RonTheCon
2006-05-28, 03:31
Solve Security Issues in Windows XP
by Ron
WARNING: Please create a system restore before even thinking about doing this tutorial. To run a system restore click on Start > Program > Accessories > System Tools > System Restore > Create a Restore Point.
Sorry for all the people that have XP Home and not the Pro version. Turns out if you give Microsoft more money they will include more security features in the Microsoft OS, but won't turn them on because they are *******s lol. Anyways, all the Categories for each listing says if it's for XP Pro Only or XP Home/Pro which means for both.
One last note: All these categories have been tested on numerous computers of mine, my parents, and a few friends. They all work if executed correctly. Please be very careful. Also, if you don't understand something such as why blah blah could be a vulnerability in your computer, then just google it. Such as for ICMP. Go to google.com and search for ICMP Vulnerabilities and click on oneof the links and read it. It's that simple! :) Now for the tutorial.
-> First Step is to Backup Registry - XP Home/Pro
Go to Start > Run > regedit > Right click on My Computer > Export
Call the file Registry_backup and save it some place you remember. Such as... In a folder on the desktop called My Stuff or something.
Click Save and now you have a backup of your entire computer's registry!
-> Network Connection Security - XP Home/Pro
Go to Start > Settings > Control Panel > Network Connections > Right click on Local Area Connection 2 > Click on Properties.
On the General Tab, uncheck every checkbox except for Internet Protocol (TCP/IP).
Now click on Internet Protocol (TCP/IP) and click on Properties.
On the General tab, click on Advanced at the bottom. Advanced TCP/IP Settings should pop up.
Click on the Options tab, then click on TCP/IP Filtering and click on Properties.
Uncheck Enable TCP/IP Filtering (All Adapters).
-> Closing ICMP Protocol and a few others - XP Home/Pro
Go to Start > Run > regedit > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Tcpip > Click on Parameters, but do not click on the +.
Double click on EnableICMPRedirect, which is on the right hand pane when you have clicked on Parameters.
Once you double click on EnableICMPRedirect, change its value to 0.
Make sure to also change the values of EnableDeadGWDetect, EnablePMTUDiscovery, and PerformRouterDiscovery to 0.
While you're in Parameters, make sure to change the values of EnableDeadGWDetect, EnableSecurityFilters, and NoNameReleaseOnDemand to 1.
-> Closing DCOM Protocol - XP Home/Pro
Go to Start > Run > regedit > HKEY_LOCAL_MACHINE > Software > Microsoft > Ole
Double click on EnableDCOM and set it to N. If the key doesn't exist, then create it by right clicking and clicking on New > String Value. Click on the new one you just made and press F2 to rename it to EnableDCOM.
Go to HKEY_LOCAL_MACHINE > Software > Microsoft > Rpc
Double click on DCOM Protocols and remove ncacn_ip_tcp only!
Go to HKEY_LOCAL_MACHINE > system > CurrentControlSet > Services > Dnscache > Parameters and double click on MaxCachedSockets and change its value to 0. If it doesn't exist, create one by right clicking and clicking on New > DWORD Value. Click on the new one you just made and press F2 to rename it to MaxCachedSockets.
Go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > NetBT > Parameters and click on SmbDeviceEnabled (REG_DWORD) and set its value to 0. If it doesn't exist, create one by right clicking and clicking on New > DWORD Value. Click on the new one you just made and press F2 to rename it to SmbDeviceEnabled.
-> Tightening "Restrict Anonymous" Holes - XP Home/Pro
Go to Start > Run > regedit > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Click on Lsa, but do not click on the +.
Double click on restrictanonymous and change it to 2.
Double click on restrictanonymoussam and change it to 1.
-> LanMan - XP Home/Pro
Go to Start > Run > regedit > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > lanmanserver > Parameters.
Double click on NullSessionPipes and erase everything in it.
Double click on NullSessionShares and erase everything in it.
