Simple tips for making Windows XP secure

These are a few simple ways of keeping Windows XP in particular secure. Some of it also applies to other operating systems.

These tend to be the guidelines that I use and are great for a desktop/home system. If you’re running a server or making systems secure for a network in a company then you should probably be a bit more strict.

Viral Scanning

My personal view on virii (and other malware) is that prevention is better than cure. A simple way to prevent such things getting onto your system is to watch what you download. Don’t go to dodgy porn sites, don’t download dodgy files or email attachments from people you don’t know. Don’t install software or any form of plugin from anything that appears to be malicious, unless you have read some form of review about it.

That alone should keep a lot of potential to keep malware at bay. That said, it’d be ignorant to go without any form of malware scanning solution for scanning inbound and outbound files that you download from any source. This is why I would recommend ClamAV and Ad-Adware. Using Windows Defender is also a good idea. Make sure that you update them on a regular basis.

Firewall

Since Windows XP SP2, firewall has been enabled by default for all connections. This firewall should be sufficient for a desktop system. The only two drawbacks of the Windows XP firewall are:

• It can be disabled via 3rd party applications. If you do get infected with a form of malware, the firewall could be disabled without your permission.

• It does not block outbound connections.

If you are worried about the two drawbacks, then it’d be better to go with a 3rd party firewall such as Zonealarm (Edit: Zonealarm went downhill and totally sucks. Go with the suggestion provided by TommieV, Sunbelt Personal Firewall).

If you are running a router on your network, make sure that it has all ports closed, apart from any you may need.

Patching

Even if you do have a great firewall solution and the latest ClamAV and Ad-Aware signatures, and don’t download dodgy files it does not mean that you will be secure. If you don’t regularly update the operating system and applications you use then old flaws may be exploited which could allows things such as code execution.

Make sure you update the operating system, and the applications you use regularly.

Sandboxing

If you do have to run an application which you are not sure about, then you can run it in a sandbox so that it cannot harm anything outside. A popular program on Windows for this is Sandboxie.

BIOS

Enabling virus prevention in your BIOS (if it is supported) will warn you when something tries to modify the boot sector. One way a virus can work is by replacing a part of the boot sector, meaning the virus would be loaded before everything else. Enabling the BIOS option will prevent this.

Administrator permissions

Running in a limited/standard user account could be helpful by limiting possible damage if you do get infected with a piece of malware, or could prevent it entirely. Try to run without administrator privileges where possible.

Create Backups

Even if you have everything secured, it’s best to keep any important data safely backed away so it cannot be ruined. Make sure you make regular backups of your crucial data, and then if anything does go wrong you can hopefully pick up from where you were.

Passwords

Creating a decent password could prevent possible problems with malware stealing your password files and sending them off to somebody and such. Generally people won’t be after you trying to steal them, but the malware scenario is possible.

One way is just to create a decent password of at least 10 characters, which includes numbers. Try to change it a little every 4 – 6 months.
You should also disable LM hash if you are running Windows. http://support.microsoft.com/kb/29965