Re: How to set up a secure XP windows home edition w/service pack

Thank you for your most kind help. Some of the sites you mentioned will
certainly be added to my favorite list. My problem is with configuring the
administration tools which deals with MMC,, policy stting and the like. I
have spent a lot of time stying these services but some how someone is
always able to login to my computer in spite of security measures I take to
prevent this. I am not one that will not take the time to study the manuals
to make something work properly. But Microsoft has too many open doors and
ways to go around the security configurations. At work I use Sun Solaris
and Windows is not allowed for security cleared research. I just want to
use my computer with security. Contrary to the other individual who stated
that that people don't just hang around to Hack computers, he is ignorant of
the Hacker culture and certainly does not have any association or need for
security clearence.

"Shenan Stanley" wrote:

> mzford wrote:
> > I don't want to spend the time to learn how to set up all the
> > administration tools components that include Microsoft Management
> > Console (MMC), security this and that permissions, etc. I want to be
> > the only user and don't want other users. Every time I set up a
> > system I get many unauthorized users and hackers that will always in
> > time bring my system down. I have a $1000.000 Sonicwall router and
> > all the software security firewalls and all and they always manage
> > to get me. I wish there was a program that would guide you trogh the
> > installation or easier ways to configure your computer. Microsoft in
> > their efort to have all markets open to their OS have many open
> > variables that need to be configured to the needs of particular
> > users. If you miss one misconfiguration you can open the door to
> > hackers and malicious bugs. Is there a clear guide to configuring a
> > windows XP home edition.
>
> Microsoft has these suggestions for Protecting your computer from the
> various "bad things" that could happen to you/it:
>
> Protect your PC
> http://www.microsoft.com/security/protect/
>
>
> Although those tips are fantastic, there are many things you should
> know above and beyond what is there as well as other methods and
> applications you can use to protect yourself. Below I have detailed
> out many steps that can not only help you cleanup a problem PC but
> keep it clean and secure as well as running at its top performance mark.
>
> I know this list can seem intimidating - it is quite long and a lot
> to take in for a novice - but I assure you that one trip through this
> list and you will understand your computer and the options available
> to you for protecting your data much better and that the next time
> you review these steps, the time it takes will be greatly reduced.
>
> Let's take the cleanup of your computer step-by-step. Yes, it will take
> up some of your time - but consider what you use your computer
> for and how much you would dislike it if all of your stuff on your
> computer went away because you did not "feel like" performing some
> simple maintenance tasks - think of it like changing the oil in your car,
> changing the air filter on your home A/C unit, paying your bills on time,
> etc.
>
> Let's go through some maintenance first that should only have to be done
> once (mostly):
>
> Tip (1):
> Locate all of the software (the installation media - CDs, etc) that you
> have installed on your computer. Collect these CDs into a single pile
> and locate the original installation media (CDs, disks) in a central and
> safe place along with their CD keys and such. Make backups of these
> installation media sets using your favorite copying method (CD Burner and
> application, Disk copier, etc.) You'll be glad to know that if you have
> a CD burner, you may be able to use a free application to make a
> duplicate copy of your CDs. One such application is ISORecorder:
>
> ISORecorder home page (with general instructions on use):
> http://isorecorder.alexfeinman.com/isorecorder.htm
>
> Pre-SP2 version:
> http://isorecorder.alexfeinman.com/IsoRecorder/download.asp
>
> Post-SP2 beta version:
> http://isorecorder.alexfeinman.com/download/ISORecorderV2B2.zip
>
> More full function applications (free) for CD/DVD burning would be:
>
> DeepBurner Free
> http://www.deepburner.com/
>
> CDBurnerXP Pro
> http://www.cdburnerxp.se/
>
> Another Option would be to search the web with Pricewatch.com or
> Dealsites.net and find deals on Nero and/or Roxio.
>
>
> Tip (2):
> Empty your Internet Explorer Temporary Internet Files and make sure the
> maximum size for this is small enough not to cause trouble in the future.
> Empty your Temporary Internet Files and shrink the size it stores to a
> size between 128MB and 512MB..
>
> - Open ONE copy of Internet Explorer.
> - Select TOOLS -> Internet Options.
> - Under the General tab in the "Temporary Internet Files" section, do the
> following:
> - Click on "Delete Cookies" (click OK)
> - Click on "Settings" and change the "Amount of disk space to use:" to
> something between 128MB and 512MB. (Betting it is MUCH larger right
> now.)
> - Click OK.
> - Click on "Delete Files" and select to "Delete all offline contents"
> (the checkbox) and click OK. (If you had a LOT, this could take 2-10
> minutes or more.)
> - Once it is done, click OK, close Internet Explorer, re-open Internet
> Explorer.
>
>
> Tip (3):
> If things are running a bit slow or you have an older system
> (1.5GHz or less and 256MB RAM or less) then you may want to look into
> tweaking the performance a bit by turning off some of the memory
> using Windows XP "prettifications". The fastest method is:
>
> Control Panel --> System --> Advanced tab --> Performance section,
> Settings button. Then choose "adjust for best performance" and you
> now have a Windows 2000/98 look which turned off many of the annoying