Click on lanmanworkstation and do the same if there is NullSessionPipes and NullSessionShares.
Make 2 new keys in lanmanserver (not lanmanworkstation) by right clicking on Parameters > New > DWORD Value > Change its name to AutoShareServer and make the other one AutoShareWks. Both their values should be set to 2.
-> User Accounts - XP Pro Only
By default, the Guest account password is blank. Make it something difficult, such as a combination of letters and numbers, preferably not based on dictionary words.
Go to Start > Settings > Control Panel > Administrative Tools > Computer Management > Local Users and Groups > Highlight User Account > right-click and click on Set Password.
Remove/Delete any unused accounts, especially any 'remote assistance' accounts.
Disable the Guest account since you can't delete it.
Go to Start > Settings > Control Panel > Administrative Tools > Local Security Policy > Local Policies > Security Options Account > Rename Guest Account - Double click and rename the account to something weird like Fa98sasjd9as (this is where the weirdo leet language comes into play, but only here).
-> Remote Machines - XP Pro Only
If you do not need to connect to your computer from a remote machine, be sure to turn this off.
Go to Control Panel > Administrative Tools > Local Security Policy > Local Policies > User rights Assessment > "Access this computer from the network" and then delete all users and groups. This should now be blank.
Click on "Deny access to this computer from the network" - this should include all users and groups. Double click on the policy, click Add User or group, click Advanced, click Find Now, highlight all the accounts and click OK.
Under System Properties > Remote > Turn off Remote Desktop and Remote invitations
-> Change Remote Scheduled Tasks - XP Home/Pro
Instead of having to wait for the remote scheduled tasks, which is useless information to anyone who is not a system administrator remotely configuring scheduled tasks, you can disable this feature.
Go to Start > Run > regedit > HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion > Explorer > RemoteComputer > NameSpace
In the NameSpace folder you will find two entries. One is "{2227A280-3AEA-1069-A2DE-08002B30309D}" which tells Explorer to show printers shared on the remote machine. The other, "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}", tells Explorer to show remote scheduled tasks. This is the one that you should delete.
If you have no use for viewing remote shared printers and are really only interested in shared files, consider deleting the printers key, "{2227A280-3AEA-1069-A2DE-08002B30309D}", as well. This will also boost your browsing speed.
-> Disable Posix and OS/2 - XP Home/Pro
DO NOT USE REGEDIT! Go to Start > Run > regedt32
Find HKEY_local_machine\system\currentcontrolset\Control\Session Manager\SubSystems
Click on SubSystems Folder, but don't click on the Plus button, just click on the folder.
Double click on the multistring called Optional in the right-hand pane. By default, the multistring's value will be POSIX;
Delete that value and leave the space empty, but don't delete the Optional multistring.
-> Firefox, an alternative to Internet Explorer - XP Home/Pro
This program is the best web browser on the internet and clears soooo many holes by using this browser instead. Plus it has many positives and few negatives, while Internet Explorer has many negatives and few positives.
-> Disable Crappy Services we don't need - XP Home/Pro
Open up services.msc by going to Start > Run > "services.msc" without the quotation marks. Disable the following services and click on the button Stop if they are running.
Automatic Updates - Though, you still need to do windows updates, but you don't need a process running all the time, slowing down your computer. Just do it by hand by going here.
Alerter
Clipbook
Computer Browser
Error Reporting Service
FTP Publishing
Help and Support - Put this on manual
Human Interface Device Access - This is recommended for people with usb mouse or keyboard, without it, it wont work!
Indexing Service
Messenger
NetMeeting Remote Desktop Sharing
Network DDE
Network DDE DSDM
Performance Logs and Alerts
Protected Storage - This saves passwords. You should never save passwords, but leave this on incase you still do. Evenif it does leave secuirty holes and your passwords up for grabs...
