PaulJH.com
Get Firefox!

How to secure Windows XP, by Computeruser.

I understand that any operating system can be hacked, and I have never said "impossible". But I do believe you can secure an OS so that any but the most skilled and patient will be shut out.

I got lots of emails from RedHat on the need to download updates to secure my RedHat Linux systems, and I did, but I'll leave the Linux security to others. Suffice to say that if you think your Linux out of a box without any updates or configuration effort is strongly secured, you should think again. Now onto Windows security.

(1) It appears to me that many people have moved from Windows 98 directly to Windows XP without installing, working with and understanding Windows NT4 Workstation and Windows 2000 Professional.

Microsoft made XP easy to install and easy to work with by (1) providing XP Home with crippled networking and security; and (2) setting defaults in XP Pro to be insecure out of the box.

(2) The first suggestion I have today in 2004 for Windows OS Security is to only use Windows XP Pro and dump all other Windows OS's. Windows 2000 is an excellent system if you have that and wish to stay there, but a person should not start fresh with Windows 2000 today. Finally, the Windows choice is dead-simple. Only use Windows XP Pro.

(3) Windows 98 is a 9x DOS-based OS that uses Disk Sharing for mapping drives, while NT4, 2000 and XP Pro are NT-based OS's using File Level security. You should only use NTFS and definitely not use FAT for the hard disks.

(4) Userids: Most XP Pro installations make the "first" user the owner and administrator of the PC. There is another default user actually called administrator who is also an administrator of the PC.

"Administrator" cannot be deleted, and "firstuser" cannot be deleted unless an alternate "firstuser" is set up prior. Windows XP also sets up an ASP.NET machine account (not sure whether that is dot Net Framework or basic Windows). If you use VMware, VMware sets up a vmwareuser account. Make sure all other accounts are disabled (Guest, Help Assistant, Support 38, etc.)

(5) Passwords: Go to Cain and Abel and read up. I can break any alpha-numberic password in 3 minutes. I haven't yet had the patience to build the symbol tables and I suspect that most others won't either.

So at a basic level, make sure any password has mixed case alpha-numeric construction to ward off brute force and dictionary attacks. At a more secure leve, put special characters in your passwords to ward off Cain and Abel attacks. I use 8-character passwords with special characters and randomly chosen letters and numbers. I use all lower case to make the typing a bit easier.

(5b) Don't forget to set up a strong password for "Administrator" even if you don't use it. And set up strong passwords for any userid you establish on your system.

(6) Eliminate Fast User Switching and the Welcome Screen. Force users (including yourself) to log on properly. That will also shut down running applications when you log off and change users. That is a good thing.

  Securing XP -    Part 1  | Part 2 | Part 3 |