Fix Dangerous Security Defaults on the XP Desktop

bar chain

Windows XP Home and XP Professional both have dangerous defaults which leave your PC wide open to hackers on the internet. Follow these steps for fix those dangerous defaults and limit the security risk. Note: this is a somewhat long HTML document to list all the defaults and how to change them.

Simple File Sharing is designed to let users share files across the internet but subjects you to a great number of netbios vulnerabilities. To disable file sharing follow these steps:

  1. Double click on My Computer.
  2. Click on the Tools, Folder options.
  3. Click on the View tab.
  4. Scroll to the bottom and make sure Use Simple File Sharing (Recommended) is unchecked.

Most hard drives in new PCs is FAT32 format which doesn't allow any file security and can be accessed by a bootable Windows operating system 95/98/ME, etc. By converting the drive to NTFS, you can use Encrypting File System (EFS). However, NTFS cannot be read by a bootable DOS or Windows Boot Diskette. Only the Recovery Diskette series or CD for Windows 2000 or XP could access this type of file system. So NTFS may be more secure but harder to troubleshoot. To convert your existing drive from FAT32 to NTFS, follow these steps:

  1. Backup your important data files, even the registry.
  2. Turn off all power saving modes, turn off screen saver. Disable the antivirus. Turn off or stop all open programs.
  3. Go to Start, Run, type cmd to access a DOS or command window.
  4. Type convert x:/fs:ntfs (x = drive or partition you want to convert.
  5. Then you can use EFS on folders you want to secure with a password.

Guest Account allows other users to access your computer without giving them access to certain files, but can easily be exploited by a hacker for more access. To disable the Guest Account, follow these steps:

  1. Go to the Start, Settings, Control Panel.
  2. Double-click on User Accounts, then edit Guest Account and disable it.
  3. In Windows XP Professional, access Administrative Tools, Computer Management, find Local Users and Groups in the left-hand pane and click on Users under it. In the right-hand pane, double-click on the Guest Account. Check the Disable block for the Guest Account.

Administrator Account is typically used by hackers to try and get into a system. Simply create a user and make him Administrator equivalent, then you can disable the Administrator Account. Follow these steps:

  1. Go to the Start, Settings, Control Panel.
  2. Double-click on User Accounts, create a new account with your name and give you Administrator rights by assigning yourself to the Administrator Group.
  3. In Windows XP Professional, access Administrative Tools, Computer Management, find Local Users and Groups in the left-hand pane and click on your account or simply create a new one. Then assign yourself to the Administrator Group.
  4. Then select the Administrator Account and disable it, once you have a named account with Administrator privileges.

Normal Windows operation can leave unencrypted text including your passwords on your machine in files you would never think to look in such as the Swap File, but a hacker knows these things. The solution is to clear the swap file or paging file each time you shutdown windows. To clear the paging file at shutdown means you have to edit the registry, so follow these steps:

  1. Go to the Start, Run, and type in regedit, and click OK.
  2. Select File, Export, and select another partition if possible or a different folder to place a backup of your registry. Be sure to click on My Computer, top of registry, prior to export so you get the entire registry backed up.
  3. Then go to HKEY_Local_Machine\System\CurrentControlSet\Control\SessionManager\Memory Management. Find or create the ClearPageFileAtShutdown Dword and make it a value of 1.
  4. The default should be 0. If the registry command ClearPageFileAtShutdown is available, then just double-click on it to edit the Dword value and change it from 0 to 1. Remember in the registry, 0 also disables a feature, and 1 typically turns it on.

  5. The Dump File stores data from memory during a system crash and can be helpful when diagnosing problems, but like a swap file, can also be used to expose your system to danger from a hacker. To prevent Windows from creating these dump files, follow these steps:

    1. Go to the Start, Settings, Control Panel.
    2. Double-click on System, then click on the Advance Tab.
    3. Select the Settings button on the Startup and Recovery pane.
    4. Set the drop-down menu under Write Debugging Information to (none).

    Similar, the debugging program in Dr. Watson also saves information when applications crash. To disable it, follow these steps:

    1. Go to Start, Run, regedit, click OK.
    2. Locate HKEY_Local_Machine/Software\Microsoft\WindowsNT\CurrentVersion\AeDebug and set the Auto string value to 0.
    3. Then use Windows Explorer to go to Documents and Settings\All Users\Shared Documents\DrWatson.
    4. Then delete User.dmp and Drwtsn32.log. Then Restart for changes to take effect.

    Windows XP still ships with a subsystem called POSIX, which allows the use of UNIX commands. Disabling POSIX prevents hackers from using UNIX commands to hack into your system. To disable POSIX you will have to edit the registry and delete a file. Follow these steps:

    1. Go to the Start, Run, type regedt32, click OK. Note: You must use XP's 32-bit registry editor for this change.
    2. Locate HKEY_Local_Machine\System\CurrentControlSet\Session Manager\SubSystems and click on the multistring called Optional in the right-hand pane view. By default, the multstring's value will be POSIX, delete this value and leave the space empty, but don't delete the Optional multistring.
    3. Then click on the actual POSIX multistring and notice that it points to a file called psxss.exe in the System32 folder.
    4. Exit out of the registry. Then use Windows Explorer to locate psxss.exe in the System32 folder and delete this file. Note: You may find one in the Windows\System32 and one in the Winnt\System32, so using the search option may be the best way. Be sure to delete all occurences of psxss.exe. In doing so, no one will be able to execute UNIX commands.

    Other default services can be used to exploit your system. You may want to disable these services and then they can always be restarted if you need them. To disable Services, follow these steps:

    1. Go to the Start, Settings, Control Panel.
    2. Double-click on the Administrative Tools.
    3. Click on Services on the left-pane, then you can select each Service in the right-pane view and right-click, properties, then select Disabled for the service you want to stop. Note: You may have to stop a service prior to disabling it.
    4. The Services to disable are: NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager, Remote Registry, Routing and Remote Access, Telnet, and Universal Plug and Play Device Host. Of course if you connect a Jukebox or USB hard drive to your PC, do not disable the Plug and Play Device Host service.

    Tip is extracted from PC Magazine dated 11 March 2003, Solutions: Security Watch, by Konstantinos Karagiannis with added comments from myself.
    Print This Page

    Home Page Button  Just click on the button to access my home page.
    ag_button3   Just click on the back arrow for the Windows XP Tip Page.