the Page File at Shutdown
Windows 2000/XP paging file (Sometimes called the Swap File) can
contain sensitive information such as plaintext passwords.
Someone capable of accessing your system could scan that file
and find its information. You can force windows to clear out
In the registry navigate to
ManagerMemory Management and add or edit the DWORD
ClearPageFileAtShutdown. Set it to 1.
Note that when you do this, the system will take much longer to
shut down: a system with a really big Page File (! Gig or more)
may take a minute or two longer.
2. Disable the POSIX and OS/2 Subsystem.
2000 and XP
come with little-documented subsystems it at allow compatibility
with UNIX and OS/2 systems These rues systems are enabled by
default but so rarely used that they are best off bring disabled
completely to prevent possible service hijackings.
To disable these subsystems, open the registry and navigate to
HKEY LOCAL MACHINESYSTEMCurrentControlSetControlSession
ManagerSubSystems. Delete the subkeys Os2 and Posix. then
3. Never leave default
On installation, Windows 2000 sets up an Administrator
account with total
access and prompts for a password. Guess what: by default,
it allows that password to be blank. If a user doesn't
want to type a password, he can simply click Next and the
system will be an open door for anyone who wants to log
on. Always opt for a password of some kind when setting up
the default account on a machine.
Disable the Guest account
comes with a Guest account that's used for limited access,
but it's still possible to do some damage with it. Disable
it completely if you are not using it. Under Control
Panel, select User Accounts, click on Guest Account and
then select Turn Off the Guest Account.
5. Install Windows In a
Windows usually installs itself in the WINDOWS directory.
4 0 and 2000 Will opt for WINNT. Many worms and other rogue
programs assume this to be the case and attempt to exploit those
folders files. To defeat this install Windows to another
directory when you're setting it up - you can specify the name
of the directory during setup. WINDIR is okay; so some people
use WNDWS - A few (not that many) programs may not install
properly if you install Windows to another folder but t hey are
very few and they are far between
6. Fake out hackers with a dummy Administrator account
Since the default account in Windows 2000 is always named
Administrator, an enterprising hacker can try to break into your
system by attempting to guess the password on that account. It
you never bothered to put a password on that account, say your
Rather than be a sucker to a hacker, put a password on the
Administrator account it you haven't done so already. Then
change the name of the Administrator account. You'll still be
able to use the account under its new name, since Windows
identifies user accounts by a back-end ID number rather than the
name. Finally, create a new account named Administrator and
disable it. This should frustrate any would -be break-ins.
You can add new accounts and change the names of existing
accounts in Windows 2000 through the Local Users and Groups snap
in. Right-click on My Computer, select Manager, open the Local
Users and Groups subtree, look in the Users folder and
right-click on any name to rename it. To add a new user,
right-click on the containing folder and select New User.
Finally, to disable an account, double-click it, check the
Account is disabled box and click OK.
Don't ever delete the original Administrator account. Some
programs refuse to install without it and you might have to log
in under that account at some point to setup such
The original Administrator account is configured with a security
ID that must continue to be present in the system.
7. Set the Hosts file to read-only to prevent name
This one's from (and to a degree,
for) the experts. The HOSTS file is a text file that all flavors
of Windows use to hold certain network addresses that never
change. When a network name and address is placed in HOSTS, the
computer uses the address listed there for that network name
rather than performing a lookup (which can take time). Experts
edit this file to place their most commonly-visited sites into
it, speeding things up considerably.
Unfortunately hijackers and hackers also love to put their own
information into it - redirecting people from their favorite
sites to places they don't want to go. One of the most common
entries in HOSTS is local host which is set 1770.0.1. This
refers to the local machine and if this entry is damaged the
computer can behave very unpredictably.
To prevent HOSTS from being hijacked, set it to read-only. Go to
the folder %Systemroot%system32driversetc, right-click on HOSTS,
select Properties check the Read-Only box and click OK. If you
want to add your own entries to HOSTS, you can unprotect it
before doing so, but always remember to set it to read-only
after you're done.
Turn off unneeded Services
Windows 2000 and XP both come with many background
services that don't need to he running most of the time:
Server (If you're running a standalone machine with no
file or printer shares), NetMeeting Remote Desktop
Sharing, Remote Desktop Help Session Manager (the last two
if you're not using Remote Desktop or NetMeeting), Remote
Registry, Routing and
(if you're not using Remote Access), SSDP Discovery
Service, Telnet, and Universal Plug and Play Device Host.
A good resource and instruction on which of these services
can be disabled go to /http://www.blkviper.com/WinXP/
9. Disallow changes to IE
settings through IE
This is another anti hijacker tip. IE can be set so that any
changes to its settings must be performed through the Internet
icon in the Control Panel, rather than through IE's own
interface. Some particularly unscrupulous programs or sites try
to tamper with setting by accessing the Tools, Options menu in
IE. You can disable this and still make changes to IE's settings
through the Control Panel.
Open the Registry and browse to HKEY_CURRENT_USER
SoftwarePoliciesMicrosoftInternet ExplorerRestrictions. Create
or edit a new DWORD value named NoBrowserUptions and set it to 1
(this is a per-user setting). Some third-party programs such as
Spybot Search And Destroy allow you to toggle this setting.
You can also keep IE from having other programs rename its
default startup page, another particularly annoying form of
hijacking. Browse to HKEY.CURRENT USERSoftwarePolicies
MicrosoftInternet ExploreControl Panel and add or edit a DWORD,
Homepage and set it to 1.
10. Disable simple
In Windows XP Professional, the Simple File Sharing mode is
easily exploited, since it抯
a little too easy to share out a file across your LAN (or the
NET at large). To turn it off, go m My Computer, click Tools,
Folder Option and the View tab, and uncheck Use Simple file
sharing (Recommended). Click OK. When you do this you can access
the Security tab in the Properties window for all folders; set
permissions for folders; and take ownership of objects (but not
in XP Home)