Windows XP'de Güvenli Çalışmak, I. Bölüm

This material will give the reader some basic insights into how to make the work with Windows XP more secure. The material is split in two parts, the first one describing how to secure the system by the means of readily available tools offered by the OS itself, without the need of user resorting to the application of third-party software, and the second part reveals how to strengthen the security furthermore by adding an extra layer through the use of auxiliary third-party programs. In the present Agnitum Newsletter we dispatch the first part, and you, while we prepare the second, try to make sure to have applied necessary things set forth in it so we can continue moving forward security-wise.

First, you should bother about updating your OS with latest patches and fixes to eradicate known errors and security lapses unavoidably present in all software, including Microsoft’s. For a start, it’s imperative that you install the major cumulative WinXP update known as Service Pack 2 (SP2) before going to extensively use Windows, and after this is done it is advisable that all the subsequent updates released after the SP2 was out are also applied. All of this can be done by either enabling the Automatic Updates feature which by Windows default is turned on, via ordering the free disk from Microsoft (shipping not included), or by going to the address provided at the end of this text and downloading all updates manually from Microsoft’s Windows Update and Download Center sites.

To check your current Windows version and whether the SP2 is installed on your system you can hit a keyboard combination of Windows and Pause (Break) keys, after which you will be shown the system properties window. With this window, you can check the Windows version under the General tab, and also enable Automatic Updates if they accidentally were turned off somehow. Concluding the topic of updates, users should regularly update their system (at least on a monthly basis).

As is the case with all kinds of spyware, viruses and other surreptitiously running programs on PC, they do not expose themselves, seeking to conceal their every presence and activity. Standard, textbook-taught ways to see what’s running on a PC do not suffice, and people really need to learn other ways to see what’s on.

To do that, there’s a simple and easy built-in utility called the Task Manager. Invoked by a combination of Ctrl, Shift and Esc keys, it allows viewing programs and processes currently running on a PC. Going to its Processes tab, all active processes on the system are enumerated. This view, in fact, actually reflects everything that’s running on a PC at a given time, and from this window users can infer what’s needed and what’s not.

Although the names of processes shown in the window might seem little puzzling, a simple query onto the Google, Yahoo or MSN searches with the specific process name entered in the search field can give you exhaustive information needed to evaluate the legitimacy of a program in question. Conversely, you can perform a search on the local disk for an executable file you would like to get more information about. Simply enter the process name into the Windows’ Search for Files and Folders program and after the search is completed found files will be shown. By right-clicking Properties on the found file’s name you can collect the information about the process of your interest.

Just a couple of precautions: bad programs often try to impersonate the legitimate ones, and in effort to do this they copy the names of legitimate programs and show themselves under those names. Although it greatly complicates the task of program verification, if enough knowledge is applied suspicious programs would always be substantiated. If, for example, we have performed a search and found out that the file scvhost.exe is being run from the System subfolder of the Windows installation folder, the situation is quite normal, and, conversely, if the file can be found in other places rather than C:\WINDOWS\system32, C:\WINDOWS\ServicePackFiles\i386 the situation should raise the alarm, as other locations are not typical for this file to be located at. Again, fetch information about the process you see with Task Manager on the Internet, there is plenty of information available that will give you every detail about the process you’re curious about.

With Task Manager, you can terminate the programs you consider inappropriate, but caution should be applied as terminating the legitimate program might render the system inoperable or result in a loss of unsaved data. Always consult the trusted Internet source to enquire about the application you’re going to close.

To configure what programs should be started when the Windows boots up, System Configuration Utility is the right tool to do that. To access it, type msconfig into the Windows Run menu. Going to the rightmost Startup tab, you can configure which applications you want Windows to execute as it boots, and restrict the ones you do not want to be auto-started. Doing so will not only allow to diminish memory and CPU time consumption, but in extreme cases preclude the execution of dangerous applications which strive to automatically start themselves with Windows. Again, fetch the information about possible exclusions by going to the Internet searches and elaborating modestly on the subject there.

