Safer Surfing With XP
Sunday, June 29, 2008
I’m always being asked to fix friends and relatives computers and most of the time the problem turns out to be some sort of malware. Out of the box Windows XP is very insecure. That’s not to say Windows XP can’t be a secure operating system. By default XP has enabled services that, for most users, are not necessary. Services like telnet, remote registry and remote desktop are not necessary and can be outright dangerous.
Elaborate suites of security software are un-necessary on a properly configured system.
Using the recommendations listed below I have been running Windows XP without a software firewall or any actively running anti-virus/anti-spyware software for more than a year without picking up any malware at all. Once a week I run a scan with Spybot - Search & Destroy and ClamWin anti-virus. The only thing I’ve found has been the occasional tracking cookie.
Opening email attachments is another risky behavior. All sorts of nasty things are spread via email. Even if you get an email from a trusted friend with an attachment, don’t open it! One of the tricks used to propagate malware is to infect one computer, and then send a copy of itself on to everyone in that computers contact list. If you need to send an attachment, let the recipient know beforehand. Even following links in un-trusted emails can be dangerous.
Your cable or DSL modem could have a NAT router built in. To find out, Open your web browser (you should be using FireFox) and type “192.168.1.1″ (not the quotes) in the address bar. If a web page pops up you’re in good shape. Look for Firewall options and set them accordingly.
Go to Control Panel > User Accounts and set all users to “Limited User” instead of “Administrator”. You will first have to create a new account and set it to Administrator before setting the other accounts to limited user.
There are plenty of sites out there that have lots of good information on all the Windows services, exactly what they do and weather it’s safe to disable them. Just do a Google search for ‘Disable Unnecessary Services’ and you’ll find everything you always wanted to know and more.
Another benefit of disabling unnecessary services is a quicker, more responsive system that uses less memory.
Elaborate suites of security software are un-necessary on a properly configured system.
Using the recommendations listed below I have been running Windows XP without a software firewall or any actively running anti-virus/anti-spyware software for more than a year without picking up any malware at all. Once a week I run a scan with Spybot - Search & Destroy and ClamWin anti-virus. The only thing I’ve found has been the occasional tracking cookie.
Watch Your Behavior
Your online behavior is the biggest single factor in preventing malware and keeping your personal information safe. Visiting un-trusted sites and downloading questionable software will almost always result in some sort of malware.Opening email attachments is another risky behavior. All sorts of nasty things are spread via email. Even if you get an email from a trusted friend with an attachment, don’t open it! One of the tricks used to propagate malware is to infect one computer, and then send a copy of itself on to everyone in that computers contact list. If you need to send an attachment, let the recipient know beforehand. Even following links in un-trusted emails can be dangerous.
Get a Router
Installing a NAT router between your computer and your Internet connection is the first and one of the most effective things that can be done to prevent malware. A NAT router is a hardware based firewall that blocks all unsolicited incoming connections.Your cable or DSL modem could have a NAT router built in. To find out, Open your web browser (you should be using FireFox) and type “192.168.1.1″ (not the quotes) in the address bar. If a web page pops up you’re in good shape. Look for Firewall options and set them accordingly.
Use Firefox
A lot of malware is written to take advantage of Microsoft Internet Explorer. Firefox also has add-ons that help keep you safe such as NoScript and AdBlock Plus.Run as Limited User
A Limited User is just that, limited and can not make system changes or install software. If you should happen to run onto some nasty web site that would try to take over your system the malware will run with limited privileges and not be able to make system changes.Go to Control Panel > User Accounts and set all users to “Limited User” instead of “Administrator”. You will first have to create a new account and set it to Administrator before setting the other accounts to limited user.
Stay Updated
On the second Tuesday of each month Microsoft releases patches and updates. In theory when Microsoft discovers or is made aware of security vulnerabilities in their software they release a fix for it. Your best bet is to stay updated!Disable Unnecessary Services
I’m not sure how you do this in Windows XP Home but, in XP Pro right click MY Computer and select Manage, Click on Services and Applications. Double click Services and you’ll see a list of services and their status.There are plenty of sites out there that have lots of good information on all the Windows services, exactly what they do and weather it’s safe to disable them. Just do a Google search for ‘Disable Unnecessary Services’ and you’ll find everything you always wanted to know and more.
Another benefit of disabling unnecessary services is a quicker, more responsive system that uses less memory.
DropMyRights
Saturday, December 29, 2007
It can be a chore to use a limited user account in Windows XP. It is an even bigger task to get other people to run as a limited user. In the past I recommended MakeMeAdmin as a way to take care of administrative tasks while still logged in to a limited user account but, DropMyRights seems to be a better way to go.
Instead of using a LUA, DropMyRights starts internet aware programs (or any other program) with limited rights, so It is possible to use an administrator account as your primary login and run email clients and web browsers as a limited user.
After downloading DropMyRights copy DropMyRights.exe from where it was installed to somewhere in your path (C:WINDOWS in my case) and then uninstall it (all the other files are source code and the EULA).
Right click on the shortcut for the application you want to run with limited rights and in the Target field add C:WINDOWSDropMyRights.exe.
So:
Is now:
Edit:
There is a DropMyRights clone called StripMyRights. It does the same job with some modifications like passing command line arguments and the ability to be called from the registry.
Instead of using a LUA, DropMyRights starts internet aware programs (or any other program) with limited rights, so It is possible to use an administrator account as your primary login and run email clients and web browsers as a limited user.
After downloading DropMyRights copy DropMyRights.exe from where it was installed to somewhere in your path (C:WINDOWS in my case) and then uninstall it (all the other files are source code and the EULA).
Right click on the shortcut for the application you want to run with limited rights and in the Target field add C:WINDOWSDropMyRights.exe.
So:
"C:\Program Files\Mozilla Firefox\firefox.exe"Is now:
C:\WINDOWS\DropMyRights.exe "C:\Program Files\Mozilla firefox\firefox.exe"Edit:
There is a DropMyRights clone called StripMyRights. It does the same job with some modifications like passing command line arguments and the ability to be called from the registry.