7) Change your internet browser Windows default web browser is called Internet Explorer. It is the reason behind most of the security flaws in Windows. Every month, dozens of new threats are reported which can take advantage of these bugs. You are at a serious risk every time you browse the internet using this web browser. A malicious attacker can gain complete control of your computer simply by directing you to their website. It is possible to tweak Internet Explorer's security settings, but you will still end up with an insecure web browser. Instead of wasting 10 pages documenting the security settings in Internet Explorer, I am going to point you towards two alternative web browsers. The first of which is called Opera and it is one of the most secure web browsers around. It also boasts many great features such as tabbed browsing, RSS news feeds, themes, an embedded email client and a new widgets feature. It is also the "fastest web browser on the planet" to quote the Opera developers themselves! The Opera user inteface is clean and fairly straight forward. It doesn't take too long to get accustomised to the layout. All of the settings can be tweaked by clicking Tools, then selecting Preferences. The Opera Browser The second web browser I want to bring forward is Mozilla's Firefox. This browser is really taking the fight towards Microsoft's internet Explorer and its gaining market share every month. Firefox boasts better security and faster web page rendering. It also includes tabbed browsing, RSS News Feeds, Extensions, themes and embedded media support. Users of Internet Explorer will feel right at home with this browser. You can find Firefox's settings by clicking 'Tools' and selecting 'Options'. Mozilla Firefox Alternative software for your consideration Flock 0.7 Mozilla Suite 1.7 Netscape 8 External Resources Wikipedia 8) Other / Random Security Tweaks A) Configure Automatic Updates To enable Automatic Updates, go into the control panel and double-click 'Automatic Updates'. Place a check mark next to 'Automatic (Recommended)' and specify the day and time you would like your computer to check for, and install new updates. Automatic Updates configuration NOTE: Selecting 'Turn Off Automatic Updates' will leave your computer vunerable to hackers B) Disable Remote Assistance - Completely Click the 'Start' menu, right-click 'My Computer' and choose 'Properties'. Click on the ‘Remote’ tab of the 'System Properties' window. 'Untick' the box that says ‘Allow Remote Assistance invitations to be sent to this computer’. Remote Assistance configuration window C) Configure Internet Explorer's Internet Options Regardless of whether you use this web browser or not, it is a good idea to keep it secure as it is the backbone of the Windows operating system. I don't want to waste too much space though, because it's still an insecure web browser! To begin the configuration of Internet Explorer, double-click 'Internet Options' in the control panel. In the 'Internet Properties' window, click the 'Delete Cookies' box and press 'OK' in the window that appears. Now click the 'Delete Files' button and press 'OK' in the window that appears. Then click the 'Settings' box and drag the slider to show '50MB' under 'Amount of disk space to use'. In the 'History' section of the main 'Internet Properties' window, type '0' in the box next to 'Days to keep pages in history'. Then click 'Clear History'. That last paragraph dealt with cleaning up your history lists and protecting your privacy. Now were are going to move on to more general security settings. Click the 'Security' tab at the top of the 'Internet Properties' window. Choose the 'Custom Level...' button and select 'Medium' in the drop-down box. Finally, click 'Reset' and then 'OK'. Click the 'Privacy' tab at the top of the 'Internet Properties' window. Drag the slider up to 'Medium High' and press 'Apply'. Whilst we are on this tab, make sure there is a tick next to 'Block pop-ups'. Move to the next tab called 'Content' and click on the 'AutoComplete' button. 'Uncheck' all the boxes and clear your passwords and saved forms from the cache by clicking the two buttons 'Clear Forms' and 'Clear Passwords'. On to the 'Programs' tab of the main window, click the 'Manage Add-ons' button located at the bottom. Look through the list for anything suspicious. Disable anything you do not recognise. Finally, click on the 'Advanced' tab and 'untick' 'Enable Install On Demand (Other)'. Then 'tick' 'Empty Temporary Internet Files folder when browser is closed'. D) Upgrade to Internet Explorer 7 Although still in beta (at time of writing), Internet Explorer 7 promises much better security then it's predecessor. Some new features in Internet Explorer 7 include tabbed browsing, anti-phishing and an RSS news feeder. Configuration of Internet Explorer 7 will not be covered here because of my recommendation of the Opera and Firefox browsers. However, some of