should be ready to go. Also, don't assume your completely safe doing this. Keep your firewall and antivirus programs installed for added protection. Your computer experience should be a great deal better. Granted, it's more inconvenient when adding software, but what would you rather sacrifice, a compromised computer or a bit of inconvenience for peace of mind.

[ibda12u]

Excellent info. Highly reccomended especially for multiple user pc's!

[MadMonk]

Although I agree that this is good advice, home users may find this troublesome at times. Many programs designed for home use assume that you are using an admin-type account, not only for installation but also for the general operations of the program. For those times, you can right-click the program's shortcut and choose "Run As" from the menu to run a program with elevated privledges. That way you can still be logged on as a normal user, but run a program as an administrator. Again, it may be an inconvenience (an extra couple of clicks and providing the login/password of the admin account), but better safe than sorry.

[SoonerDave]

Here is another tidbit:

If you are on an always-on/high-speed service, such as cable or DSL, you should pick up a router that will allow your computer to become, to a degree, "invisible" to the Internet.

Every device on the Internet has an "address," typically referred to as an "IP address," and consists of four "dotted" numbers, like 69.122.45.11. In a standard configuration in DSL or cablemodem setups, your PC is connected directly to the modem, and thus has a "public" IP address that exposes it quite literally to the rest of the world. That's A Bad Thing.

A router is a device that goes between your cable modem and your PC that allows your PC to have what is called a "private" or "non-routable" IP address. The router then takes the "public" IP address that used to go to your computer. Requests from your computer to the Internet go through the router first, with inbound data coming back to the router, then back to your PC. Think of the router as the "data broker" between you and the Internet.

Your router can also serve an important function known as "firewalling" where you can filter out certain unwanted sites and traffic from ever entering your local home network. A dedicated, external, hardware-based firewall is almost always a better solution than the "Windows Firewall" provided in XP by Microsoft.

While a router does not protect your computer from threats introduced via visiting such things as mocked-up websites or reading certain email messages/attachments, it will do a great job of blocking the "port scanners" that are all over the Internet looking for unprotected machines to attack with zombie viruses and bots.

-SoonerDave

[Karried]

I have a Linksys Wireless -G to enable our laptop computer to get online Cox Cable ( attached to the main computer) it works great but I have been worried about possible threats.. I have Adaware, ZoneAlarm, and Norton System Works and so does the laptop .. with the router and all of the above, are both computers relatively safe from outside attacks?

OKCPulse, I made a new User account but all of my stuff needs to be transferred ie Favorite, PICs, Files etc etc.. is there a way to do that other than manually? I deleted it until I figure out how to do that but it makes sense to have a seperate User Account..

Ibda is going to come and help me with networking soon.. and he can make sure that all is safe!

[Midtowner]

I'd also recommend a few more things to prevent these sort of attacks:

1) Install Firefox, quit using Internet Explorer: Sure, some websites might not look great, but consider this: Spammers want to target malware at their largest possible audience. Since the market is probably about 75%+ Internet Explorer, guess where malware will be targetted?

Further, Firefox Extensions are EXCELLENT. For example, I use an extension called "Adblock." Not only does it screen out most popups, it also gets rid of most banner ads as well. This prevents malware from even establishing a connection with your computer in the first place. Anyone installing Adblock, I can help you find a good filter list, PM me, or ask me again and I'll go find one. I have another extension that actually updates my list for me while I can also manually ad things.

2) Know what it is you're clicking on: If you do end up with a popup, do not automatically assume that clicking the "x" in the top right corner will make it go away. Many of these are just full windows with pictures of the 'x.' One thing to help you make the distinction between real and fake toolbars is to change away from the default windows colors.

If you get one of these, right click the window, then scroll and click "close window."

[SoonerDave]

Karried:

I wouldn't have any computers tied directly to your cable modem. I would have all computers linked to your *router*, which then ties to your modem. Sorry if I misunderstood how you have it configured.

You can move your favorites from a previous account to your new account by copying the Favorites folder located typically under "c:\Documents and Settings\old_username\Favorites" to "c:\documents and settings\new_username>\Favorites"

While I like Norton Antivirus, I am not a big fan of Norton SystemWorks. Many of Symantec's latter-day products have layer-upon-layer of only marginal value-added "stuff." Antivirus with something like AdAware can be perfectly adequate. I personally let my external router handle firewall tasks, and thus don't bother with Windows Firewall or ZoneAlarm, etc. In fact, I've found Windows Firewall to often create strange connectivity problems.

Your wireless router should have an encryption key enabled to ward off piggybackers onto your network. Some people will tell you that turning off your SSID is a security measure, but it isn't, because it's sent out by your router in response to connection requests anyway...

-SoonerDave

[Karried]

Thanks SoonerDave.... let's see.. the cable runs to the Cox Modem which is connected to the main PC which in turn is connected to the Router ..
so am I safe now?

OKCPulse told me also how to move my files to Shared files and then I would be able to use all of my junk under my new account.. thanks for the help!

[windowphobe]

The sequence here is: cable modem ----> router ----> PCs. Works rather well, wired or wireless.

[Karried]

I need Ibda... where are you?

[ibda12u]

I'm here
You're hooked up correctly. I'm assuming your pc is wired, and the laptop is wireless?

Also have you changed the default router password?
You would have no idea how many people leave that default, till some outside person gets on wirelessly and changes it for them (umm, yeah i've never done that before).

[Karried]

Whew! Ibda!! Thanks! Yes, you're right about the hook ups..

NO, of course I haven't changed the default router password since I didn't even know there was a password! LOL.. thank God for techies.

[writerranger]

Karried, As described, you have cable > PC > router?
Windowphobe, in his post above has the correct configuration:

"The sequence here is: cable modem ----> router ----> PCs. Works rather well, wired or wireless."

-------------

[ibda12u]

Yeah definitly change that password, you can probably login to the router by typing http://192.168.1.1 or 192.168.0.1 into your web browser, then you can find the tab in there to change it.

As for security, you'll going to want to enable Wireless Encryption, but you may want to hold off on that till I can look at it, so we don't accidently lock ourselves off the wireless connection.

Another safety feature would be to turn on Windows Firewall on both pc's, we can then set up the firewalls so only those 2 office pc's could access each others files. That's probably gonna be about the most security we can go with, before putting a seperate hardware device (another firewall), between your cable modem and your router. (could be slightly overkill for what you're needing).

[Stealth]

The methods I use to secure my network and computers:

Firefox with the following plugins: Adblock and Noscript

Don't use OUTLOOK. Use webmail through Firefox.

I use AVG for my Anti-Viruse and run Spybot and Adaware to make sure of Spyware/Adware.

Windows Builtin Firewall and Sygate Pro 5.5; mostly use Sygate for the nice gui IDS, to monitor all connections on the computer. I also use windows ipsec to ensure private, secure communications over Internet Protocol (IP) networks through the use of cryptographic security services.

I've got an old 550mhz computer with 2 ethernet cards; one card connected to the modem and the other one going to my 8port switch. So basically all incoming and outgoing traffic gets directed through my linux firewall with some pretty hefty security setting. It sets in the corner running as a firewall/router between my modem and my 8 port switch and it runs like a charm. I'm using Smoothwall, it's a linux based firewall. It can run on almost any PC from a 486 upwards, which becomes a dedicated firewall appliance. You can use a web browser to manage and configure the firewall/router. It's a nice addition to a network. I've got about 6 computers on my network here at home and Smoothwall is sure a winner.

A few other tips you can also implement into your security scheme.

*Keep your system up to date with all the latest security patches.

*Turn off all services that is not used: start -> run -> services.msc. Check out tweakxp.com they have a few articles about services. Before you start fiddling around, do your research.

*Monitor and Block all ports that is not in use. You can do this through Sygate.