> "prettifications" in one swift action. You can play with the last
> three checkboxes to get more of an XP look without many of the
> other annoyances. You could also grab and install/mess with one
> (or more) of the Microsoft Powertoys - TweakUI in particular:
>
> http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
>
>
> Tip (4):
> Understanding what a good password might be is vital to your
> personal and system security. You may not need to password your home
> computer, as you may have it in a locked area (your home) where no
> one else has access to it. Remember, however, that locked area is
> unlocked when you access the Internet unless you are taking proper
> precautions. Also, you aren't always "in that locked area" when using
> your computer online - meaning you likely have usernames and passwords
> associated with web sites and the likes that you would prefer other
> people do not discover/use. This is why you should understand and
> utilize good passwords.
>
> Good passwords are those that meet these general rules
> (mileage may vary):
>
> Passwords should contain at least six characters, and the character
> string should contain at least three of these four character types:
> - uppercase letters
> - lowercase letters
> - numerals
> - nonalphanumeric characters (e.g., *, %, &, !)
>
> Passwords should not contain your name/logon name. Passwords should
> be unique to you and easy to remember. One method many people are
> using today is to make up a phrase that describes a point in their
> life and then turning that phrase into their password by using only
> certain letters out of each word in that phrase. It's much better
> than using your birthday month/year or your anniversary in a pure
> sense. For example, let's say my phrase is:
> "Moved to new home in 2004"
> I could come up with this password from that:
> "Mv2n3whmN04"
>
> The password tip is in the "one time" section, but I highly
> recommend you periodically change your passwords. The suggested time
> varies, but I will throw out a "once in every 3 to 6 months for
> every account you have."
>
>
> Tip (5):
> This tip is also "questionable" in the "one time" section. However,
> if properly setup, this one can be pretty well ignored for most people
> after the initial "fiddle-with" time.
>
> Why you should use a computer firewall..
> http://www.microsoft.com/athome/security/viruses/fwbenefits.mspx
>
> You should, in some way, use a firewall. Hardware (like a nice
> Cable Modem/DSL router) or software is up to you. Many use both of
> these. The simplest one to use is the hardware one, as most people
> don't do anything they need to configure their NAT device for and
> those who do certainly will not mind fiddling with the equipment to
> make things work for them. Next in the line of "simplicity" would
> have to be the built-in Windows Firewall of Windows XP. In SP2 it
> is turned on by default. It is not difficult to turn on in any
> case, however:
>
> Enable/Disable the Internet Connection Firewall (Pre-SP2):
> http://support.microsoft.com/kb/283673
>
> More information on the Internet Connection Firewall (Pre-SP2):
> http://support.microsoft.com/kb/320855
>
> Post-SP2 Windows Firewall Information/guidance:
> http://snipurl.com/atal
>
> The trouble with the Windows Firewall is that it only keeps things
> out. Truthfully, for most people who maintain their system in other
> ways, this is MORE than sufficient. However, you may feel otherwise.
> If you want to know when one of your applications is trying to obtain
> access to the outside world so you can stop it, then you will have to
> install a third-party application and configure/maintain it. I have
> compiles a list with links of some of the better known/free firewalls
> you can choose from:
>
> ZoneAlarm (Free and up)
> http://snipurl.com/6ohg
>
> Kerio Personal Firewall (KPF) (Free and up)
> http://www.kerio.com/kpf_download.html
>
> Outpost Firewall from Agnitum (Free and up)
> http://www.agnitum.com/download/
>
> Sygate Personal Firewall (Free and up)
> http://smb.sygate.com/buy/download_buy.htm
>
> Symantec's Norton Personal Firewall (~$25 and up)
> http://www.symantec.com/sabu/nis/npf/
>
> BlackICE PC Protection ($39.95 and up)
> http://blackice.iss.net/
>
> Perhaps you can find the right firewall for your situation in that
> list and set it up/configure it. Every firewall MAY require some
> maintenance. Essentially checking for patches or upgrades (this
> goes for hardware and software solutions) is the extent of this
> maintenance - but you may also have to configure your firewall to
> allow some traffic depending on your needs. Also, don't stack these
> things. Running more than one firewall will not make you safer
> - it would likely (in fact) negate some protection you gleamed
> from one or the other firewalls you run.
>
>
>
> Now that you have some of the more basic (one-time) things down..
> Let's go through some of the steps you should take periodically to
> maintain a healthy and stable windows computer. If you have not
> done some of these things in the past, they may seem tedious at
> first - however, they will become routine and some can even be
> automatically scheduled.
>
>
> Tip (6):
> The system restore feature is a new one - first appearing in Windows
> ME and then sticking around for Windows XP. It is a VERY useful
> feature - if you keep it maintained and use it to your advantage.
> However, remember that the system restore pretty much tells you in
> the name what it protects - "system" files. Your documents, your
> pictures, your stuff is NOT system files - so you should also look
> into some backup solution.
>
> I'll mainly work around Windows XP, as that is what the bulk of this
> document is about. I will, however, point out a single place for you
> poor souls still stuck in Windows ME where you can get information on

