Falun Dafa Minghui.org www.minghui.org PRINT

Technology Sharing: 8 Security Issues with Windows XP's Default Configuration

Feb. 10, 2005

(Clearwisdom.net) Windows operation systems have always been famous for their usability, striving to perform complex tasks by a simple operation. But sometimes usability conflicts with security. With the widespread of use of the Internet, each pc in the network is a node of the Internet. Everyone, therefore, has to pay attention to security issues. As the latest version of Windows, XP has the best usability. Unfortunately, many default configurations aimed at improving usability actually bring about security risks.

1. Simple file sharing

In order to achieve file sharing by simply clicking the mouse several times for network users, XP has opened many Net BIOS security holes. To cancel the "simple file sharing" function, follow these steps:

Double-click My Computer and choose Tools menu item. Select Folder Options, and click the View tab. In the list of Advanced Settings, uncheck the last entry entitled "Use simple file sharing (recommended)."

FAT32

Many hard disks on new machines were formatted with FAT32. To improve security, we can change FAT32 to NTFS. NTFS allows the control of files and file folders' permissions more comprehensively and securely. We can also use Encrypting File System (EFS) to prevent files from being stolen at the level of the file partition.

Inside My Computer, we can the check file system by right-clicking the hard drive (C: for example) and selecting Properties. To change the file system to NTFS, we need to first backup important files. Next, click on the Start button at the lower left of the desktop window and select Run. Type "cmd" and hit the Enter key. A DOS window will then come up. Type "convert x: /fs:ntfs" (where x is the drive letter. i.e. convert c: /fs:ntfs). Note: You need be careful with this command since NTFS cannot be changed back to FAT32.

3. Guest accounts

Guest accounts can log into the computer, but their privileges are limited. Unfortunately, guest accounts provide a convenient way for a hacker to access your computer. Unless the guest account is absolutely necessary, we'd better disable it. In Windows XP Pro, right-click on My Computer and select Manage. Click the Local Users and Groups folder on the left panel and double-click the Users folder on the right panel. Double click on Guest Account to open the Properties and check off "Account is disabled." In WinXP Home, you are not allowed to disable the guest account. But we can set up a password for the guest account. To do this, click on Start, Run... and type "cmd" to open a DOS window. Type "Net user guest password" and hit Enter. Next, close the DOS window and open the Control Panel and open the "Users Account" window. Then set a password for the guest account by right-clicking and selecting Set Password.... Make sure that your password is a good one using letters and numbers, preferably not containing whole words. For example, if you'd like to use the word "computer," break up the word with a number, or replace letters with numbers: "c0mputer" is a much more secure password, as is "compu7ter." This is because hackers can utilize "dictionary" attacks that try every possible combination of words found in a dictionary. So, if you create a custom word like "h0neym00n," this type of attack will not find it.

4. The Administrator account

One common way for a hacker to invade is to acquire the password of the administrator account. Each computer needs at least one account that has administrator privileges, but the user name does not necessarily need to be "administrator." Therefore, whether you're using Windows XP Home or Windows XP Pro, you'd better create an account with full privileges and then disable the Administrator account. In addition, in WinXP Home, it is better to modify the default owner's account name. Finally, do not forget to set up enough complex passwords for all of the enabled accounts.

5. Swap file

Even if your operation is completely normal, Windows may still divulge important secret data, including passwords. You would probably never think of reading the divulged files, but a hacker definitely will. So what you need to do first is to clear the system's page file (swap file).

Click start->run, type "regedit" and click OK. On the left panel, find HKEY_local_machine\system\currentcontrolset\control\sessionmanager\memory management. Modify ClearPageFileAtShutdown on the right panel by double-clicking it and setting the Value data to 1.

Note: be very careful when using Regedit. To be safe, you may want to make a backup of your Registry prior to making the above change. To do so, at the top of the Regedit window, select Export.... and then at the bottom of the export window, select the Export Range of "All." Then, choose a location for this backup file, type a name, and click Save. After making the above change, if you're experiencing problems because you may have done something accidentally when clicking around in Regedit, you can always open regedit and select File, Import... and import the backup registry file. This will reset your system to the point when you exported the file. Then you can try again.

6. Dump file

When the operation system runs into serious problems, it will save data in memory into a "dump file," which can help technicians diagnose the problem. But this file is useless to general users. In addition, the dump file may disclose sensitive information just as the swap file did. To prohibit the system from creating a dump file, open the Control Panel and double-click System. Then click the Advanced tab and click the "Settings" button under "Startup and Recovery." Select "(none)" for the "Write debugging information" section at the bottom.

Similarly, to swap files, if you have Dr. Watson application installed, it will save debugging information when application programs go wrong. The steps to disable Dr. Watson are to click Start->Run, type "regedit", and click OK. Then, on the left panel, find HKEY_local_machine\software\Microsoft\WindowsNT\ CurrentVersion\AeDebug. Set the "Auto" key value to "0". Then open the folder C:\Documents and Settings\All Users\Shared Documents\DrWatson and delete 'User.dmp' and 'Drwtsn32.log' files.

7. Unnecessary services

For user convenience, Windows XP starts many unnecessary services by default and opens

a back door to potential hacker invasion. If you do not need services like NetMeeting, Remote Desktop Sharing, Remote Desktop Help Session Manager, Remote Registry, Routing and Remote Access (which are used to allow remote connection to your computer), SSDP Discovery Service, Telnet, Universal Plug and Play Device Host, you'd better close them. Open the Control Panel->Administrative Tools->Services. You will find the explanation for the services and their status. To close one service, you need to right click the name of service and select Properties. Then, in the "Startup type" line, choose "manual", then click the "stop" button.

8. Guards against the IPC loophole

IPC is the resource of sharing "named pipes" and are very important for inter-process communication. It is useful when administering a computer remotely or checking a computer's shared resources. We can create a blank connect with the target computer by IPC (account name and password is unnecessary) and obtain its user list. One with ulterior motives can search this user list and make use of some dictionary tools to attack the target tool. Preventive techniques:

1. Forbidding blank connect

Run "regedit", find [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA] change the value of "RestrictAnonymous" to 1.

2. Forbidding administration sharing

Find [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters], Change the value of "AutoShareServer" to 0.