XP Security Configuration with no 3rd party Security

[Shooter]

I had a question directed to me since I am a stickler about security
on my system. I run Zone Alarm Pro, a firmware firewall in my router,
Ad Aware, SpyBot S&D, Pest Patrol, Spy Sweeper and NAV 2005. I also
have IE set to block popups and its Internet security set only to
medium since I got all this other stuff taking care of business on the
side. When I told them about what I was doing, they are not at all
interested in dealing with these 3rd party security applications that
I actually like playing with. What we have here are Mom & Pop
computer users that have your basic $399 piece of Taiwanese junk with
the names Gateway, Dell, HP, Compaq, etc. stamped on them making the
unknowing buyer think they are buying American.

Okay, so they all got XP Home SP1 with a few that bought lately and
have SP2. The SP1 people have been told to take their Taiwanese boxes
down to our local builder and have him take on the responsibility of
getting SP2 on their systems and have a working system left over in
the end. Again, these owners would not be able to do this or get
their systems prepared properly for a possible successful SP2 upgrade
so they must pay to have the assurance that it will work or get them
back to a workable SP1 if it doesn’t because all indications are that
these people are eaten up with all sorts of nasties with no way to get
rid of them right now much less the knowledge of how to do so.

So…. In the end, we will have a bunch of Moms & Pops with their little
Taiwanese boxes running XP Home SP2 with nothing more than a 3rd party
antivirus program running on them. The systems will be clean and
current with MS updates. The question is… Without any 3rd party
security applications except for antivirus, how would all of you
configure the security settings in XP IE & OE to take
care of as much of the security load as can be expected from XP
without these 3rd party security applications?

Of course, some educating in Safe Hex will also be offered in order to
configure their minds along with configuring their systems.

Thanks in advance and as always…. Regards,

 

[NoStop]

So…. In the end, we will have a bunch of Moms & Pops with their little
Taiwanese boxes running XP Home SP2 with nothing more than a 3rd party
antivirus program running on them. The systems will be clean and
current with MS updates. The question is… Without any 3rd party
security applications except for antivirus, how would all of you
configure the security settings in XP IE & OE to take
care of as much of the security load as can be expected from XP
without these 3rd party security applications?

Security on a computer is only as strong as the weakest link. The system
you're proposing will not survive the Net no matter what you do with
security settings as you suggest. With what you're proposing, Mom and Pop
shouldn't even bother connecting to the Net, unless they're simply
interested in bringing the system back to you for re-installation on a
regular basis.


--

ø¤º°`°ø,¸¸,ø¤º°`°ø,¸¸,ø¤º°`°ø,¸¸,ø¤º°`°øø¤º°`°ø,¸¸,ø¤º°`°ø
Windows is *NOT* a virus. Viruses are small and efficient.
Tired of the insecurity of your Wintendo box? Update to GNU/Linux
STOP the dummying down of America - Move to a REAL o/s.

 

[Guest]

The default settings in SP2 aren't too bad. Turn on Windows Firewall, and
download and install the Microsoft Anti-Spyware app.

Make sure automatic updates are enabled.

What are they doing about backups? I've seen more losses to non-backed-up
dead hard drives than anything else.

 

[health_wellness]

Since you don't seem to be getting answers to your "specific" question,
let me see if I can help you along (with what you specifically asked).

Since they will be using an antivirus and assuming they are using one
that checks downloads and attachments, that will open up some of the
constraints you could have configured into XP such as disallowing
attachments and downloads and such. You didn't say which antivirus
program and what version so that leaves open as to the level and depth
of the protection offered with that single program so,

Lets start with Internet Explorer/Tools/Internet
Options/Security/Internet Zone:

I usually set that to medium with all the other security stuff running
but since these people will not be running any of the usual security
apps, I would set them to HIGH. They're going to get blocked out of a
lot of sites because of this but better than getting zapped by a dirt
wad.

Goto Internet Explorer/Tools/Internet Options/Security/Privacy and set
that to Medium High.

Goto Internet Explorer/Tools/Popup Blocker and turn that on.

Now goto Outlook Express/Tools/Options/Security and select the
Restricted Site Zone and check the "Warn me when other apps try to send
mail as me". I would also check the "Block Images and other external
content in HTML messages" but that might not be acceptable to them.
People like to see the pretties in their email even if it is filling
them full of questionable code. Also close the preview pane.

In XP, turn on that firewall even though it isn't much, its better than
nothing. Completely Kill of that open door to everything bad
application called messenger. KILL IT! Shoot it in the head and send
it back to Gates where it belongs. Turn on auto updates to
automatically download and install and pray to God that SP3 don't come
out wreck the whole thing.

Don't forget by doing a clean install, all these poor God fearing,
Honest, elderly citizens are going to have to prove to Thug Gates that
they didn't steal his precious software. Or they can use WPA_Kill if
they don't believe in the M$ way of treating its paying customers where
one is considered guilt until they prove they are innocent.

Dude, that's all I can think of because I would never suggest anyone
running XP and its M$ Apps on the Internet without some real security
apps in the background to take up M$'s security slack. But then, I can
see where you are coming from because I come across these Mom and Pop
teams every day and even though they mean well and try hard, they just
are not digital literate. The more security apps you throw on them,
the more mess you are going to end up in the long run.

Hope this helped some,

NIK

 

[Shooter]

Lets start with Internet Explorer

Now goto Outlook Express

In XP

That's exactly what I was asking for.... Thanks a bunch and I do know
that it isn't enough but this is what they requested and that is what
they will get.

Regards,