Suggest A Fix PC Support Forums > XP Security and You

Suggest A Fix PC Support Forums > Security > Security Tools and Articles > Security Articles - read only

73-1010870792

Jan 17 2002, 11:53 AM

By Interceptor

This article will assist users of Microsoft Windows XP to understand various security features bundled with Microsoft’s newest operating system, external security applications and the most recent (at the time of the writing of this article) publicized security issues that are to be expected with the debut of any new software product. This article may offer information about features in XP Professional not offered in the Home version.

While XP is by far the most efficient and stable operating system Microsoft has to offer, it’s security features and issues are also the least understood by users. Unlike previous operating systems, XP has several built-in applications to assist the user in keeping the computer free from Internet vandals and unscrupulous local users.

Personalizing User Accounts
********************

XP allows users of your computer to have separate logon screens in order to prevent unauthorized access to other users files and information. It also lets you design different security profiles to allow limits for each of those users. If there are several users that have access to the same machine, it’s probably better if this is initiated. Aside from allowing each user to customize XP to suit their individual tastes, it is an effective security measure.

To enable the Welcome screen, log on as an administrator or a user with admin rights. An administrator account can be easily created in this window using the following steps: Start>Control Panel>User Accounts. It is here you can customize the logon screen options. Then click Change The Way Users Log On Or Off. At the Select Options window, the Welcome screen can be enabled.

One interesting feature available here is the Use Fast User Switching option, which allows switching user accounts without closing open programs and restarting Windows.

Personalized accounts are not quite as secure as the classic Windows logon prompt, where each user has to enter a name and password to start Windows, but it’s pretty neat. If you’d rather use the classic logon, just turn off the Welcome screen in the Select Logon Options window and the classic logon prompt will be enabled.

Internet Firewall
************

XP offers a new security feature-a packet filtering software firewall that blocks attempted probes into your system when you’re online. Microsoft realized that most Windows users were utilizing programs like ZoneAlarm and BlackIce to protect their broadband connected computers and added an easy to use and effective firewall of their own. XP’s ICF is easy to configure and appears to be fairly effective. In tests performed at online security sites, ICF passed all of them, rendering the system as invisible or “stealthed” as the other popular software firewalls. ICF uses the same active packet filtering, keeping ports opened only as long as they are used to complete the task at hand.
Activate ICF using the following steps: Start>Control Panel>Network and Internet Connections>right-click Internet connection>properties>Advanced tab>check box under Internet Connection Firewall. When connecting to the Web with the Internet Connection Wizard, you’ll be asked if you want to use the ICF.

Sharing Folders and Files.
******************

XP allows users to share folders and files across separate profiles and home networks. Public access is permitted in Shared Music/Documents/Pictures, but not in My Music/Documents/Pictures, where they are kept private. This is an excellent security feature that allows ready made default folders for sharing without creating extra work for the administrator, who would have to have extensive knowledge of security permissions to accomplish the same results manually.

On an NTFS formatted drive (instead of FAT32) the administrator has the ability to lock folders. Even in a home-based network, this is an extremely efficient way to prevent unauthorized access to sensitive data. Folder sharing options can be explored by right clicking on any folder>Properties>Sharing tab.

Some Features To Watch Out For.
*************************

As most users are already aware of, there have been some serious security issues publicized since the debut of XP. Microsoft has issued patches to resolve these issues, but there will undoubtedly be others. One of the vulnerabilities concerns XP Plug N Play. While applying the patch and following recommended security protocols, an additional tool that can toggle this function on and off at the user’s discretion can be found at Steve Gibson’s security site: "Unplug n Play" http://grc.com/UnPnP/UnPnP.htm

The current patch for this particular vulnerability can be found at Microsoft: http://www.microsoft.com/technet....059.asp

Outlook Express and Internet Explorer

As much as we would like to believe Microsoft’s attempts at improving security for IE and OE are effective, there will always be some opening that will be exploited. Users need to find settings that will allow them to use the programs comfortably while still providing the level of security that will keep their systems and information as secure as possible. In IE 6.0, it will determine whether Web sites that are visited adhere to privacy standards set by an International organization, the W3C (World Wide Web Consortium) using it’s P3P (Platform for Privacy Preferences). P3P will make comparisons of a site’s privacy policies and determine whether or not they match the user’s security settings. It then makes a decision to allow (or disallow) the disclosure of information to the site. This process is unobtrusive and takes places within the HTTP connection. If settings are too high, accessing desired sites may be difficult. Security settings in IE 6 can be located in Tools>Internet Options>Security. In here users can control access to scripts, Java, ActiveX controls, etc. These settings can be customized for different zones.
IE 6 also gives users control over cookies and verification of Web site security. The cookie settings are customizable for individual sites.