configuration is similar to Internet Explorer 6, which is discussed in Section '8C) Configure Internet Explorer's Internet Options'. E) Disable the Windows Messenger Service Unless you explicitly need the Windows Messenger service, it is a good idea to disable it completely. In the 'Control Panel', double-click 'Administrative Tools' and choose 'Services'. Scroll down the list and look for 'Messenger', right-click it and choose 'Properties'. Click the 'Stop' button to stop the process, then choose 'Disabled' in the drop down list next to 'Startup Type' to stop the service from starting next time you reboot your computer. F) Rename the Administrator account (XP Professional only) Renaming the Administrator account makes it much more difficult for hackers to gain access to your computer. Instead of guessing the password, a hacker has to guess the user name as well. To rename the Administrator account, go into the control panel and double-click 'Administrative Tools'. Choose 'Local Security Policy' and expand the 'Local Policies' hive located down the left hand side. Click 'Security Options' and look for 'Accounts: Rename Administrator account' in the main list. Double-click it and type your new name for the Administrator account, then press 'OK'. Some example Administrator names: admin administrator-local administrator-remote adm1n root 9) Glossary Administrative Privileges - A set of permissions that enable you to change the configuration of the whole operating system. Adware - Small programs that bombard your computer with targeted advertising Automatic Updates - Updates your computer with the latest bug fixes and security patches. Backdoor - A method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection Bugs - Can be performance or security related. A bug is usually associated with an error in a program. Patches and updates can be obtained to fix bugs. See 'Automatic Updates'. Command Prompt - Another name for MSDOS; the command line interface Cookies - a cookie is a parcel of text sent by a website to your web browser, and then sent back unchanged by the browser each time it accesses that website. Cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences and the contents of their electronic shopping carts Daemon - See 'Services' Definitions File - A small database that is used by anti-virus and anti-spyware programs. Contains information about known threats on the internet Directory - A path to a file or folder ('C:\Program Files' for example) Exceptions list - A set of services that are allowed access to the internet. Also see 'Services' Extensions - A small program that can increase functionality within another program Firewall - A piece of software (or hardware) that acts as a middle man between your computer and the internet. Also see 'Exceptions List' and 'Services' History List - An electronic trail of all the files you have opened and all the websites you have visited Malware - Can represent any nasty program designed to crash your computer or steal your personal information. See 'Virus' and 'Spyware'. Mobile Code - Java, Javascript, ActiveX and any other scripts that can be run from in a browser MSN Messenger - Microsoft's online chat client Phishing - A website or email designed to look real, but is actually a fake. The hacker might pretend to be your bank, and send you an email that looks very similar to the real thing. Then the hacker will lure you to their website (which can also look exactly like the real thing) and get you to enter personal information - which they steal Plug & Play (PnP) - A service that automatically detects, installs and configures new hardware Program Executable - A special file that launches a program. Executable files end with the extension '.exe'. On-Access Protection - Every action performed on a computer is monitored by an anti-virus program. Viruses are usually detected before they can do any harm Registry Editor - The Windows Registry holds all the important system settings. You can edit the information stored in the Registry by using the Windows Registry Editor. Remote Assistance - A program that allows your computer to be controlled remotely. The remote user can use your computer as if they were actually sitting beside it. Remote Computer - Generally speaking, a computer that is not located in the same building as you are. Remote Location - See 'Remote Computer' RSS Feeds - A type of bookmark that changes every hour. Bringing you the latest news from all over the internet. Run As - Enables you to launch a program or control panel applet with different credentials (usually the adminstrator account). Service Pack - A service pack is a collection of updates, fixes and enhancements to a software program delivered in the form of a single installable package Services - A computer program that runs in the background, rather than under the direct control of a user. Computers often start services at boot time and they often serve the