Securing Windows

Jan2005 Extremely critical patches are out.

When setting up a new windows PC on a budget (as I'm sure many other people here have been roped into time and time again), I've found the following pieces of free software invaluable in preventing the need for constant maintainence visits:

Spybot Search And Destroy: http://spybot.eon.net.au/ (adaware is also useful, but I tend to just stick with spybot)

I used to recommend ad-aware, even after coming across spybot. However, given an IE centric environment and a literally less than completely adept user base, and a concerning incident involving pop-up ware which was only caught by spybot, I can't recommend ad-aware anymore. --WilliamUnderwood

Sygate Personal Firewall: http://soho.sygate.com/products/spf_standard.htm AntiVir?: http://www.free-av.com/

I'd also recommend installing mozilla or another browser and making it the default browser. It'll prevent most of the problems that you need spybot to fix.

Teach the user how to run the updates on these programs. Teach them to go to windows update. Leave an instruction sheet. If they call you with a problem, try making it your first suggestion to update and run these programs (even if it is completely unrelated, give them the impression that running these programs is the first step in any diagnostics, it will force them into the habit).

Most frequent exploited problems

SansInstitute Oct2004 issued a TopTen threat for both Windows and Unix. See http://www.sans.org/top20/ for exposures and countermeasures

WindowsXp SP2 security matters

See http://netsecurity.about.com/od/securingwindowsxp/a/aa052304_p.htm

Free courses from Microsoft (limited time) for WindowsXp

See https://www.microsoftelearning.com/xpsp2/

IMO, anyone running Windows with a broadband connection these days, that doesn't use a hardware firewall/NAT box, is just begging for trouble. They may not be free, but they're cheap, and an essential component to protecting a home PC.

Lots. Scans just don't get to your machine, meaning you don't have to worry so much about flaws in Windows or Zonealarm. So it prevents some classes of attack completely - ZoneAlarm? etc just try to prevent any adverse effect when the attack happens. I run a H/w nat device and no personal firewall. hardware and software based FireWalls complements each other

A PC Advisor article (http://www.pcadvisor.co.uk/index.cfm?go=news.print&news=4182) says with only software based firewall, the software can be compromised and PC subjected to unsolicited scans. Whereas a hardware tool cannot tell which applications are trying to access the net, and does not work with dialup lines.

SecurityManagement aspects

Windows built for single user with highest previledge - an entrenched culture

SP2 (WindowsXp) breaks software who has not considered other types of user exist (those needing "restricted access" to defend against MalWare and SocialEngineering tactics).

Analysis of a Break in

InternetRelayChat becomes a means to remote control enslaved PCs. See http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm

GAP in "Windows Genuine Advantage Program (WGA)"

Next (Feb05) phase in WGA will see pirated OS denied security patches. If this scheme is successful, it probably will mean more Distributed DoS and spam attacks from the PCs denied from essential patches.

ref: Gartner article at http://www4.gartner.com/DisplayDocument?doc_cd=125945

SecuringWindows QuickQuestions

Anyone used GeoTrust's free TrustWatch tool? What experiences do people have on this? See http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/09-13-2004/0002249005&EDATE= and http://news.zdnet.com/2110-3513_22-5367650.html

See also InternetSecurityForMicrosoftUsers

CategoryMicrosoft, CategorySecurity

EditText of this page (last edited February 1, 2005) or FindPage with title or text search