You may also consider disabling a couple of redundant Windows services, but to know which ones can be safely turned off actually requires some degree of learning, so you will need more information that can be easily found on the Internet to judge whether the service could be disabled or not. The reason so much attention is being attributed to services is that eliminating the unneeded, superfluous ones could positively influence the overall system security. Using the command services.msc entered onto the Run menu you can configure the operation of services and their startup parameters.

By the default Windows XP installation setting, some internal user accounts are enabled; they have root (administrator) privileges (highest possible level of control) and do not even carry a password protection. This situation drastically needs to be reversed, and to do that users should do the following: enter the command lusrmgr.msc into the Windows Run menu. The snap-in managing “Local Users and Groups” would appear where you can specify user passwords and disable unneeded user accounts. I advise you to make the following changes: go to the Users folder and disable all accounts except for the Administrator and your manually-created users. Rarely if not never would you need to have running Guest, Help Assistant and Support accounts.

If the Administrator password has not yet been set, you should assign it in the Control Panel’s User Accounts menu. Type nusrmgr.cpl onto the Windows Run menu and supply passwords to the Administrator account, and selective manually-added user accounts. Doing so would substantially complicate the task of taking over the PC by hackers who rely on lax password protection.

Additionally, assign appropriate user permissions to your local computer users by placing them into specific user groups with different credentials. It can be done with the same User Accounts menu: highlight the user you wish to assign new setting, click Properties, go to the Group Membership tab and in that window place the user into appropriate user group. Thus, you would have given that user special permissions to perform certain actions based on your judgment of that user authority status.

As security folks maintain, when you’re connected to the Internet, the Internet is also connected to you. With this come all the implications of keeping the network connections safe: correctly configuring connection properties, installing a firewall, acting smart and knowledgeably while being connected and so on.

Practical additions to the network safety would be:

Actually, the topic of this section may stretch too many pages of written text, but in a condensed form, the following should be paid attention to:

With SP2, great strides have been made to improve the protection of Internet Explorer (IE) browser, but the manually set level would better accommodate for the state of malware scourge and modern viruses’ prowess to infiltrate systems. Although becoming much secure with SP2’s default settings, the Internet Explorer may still need some manual tweaking. To maximize the browser security, the following is advisable to be implemented:

1. Open up IE, go to its Tools, then Internet Options, then head to the Security tab.
2. In Security, select the Internet Zone (with a sphere sign), and assign Medium security level to it by moving the slider, then press “Apply”
3. Then click on the Custom level and checkmark the following: “Prompt” for “Run ActiveX controls and plug-ins”, “Prompt” for “Scripting of Java applets”. Press OK.

After performing such actions your browser and, consequently, the entire system would be more secure, but it would be also more interrogatory, reflected by the number of user prompts it would display. To avoid these nagging confirmation windows, users can supply the exclusion lists for trusted sites the scripting on which would always be allowed. This would enable users to surf selected sites with the full-fledged media content depiction while visiting the unknown or untested sites with formidable browser safety. The exclusion lists for trusted sites are defined in the same Security tab, but with the selection of “Trusted sites” group. To do this, simply click the “Sites” button and add sites you are totally confident of as being safe and friendly.

Being protected from automatically executed webpage scripting elements in alone doesn’t guarantee an absolute protection. Healthy and logical behavior should be employed when surfing the Net, including not opening the unknown or unsolicited files, not disseminating private information to the unverified sources, not automatically trusting every contents of an unknown website, etc. The rising threat Internet users should be able to spot now is phishing and pharming (DNS poisoning). They require some deal of Internet experience but users should be aware of simple measures not to fall victim to such menaces. Phishing: it’s simple – never react, or at least react cagily to solicitations of secret data purportedly coming from banks or other entities that offer you to perform certain actions by going somewhere and doing somewhat until whatever problem is mitigated. Attackers use site spoofing techniques to impersonate the legitimate site with one of their self-constructed to defraud trusting people. Pharming, which circles around the same spoofing techniques but involves more elaborate methods of luring the victim, is much harder to recognize and defend from. At present, only the most advanced firewall can be of some help to fend off pharming.

The same safeguards mentioned in relation to the Internet usage should pertain to the use of email, plus: