tse:

If you are still using Windows XP, there are steps you can take to make your operating system more secure. This tutorial will look at the tools provided by the operating system.

Install Windows XP Service Pack 3

This latest service pack for Windows XP culminates all updates before it including new security features from Windows XP Service Pack 2. This simple step goes a long way in ensuring that your operating system is prepared for today’s security landscape since 2001 (the year the OS was released). You can install it on an existing installation of Windows XP or slipstream it so that future installations of Windows XP includes the service pack right out of the box. You can download it either through Windows Update or at the Microsoft website.

Turn on Windows Firewall

Before you connect to the Internet, make sure you have a firewall installed and in use. A firewall helps prevent unsolicited communications to and from your computer. Windows XP includes a built-in software firewall called Windows Firewall which can be activated with a few clicks.

1. On the Start menu, click Run.
2. Type “firewall.cpl”, and click OK.
3. Select On (recommended).
4. Click OK.

Note that Windows Firewall allows exemptions from its monitoring. Therefore you should keep an eye on the list of programs not monitored by Windows Firewall. You should keep the number of exemptions as small as practical for your daily Internet activities.

1. In the Windows Firewall dialog box, select the Exceptions tab.
2. Under Programs and Services, select an unwanted program.
3. Uncheck the checkbox or click Delete.
4. Click OK once finished.

Turn on Automatic Updates

New attacks appear everyday so it is important for you to keep your operating system one step ahead of the game. By turning on Automatic Updates, Windows will check for updates for you automatically when you’re connected to the Internet. You can choose whether to allow Windows to install them for you itself or ask for your permission beforehand.

1. On the Start menu, click Run.
2. Type “wuaucpl.cpl”, and click OK.
3. Select one of the first three options.
4. Click OK.

If you select the second or third option, make sure that you do install the updates when prompted to.

Extend protection from Data Execution Prevention (DEP)

By default, DEP only protects core Windows processes from buffer overflow attacks, a type of exploitation where a malware tampers with parts of another process’ memory section in order to compromise the system. You can have DEP to protect all other processes from this type of attack.

1. On the Start menu, click Run.
2. Type “sysdm.cpl”, and click OK.
3. Select the Advanced tab, and click Settings under Performance.
4. In the Performance Options dialog box, select the Data Execution Prevention tab.
5. Select Turn on DEP for all programs and services except those I select.
6. Click OK.

Note that some programs may not work properly with DEP protection. In these cases, simply check the checkboxes next to the program in the DEP exemption list for them to work correctly again. These programs will appear in the list once they have been closed by DEP.

Turn off Autorun/Autoplay

When you insert a software CD, more often than not it will automatically run the installation program by itself, with the help of Autorun. Viruses stored on removable media can do the same if you do not prevent it. Windows Vista changed the way Autorun scripts are handled so that permission is required for them to run. In Windows XP, you can disable this feature in Group Policy.

1. On the Start menu, click Run.
2. Type “gpedit.msc”, and click OK.
3. Under Computer Configuration, select the Administrative Templates folder, and then select the System folder.
4. Open Turn off Autoplay.
5. Select Enable, and then select All drives under Turn off Autoplay on.
6. Click OK.

Unfortunately, Windows XP will still run the scripts if you open the drives directly either through double-click or the Enter key. You should therefore always right-click your drives and choose Open to bypass the scripts.

Avoid using an administrator account

Running under an administrator account allows viruses and Autorun exploits to do everything that you as an administrator can do: install malware, run Trojans, deleting files, formatting disks, record password keys, and so on. You can greatly limit the damage by logging on as a “User”, a type of user account that lets you run most programs without giving viruses the user account privileges to change your computer settings. You can create a “User” account by following these instructions.

1. On the Start menu, click Run.
2. Type “nusrmgr.cpl”, and click OK.
3. Select Create a new account.
4. Type a name for the account, and click Next.
5. Select Limited, and click Create Account.

When you do need to install programs or change computer settings when logged on as a “User”, hold down the Shift key and right-click the installation file or Control Panel item and select “Run as”, you will then only give that program administrator privileges for that instance only.

Press Ctrl + Alt + Del to log on

This key sequence is recognized only be Windows. When you activate this sequence twice in succession while at the Welcome Screen (all user accounts must be logged off first), you will be presented with a traditional log on dialog box. This way of logging on ensures that your password is communicated to Windows only and not to third-party software.

Use a strong user account password

Last but not least, you should give strong passwords for administrator user accounts. All these security measures are useless if someone with access to your administrator accounts can revert them back. There is a Wikipedia article on the characteristics of a strong password.

Microsoft product screenshots reprinted with permission from Microsoft Corporation.