PC Security: Hardening Windows Security - Part 3

Details
Category: PC Security

Continuing on from our previous article: PC Security: Hardening Windows Security - Part 2 

 

These spyware prevention and other malware prevention tips and ideas are designed for a Home PC running Windows XP

Professional and certain tips may apply to small home network running Windows XP Professional, as such some of the recommendations may not work for other versions of Windows. As always, it is recommended to back up the data before making any changes to your computer.

Out of the box Windows installs with certain dangerous defaults which when left alone will prove to be the biggest bottle neck when you set upon to secure your system against malware and hackers.

 

Disable Automated Logins - Make sure all user accounts are password protected

Click start, go to control panel, click administrative tools and click Local security policy. Select all user names one by one and make sure there is a password set for each account that is enabled.

 

Limit the number of unnecessary login accounts

Remove all unnecessary user accounts and also prune the Administrator group. By limiting user accounts and the members of the Administrator group, you limit the number of users who might choose passwords that could expose your system.

 

Disable Simple File Sharing

If you are not connected to a domain, the simplified file sharing is enabled in Windows XP by default. This allows remote users to access the system's shares freely without being prompted for a password. When simple file sharing is enabled, you can share folders with everyone on your network or workgroup, the downside is you cannot prevent specific users from accessing those folders. It is recommended that you turn off simple file sharing which will enable you to permit specific users logged on with the user rights you have granted to access the designated folders. It is to be noted that simple file sharing cannot be turned off in Windows XP Home edition.

Disable File and print sharing

With an always-on connection, enabling file and print sharing becomes the equivalent of leaving your front door open when you are not at home. Unless absolutely necessary disable file and print sharing.

To disable file and print sharing, follow these steps:

  • Click Start, point to Settings, and then click Control Panel.
     
  • Double-click Internet Options. On the Connections tab, select your connection, and then click Settings.
     
  • Click Properties, click the Networking tab and uncheck file and Printer Sharing for Microsoft Networks.

 

Unhide the file extensions

By default, Windows hides the extensions of files when viewed in Windows Explorer and on the Windows desktop. This is exploited by malware to hide themselves by imparting a hidden second extension in order to penetrate the victims system. AnnaKournikova.jpg.vbs is an example where the windows sees only .JPG as the extention and the user is fooled into thinking that he is actually downloading a juicy image instead of the worm with an extension .vbs.

To unhide the file extensions, follow these steps:

  • Click Start, Open Control Panel, Click Folder options
     
  • Click on the View tab
     
  • Uncheck Hide extensions for known file types

There are certain file extensions which will remain hidden even after the above procedure is followed. They are .shs, .pif and .lnk. Now these extensions are being used by malware writters to let loose dangerous Trojans on the unsuspecting victims. So, when in doubt don't download or run the file.

 

Disable Remote assistance and Remote Desktop

Remote assistance is where you can invite another person to log on to your machine for remote troubleshooting. You can re-enable it whenever you require such assistance.


Remote Desktop on Windows XP Professional, "you can have access to a Windows session that is running on your computer when you are at another computer. This means, for example, that you can connect to your work computer from home and have access to all of your applications, files, and network resources as though you were in front of your computer at work. You can leave programs running at work and when you get home, you can see your desktop at work displayed on your home computer, with the same programs running".

To disable, open the System folder in Control Panel. Click on the Remote tab, uncheck both "Allow Remote Assistance invitations to be sent from this computer" and "Allow users to connect remotely to this computer", Click Apply to save the settings.

 

 Continued ...

 

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

Ok
More information