my guide to secure your pc

[Medievil]

Making XP more secure!

Ok, when running windows its very important to secure you pc!

Windows is the most used OS, that means hackers will only concentrate on Windows

it isnt true that windows isnt secure, its just as secure as linux or any other OS!

When you first boot into XP, you will see the out of the box wizard, wich asks you information about your internet connection etc,

when it asks for user accounts make a useraccount called "Install account"

here you update windows and install the programs you need etc...

Now the most important thing to do after installing is Updating Windows, this will fix many security holes and adds new usefull features to Windows.

Important to do now is enabling the Build in firewall, if you dont do this you can get infected with Worms and other virusses,

Start --> Control panel --> network and internet, right click your connection, go to properties, and check the box to enable the Firewall/ICF,

Now lets Connect to the internet and load up IE.

Go to Extra --> Windows update, this will take you to the windows update page, when it asks to install the update software click yes, so it will be able to check what updates you still need, or what ones need to be installed

It will look something like this:

After installing the windows update softwar it will check what updates you still need, click on Install now, if you havent Service pack 1 installed yet, it will ask you to do so, click Yes

The sp1 installer will load up, when it asks to archive files, check "yes" so you will be able to remove sp1 in case of Problems you may encounter

let it download and install, after install it will reboot your pc, click OK

Another good way to install SP1 or SP2 is integrating it into your Windows installation, that way you save time and bandwith!

a good tool to do this is AutoStreamer

It will integrate all new files to your CD, so you can easily burn it again later.

After booting up again SP1 should be working fine, go to start and right click on my computer, then properties, if it says Service pack 1 you should be fine,

Now, lets install all the other updates, load up IE and go to windows update, let it check for updates, then install all the critical updates, also look at the other updates, for windows and hardware, install them to if you wish,

A little window will pop up, let it download the updates and install them, reboot ur pc

check windows update again, to see if there are any other updates you want, if not close it, we now want to be protected from virusses.

When windows is up to date, you should enable automatic updates, so Windows can download updates when they are released

Also a good program for ppl with dial up or with many pc's is Autopatcher

Its packed with all the XP updates, so you can just burn this to a cd, and after installing XP, load up this prog and let it install all the XP patches, this is best method, as you dont have to whaste bandwith everytime you install windows!

Now we want to change the administrator password, in XP pro you could change it when installing windows, if you didnt or you have XP home, lets boot in safe mode, log in as administrator and go to user account settings, you cna change the password there, dont make it easy, use numbers and lettres!

After this we gonna change some settings to have a higher security.

IE: as said before, like everyone uses IE, and became the target of millions of hackers, so its very important change some security settings.

load up IE, go to tool --> internet options --> security tab

click on custom level

disable everything you dont need, its recommend to disable activeX, to prevent spyware being installed on your system!

but as activeX is the reason why ppl still use IE, there is no real point in disabling it

so my suggestion is to use a alternative browser, I use Firefox its a very fast and easy browser, and has support for themes and plug ins

also, its recommend using a hosts file, there allready is a great guide on this, so there is no need for me to write something about it

http://www.mvps.org/winhelp2002/hosts.htm

Now, lets protect ourselves from hackers or intruders in your system!

Its recommend installing a other firewall then the build in one, cause the XP firewall doesnt protect your system from Outbound communication

Which one is up to you, a few free ones are

ZoneAlarm - Screenshot

Sygate - Screenshot

Outpost - Screenshot

Lets close some unsecure Xp services now, go to start --> run --> services.msc

Find messenger service right click on it and go to properties --> choose disabled at starup drop down menu, and click on "stop"

do the same thing for

SSDP (its not needed unless your Toaster is hooked up to your PC)

TCP/IP NetBIOS Helper

Telnet

Routing and Remote Access

Remote Access Auto Connection Manager

QoS RSVP

Remote Registry

its recommend to reboot after each service is disabled to make sure you don't encounter any problems

Lets do a online port scan now, if all ports are closed you are safe :p

http://www.grc.com/x/ne.dll?rh1dkyd2

First thing we want to do now is using a online scanner to check for virusses, Some virusses could prevent a antivirus from being installed

a few online virusscanners are:

Symantec online scanner

Trendmicro

After that we need to install a antivirusscanner to ensure you wont get any virusses in the future,

which one is up to you, here are a few free ones:

Avast - Screenshot

This one has skin support, so ur lucky when you dont like the interface it has :p

AVG - Screenshot

Antivir - Screenshot

Bitdefender - Screenshot

Well, we are pretty much protected now, but still we need to get a decent anti trojan, cause antivirus scanner are pretty bad at caching trojans!

i recommend getting The cleaner

Spyware! one of the most anoying things on the internet, packed with many free programs.

After following this guide, you should be free from spyware being installed from your browser, but you can still get infected with spyware thats packed with programs.

First, we need to prevent spyware from being installed!

a program thats pretty good for this is Spywareblaster

load it up, let it update, and check protect all, ur new protected from a big list of spyware from installing!

Now, another program we need is Spywareguard it runs in the background like a antivirus, when spyware gets installed, or when ur home page is being changed a message will pop up like a antivirus would do when a virus is detected.

It saved me a few times when spyware tried to change my home page, i just blocked it with this program, worked like a charm!