function of responding to network requests, hardware activity, or other programs by performing some task Security Centre - The new security hub in Windows XP Service Pack 2 Shared Resources - Include files, folders and printers that you have shared over the network Spyware - Nasty piece of software that steals your personal information Tabbed Browsing Allows you to view several web pages within the same browser window. Means that your taskbar doesn't get filled up! User Account - A user's personal account that stores personal settings and permissions User Group - A set of users who are assigned to a group, so that they can share the same permissions User Permissions - Determines what the user can and can't do on a computer Virus - A malicious program that can crash your computer, steal your personal information, open up backdoors and control your computer remotely. Also see 'Backdoor' and 'Remote Computer'. Windows Messenger - Displays messages around a group of networked computers ************************** Changes 06/06/06: New introduction, new contents section, starting complete rewrite 07/06/06: Shuffling text around, adding new sections, new text, removed pictures (They'll be back later) 07/06/06: 23:00 General tidy up of new content 08/06/06: Yet more changes 11/06/06: More stuff changed, added some new pictures, preparing for first preview release! 12/06/06: Finished Section 7 for now, other changes happening elsewhere 29/06/06: After a long delay, I am back doing some work. Added to the 'Runas' section. Cleaned up the 'Windows Security Centre' section. Other changes elsewhere 03/07/06: More stuff done - added small insertations next to pictures 04/07/06: Tidy of new content, finished formatting, readying second preview, Concentrating on finishing Section 8; finished the Glossary 05/07/06: FINISHED version 2.0 of this guide! Further improvements may appear later, but not for now. I've had enough 16/07/06: Added some more external links **************************
IT'S FINISHED!! ...(for now) This thread has been re-opened for your feedback and questions relating to the guide. Feel free to post whatever you like. Things I might add in the *distant* future: A section on spam / changing email client A section on phishing Expand section '4) Protect Your Computer From Viruses' Expand section '7) Change Your Internet Browser'. Stay safe
I would like to say a big thanks to you guys for writing down this whole big security guide. I was searching on the net and come across this thing and I thought u might like it because its also an addition of one free secured software and anti Microsoft...lol [ot]Please dont hate me, just because I search for lot of stuff. I dont know why but its in my attitude.... [/ot] Ditch Outlook Express Consider using an alternative to Outlook Express. One such alternative is Thunderbird from Mozilla. Thunderbird is a FREE email program with built-in spam-blocking. Why is this important? Spam can and does often contain links and pictures that can compromise your security. By using spam-blocking you can reduce the amount of spam you get, reducing email security threats.
Hey Mega, those are awesome posts and a huge thanks! Could you explain something though? What's wrong with having remote assistance and windows messenger? Why am I more secure with them disabled?
Impotences Computer Security Guide 1. Install Ubuntu (you can download the disc image yourself or request a cd from Ship-it or even from hwf's iso mailing service!) Please Note: Please do not be alarmed when you system runs faster, you no-longer have any fear of malware and you will never have to pay for the next version of your OS again! 2. run automatix, this will allow you to install everything that you could ever need (mp3 codec's, dvd codec's etc and a whole range of software (including Frostwire [Basically Limewire Pro] 3. enjoy life, you now have more disposable income as you dont have to pay for new hardware to support Vista, and you dont have to pay for Vista!!!
Why should you disable the Windows Messenger service? Well this is one of many reasons While there is nothing wrong with Remote Assistance (well there's probably a few flaws in it), if you aren't going to use it then why leave your computer open to invitations? Also, it's another open TCP/IP port which is never good. As a rule you should try to keep the amount of open ports to a minimum I'll admit that my guide doesn't go into enough details in some cases but I shall be making another round of ammendments soon
thank you everybody for this protection guide its impresive a big team for all the team and I am very glad to join the big team I will be getting in touch thanks once again
For the user is it better to have it set to Power User or just the normal Restricted User? Ive had mine set as restricted but never known if I could safely use it as a power user. You can install software as a power user thats why I wondered if its safe.
