Linked by Eugenia Loli-Queru on Thu 2nd Sep 2004 19:56 UTC, submitted by Jon Cooper
"We evaluated the security features of Windows XP SP2 on a test machine, following a clean install of XP Pro with no configuration changes and no third-party software or drivers installed. We installed XP with the NTFS file system, choosing all of the factory defaults, then patched it with each recommended security update including SP-1 (required), before installing SP2." Read the rest at TheRegister.
Permalink for comment
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
3) DHCP: Not needed if you have a static IP address behind your router. This would cause some issues for dial up users. But killing off DHCP is one less service, faster boot and more memory.
Most ADSL router devices are configured to serve DHCP to the inside network out-of-the-box. The DHCP client will also be needed by dialup users.
If the memory used by the DHCP client makes enough difference to your macine to even be noticable, it's time to upgrade.
2) NetBIOS name service. This should be killed.
3) NetBIOS datagram service. This should be killed
4) NetBIOS Session. This should be killed
These are needed to allow simple home peer-to-peer networks.
6) Error Reporting. Kill this off.
No, it should be on because it's useful. I've actually had error reporting tell me a patch was available for an error I was experiencing on more than one occasion.
7) Automatic Update. Experienced users should knock this one off. Most people forget to update their systems period. So, my opioning can go either way depending on the users experience.
Most users are ignorant. It should be enabled by default. I fail to see how anyone could possibly make a reasonable argument as to why it shouldn't be.
10) DHCP Client, needed for dialup and not needed for broadband users behind a router. Set up a static IP address, and dont forget to fill in your DNS server info.
Should be on by default to make setup easier. Most broadband devices serve DHCP to the internal network, making setup a simple affair of simply plugging in the computer. Not to mention things like WiFi. This service is fine to have on by default.
12) NetMeeting Remote Desktop Sharing. Not needed.
15) Remote Access Connection Manager, Not needed.
17) Remote Desktop Help Session Manager.Not needed.
I suspect Remote Assistance uses these and, as such, it should be enabled by default.
21) Secondary Logon. Not needed.
Needed to allow "RunAs" I think you'll find. So, either this has to be enabled, or users have to run as Administrator all the time.
24) Telnet. Not needed.
Uses SSH instead (IE Putty)
It's a telnet *server* not a telnet client. Nevertheless, it shouldn't be on by default on any system.
Dont run as administrator. Because if your run in god-mode and run into some hostile script, that means that the hostile script runs in god-mode / administrator mode. Come on people, its not like you install software every few minutes.
Unfortunately, there's a lot of old (and even new) broken software that won't run (or won't run correctly) without Admin privileges. Often this is because a) they try to write to files in the program directory and/or b) they try to write to the system-wide parts of the registry.
Also, don't forget, if you disable that Secondary Logon service you probably won't be able to start applications as an Administrator for things like installation.