Secure XP - A Windows XP Security Guide
Improve Windows XP's Security on computers not connected to a Domain. Windows XP Home does not include all the security features Windows XP Professional does, so some security options may be unavailable to the Home user.
Secure XP - A Windows XP Security Guide
Improve Windows XP's Security on computers not connected to a Domain. Windows XP Home does not include all the security features Windows XP Professional does, so some security options may be unavailable to the Home user.
Improve Windows XP's Security on computers not connected to a Domain. Windows XP Home does not include all the security features Windows XP Professional does, so some security options may be unavailable to the Home user.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
nice post
Just a little 'alternative' regarding the open C$ shares- you dont actually need to fiddle about in the registry. I recommend this to anyone who
a)uses a router but does not use file sharing between PCs
b)does not run any out of the ordinary server services
c) does not rely on NetBIOS or the LMHOSTS file for anything
This *may* apply to those using dial-up - I am not sure since I am not quite sure how dial up is setup (i only had dial up on Win95 u see)
On XP (probably 2000 too), go into Control Panel and click 'Network connections'
Right click your lan connection and click properties
Untick the options "file sharing for ms networks" and "client for MS networks" (you may also want to get rid of QoS if its there too)
Click Apply
If prompted to reboot after unticking them both do so, but return to this screen once done
Highlight each option, and click uninstall. Click no to reboot
Do the same for the other option (and QoS if applicable)
Reboot
Go back into this screen, highlight Internet Protocol
Click Properties
Click advanced
Click the WINS tab
Untick LMHOSTS lookup
Tick "disable NetBIOS over TCP/IP"
Click ok
Close all screens
Reboot
This will secure your connection and also deactivate the Server and Workstation services as well. If you click on shares in Computer Management you will get an error since the server service isnt started- a bit more tidy than a Registry workaround
other notes on that article:
Not sure if it is nessesary to have the Windows Firewall enabled and a 3rd party one (such as Zonealarm) at the same time. I normally turn off the Windows one and also disable the "Windows Firewall/Internet Connection Sharing (ICS)" service.
Also, they missed a biggie out! If you can, use an alternative to Internet Explorer such as Opera, Mozilla, FireFox. Also set this new browser as default browser in the 'Set program access and defaults' screen.
S
Just a little 'alternative' regarding the open C$ shares- you dont actually need to fiddle about in the registry. I recommend this to anyone who
a)uses a router but does not use file sharing between PCs
b)does not run any out of the ordinary server services
c) does not rely on NetBIOS or the LMHOSTS file for anything
This *may* apply to those using dial-up - I am not sure since I am not quite sure how dial up is setup (i only had dial up on Win95 u see)
On XP (probably 2000 too), go into Control Panel and click 'Network connections'
Right click your lan connection and click properties
Untick the options "file sharing for ms networks" and "client for MS networks" (you may also want to get rid of QoS if its there too)
Click Apply
If prompted to reboot after unticking them both do so, but return to this screen once done
Highlight each option, and click uninstall. Click no to reboot
Do the same for the other option (and QoS if applicable)
Reboot
Go back into this screen, highlight Internet Protocol
Click Properties
Click advanced
Click the WINS tab
Untick LMHOSTS lookup
Tick "disable NetBIOS over TCP/IP"
Click ok
Close all screens
Reboot
This will secure your connection and also deactivate the Server and Workstation services as well. If you click on shares in Computer Management you will get an error since the server service isnt started- a bit more tidy than a Registry workaround
other notes on that article:
Not sure if it is nessesary to have the Windows Firewall enabled and a 3rd party one (such as Zonealarm) at the same time. I normally turn off the Windows one and also disable the "Windows Firewall/Internet Connection Sharing (ICS)" service.
Also, they missed a biggie out! If you can, use an alternative to Internet Explorer such as Opera, Mozilla, FireFox. Also set this new browser as default browser in the 'Set program access and defaults' screen.
S
Quote:This will secure your connection and also deactivate the Server and Workstation services as well. If you click on shares in Computer Management you will get an error since the server service isnt started- a bit more tidy than a Registry workaround
You would want to use the Registry File if you have file sharing enabled.
Quote:Not sure if it is nessesary to have the Windows Firewall enabled and a 3rd party one (such as Zonealarm) at the same time. I normally turn off the Windows one and also disable the "Windows Firewall/Internet Connection Sharing (ICS)" service.
