Tutorial For Beginners – Windows XP Security
ORIGINALLY POSTED BY DINOWUFF FOR THETAZZONE/TAZFORUM HERE
Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post…we do not sell, publish, transmit, or have the right to give permission for such…TheTAZZone merely retains the right to use, retain, and publish submitted work within it’s Network
This Windows XP tutorial is for those who are first time computer users or users who have had NO training. This is not a blind HOW TO. The first thing you need to know about computer security is that no matter how secure a system, if the system connects to another system it is vulnerable to attack. And by vulnerable I mean it’s there. Just like your car is vulnerable to theft, even though it’s locked away in your garage with the doors locked and the alarm on, someone can still try to steal it.
All words in bold are key words you should search on if you are interested in learning more about the topic.
Please post any questions in this thread and I will do my best to answer them. I will not respond to PM’s unless I post asking you to.
First of all, let me address something I’ve heard in bars, at parties, my parent’s house and all over the Web.
“Instead of using Windows, switch to something more secure like Linux”.
O.K. There are two problems with that statement.
First: Someone who just picked up their new PC from the local computer store is not going to be able to reinstall Windows much less any other Operating System (OS).
Secondly: Every flavour of *nix (like Linux, BSD, UNIX, etc) has its own unique flaws that can be exploited. It’s not just the OS you have to secure, as with any OS, but it’s also the Applications.
When it comes to which OS is more secure there is only one thing you must know. Microsoft is the biggest software company because THEY WERE FIRST TO MARKET! Let me say that again: FIRST TO MARKET.
Microsoft has the largest percentage of market share because it got there first. It beat Apple and IBM (the major software companies at the time). Microsoft got on the home PC and the rest is history. This is important because the virus writers and “Hackers” – in the beginning, wanted the prestige that came along with defacing, deleting and basically screwing up as many computers as they could with one piece of malicious software. Nowadays, the same types are turning toward making as much money as possible. So if you want to be a bad guy, what are you going to exploit? An operating system installed on 10% of the world’s computers or 90%? If you said 10% … well your program isn’t going to work anyway. The next thing to remember is that first to market means “ship the stuff and well fix the bugs later”. So in the beginning, Microsoft’s software wasn’t that good. But after gaining a dominant position in the market, Microsoft realized that, in order to keep it, they had to produce quality software, instead of quick, bug-ridden software.
Cookies, File Encryption, and Erasing Files.
Not really security as such, but privacy. Cookies are often discussed as a bad thing that steals your information. Well, here’s the scoop. Cookies are given to your computer browser when it visits a web site. When you check “remember me next time I log in”, the cookie is what remembers that. Now there are ways to modify a local cookie and use it to do bad things on the server, but that’s outside the scope of this tutorial. For the most part, don’t worry about cookies. However, a type of cookie can also be issued to you that will collect more data than you wish, but here’s the kicker: you have to visi a website run by unethical individuals. So avoid sites that offer free copies of Microsoft Office and other things that seem too good to be true. “There’s no such thing as a free lunch”. ‘Twas true before the Internet, will be true after the Internet. The most important thing to remember about cookies is that they can be deleted. If you’re reading this from a public computer – don’t forget to clear your browser’s cache!
Ports and Services.
So you’re trying to find out how to “secure” your PC and everything you read says turn off all unnecessary services and close unused ports. Yea RIGHT, what’s a port? Where are these services and how do I turn them off? Do this, give your PC the good ‘ol three finger salute – CTRL+ALT+DELETE (hold down the three keys at once). Now click on the Task Manager Button. Now click the Processes tab. You see all of those weird names listed in the box? Those are services, well at least some are. The majority of the Processes end with .exe, and control how you computer works. For example, see the services.exe process. services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping other services. This process also deals with the automatic starting of services during the computers boot-up and the stopping of services during shut-down. Google or
is a great resource for finding out what all of these services do. Be warned – if a virus ever used any of these services, that will be noted. Don’t freak out thinking you have a virus. I know of at least 50 viruses that infected or used the services.exe program.
Now before I get to showing you how, I have to explain what is known as TCP. This is not an exact description – but just a loose definition. The terminology is something you will need to research yourself as you get further along and become more comfortable with networking. I have put the keywords for your search in bold.
