Securing Windows XP, Section 5

Miscellaneous web browser security settings

Internet Explorer

·       Clear temporary Internet files on close - Open Internet Explorer > in the top menu click Tools and then choose Internet Options > in the resulting window click the Advanced tab > scroll down to Empty Temporary Internet files when browser is closed (under the Security section) > click Apply and OK.

·       Block 3^rd party cookies – some web pages contain cookies that aren’t even part of their content. Often these are associated with ads. To block them open Internet Explorer > in the top menu click Tools and then choose Internet Options > in the resulting window click the Privacy tab > click on the Advanced button > in the resulting window check the box next to Override automatic cookie handling > in the section Third-party cookies click the circle next to Prompt (or Block if you desire) and click OK.

Firefox

·       Block 3^rd party images – Open Firefox > in the top menu click Tools and then choose Options > in the resulting window click on the Web Features icon in the left pane > in the right pane under Load Images, check the box next to for the originating web site only and click OK.

·       Block 3^rd party cookies - Open Firefox > in the top menu click Tools and then choose Options > in the resulting window click on the Privacy icon in the left pane > in the right pane click on Cookies to expand it > under Allow site to set cookies, check the box next to for the originating web site only.

Ditch Outlook Express

   Consider using an alternative to Outlook Express. One such alternative is Thunderbird from Mozilla. Thunderbird is a FREE email program with built-in spam-blocking. Why is this important? Spam can and does often contain links and pictures that can compromise your security. By using spam-blocking you can reduce the amount of spam you get, reducing email security threats.

Stop viewing HTML email and block external images

   HTML (in very simple terms) is a programming language that allows authors to format documents for the web (in this case, email).

Why is this bad? While HTML can add nice features to email, it can also open the door to security risks. The use of HTML in email can allow someone to run unauthorized programs such as a virus or Trojan horse on your computer. In the case of spammers, the use of HTML and pictures in email can confirm the existence of your email address by "calling back" to the author’s web server. This can lead to you getting even more spam (or worse).

For Outlook Express:
With XP’s Service Pack 2, Microsoft automatically turned off the option to view external images and content in Outlook Express.

·       To view this setting open Outlook Express > choose Tools from the menu at the top of the window > scroll down and click on Options > next click on the Security tab and see the section entitled Download Images. The box next to Block images and other external content in HTML email should be checked.

·       To turn off HTML email in Outlook Express, open Outlook Express > choose Tools from the menu at the top of the window >  scroll down and click on Options > next click on the Read tab > in that section place a check the box that says Read all messages in plain text > click Apply at the bottom of that window to save your changes.

 
You can also send all your email in plain text. This makes it more likely that those who read their email in plain text see the email in the same format that you sent it.

Open Outlook Express. Choose Tools from the menu at the top of the window >  scroll down and click on Options > next click on the Send tab and see the section entitled Mail Sending Format. Click the circle next to Plain Text in that section and click Apply at the bottom of that window to save your changes.

For Mozilla Thunderbird:

·       To block the loading of remote images in Thunderbird, open Thunderbird > from the top menu choose Tools and then Options > click on Advanced in the left pane > in the right pane click on Privacy > check the box next to Block loading of remote images in mail and click OK to save your changes.

·       To view email in Plain Text instead of HTML > from the top menu choose View then choose Message Body As and click on Plain Text.

·       To send email in Plain Text, open Thunderbird > from the top menu choose Tools and then Account Settings > in the left pane under each accounts name click on Composition & Addressing > on the right side of the window uncheck the box next to Compose messages in HTML format > after you have done this for all accounts, click OK to save your changes.

Stop using File Sharing Programs

Also known as P2P (peer to peer) we use the term “file sharing” rather loosely (we all know what the vast majority of use here is). Not only do these programs open a whole variety of security holes but the content is littered with viruses and Trojans. Stay away from these programs.

About Instant Messaging

Many of us love the ability to stay in contact with friends and family that instant messaging provides. There are a few simple things you need to consider.

·       If you are going to be “Away” for more than a few minutes LOG OFF. Instant messaging programs open a number of ports into your system. The only way to truly close them is to be logged off. Too many people are signed in and “Away” for far too long, I know people who are “Away” for days at a time.

·       Consider “blocking” all people but the people in your buddy/contacts list from communicating with you.

·       Do not EVER click on a hyperlink in a member’s profile or any hyperlinks from people you don’t know. There have been exploits in the past using these. Last year a family member clicked on a hyperlink in a friend’s profile. It not only downloaded a Trojan but hijacked her profile and inserted the same bad hyperlink into her profile.

·       Most instant messaging programs offer the ability to pass files back and forth to friends and family. Be sure to “block” people who are not in your buddy/contacts list AND to display an “approve” message before accepting.

Keep ALL your programs updated

There is no such thing as a secure operating system or program. Exploits for these are found every day. Most (but not all) of these get fixed. The only way for you to get the fix is to update either automatically or manually. The best way to ensure you get these updates is to enable automatic updates in the programs that have this feature. For programs that do not have this feature you’ll have to find out about updates on your own. To do this, keep an eye on the various techie news sites. Sites that have this information include Major Geeks and Snapfiles. A word of caution…

Make sure the “update” isn’t a “beta” (test) version. READ what the update contains. This information can be found under “what’s new”, changes in version “X”, or the change log. Follow the link provided to the software manufacturers web page, download directly from the software maker when possible. It isn’t always necessary to update to the newest version. If the update doesn’t contain a security updates, fix problems you are experiencing, or contain new features you desire then consider skipping the update.