How to Secure Windows XP for internet access
The task: To install Windows XP out of the box and apply as much security as possible for accessing the internet.
Note 1: A friend who was about to give up on XP kindly donated his PC for this exercise. The PC in question has for a long time been unstable and has never been connected to the internet. So apart from some hardware tweaks and software tests to ensure system stability before carrying out this exercise, the following is an exact list of everything I did to this PC.
Note 2 : The version of XP used during this exercise was Home Edition with Service Pack 1.
Ok. Let us begin.
- Insert XP installation CD and install as normal
- Make sure you have Service Pack 1 to install or a really fast internet connection to download it
- Chose NTFS for hard disk format
- Once Windows is installed make sure all device drivers are installed unless you plan to use the Microsoft certified ones
- Setup and configure your internet access making sure you enable the Internet Connection Firewall
- Connect to your ISP
- Activate Windows
- Run Windows update and install all critical updates. You may want to select a bunch at a time, say 5MBs worth max if accessing the internet via dial-up. This will reduce problems like loss of connection during downloading
- Install the latest version of Direct X if more recent than the installed version
- Install any other non-critical updates you may require such as Media Player
- Install Zone Alarm and configure
- Install AntiVirus software (I installed AVG as it was free and my friend did not have a subscription to another AntiVirus tool)
- Install Ad-aware
- Install Spybot
- Uninstall Windows Messenger if you do not use it
Once you have installed all the software you need, carry out the following:
- Run Ad-aware and remove any files it identifies as suspicious. Its amazing what you can get from just installing and upgrading XP.
- Run Spybot and remove any suspicious files/programs it identifies.
- Run your AntiVirus software
The following is to make your PC a bit more secure if you use the internet.
- If you are using Microsoft Outlook Express to access your email then take time to go through the configurable options and set them up to meet your requirements. Switch off Auto Preview by selecting View>Layout and remove the X from Show preview pane.
- Do not use the My Documents folder. Create your own document folder such as 'Pauls Documents' and use that to store all the documents you work on.
- Go to START>Run and run msconfig. Check that no applications run at startup that you are not expecting to run.
- If you are not on a LAN that requires you to message other users with pop-ups then you should really stop a process called Messenger Service on your PC. (Not related to Windows Messenger). To stop it in XP go to your Control Panel and then Performance and Maintenance. Click on Administrative Tools then Services. Find Messenger Service and double-click it. Select 'stop' and change Startup Type to 'Disabled'.
- Make Internet Explorer more secure. Go to the Tools menu and select Internet Options, Security and then Internet Zone. Select 'Custom Level' and set the following to 'Prompt':
- Download Signed ActiveX controls
- Run ActiveX controls and plug-ins
- Script ActiveX controls marked safe for scripting
Set the following to 'Disable'.
- Download unsigned ActiveX controls
- Initialise and Script ActiveX controls not marked as safe
Once you have completed the above you will find as you access the internet that Zone Alarm will prompt you asking you if you want to allow a particular program access to the internet. If you do not know what the program does you can always say no and if another program stops working because of this you can revise your original decision later. If you know exactly what that program does you can tell Zone Alarm to remember your decision so you are never prompted again.
If you configured Internet Explorer to be more secure you will get a fair few pop-ups asking you if you want to run an ActiveX component or if you want to install a program from a web page. It can get annoying, and if you wish you can undo these settings. However, it may be worth putting up with these pop-up requests in order for control of what gets installed on your PC while you surf being in your hands.
If you have any feedback regarding this article, or you have a suggestion for a new article, or just want to say thanks for the info then feel free to drop me an email at firstname.lastname@example.org.
Article date: 19-Oct-2003