In Outlook Express 6.0, The Restricted Sites Zone setting prevents certain actions in email by default. This helps prevent malicious activity at the start but may be too restrictive for some users. The settings can be modified by clicking Options in Tools>Security Tab and choosing preferences. However, the default settings provide the maximum amount security while still allowing functionality.

Remote Assistance and Remote Desktop

An innovative support tool and potential security threat is XP’s Remote Assistance. This function lets users allow complete access to their systems for help from another user. While the idea of expert users coming to the rescue of novice users is a nice idea, it presents an attractive avenue for malicious crackers to utilize this for their own gain and to the detriment of the novice. A cracker is always looking for root access to other systems and this feature provides that access. Cracker tools already exist to defeat any protective measures Microsoft may have initiated to prevent a serious security breach from happening when using Remote Assistance so it’s not recommended for frivolous use. But if you must, make certain to use all the security measures that Microsoft offers to their maximum.

Remote Desktop is Microsoft’s version of a Remote Access Terminal (RAT) program. This tool is included with XP Professional and allows users to access their system from another in a remote location, giving them full access to files, programs and network resources. Although there are security measures Microsoft has incorporated to help prevent unauthorized access, the potential, as well as likelihood of crackers and other intruders discovering methods of using this tool to their benefit is probable. If you need to use Remote Desktop, it’s advisable to follow recommended security protocols. Remember, this tool is nothing more than a legal version of a Trojan horse program.

Automatic Updates

XP offers automatic updates to assist users in keeping up to date with the latest patches and fixes for security vulnerabilities. XP will automatically detect, download and install updates for you. If you aren’t one to regularly check for updates manually or don’t have the time, then this feature is recommended for you. However, remember that when allowing XP to do this for you, it is communicating with the Microsoft site and allowing a direct connection to your system. This could cause possible privacy issues and should only be considered if absolutely necessary. In any case, security updates are extremely important and whatever method users choose it will be in their best interest to keep up to date.

Windows Messenger

This little beauty from Microsoft hides a darker side. This feature comes as a part of XP by default, whether users want it installed or not. It uses both system and RAM resources even if disabled on the system and does not show in Add/Remove.

To remove Messenger, use a text editor (search files and folders) to open C:\WINDOWS\inf\sysoc.inf, and change
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 to
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7

That's it. Messenger will now appear in the add/remove application under Windows Components where you can uninstall it.

However, every time you do a Windows update, a "Critical" recommended update will be the 'Windows Messenger 4.6 Connectivity Update'. Remove it from the download list. All it will do (contrary to what Microsoft says) is REINSTALL the program into your system and integrate it with Outlook Express, where it will have to be physically disabled as well.

Windows Media Player

Media Player has a function in it that allows each system's version and activity to be logged by Windows and potentially tracked by Microsoft. While Microsoft states no data recorded by Media Player will be sold to third parties, it's better to disable this feature.

Delete the file wmplibrary_v_0_12.db. It can be located in any of the following places:
your \Windows folder
the \Documents and Settings\All Users\Application Data\Microsoft\Media Index folder (Windows 2000 and Windows XP).
the \Program Files\Common Files\Application Data\Microsoft\Media Index folder (Windows 9x and Windows Me).

Or you can try what one user did successfully:
Create a zero-length file and replace wmplibrary_v_0_12.db with it. Then mark it as read-only. No more cache!

There is also a design flaw in Media Player 6.4 to 7.1 that allows Javascript to obtain your player's unique ID number and track your movements. This is known as a "supercookie". To disable this, go to Tools>Options>DEselect 'Allow Internet sites to uniquely identify your player'.

Other Tools

One way to help maintain security is to erase Internet and application clutter in your XP system. It contains information that could be accessed by an unauthorized user should they gain access to some point. This includes deleting cookies, Internet cache, and records of opened files and applications. An excellent product for this is WindowWasher from http://www.webroot.com WindowWasher is an excellent utility that cleans the tracks left behind on your computer by today's latest browsers and programs.

You can keep up to date with the latest security issues by taking a look in the Security Forums: Daily Alerts and Warnings section on a regular basis and obtain the latest security fixes.

With an understanding that there are always going to be security issues with XP, IE and OE (or any operating system) users can safely and enjoyably utilize the tools that are offered in this new version of Windows. While there are some concerns with certain features (Remote Assistance/Desktop for example) if proper procedures are followed and common sense is used, these added utilities could be used safely and effectively.

Have fun!

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.