WinXP security guide

DON'T post new tutorials here! Please use the "Pending Submissions" board so the staff can review them first.
Post Reply
User avatar
ph0bYx
Staff Member
Staff Member
Posts: 2039
Joined: 22 Sep 2008, 16:00
15
Contact:

WinXP security guide

Post by ph0bYx »

Hello everyone!
I've been studying the security measures for Windows quite a while now. Even though those studies are not expert but still I learnt a lot of different techniques and methods of how to secure my computer and securing my online browsing. So I thought of writing a small guide of all those methods that I know about.

We'll start with the common ones and work our way to the more complicated.

Strong passwords
You heard it at least a million times so far but it can't be emphasised enough. Use strong passwords, passwords that are about 10 characters long and that contain upper and lower case letters, numbers, symbols. An €x@MplE~0|=
With passwords like those you don't have to fear brute forcing attacks, because theoretically to brute force a password like that the attacker would need a computer that is able to predict the weather, or he will have to have a LOT of time to crack it. So it's best that you use stronger passwords for the services that are important to you and that are accessible for others to crack it. Also it's important that you DO NOT use the same password for everything!

Use a firewall
Using a firewall prevents crackers to break into your computer from the Internet. Using a firewall is commons sense these days. All computers that communicate over the Internet must have a valid IP address, such as 61.232.252.6. These addresses allow computers to exchange data with other computers over the 'net. Your system also leaves a variety of ports open to listen for incoming data. Ports are access points for certain kinds of data to enter and leave your computer. For example, while you are viewing suck-o.com, your computer and sucko's web server are communicating through port 80, the default port for the HTTP language that web pages generally use.
The trouble is that anyone can use freely available software to scan a range of IP addresses for computers and gather information about these systems. If your computer is poorly password protected some utilities provide remote users with the ability to directly access your files.
This happens because by default, many ports in your system are fully prepared to listen and respond to any data request from the Internet. This means that your system is fully visible, the equivalent of wearing glow-in-the dark clothes in a blackout…
A firewall is a software program or hardware device which blocks remote access to your computer. It does this by closing all ports to data unless the communication is initiated from inside the firewall first. So you could, for example, surf this page without problems through a firewall since your computer sends the request for data to our web server first.
The firewall would note the Internet address that your request was sent to, and allow return communications from that specific address back through the firewall. However, anyone trying to scan a range of IP addresses for vulnerable computers would turn up a blank for your address, since the firewall blocks all unsolicited communication from the Internet.
The firewall that I use on my WinXP box is Comodo, a great firewall that is free at the same time and provides a lot of options. And it will take you just a little while to understand those options if you already don't.

Antivirus software
Even though it's argueable here about this factor of computer security, if you are a rookie to computers and computer security it would be good to use an antivirus program. The AV software does consume a lot of processing power and slows down your computers speed (the amount differs from one AV to another)but you should get one at least until you're educated enough to deal with malicious content by yourself.
There are an incredible variety of computer viruses on the Internet, with many different ways of infecting your system. The stereotypical vector for viruses is the email attachment, and this is still the most common source of infection for unwary users. Opening up a seemingly innocent attachment from a friend can have disastrous consequences. And even if you're not online there is a chance that you can plug in a USB drive with malicious content and get infected. There are few computer users who have not experienced the effects of a computer virus at some point, and malicious coders keep churning them out.
Important: make sure you keep the program updated. Antivirus software manufacturers are constantly creating new sets of virus definitions to keep up with new threats. Without updated definitions, the software will not stop newer viruses from infecting your PC. Most reputable antivirus programs will update themselves automatically when you are connected to the Internet, but it doesn't hurt to make sure you have the latest update before you scan for viruses.

Updates
This factor is optional. I haven't updated my WinXP box even once so far and I'm doing good so far. The only updates that I did is the ServicePack update and the MS08-067 update for patching the RPC vulnerability (cure for W32.Blaster and the W32.Downadup worm). But nonetheless WinXP is an extremely complex operating system, and as such has a number of bugs and design holes which are constantly in the process of being fixed by Microsoft. On the other side of the fence, there are users who are enthusiastically trying to discover these flaws, either for the purpose of informing Microsoft or just for the heck of it.
I would leave Automatic Updates a matter of personal choice.

Changing the name of the administrative account
Crackers may attempt to use the built-in 'administrator' user account to gain access to your PC.
Every WinXP installation includes an 'administrator' user account which has full control over files and system settings. This account cannot be locked or disabled and is thus the first target for anyone trying to hack into your computer. While the account should already have a password, provided you followed the procedure above, this does not protect it from attack.
Renaming the administrator account adds an extra layer of security by removing the standard user name 'administrator' which any malicious user will try first when attempting to gain access to your PC.
Make sure you are logged in as a user with administrative privileges - the first user created during the XP install process has these, as does the administrator. Right click on 'my computer' and select 'manage.' Expand 'local users and groups' then 'users.' Highlight the 'administrator' account and right click. Choose 'rename' and change the account to a name of your choosing.
Although these kind of attacks are unlikely, changing the name won't hurt, and you can do it in less than a minute.

