Securing Windows XP, Section 6

By this time we bet you are wondering how we, the authors, protect our systems.  Listing of hardware, programs and software does not necessarily constitute an endorsement on our part. They are mentioned for informational purposes only.

Author 1:

1.    Hardware firewall router:  Linksys BEFSR41

2.    Software firewall:   ZoneAlarm Pro

3.    Anti Virus:  AVG v7, Network Edition

4.    Anti Spyware:  Ad-Aware, Spybot S&D

5.    Encryption:  DriveCrypt

6.    Browser:  FireFox

7.    Email Client:  Thunderbird

8.    Small, self-made HOSTS file.

Author 2:

1.    Hardware firewall router:  SonicWALL SOHO2 (no longer made, so the current SOHO model I would buy today is the SonicWALL TX-170)

2.    Software firewall:  ZoneAlarm Pro

3.    Anti Virus:  AVG v7, Network Edition

4.    Anti Spyware:  PestPatrol, SpywareBlaster and SpywareGuard

5.    Encryption:  DriveCrypt

6.    Browser:  FireFox

7.    Email client:  Thunderbird

8.    HOSTS file modifications from here plus additions as necessary.

Sources, References, places to find more info:

These are the places we have found while researching this article. Material from these sources were not necessarily used in the creation of this article.

National Security Agency - Security Recommendation Guides

Microsoft Windows XP Security Guide

UK Security Online, Windows XP - Home User Self-Defence

Microsoft Security At Home

Securing Mobile Computers with Windows XP Professional

Security Guidance Center for Developer and IT Pros

How to disable simplified sharing and set permissions on a shared folder in Windows XP

Windows XP Baseline Security Checklists

Creating strong passwords

How to create and use a password reset disk for a computer that is not a domain member in Windows XP

Book: Hacking Exposed (4th Ed.)

Foundstone (see white papers and free tools section)

You Need a (properly configured) Firewall

Port Authorities - Six Software Firewalls That Proved Effective

Securing Against the ‘Threat’ of Instant Messengers

The Complete Windows Trojans Paper

Securing Mobile Computers with Windows XP Professional

Listing of programs and software does not necessarily constitute an endorsement on our part. They are mentioned for informational purposes only.

Notes

We've dealt with a lot of feedback over the previous version of this article, some good and some flaimbait. The changes in this version are the result of that feedback.

1 - This guide is intended for home users in either stand-alone or workgroup environment.

2 - This is intended to be more or less a set-up guide. By that we mean...we deal with regular (non-geek) computer users all the time. We've come to realize that most do not know and do not want to know the intricacies of computing. They just want to "do their thing" and do not want to deal with the constant hassles that would come with super-hardened security measures nor do they care to spend the time to learn about them. With that in mind we've tried to create a guide that doesn't limit functionality too much. We've also tried to keep the explanations to a minimum.

3 - The last version of this guide contained a section about using a modified HOSTS file. The authors of this document have differing opinions on this issue so we've put that section in an appendix.

Eric's thoughts-

"I've come to find this practice unsatisfactory for 2 reasons. 1 - It requires upkeep. 2 - Most HOSTS files on the internet not only block so-called "bad" sites but legitimate ads as well. Advertising is the lifeblood for most of the sites you visit. IMHO unless it is a pop-up, pop-under, pop-over, ads with sound ( I view these as invasive) they shouldn't be blocked.

For geeks - I believe using a HOSTS file for added protection can be another tool in your security arsenal but it requires constant attention on your part. Using a HOSTS file for security is not a replacement for any other security tool/method."

4 - "You should include xyz", "you didn't mention 123". As stated earlier, this is a "basics" guide. Most likely we did not include/mention certain issues because many of them would require detailed explanations, instructions, work-arounds, etc... In other words we'll get a comment "now my program doesn't work" or "I can't access such-and-such". More advanced steps would turn this guide into something beyond its intention. If you have something you feel we've missed, post a comment in the forum thread about this guide and please provide a full explanation and references.

5 - The last version of this guide contained a section about using IPX/SPX on your home network. This has been removed due to the fact that this protocol is not supported under 64-bit versions of Windows. You may see Microsoft's guide here: To enable file and print sharing on the IPX/SPX protocol

6 - Security for the paranoid. We've been asked for a version of this guide that is more advanced. First, we don't think we are qualified enough to write a guide so complex and in-depth. Second, that would require a massive book or books. If you truly want to go into "paranoid mode" you are basically going to have to study XP security. Using advanced techniques requires understanding networking (firewalls, ports, protocols, etc.), and security policies (and templates). Those who are interested in this topic can start their research in the links section of this document.