http://www.homecomputingsecurity.com

 

What?

 

 Operating System and Applications Hardening

 
Why?

 

 You must start from a trusted, secure foundation and continue to maintain the most secure system available.

 
How?

 

 

 1. Choose Windows XP with service pack II for your operating system or the new VISTA.

2. Turn on automatic updates for latest security patches.

3. Avoid free software that comes at higher risk for tampering.

4. Disable unnecessary Windows Services

5. Manage your Windows Startup Programs and Services
 

Detailed Information

1. Operating System of choice

Apple Macintosh computers formerly were thought to be relatively free of security threats. That is no longer the case. See Macintosh.

The majority of home and business computers now use Microsoft operating systems. Microsoft no longer updates Windows 95 and 98 version operating systems. Windows 2000 is not as secure as Windows XP, which rolled out 2001 and the newest version, called Vista, rolled out in Jan. 2007. Vista is more secure, but there are concerns, so see Windows Vista

The 64-bit versions of Windows offer greater security - but is it ready for prime time? See 64-bit details.

 

2. Automatic Security Updates and Patches

Windows Security Center  (WSC) is the easiest way to keep up with the installation of necessary OS, MS Office critical updates and some hardware vendor patches. (WSC comes with the Windows XP Service Pack 2 update.) Get to the center by START - CONTROL PANEL and click on SECURITY CENTER:  

Windows Control Panel

Then you'll see:

Windows Security Center

Now go to AUTOMATIC UPDATES:

 Automatic Updates

Put a check mark to enable it to automatically check your system and install the necessary updates via a scheduled time you set up from the Microsoft site, like at non-peak hours. Once you are up to date, the periodic downloads will only take a few minutes to happen. BEWARE: You will need to be logged in as the Administrator with full rights – not a restricted LUA user account - to get and apply these updates.

Microsoft Updates notification balloon

 

 

 

 

I prefer to leave my computer on one night a week logged in as the administrator and schedule the automatic updates to occur during the night. When logged in as the Administrator, it is prudent to also check to see if there is a little yellow WINDOWS UPDATE ICON located in your lower right of your desktop….click on it to open it up to see if you have updates you need to retrieve in case your computer did not automatically receive them at the scheduled time.

This will kick off the download and install process for all the updates that Microsoft has determined you need to update the security of your system.

If you go online to the Microsoft updates site you may also check the update history for your system for an audit to verify that the update process is working. You should see updates applied almost monthly.

 

If you have Windows 2000:

Microsoft Windows 2000 operating system should be up to date with Service Pack 4 (SP4)

Additionally, Microsoft has released Update Rollup 1 for Windows 2000 SP4 – v2, which was released on September 13, 2005. "This update consists of previously released recommended, critical and security updates for Windows 2000, rolled into one convenient package. Installing this item provides you the same results as installing the individual updates since SP4 release."

Bottom line - you should have downloaded Windows 2000 with Service Pack 4 (SP4) ( 130mb - Nov 2003 ):

http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/sp4Eng.mspx

and then download - Update Rollout 1 for Windows 2000 SP4 - v2  (KB891861 - 31.2MB - Sept 2005):

 

What about Windows 98 and ME?

As of the June 2006 Microsoft patches published, there are some that apply to Windows ME and 98. This should be the last patches you will see for these old OS versions.

http://www.microsoft.com/technet/security/current.aspx

Windows 98/ME does have the automatic updates capability:

http://www.microsoft.com/windowsme/update/default.asp

But no new patches will be published for Me and 98 after July 11, 2006:

http://support.microsoft.com/gp/lifean18

So after July 11th, if you are up to date with patches at that point, you don't need to bother with any more update checks as they plan to provide no new ones.

 

To verify you have all your security updates downloaded and installed, see Audit Operating System and Applications Security

 

3. Avoid free software that comes at higher risk for tampering

Avoid downloading free games, music or software from unknown and unverifiable sources. Avoid purchasing really cheap software on Ebay or at less recognizable sites. It could be too good to be true. You never know what an evildoer could add to the package! Sites that promote and offer anything free, cheap, and illegal – are prone to trouble. “Crack sites” offering license key codes to be able to install software from a friend, pornography sites, free music and videos - are all suspect. Peer-to-peer file sharing programs are full of trouble. See: Free-Risky and P2P.

 

4. Disable Unnecessary Windows Services

There are many services that run on the Windows system that are not needed and some provide a security risk. Disabling these can remove a potential avenue for attack as well as increase your system performance. For Advanced Users, proceed to Disabling Windows Services.

 

5. Manage your Windows Startup Programs and Services

 

Recommended Tool: The Ultimate Troubleshooter (TUT) Utility

If you have trouble figuring out what tasks/processes should be running on your PC (i.e. what's good, what is unneeded, and what is downright spyware), then this utility may be just for you! The Ultimate Troubleshooter - TUT, is a program by AnswersThatWork.com, that lists all the background tasks running on your PC and gives a plain language description of what they do and how much of your memory they are using. Then it gives advice as to whether you should leave them running, turn them off until you need them or delete them altogether. Any PC user can make an informed decision about any background task using the TUT system. I often just "Google" a process or running task, but for those less technically inclined, or even those are just lazy to research valid processes can find this utility useful.

Alongside the Tasks and Startups TUT also has a Hardware Inventory, a one-touch housekeeping function for all those files you picked up surfing the net and - for the techies - PING, TRACE and WHOIS.

The new version costs $29 and can be downloaded here, The Ultimate Troubleshooter (TUT) Utility

Here is a good sample screenshot of TUT that shows advice on which services I should disable and why:

The Ultimate Troubleshooter

 
Resources

 

 

 

 

 

 

 Windows Security Center 

Audit Operating System and Applications Security

When you need to perform Administrative Tasks: see Admin-Tasks

Free-Risky

P2P

All About Password Safety

Macintosh

 

Contact me at NofinerWeb.com