File extensions
Windows operating systems contain an option to "Hide file extensions for known file types". The option is enabled by default, but a user may choose to disable this option in order to have file extensions displayed by Windows. Multiple email-borne viruses are known to exploit hidden file extensions. The first major attack that took advantage of a hidden file extension was the VBS/LoveLetter worm which contained an email attachment named "LOVE-LETTER-FOR-YOU.TXT.vbs". Other malicious programs have since incorporated similar naming schemes. Examples include

* Downloader (MySis.avi.exe or QuickFlick.mpg.exe)
* VBS/Timofonica (TIMOFONICA.TXT.vbs)
* VBS/CoolNote (COOL_NOTEPAD_DEMO.TXT.vbs)
* VBS/OnTheFly (AnnaKournikova.jpg.vbs)

The files attached to the email messages sent by these viruses may appear to be harmless text (.txt), MPEG (.mpg), AVI (.avi) or other file types when in fact the file is a malicious script or executable (.vbs or .exe, for example).
So make sure you you disable "Hide file extensions for known file types" options in the Folder Option located in Control Panel.

Backing and encrypting data
You can have all the security you want but you have to take to account the physical access factor. a friend that came over can fuck up something on your computer, there could be electricity problems or you could just stumble upon a Windows bug, even though this one is not physical. In any case it's important to back up your important data! Whether that be a external HD or DVD's or something third (a while ago I got a media player from my uncle from his trip to China. The media player was fucked up badly, he barely worked but the important part for me was that it had 1GB of space where I stored a part of my PDF archive) it's up to you.
Encryption - if you have sensitive data it's better that you encypt it and keep it safe, it makes easier to sleep at night. You can find encyption programs in the Suck-o download section or just google it, whatever turns you on :P.


Browsing Security
From all the broswers out there today the one that I use is Mozilla FireFox. Sure there are other good browsers out there like Opera, Safari and the minimalistic Google Chrome, but I've used Firefox for ever now it never disappointed me, plus it has some cool security add-ons that I'm gonna share here with you.

NoScript
The notorious NoScript add-on. You could read in the security news here at suck-o that it's the ONE for protection against broswer malice. The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.
It might take you a few days to get used to it, but trust me after you get used to it you won't browse without! Also the disabling Flash option is good to get those web sites to load faster.

WOT
Web Of Trust, or shorter WOT warns you about risky websites that try to scam visitors, deliver malware or send spam. It has 4 catergories: Thrustworthiness, Vendor reliability, Privacy, Child safety.
The sites are not rated by experts but by users so a few sites could be miss-rated. This add-on is mainly good because you could take some extra coution browsing and downloading something from a site that is bad rated.

Master Password
If you store your passwords and you have someone that could access your browser and find the stored passwords, someone like a roomate, family, (undercover FBI agent) girlfriend etc. In that case it's smart to use the master password option on firefox (Options > Security > use master password).
When you enable it you need to enter it only once per seasion to get your stored passwords. It is very easy to use and very useful too.

--End add-on list--

HOSTS Files
If you want to be extra careful about the shady ads that apear on the sites you browse, you can download HOSTS Files:

Code: Select all

http://www.mvps.org/winhelp2002/hosts.htm
After you download the .zip file extract it to:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
This way all those ads will display the "Conection Interupted" window. I've been using HOSTS files for a few months now and I gotta tell you it feels great to see all those Connection Interupts instead of those ads that will cost you extra bandwidth. This way you'll load web pages faster.

Phishing attacks
There is no real protection against these kind of attacks then knowledge.
Quote from Wikipedia:
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users,[2] and exploits the poor usability of current web security technologies.[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
To protect yourself from phising don't follow the links provided in emails, such as "Please confirm this transaction on your back account" "VeryHot22 wants to add you to her friends list, click here to confirm" etc.
It's better that you check those queries the direct way, go to the official site of your bank, or social network account or whatever, login and check.

EOF
-------------------------------------------------------------------------------------------------------------------------------



Well, that's pretty much it, I know there are other methods, but these are the ones I know. Feel free to correct or add another method in this thread.

PS: This is my first written tutorial/guide so critics are welcome ;)

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Post by ayu »

Excellent! :)

EDIT: I haven't read through everything because I'm leaving in 30 seconds, but I will read it all later and give a better comment then ;)

But from the looks of it, my first statement would be correct ^^
"The best place to hide a tree, is in a forest"

User avatar
Gogeta70
^_^
^_^
Posts: 3275
Joined: 25 Jun 2005, 16:00
18

Post by Gogeta70 »

Great tutorial! Moving to the proper section.
¯\_(ツ)_/¯ It works on my machine...

Post Reply