Secure Windows XP

There are many articles floating around on the internet covering this subject and I would like to stay at the basics this time. A way to secure Windows XP with little effort. You can’t make a system 100% secure, there will always be ways to beat every protection. I collected a list of things that should be done to secure the system, it is not a huge list but it covers all the necessary steps I think.

The first and one of the most important steps would be to download and install the latest security fixes and services packs. I sometimes have to talk to users in my job (which is somewhat security related as well) and discover that they run Windows XP with the same settings that the pc was shipped with. No updates, outdated anti-virus definitions and the like. You do get the latest patches and fixes for your operating system at windowsupdates.

Make sure you have a valid license otherwise you will not be able to download the updates. A different way would be to use autopatcher which can be downloaded in a version that includes all the updates and fixes already.

The next step would be to turn off unnecessary services and programs that you won’t use. Why should the remote service be active if you never use it ? This reduces the chance of an attacker to get into the system. There are currently 19 services running on my system, if you never tinkered with them before you have probably double that size or even more.

Read the article about turning unnecessary services off, it explains the basics. It is a good idea to turn of the following services if you do not need them

• Telnet
• Universal Plug and Play Device Host
• IIS (not installed by default)
• Netmeeting Remote Desktop Sharing
• Remote Desktop Help Session Manager
• Remote Registry
• Routing & Remote Access
• SSDP Discovery Service

Talking about software. It is wise to not use the default Microsoft products like Outlook Express or Internet Explorer. Those are attacked the most because most of the users use them. (besides offering great ways of attacking them) Alternatives would be Firefox or Opera for Internet Explorer and Thunderbird for Outlook Express.

You should install a anti-virus solution. I do use Antivir but others should be fine as well. The most important aspect is that you keep the definition files up to date. If the software offers automatic updates I suggest you make it update the files once a day.

Firewalls. I do not use them. Well, not a software based firewall that is. I do have a hardware firewall which is all I need. I think that firewalls give the user a false sense of security. They are highly complex and require lots of attention to secure the system. It is not enough to simply install one and click on accept / deny every time a program wants to connect to the internet.

To secure the system you have to add all the tools that should have internet access to the firewall rules with exactly the ports they need. You should close every other port that is not needed by those applications. A good freeware that displays the list of currently open ports is currports.

I think those are the most important steps. If you have more let me know them.