> maintaining your system right now:
>
> Windows ME Computer Health:
> http://www.microsoft.com/windowsME/using/computerhealth/articles/
>
> Pay close attention to the sections:
> (in order)
> - Clean up your hard disk
> - Check for errors by running ScanDisk
> - Defragment your hard disk
> - Roll back the clock with System Restore
>
> Now back to the point at hand - maintaining your system restore in
> Windows XP SHOULD be automatic - but I have seen the automatic go wrong
> too many times not to suggest the following.. Whenever you think about
> it (after doing a once-over on your machine once a month or so would
> be optimal) - clear out your System Restore and create a manual
> restoration point. Why? Too many times have I seen the system restore
> files go corrupt or get a virus in them, meaning you could not or
> did not want to restore from them. By clearing it out periodically
> you help prevent any corruption from happening and you make sure you
> have at least one good "snapshot".
> (This, of course, will erase any previous restore point you have.)
>
> - Turn off System Restore.
> http://support.microsoft.com/kb/310405
> - Reboot.
> - Turn on System Restore.
> http://support.microsoft.com/kb/310405
> - Make a Manual Restoration Point.
> http://snipurl.com/68nx
>
> That covers your system files, but doesn't do anything for the files
> that you are REALLY worried about - yours! For that you need to look
> into backups. You can either manually copy your important files, folders,
> documents, spreadsheets, emails, contacts, pictures, drawings and so on
> to an external location (CD/DV - any disk of some sort, etc) or you can
> use the backup tool that comes with Windows XP:
>
> How To Use Backup to Back Up Files and Folders on Your Computer
> http://support.microsoft.com/kb/308422
>
> Yes - you still need some sort of external media to store the results
> on, but you could schedule the backup to occur when you are not around,
> then burn the resultant data onto CD or DVD or something when you are
> (while you do other things!)
>
>
> Tip (7):
> You should sometimes look through the list of applications that are
> installed on your computer. The list MIGHT surprise you. There are more
> than likely things in there you KNOW you never use - so why have them
> there? There may even be things you KNOW you did not install and
> certainly do not use (maybe don't WANT to use.)
>
> This web site should help you get started at looking through this list:
>
> How to Uninstall Programs
> http://snipurl.com/8v6b
>
> A word of warning - Do NOT uninstall anything you think you MIGHT need
> in the future unless you have completed Tip (1) and have the installation
> media and proper keys for use backed up somewhere safe!
>
>
> Tip (8):
> Patches and Updates!

>
> This one cannot be stressed enough. It is SO simple, yet so neglected
> by many people. It is especially simple for the critical Windows patches!
> Microsoft put in an AUTOMATED feature for you to utilize so that you do
> NOT have to worry yourself about the patching of the Operating System:
>
> How to configure and use Automatic Updates in Windows XP
> http://support.microsoft.com/kb/306525
>
> However, not everyone wants to be a slave to "automation", and that is
> fine - as long as you are willing to do things manually. Admittedly, I
> prefer this method on some of my more critical systems.
>
> Windows Update
> http://windowsupdate.microsoft.com/
>
> Go there and scan your machine for updates. Always get the critical ones
> as you see them. Write down the KB###### or Q###### you see when
> selecting the updates and if you have trouble over the next few days,
> go into your control panel (Add/Remove Programs), match up the latest
> numbers you downloaded recently (since you started noticing an issue) and
> uninstall them. If there was more than one (usually is), uninstall them
> one by one - with a few hours of use in between, to see if the problem
> returns. Yes - the process is not perfect (updating) and can cause trouble
> like I mentioned - but as you can see, the solution isn't that bad - and is
> MUCH better than the alternatives.
>
> Windows is not the only product you likely have on your PC. The
> manufacturers of the other products usually have updates as well. New
> versions of almost everything come out all the time - some are free, some
> are pay - some you can only download if you are registered - but it is best
> to check. Just go to their web pages and look under their support and
> download sections. For example, for Microsoft Office update, you should
> visit:
>
> Microsoft Office Updates
> http://office.microsoft.com/
> (and select "downloads")
>
> You also have hardware on your machine that requires drivers to interface
> with the operating system. You have a video card that allows you to see on
> your screen, a sound card that allows you to hear your PCs sound output and
> so on. Visit those manufacturer web sites for the latest downloadable
> drivers for your hardware/operating system. Always (IMO) get the
> manufacturers' hardware driver over any Microsoft offers. On the Windows
> Update site I mentioned earlier, I suggest NOT getting their hardware
> drivers - no matter how tempting. First - how do you know what hardware
> you have in your computer? Invoice or if it is up and working now - take
> inventory:
>
> Belarc Advisor
> http://belarc.com/free_download.html

> <- Shenan ->
> --
> The information is provided "as is", it is suggested you research for
> yourself before you take any advice - you are the one ultimately
> responsible for your actions/problems/solutions. Know what you are
> getting into before you jump in with both feet.
>
>
>
.