2009-09-23
Home
News
Company info
Product info
Screenshots
Reviews
Download
Buy
Tutorial
Message post
Maillist
Security
Support

Windows security basics
The first basic step to secure your Windows box is to disable Netbios over TCP/IP, File and Print sharing or at least set passwords for your shares. When you've done that you should visit windows update and install the latest hotfixes and patches.

If you are running NT4, W2K or XP you should remove the hidden administrative shares admin$ (c:\winnt), c$ (c:) and any other default share for other partitions. Restricting access to tcp and udp ports 23 (telnet), 137-139 (netbios), 389 (ldp) and 445 (microsoft-ds) is also a good idea. This will prevent almost all attacks against the OS. Attacks against applications and services that run on a Microsoft system is an entirely different matter and that will not be covered here.

On NT4 sp3+, w2k and XP systems the registry key HKLM\SYSTEM\CurrentControlSet\LSA\RestrictAnonymous can also be added to further increase security. It is a REG_DWORD key and should be set to 2. This will block attempts by hackers to connect to your system with the use of null-sessions. A null-session is an anonymous connection that can be made to any default configured NT4, w2k and XP systems. They are primarily used to extract information about users, groups, shares and password policies. However, this registry setting could cause connectivity problems for third-party software and older versions of Windows. Therefore it should be carefully tested before implemented.

Always, always set a password for administrator on your windows multitasking OS. The best number of letters to have is either 7 or 14 because of the insecure IBM LanManager backwards compability that Microsoft implemented. An open netbios port and a weak password could give someone administrator rights on your PC in a matter of minutes. They would only need to use two certain "hacker" programs to accomplish this.

The new firewall that comes with XP doesn't provide application control so it is pretty useless if you accidentally start up or get infected by a trojan software. Download and try one of those listed below to minimize the likelihood of someone compromising your OS and personal integrity.

Consider turning off the preview window in Outlook if you are using it. Malicious code can execute even if you don't actively open an email if this feature is turned on. Active content can be included in the email itself and not necessarily in an attachment, either in the form of ordinary Html or an activeX component. Also set outlook to operate in the high security zone to further increase security.


Anti-virus software
We recommend scanning all files for viruses. Do this before viewing files, starting up programs or script files that have been downloaded with Medusa. To be sure that the file you have downloaded is safe set Explorer to view all files. Make sure that you also have chosen to display file extensions for registered files. These settings will help you avoid clicking on a file with a name like anna_kournikova.jpg.vbs.

Freeware:
AVG Anit-Virus system
VCatch Virus Catcher

Commercial:
Norton Antivirus 2002


Personal Firewalls
A personal firewall offers protection against the hackers, crackers and script-kiddies present on the Internet. There are quite a lot of these programs around, but to be totally safe a firewall should also offer application control. This makes sure that no trojan software can run on your system without you immediately becoming aware of it. A trojan is a program that gives someone else total control of your system without you realizing it. It is considered best practise to also protect a system from what can be sent from a computer to the Internet, as well as vice-versa. The best way a firewall can offer application control is by implementing MD5 checksums. This makes it practically impossible for an approved and harmless application to be replaced by a trojan.

Freeware:
ZoneAlarm - This is a easy-to-use firewall that offers application control, MD5 checksum control, an Internet lock and supports zones.

Commercial:
BlackIce defender - BlackIce identifies the kind of probe, or attack, that is taking place. Doesn't offer application control.


2009-09-23
home news company info product info screenshots reviews download buy tutorial message post maillist security spyware support