Remote Desktop Help Session Manager
Remote Registry
Routing and Remote Access
Secondary Logon
Security Accounts Manager
SSDP Discovery Service
Telnet
Universal Plug and Play Device Host
-> REBOOT YOUR COMPUTER
Once brought back up do the following:
Check to see if your internet works.
Check to see if you can have other programs connect to the internet.
If you can't, then post in this topic for help. I'll be able to figure your problem and help you find a solution.
-> Windows Updates - XP Home/Pro
I can't stress this enough. You NEED to do windows updates. Microsoft sucks so much, but everytime they issue out a patch or whatever, download it immediately. Every now and then just check for Windows Updates by clicking here (http://update.microsoft.com/windowsupdate/) or going to your Start Menu and clicking on Windows Updates right above Programs. If there are any updates to install, download and install them, and then reboot your computer.
Don't be lazy.
Don't be late.
Keep your Computer, up to date.
-> Run Online Security Checks - XP Home/Pro - Use IE for this only. Sorry Firefox fans.
Hacker Whacker's Sweet Security Scans (http://www.hackerwhacker.com)
GRC - Shields Up (https://www.grc.com/x/ne.dll?bh0bkyd2)
Emsisoft's Security Checks (http://onlinecheck.emsisoft.com/en)
Sygate Tech's Security Checks (http://scan.sygatetech.com/)
TrendMicro's Online Virus Scan (http://housecall.trendmicro.com/)
Hacker Watch's Test Your Firewall (http://www.hackerwatch.org/probe/)
Aftermath: YAY! Your computer should be much faster, much safer, and just much much better! Tell all those pesky hackers to **** off! Great job, and I hope to add more security tweaks in this topic. The changelog for this tutorial is in the next post. Once again. Great job! :bigthumb:
- - - - - - - - - - - - - - - - - - - - -
Want to Tweak your computer even more? Click Here (http://www.tweakxp.com).
Note: Some tweaks were from the website I just mentioned. Although almost all of them (95%) are from users on their forums. They haven't been tested completely and are written like crap. These tweaks are the best working ones for overall computers and so far I have gotten no issues with them.
~Ron :)
by Ron
WARNING: Please create a system restore before even thinking about doing this tutorial. To run a system restore click on Start > Program > Accessories > System Tools > System Restore > Create a Restore Point.
Sorry for all the people that have XP Home and not the Pro version. Turns out if you give Microsoft more money they will include more security features in the Microsoft OS, but won't turn them on because they are *******s lol. Anyways, all the Categories for each listing says if it's for XP Pro Only or XP Home/Pro which means for both.
One last note: All these categories have been tested on numerous computers of mine, my parents, and a few friends. They all work if executed correctly. Please be very careful. Also, if you don't understand something such as why blah blah could be a vulnerability in your computer, then just google it. Such as for ICMP. Go to google.com and search for ICMP Vulnerabilities and click on oneof the links and read it. It's that simple! :) Now for the tutorial.
-> First Step is to Backup Registry - XP Home/Pro
Go to Start > Run > regedit > Right click on My Computer > Export
Call the file Registry_backup and save it some place you remember. Such as... In a folder on the desktop called My Stuff or something.
Click Save and now you have a backup of your entire computer's registry!
-> Network Connection Security - XP Home/Pro
Go to Start > Settings > Control Panel > Network Connections > Right click on Local Area Connection 2 > Click on Properties.
On the General Tab, uncheck every checkbox except for Internet Protocol (TCP/IP).
Now click on Internet Protocol (TCP/IP) and click on Properties.
On the General tab, click on Advanced at the bottom. Advanced TCP/IP Settings should pop up.
Click on the Options tab, then click on TCP/IP Filtering and click on Properties.
Uncheck Enable TCP/IP Filtering (All Adapters).
-> Closing ICMP Protocol and a few others - XP Home/Pro
Go to Start > Run > regedit > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Tcpip > Click on Parameters, but do not click on the +.
Double click on EnableICMPRedirect, which is on the right hand pane when you have clicked on Parameters.
