4.1. Identifying 'critical' or 'exposed' applications..........................................11 4.2. Setting restricted rights for a given program (WinXP PRO/Win2K3)....... 11 4.3. Setting restricted rights for a given program (WinXP Home/Win2K).......14
This guide is for the average user or a new user who just bought a computer, and is willing to secure his Windows Operating System. This guide does not contain complex tips meant for advanced users, but rather the basis of Windows security for everyday use. There is nothing incredible or until now unknown in this guide, so if you are looking at this, you can skip it. The purpose of this paper is to help you configuring securely your OS, and to disable some default dangerous settings.
Lastly, I have came across badly infected computers, and some of them had at least one antivirus, and even a firewall. Nowadays malware are more aggressive than ever, and are more and more using user-mode rootkits to hide their files and processes, while attacking your main security applications to disable them. Some of these infected systems were not without any security, but the users have randomly added some security software without understanding what they were doing. Security is not a setup executable that you can install and forget, but instead a global process, beginning with the OS (configuring it), and requiring understanding and awareness from the one who is securing his system.
Usually, when you first get a computer and are asking for advices to secure it, you are often told to install various security software, such as an antivirus. However, following this way, you are adding security on the top of something insecure by default, your Operating System.
Windows is your security foundations, if it is weak, then everything on top of it can collapse. For instance, a malware could exploit a known Windows vulnerability in a service running by default, to execute, but if this vulnerability is patched, and that this service is disabled, then the malware is dead in it's track. Thus, you must take care of Windows itself first, this is as critical as making the foundations of a building.
In what follows, we will see together how to decrease your exposure to various threats, by disabling unneeded Windows services, configuring few Windows options, setting up updates, controlling what is starting up, setting strong passwords, and by setting up some critical programs rights and privileges.
This guide applies to Windows XP Home Edition and Professional Edition, Windows 2000, and Windows 2003. However, some general advices are true for all OS, so it's still good to read this guide even if you have Windows 98.
This action might not be possible to undo. Are you sure you want to continue?