Now, when you allready got spyware on your system we will want to remove it

a few programs you need for this are:

Ad-aware - Screenshot

Spybot Search and destroy - Screenshot

Bazooka adware and spywarescanner - Screenshot

Load them up and update them, run them all so you get all spyware, one program cant detect all spyware, use them all

Final thouch is making a Limited User as your main account, before doing this install all the programs you want on ur pc, done?

then go to the user account settings and create a new limited user, call it whatever you want, ur real name or nickname...

Now unplug your internet cable and your all set!

only joking

enjoy!

Edited August 8, 2004 by Medievil

[ozz109]

You could also add Bitdefender to the list and add Sygate and Outpost to the firewall section as there all free and are used by many. And you could also add about using a Hosts file, It stops you downloading crap, bad cookies, Programs calling home and adds.

[Medievil]

i updated the guide!

[->DenKen!]

You forgot to give the advise that some Windows services can be dangerous too and should be shut down. I found a script, that turns them of, if you want. NTSVCFG can be downloaded here.

I hope nobody hates me for posting this. :D ;)

[Medievil]

gonna, collecting some more info at the moment, so i can update the guide again later

[UnaBonger]

Your link to "The Cleaner" is incorrect...

It should be --> http://www.moosoft.com/

[Medievil]

not much feedback :no:

[VG11489]

Great guide needs some tweaking but nevertheless a very goood guide :D

[Japlabot]

I don't your guide, it's very basic and half the stuff is recommending using another Antivirus/Firewall products.

I find your guide somewhat incomplete and if I were to follow your guide, i think that I would still find my PC rather insecure :no:

Why don't you put anything in for AutoPatcher, changing the Administrator password, changing the name of the Administrator account, making all local users have limited accounts, cover IE security zone settings (eg: Disable installation of signed activex and only add windows update and macromedia flash in trusted sites), Outlook express security settings (eg: show all message in plain text). Also cover the standard Windows Firewall/ICF and NOT bother recommending another firewalls. pick one or two antivirus (1x pay and 1x free) and stick to them, not make the follower of the guide decide: they are followers, they follow YOUR decisions and YOUR guide. Also cover password settings in Secedit and choosing a secure password. I don't know why your guide mentions spyware, if we followed your guide, then we shouldn't get any spyware. If you were going to have anything about it in there, just put in Spybot's resident scanner, which wasn't even mentioned.

[Medievil]

ok thx

with feedback like yours i can improve it!

[JoeBonJoey]

I think it's best if a firewall was setup before connecting to the internet.

[mstangs]

Looks great to me. You may want to keep this as a quick and somewhat risky type of security setup. When you really want or in my case need to be completely setup and ready to rock and roll once that network pipe opens then you need to download and update off line. I was attacked and it took me a week (sleepin alot really) to get the system back up and running. Anytime hooked up to the net the program or programs would phone home, get new code and use a different style attack (or so I suspect). Still not quite at full speed, but good enough to be gutsy and post about it. So anyway, looks like a good site, I do believe I will hang.

-Mstangs

Mustangs with out the U?

:cool:

[ozz109]

This guide Needs updating in my book but should give some more information.

[GrandMaster]

Kaspersky Anti-Hacker is a great firewall! you need to add taht

same with kaspersky antivirus

[iron2000]

Some more stuff here, mostly IE stuff

http://www.mvps.org/winhelp2002/index.htm

[Recall1982]

According to this guide, my PC is completely insecure. :wacko:

Thanks for this.

[Medievil]

According to this guide, my PC is completely insecure. :wacko:

Thanks for this.

Nevermind

No problem m8 :D

[Medievil]

Final update!

i hope you guys like it :)

[Daylene]

thanks, the guide isn't too bad, but not the best in my books :s

[Medievil]

thanks, the guide isn't too bad, but not the best in my books :s

why not?

[Elmo]

awesome guide (Y)

[demorgoron]

didnt do anything to me,already had everything done :D

nice guide BTW

[Recall1982]

WOW, this is really nice update, thanks for Your work m8 :D

[blik]

Its OK

Heres my guide...

1) Get a router thats very configurable

2) Keep antivirus up to date

3) Use common sense when on the net

[dotRoot]

I'm a security buff and I think there is a lot more that can be said here, but this should be fine most average windows internet users. You don't go into security outside the internet, but that's OK, like I said: its fine for the average windows internet user.

But as stuff you can add/modify to make the average user secure:

Spybot's HOSTS file additions, IE add-ons, etc.

If you are using window's ICF mention that it is known to slow down connections, but is 'fixed' in SP2

If you are using ICF it isn't recommended to also use another software firewall

Mention disabling responding to Pings (can be done via most routers), but here's how to disable it via XP/2000/2003 http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

Disable Remote Desktop when not needed: Right-click My Computer -> Properties -> Remote Tab -> Uncheck 'Allow Users to connect remotely to this computer'

Talk about using 'msconfig' to see what starts up at boot time

EDIT: one thing I forgot to add. If you want the best software firewall (in my opinion) without having to use another box as a proxy/firewall than I'd recommend: http://www.deerfield.com/products/visnetic-firewall/ although it can be a little complicated to the average person. But for many neowinians at least, it shouldn't be a problem. FYI: These are the guys who in the past made the CONSeal firewall (legendary back in the mid to late 90s to both 'hackers' and IT pros and it was the first that I can remember that would tell you of applications trying to use the internet). Macafee bought the engine out some time ago and so they've since overhauled the engine, made it a lot better and more modern and started a new company.

Anyway just thought I'd throw that firewall in, its not free though.

Edited August 8, 2004 by dotRoot