How can I secure WindowsXP?(registry hacks)

[Mordac85]

Yes, I guess i didn't finish that thought. But it seems you read my mind despite that. If you can't trust the tool to do the job, you might as well do it yourself.

I'm not advocating a 24x7 ultra-paranoid position on security, but I wouldn't recommend preben just throw some reg hacks in to secure his system without understanding what's going on. I'm just trying to advocate a more than token gesture at security, to actually understand why you want to change that registry value. The Orange book is definately overkill and trying to protect against a 0-day exploit is unnecessary for most of us, but if you understand what's being changed you can easily decide if it's worth implementing on your system.

Let's say you don't understand why you'd want to use only NTLMv2 and just set it b/c a security guide said so. Depending on your particular situation, it could cause you more grief in the long run. I'll be the first to agree that security can be a time comsuming task, lead to excessive measures (i.e. paranoia) and I agree whole-heartedly that we shouldn't take it too seriously (right? my French is a little rusty). And the major security sites like CERT are still a good place to help keep up to date of the major issues that affect more than just the OS.

[WolfX2]

Hi everyone!!

First of, thank you all for beeing so helpful.

I've been tinkering a bit with registry keys to tune my XP. But that's mostly look and feel.

Do you guys and gals, have any good security related registry hacks to make Windows XP more secure?

I've started by disabling auto-complete, and other basic stuff. But if you have some reg's lying around, please share )

/ Preben

it takes more than just reg hacks

take a look here

[Jeremy]

Get a router, use nLite, install a software firewall, don't use IE, and use your common sense.

[Yzöwl]

Get a router, use nLite, install a software firewall, don't use IE, and use your common sense.

1. How does a router secure your operating system?
   a router configured correctly would only secure the flow of information not the operating system itself
   
2. Is there a button in nLite to press which does that?
   or do you have to know exactly what you want first and implement it yourself
   
3. A software firewall will not really secure your operating system in this setup
   only useful to prevent outgoing information from an already compromised system
   
4. Why not use IE
   can I not secure it as an integral part of the operating system, hence the question
   

[Mordac85]

Yzöwl has some good points to consider.

1. Depending on how much you want to spend on the router, it won't be an entire solution, but a good start at limiting the kind of traffic you allow.

2. This was my point from the beginning. You need to understand what's going on behind the scenes.

3. Firewalls, like routers, are not a panacea. If you don't know what they're doing and open them up too much, they just give you a flase sense of security.

4. IE, or something else, either way it's going to be a potential vulnerability and needs to be configured, just as the OS, to minimize your exposure.

Since you're connecting to the outside world there is always going to be some risk. How to protect your setup best is what you need to figure out. Just blindly clicking a button is never a good security solution and some of the security reg hacks available give you a way to tweak the system even more than the UI allows.

[jftuga]

I agree with one of the previous posters - don't run as administrator. If you must run as admin, then don't run IE. If you must run IE, then at least lower your privileges. This can be accomplished with psexec from sysinternals.com. My IE and Firefox desktop shortcuts look like this:

C:\bin\psexec.exe -l -d "c:\ptogram files\internet explorer\iexplorer.exe"

C:\bin\psexec.exe -l -d "C:\Program Files\Mozilla Firefox\firefox.exe"

(run them as minimized)

This way, I can surf safer (not safely, just safer) with IE because psexec removes your administrative powers. I never use IE except for when a web site will not work properly in Firefox. Even then, I use a Firefox extension called IETab, which will open up a new tabbed window inside of Firefox, but it will actually use the IE engine for rendering, etc.

Hope this helps,

-John

Edited June 26, 2006 by jftuga

[Takeshi]

Like most things it's best not to take up extreme positions. I haven't used the above mentioned security programs but rather than relying on it blindly and not understanding what it does, it's best to read up a bit about security first. Then do whatever is right for your needs. There're registry settings for this and that but they may not be what you really need.

[ripken204]

you should all know by not that IE is crap and is the big vulnerability for a computer. thx to nuhi, nlite will allow you to take IE right out of you install, so no more IE for me

and i recommend a hardware firewall such as a router. thats all i need, a software firewall is the biggest pain in the a** for me, they screw up windows so much and do so little.