For devices (network cards, modems, even cell phones) to communicate with each other they must speak the same language. Computer programs communicate over the web with a protocol called TCP or UDP (a kind of language that all Operating Systems understand). Now, each program or application on your computer distinguishes itself from other applications they’re communicating with by reserving and using a port number. This makes the flow of data easier. If we didn’t have different ports it would be like going to a major football stadium and there were only one door to enter and exit. When communicating over the internet, a destination and source port are opened between two computers and then data starts flowing back and forth through the two open ports. Many servers, like email servers, always listen on the same well-known port number. The actual port number is arbitrary, but is fixed by tradition and by an official allocation or “assignment” of the number by the Internet Assigned Numbers Authority (IANA). Now to prevent some bad person from connecting to your computer via an open port, let’s take a look at one that’s open by default. File and Print Sharing – NetBIOS over TCP/IP uses ports 137-139. Now then, there are several default shares set up on your computer: C$, AMDIN$ and IPC$. These are hidden shares (hidden in the sense that Windows Explorer will not display them) and can be connected to remotely. Turning off File and Print Sharing “closes” ports 137-139 and removes the above hidden shares. Here’s how:
Control Panel > Network and Internet connections > Network Connections > Local Area Connection
Right click > Properties
Select Internet Protocol (TCP/IP) > Properties
On the General tab select Advanced
Next you will have 4 tabs IP Settings/DNS/WINS/Options
On the WINS tab disable Netbios over TCP/IP
So you just learned how to close a port and stop an unwanted process. But wait, there’s more! Don’t get into the trap of thinking things are secure if you do this and unsecure if you don’t. TCP was designed to make communication between computers possible, as was NetBIOS.
Your best bet for security is using, and understanding, a firewall. Now, the one you have is on by default in XP Service Pack 2. If you are not on Service Pack 2, well then we need to have a chat about updating Windows. Anyway, here’s the link to Microsoft’s Firewall
You don’t have to use Microsoft’s – there are many others. My preference is to use a hardware firewall. I use the firewall function built into my Linksys wireless router. In any event – you must have a firewall.
Let’s take a look at computing from a behavioral science point of view, for a moment. People just want things to work and believe that their antivirus “suite” of tools – Virus Protection, Firewall and whatever else they’re putting in there these days – keeps them completely safe. Wrong! Let’s say for a moment that you have a fully patched and locked down PC with an updated Antivirus and a properly configured firewall; an internet connection and Instant Messenger (IM), perhaps a web camera, and, of course, email. You are using applications that open a connection to your PC. As you now know, when you check your email, you open a port. When you Instant Message your buddy, you open a port. Now, even with the all the preventative measures in place, someone can still take control of your PC remotely. When chatting online, using either IRC or IM, the program you use to chat opens up a port on your computer and the “chat server” – you know this. What you don’t know is when you fire up that web camera so you can see who you’re chatting with or download a picture from who ever it is you’re chatting with, another port is opened. But this time it’s not between you and the server, it’s between you and the computer owned by the person you’re chatting with. Yup, that’s right, there is a direct connection between your computer and your buddy’s computer. And as far as the firewall goes, it’s a legitimate connection because you started the conversation. This is all fine and good unless it’s not your buddy, rather some anonymous person you met on the internet.
For example, you have been chatting with someone of the opposite sex for a few months and feel you know this person really well. So you ask for a picture. A few moments later a popup or something notifies you that so and so is sending you a file. The moment you accept that file, the person sending can send ANYTHING they want along with that picture. Anything from keyloggers and Trojans to malware and scumware.
Another way to get yourself into trouble is Email. There are 419 scams all over the place. One of the best ones I’ve seen is an email stating that “your order has been processed and thanks for the $1,250.98 credit card payment. Please click here to check the status or to contact us.” At this point, if the site is still up, there will be a form you can fill out where you enter your credit card and/or social security number to verify the fake transaction. Once you do this, your money is GONE! Or perhaps, if you’re running Microsoft’s Internet Explorer, a little program gets installed that looks for financial data and then sends that data to the bad guys. The point here is to know who you are doing business with on the web. If it’s too good to be true, IT IS!
Running Windows as an Administrator
If you took your PC out of the box, plugged it in and turned it on, you’re logged on to that computer with the user name of Owner. This user has Admin Rights under Windows XP – you need to do two things. Create a new user in Windows XP with limited rights and Update Windows. Windows Update is on the Start menu – just follow the steps.
Next thing to know is that the Administrator account for Windows XP does not have a password by default. So, please change the Administrator password in Windows XP. In Windows XP Professional, from the Start menu, right click on the My Computer icon. Choose Manage. Expand “Local Users and Groups” and highlight “Users”. In the right pane, right click on the user Administrator and choose “Set password…” The password should have at least one special character (like @, $, %, &, etc) and one number. Use a paraphrase to help you remember like: My Silly 12th Grade Teacher Had 1 Fine @ss So the password would be MS12GTH1F@
You get the drift.
Well here are the credits and some links