Linked by Eugenia Loli-Queru on Thu 2nd Sep 2004 19:56 UTC, submitted by Jon Cooper
"We evaluated the security features of Windows XP SP2 on a test machine, following a clean install of XP Pro with no configuration changes and no third-party software or drivers installed. We installed XP with the NTFS file system, choosing all of the factory defaults, then patched it with each recommended security update including SP-1 (required), before installing SP2." Read the rest at TheRegister.
Permalink for comment
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Well, some folks disagree with the author and to some extent, I do as well.
1)Javascript: needed otherwise most web pages wont work.
2) DNS: No one wants to remember IP address
3) DHCP: Not needed if you have a static IP address behind your router. This would cause some issues for dial up users. But killing off DHCP is one less service, faster boot and more memory.
Services that MS should kill or limit access (home users):
1) DCE there is no way to disable it from listening that I have found. This would be port 135, and no, do confuse this with net-bios.
2) NetBIOS name service. This should be killed.
3) NetBIOS datagram service. This should be killed
4) NetBIOS Session. This should be killed
4a) It shold be noted that if you do not diable netbios completely, it will default to port 445 (raw).
5) Microsoft-ds. Kill this service (not for home)
6) Error Reporting. Kill this off.
7) Automatic Update. Experienced users should knock this one off. Most people forget to update their systems period. So, my opioning can go either way depending on the users experience.
8) ClipBook. diable
9) DCOM Server Process Launcher. Not needed or killed.
10) DHCP Client, needed for dialup and not needed for broadband users behind a router. Set up a static IP address, and dont forget to fill in your DNS server info.
11) DNS Client, needed.
12) NetMeeting Remote Desktop Sharing. Not needed.
13) Network DDE, disabled. Not needed.
14) Network DDE DSDM, disabled. Not needed.
15) Remote Access Connection Manager, Not needed.
17) Remote Desktop Help Session Manager.Not needed.
18) Remote Procedure Call (RPC), Not needed. No way to disable it without disabling your system. DO NOT TOUCH THIS OR YOU WILL BREAK YOU SYSTEM, IT WILL NOT BOOT IF YOU DISABLE THIS SERVICE.
19) Remote Registry. Not needed.
20) Routing and Remote Access. Not needed.
21) Secondary Logon. Not needed.
22) SSDP Discovery Service (UPnP discovery). Not needed.
23) TCP/IP NetBIOS Helper, Not needed.
24) Telnet. Not needed.
Uses SSH instead (IE Putty)
25) Universal Plug and Play Device Host, Not needed.
26) WebClient, automatic Not needed.
27) Additionally, DCOM (Distributed COM). Not needed.
These are not all the services. User will find wireless connections working when they dont even have a wireless card and more.
Windows is easy to setup because ever service is turned on, that would be the problem.
Other things that the author neglected to mention due to the scope of the article:
1) Change web browsers Examples: Mozilla, Firefox, kmeleon. IE is a virus/spyware magnet.
www.mozilla.org for mozilla or firefox
www.kmeleon.org for kmeleon.
2) Dont run as administrator. Because if your run in god-mode and run into some hostile script, that means that the hostile script runs in god-mode / administrator mode. Come on people, its not like you install software every few minutes.
3) Get a real firewall w/virus protection. Virus protection via Norton, McAfee, Sophous. Firewalls: Sygate, Norton, McAfee. Eventually when, MS comes out with their virus product, do yourselves a favor, buy one. Just like their firewall, it wont be comprehensive.
4) Dont use Windows Media Player, numerous expolits and we cannot forget about that all important sypware that is attached, which lookups your fav, music and videos on the internet for you.
MS specializes in OS not firewalls/virus software. The vendors above cater to this market for corp and home users. Dont depend on defaults.
A good place to start for some replacements is:
http://gnuwin.epfl.ch/en/
Putty, Media players and on and on. Games too, BZFlag, GLTron (fun games). Hey, Open Source is darn awesome.
As a final note, this is for the home user. Many users might have a Lan (or speical needs) in their home and want file/print sharing, Understood. To repeat, this is for the home user with 1 pc.
Before disabling any service, realize what that service is really supposed to do. Yes, I know, most people want to click and go... Well, thats why most users wind up with problems, viri, root kits and the list goes on. These are general guidelines. Understand the service and ports that you use before you disable them otherwise your system wont work the way it is supposed to.