Windows XP Security Tips
Some of my geeky friends are telling me that Windows XP is full of security holes, and that I am putting my privacy at risk by going online with a Windows PC. Can you offer some tips to help me lock down my desktop?
Enhancing Windows Security
Sure, as the administrator of your system, you have the ability to control just about every aspect of your working environment, network or local. It's true that Windows has certainly not won any awards for having an effective set of default security settings – and that's one of the reasons why some people are switching to the Firefox browser or dumping Windows entirely in favor of Linux.
But I digress... your Windows XP system does not have to remain open to potential abuse, if you tweak it properly. And you can easily improve your Windows security just by following these five simple tips.
Tip 1: Limit Access to Resources
Let's start with Windows system registry. Who needs to fool around with the registry anymore? Nobody... nobody except you, right? At minimum, you should block access to dangerous registry keys, such as the auto-run keys and the startup folders. You can use 1st Privacy Tool to limit access to the Registry and prevent rogue software from running automatically at system startup time. This security tool also allows you to impose a variety of access restrictions to protect your privacy. You can deny access to individual Control Panel applets, DOS programs, network access and other resources.
Tip 2: Create a Limited user account.
Most things that go wrong on a Windows PC go wrong because somebody was allowed to do more with the system than he or she needed to do. So don't allow anyone else but you to log on to your system with administrator's rights. This way, no one but you can install new software, for example. And let's face it, if you can't stop unauthorized programs from being installed and executed on your system, you can't guarantee security on that system.
To create additional user accounts that do not have admin rights, click on Start -> Control Panel -> User Accounts - Create New Account. Enter a name for the account, then select "Limited" for the account type. And while you're poking around in User Accounts, make sure any accounts with administrator privileges (such as Owner) have a password! Click on Change an Account, select the account name, and then you can add (or change) a password.
Tip 3: Take the time to turn off the services you don't need.
The fewer services you have running on your PC the less likely you are of being attacked by someone who can exploit these services. Remember, less is more. If you don't need a particular service, turn it off. You can always turn it back on again later, if need be. Let's keep it tough for hackers to get hold of anything in the first place.
For help turning off unneeded services, see Make Windows XP Run Faster! and scroll down to the section titled "Turn Off Extraneous System Services."
Tip 4: Boot from the primary hard drive.
Removing the possibility of allowing someone to boot from diskette or CDROM eliminates the possibility of using certain forms of hacking and password cracking tools. This also reduces the chances of having your PC infected with a boot virus. To select a boot device, go into your BIOS settings during startup. Watch the messages on your screen carefully during startup to see what key will bring up the BIOS settings. Usually it's DEL or INS, but there are several popular BIOS chips and each is a little different. And don't forget to set a secure power-on password while editing the BIOS settings, or anyone can change the boot device later.
Tip 5: Scan and Update
If you run Windows and you use the Internet, you simply MUST stay up to date with the system patches that come out in response to the privacy and security exploits that are discovered every week. Failure to do so is an open invitation to hackers and crackers to invade your privacy and enslave your computer in a spam spewing network. To get the latest fixes and configure your system for automatic updates, open Internet Explorer, click on Tools, then Windows Update.
And all the security in the world won't do you any good if you have spyware or a computer virus on your PC. These little nasties can turn off your anti-virus protection, delete files, steal your personal data and even open your computer to access by anyone on the Internet. If you don't have good anti-virus and anti-spyware software that does regular scans and auto-updates itself, you are vulnerable. See my articles How can I avoid computer viruses? and Spy, Counter-Spy for details on how to protect yourself from those risks.
You may not be able to achieve absolute security by using these lockdown tips, you can at least be sure that you have made it next to impossible for intruders to break-in and vandalize at will.
This article was posted by Bob Rankin on 16 Dec 2005
|For Fun: Buy Bob a Snickers.|
One Laptop Per Child
The Top Twenty
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Windows XP Security Tips (Posted: 16 Dec 2005)
Copyright © 2005 - Bob Rankin - All Rights Reserved