It specifically mentions not use both at the same time.
Quote:Also, they missed a biggie out! If you can, use an alternative to Internet Explorer such as Opera, Mozilla, FireFox.
That is a personal preference.
You would want to use the Registry File if you have file sharing enabled.
Quote:Not sure if it is nessesary to have the Windows Firewall enabled and a 3rd party one (such as Zonealarm) at the same time. I normally turn off the Windows one and also disable the "Windows Firewall/Internet Connection Sharing (ICS)" service.
It specifically mentions not use both at the same time.
Quote:Also, they missed a biggie out! If you can, use an alternative to Internet Explorer such as Opera, Mozilla, FireFox.
That is a personal preference.
You are absolutely right, to switch and use a different browser is a personal preference.
However, as this is a thread on securing your operating system the entire conversation would get a low 'on a scale of one to ten' if it were not mentioned\recommended. You must admit, Internet Explorer is under attack, having its many holes exposed (called 'windows' for a reason).
Had my arm twisted and gave in, said i'd try a different browser two months ago, shortly afterwards making it my default.
Since then I have uninstalled Sygate firewall and use only the 'wet paper bag' microsoft supplies. I think nothing of searching Crackz\warez sites or [censored] as spyware is no longer an issue (friend is on 98, saw he is riddled spyware and hijackers and thats why I'm here).
I went with Firefox, but Opera had its appeal also. Almost all scumware is designed to run on internet explorer, and internet explorer only. If you don't use IE, you can soon delete anything like 'CWShredder', and shortly afterwards laugh at anybody who feels thet need it.
One rule of thumb that is not personal preference, but fact;
the less you see 'Microsoft' in the registry, the stronger your computer is.
``````````````````````````````
What you do yourself (obviously), is up to you, but I always advise an alternative to entering the registry if there is one.
Screwing up your system is a drag - aiding in screwing up somebody elses, that's just wrong.
However, as this is a thread on securing your operating system the entire conversation would get a low 'on a scale of one to ten' if it were not mentioned\recommended. You must admit, Internet Explorer is under attack, having its many holes exposed (called 'windows' for a reason).
Had my arm twisted and gave in, said i'd try a different browser two months ago, shortly afterwards making it my default.
Since then I have uninstalled Sygate firewall and use only the 'wet paper bag' microsoft supplies. I think nothing of searching Crackz\warez sites or [censored] as spyware is no longer an issue (friend is on 98, saw he is riddled spyware and hijackers and thats why I'm here).
I went with Firefox, but Opera had its appeal also. Almost all scumware is designed to run on internet explorer, and internet explorer only. If you don't use IE, you can soon delete anything like 'CWShredder', and shortly afterwards laugh at anybody who feels thet need it.
One rule of thumb that is not personal preference, but fact;
the less you see 'Microsoft' in the registry, the stronger your computer is.
``````````````````````````````
What you do yourself (obviously), is up to you, but I always advise an alternative to entering the registry if there is one.
Screwing up your system is a drag - aiding in screwing up somebody elses, that's just wrong.
Quote:You must admit, Internet Explorer is under attack, having its many holes exposed (called 'windows' for a reason).
Yes I admit it is under attack but it can be secured, look at Steps 1, 2 and 3 of the Guide. The largest exploit that CWS and its variants exploit is MSJVM, once that is removed you are left with ActiveX Vulnerabilities. They are closed down with SP2 and Spyware Blaster. In the end a secure IE gets no more Spyware infections then you do with Firefox. Unless of course you are ad click happy . At which point recommending Firefox becomes just a personal preference and offers nothing more then Avant Browser has, actually Avant Browser has more features. Alot of people online are overly hyping Firefox when it is very easy to secure IE from spyware infections.
Yes I admit it is under attack but it can be secured, look at Steps 1, 2 and 3 of the Guide. The largest exploit that CWS and its variants exploit is MSJVM, once that is removed you are left with ActiveX Vulnerabilities. They are closed down with SP2 and Spyware Blaster. In the end a secure IE gets no more Spyware infections then you do with Firefox. Unless of course you are ad click happy . At which point recommending Firefox becomes just a personal preference and offers nothing more then Avant Browser has, actually Avant Browser has more features. Alot of people online are overly hyping Firefox when it is very easy to secure IE from spyware infections.