Once you double click on EnableICMPRedirect, change its value to 0.
Make sure to also change the values of EnableDeadGWDetect, EnablePMTUDiscovery, and PerformRouterDiscovery to 0.
While you're in Parameters, make sure to change the values of EnableDeadGWDetect, EnableSecurityFilters, and NoNameReleaseOnDemand to 1.
-> Closing DCOM Protocol - XP Home/Pro
Go to Start > Run > regedit > HKEY_LOCAL_MACHINE > Software > Microsoft > Ole
Double click on EnableDCOM and set it to N. If the key doesn't exist, then create it by right clicking and clicking on New > String Value. Click on the new one you just made and press F2 to rename it to EnableDCOM.
Go to HKEY_LOCAL_MACHINE > Software > Microsoft > Rpc
Double click on DCOM Protocols and remove ncacn_ip_tcp only!
Go to HKEY_LOCAL_MACHINE > system > CurrentControlSet > Services > Dnscache > Parameters and double click on MaxCachedSockets and change its value to 0. If it doesn't exist, create one by right clicking and clicking on New > DWORD Value. Click on the new one you just made and press F2 to rename it to MaxCachedSockets.
Go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > NetBT > Parameters and click on SmbDeviceEnabled (REG_DWORD) and set its value to 0. If it doesn't exist, create one by right clicking and clicking on New > DWORD Value. Click on the new one you just made and press F2 to rename it to SmbDeviceEnabled.
-> Tightening "Restrict Anonymous" Holes - XP Home/Pro
Go to Start > Run > regedit > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Click on Lsa, but do not click on the +.
Double click on restrictanonymous and change it to 2.
Double click on restrictanonymoussam and change it to 1.
-> LanMan - XP Home/Pro
Go to Start > Run > regedit > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > lanmanserver > Parameters.
Double click on NullSessionPipes and erase everything in it.
Double click on NullSessionShares and erase everything in it.
Click on lanmanworkstation and do the same if there is NullSessionPipes and NullSessionShares.
Make 2 new keys in lanmanserver (not lanmanworkstation) by right clicking on Parameters > New > DWORD Value > Change its name to AutoShareServer and make the other one AutoShareWks. Both their values should be set to 2.
-> User Accounts - XP Pro Only
By default, the Guest account password is blank. Make it something difficult, such as a combination of letters and numbers, preferably not based on dictionary words.
Go to Start > Settings > Control Panel > Administrative Tools > Computer Management > Local Users and Groups > Highlight User Account > right-click and click on Set Password.
Remove/Delete any unused accounts, especially any 'remote assistance' accounts.
Disable the Guest account since you can't delete it.
Go to Start > Settings > Control Panel > Administrative Tools > Local Security Policy > Local Policies > Security Options Account > Rename Guest Account - Double click and rename the account to something weird like Fa98sasjd9as (this is where the weirdo leet language comes into play, but only here).
-> Remote Machines - XP Pro Only
If you do not need to connect to your computer from a remote machine, be sure to turn this off.
Go to Control Panel > Administrative Tools > Local Security Policy > Local Policies > User rights Assessment > "Access this computer from the network" and then delete all users and groups. This should now be blank.
Click on "Deny access to this computer from the network" - this should include all users and groups. Double click on the policy, click Add User or group, click Advanced, click Find Now, highlight all the accounts and click OK.
Under System Properties > Remote > Turn off Remote Desktop and Remote invitations
-> Change Remote Scheduled Tasks - XP Home/Pro
Instead of having to wait for the remote scheduled tasks, which is useless information to anyone who is not a system administrator remotely configuring scheduled tasks, you can disable this feature.
Go to Start > Run > regedit > HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion > Explorer > RemoteComputer > NameSpace
In the NameSpace folder you will find two entries. One is "{2227A280-3AEA-1069-A2DE-08002B30309D}" which tells Explorer to show printers shared on the remote machine. The other, "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}", tells Explorer to show remote scheduled tasks. This is the one that you should delete.
If you have no use for viewing remote shared printers and are really only interested in shared files, consider deleting the printers key, "{2227A280-3AEA-1069-A2DE-08002B30309D}", as well. This will also boost your browsing speed.
-> Disable Posix and OS/2 - XP Home/Pro
DO NOT USE REGEDIT! Go to Start > Run > regedt32
Find HKEY_local_machine\system\currentcontrolset\Control\Session Manager\SubSystems
Click on SubSystems Folder, but don't click on the Plus button, just click on the folder.
Double click on the multistring called Optional in the right-hand pane. By default, the multistring's value will be POSIX;
Delete that value and leave the space empty, but don't delete the Optional multistring.
-> Firefox, an alternative to Internet Explorer - XP Home/Pro
This program is the best web browser on the internet and clears soooo many holes by using this browser instead. Plus it has many positives and few negatives, while Internet Explorer has many negatives and few positives.
-> Disable Crappy Services we don't need - XP Home/Pro
Open up services.msc by going to Start > Run > "services.msc" without the quotation marks. Disable the following services and click on the button Stop if they are running.
Automatic Updates - Though, you still need to do windows updates, but you don't need a process running all the time, slowing down your computer. Just do it by hand by going here.
Alerter
Clipbook
Computer Browser
Error Reporting Service
FTP Publishing
Help and Support - Put this on manual
Human Interface Device Access - This is recommended for people with usb mouse or keyboard, without it, it wont work!
Indexing Service
Messenger
NetMeeting Remote Desktop Sharing
Network DDE
Network DDE DSDM
Performance Logs and Alerts
Protected Storage - This saves passwords. You should never save passwords, but leave this on incase you still do. Evenif it does leave secuirty holes and your passwords up for grabs...
Remote Desktop Help Session Manager
Remote Registry
Routing and Remote Access
Secondary Logon
Security Accounts Manager
SSDP Discovery Service
Telnet
Universal Plug and Play Device Host
-> REBOOT YOUR COMPUTER
Once brought back up do the following:
Check to see if your internet works.
Check to see if you can have other programs connect to the internet.
If you can't, then post in this topic for help. I'll be able to figure your problem and help you find a solution.
-> Windows Updates - XP Home/Pro
I can't stress this enough. You NEED to do windows updates. Microsoft sucks so much, but everytime they issue out a patch or whatever, download it immediately. Every now and then just check for Windows Updates by clicking here (http://update.microsoft.com/windowsupdate/) or going to your Start Menu and clicking on Windows Updates right above Programs. If there are any updates to install, download and install them, and then reboot your computer.
Don't be lazy.
Don't be late.
Keep your Computer, up to date.
-> Run Online Security Checks - XP Home/Pro - Use IE for this only. Sorry Firefox fans.
Hacker Whacker's Sweet Security Scans (http://www.hackerwhacker.com)
GRC - Shields Up (https://www.grc.com/x/ne.dll?bh0bkyd2)
Emsisoft's Security Checks (http://onlinecheck.emsisoft.com/en)
Sygate Tech's Security Checks (http://scan.sygatetech.com/)
TrendMicro's Online Virus Scan (http://housecall.trendmicro.com/)
Hacker Watch's Test Your Firewall (http://www.hackerwatch.org/probe/)
Aftermath: YAY! Your computer should be much faster, much safer, and just much much better! Tell all those pesky hackers to **** off! Great job, and I hope to add more security tweaks in this topic. The changelog for this tutorial is in the next post. Once again. Great job! :bigthumb:
- - - - - - - - - - - - - - - - - - - - -
Want to Tweak your computer even more? Click Here (http://www.tweakxp.com).
Note: Some tweaks were from the website I just mentioned. Although almost all of them (95%) are from users on their forums. They haven't been tested completely and are written like crap. These tweaks are the best working ones for overall computers and so far I have gotten no issues with them.
~Ron :)