Make your Windows XP Secure … and faster

While Windows 7 is getting a rave review (unlike Vista) and more and more users are migrating to Windows 7, Windows XP continues to be prevalent. So as 2010 rings in, here are some tips and tweaks to make your Windows XP secure and faster.

 

1) Disable unnecessary services

 

Windows XP by default automatically starts many services which are not required by normal users.  Most of these slow down your system, while some of these also expose your PC to certain vulnerabilities.

 

Apart from this at various points of time you would have installed some software to try it out and then uninstalled it.  Many a time, such software makes some settings which will automatically start certain services which will continue to remain so even after you have uninstalled the software.

 

To identify the services that are running on your PC, immediately after booting your system (and before you start using any programs such as MS Office or any browser), go to “Start” – “Control Panel” – “Administrative Tools” – “Services”.  Click on the 4th column “Startup Type” to sort the entries based on Startup Type and look at all the services that are set to start automatically i.e. where the Startup Type is set as “Automatic”.

 

Review this critically – read its description, google it, and if you are sure that you do not want this service to start automatically, then right-click on the service, stop it if it is running currently, and then under “Properties” change the Startup Type to “Manual”.  Once you have identified and stopped unnecessary services from starting up automatically, you will see a definite improvement in the speed of your PC.

 

A good reference point is this article –
https://www.jasonn.com/turning_off_unnecessary_services_on_windows_xp – where each service has the author’s take on it’s requirement.  You can also check out a detailed listing of Windows XP services at https://www.blackviper.com/WinXP/servicecfg.htm.

 

From the security point of view, the following services may be disabled or changed to “manual” if not required by any specific operational requirement:

 

a) IIS – This service is required only if you are using your PC as a webserver.  Else this can be disabled.
b) NetMeeting Remote Desktop Sharing – Not required if you are not using NetMeeting to allow remote desktop access.
c) Remote Desktop Help Session Manager – Not required if you are not using the Remote Assistance feature.
d) Remote Registry – enables remote users to modify registry settings on your computer.  Disable this.
e) Routing and Remote Access – This service provides the ability to use your system as a router, NAT device, dialup access gateway, and a VPN server.  If your PC is not used for any of these purposes, it is better to disable this service.
f) Telnet – enables a remote user to log on to the system and run programs.  Should be disabled.
g) Messenger – This is not connected to the Windows Messenger instant messaging client, and is an internal service that is normally not required for a regular PC.

 

 

2) Apply a password to the Guest Account and then disable it

 

A basic security measure is to disable Guest Account.  By default the Guest Account is active and has a blank password.  An additional protection measure to prevent unauthorised access of your computer via Guest Account is to set a password for this account before disabling it.  This will ensure that even if a malware / virus is able to “enable” the guest account, it cannot be used without the proper credentials.

 

 

3) Frequently monitor the startup entries

 

Check the applications that are configured to start automatically by using MSCONFIG.  MSCONFIG is a System Configuration Utility built into Windows. To use MSCONFIG – go to “Start”- “Run” and type “msconfig”. The second last tab will be “Startup” which will list all the applications that are configured for starting up when the system boots.

 

The MSCONFIG utility, however does not have an option to delete the entries. The entry which you’ve unchecked a long time back may still show up, while the application may have been uninstalled already. To remove the invalid entries in the System Configuration utility, you need to edit the registry or use a third-party utility like CCleaner.

 

Also note that the MSCONFIG utility will not list applications loaded in all possible startup locations. Most other entry points are hidden and unknown to the end-user, and will require a third-party tool to detect and list.  One such tool is “Windows Defender” (included by default in Windows Vista) which can be downloaded from the Microsoft site

(https://www.microsoft.com/windows/products/winfamily/defender/default.mspx). 
Another freeware utility that is very useful is “Autoruns” available at https://technet.microsoft.com/hi-in/sysinternals/bb963902(en-us).aspx

 

4) Encrypt your Important Files

 

Windows XP Professional contains a built-in file encryption utility which can make your essential data inaccessible to anyone who does not possess the correct user name and password.

 

To encrypt your data, right click a file or folder you wish to encrypt and choose ‘properties’. Then click the ‘advanced’ button at the bottom.

 

Check the ‘encrypt contents to secure data’ button to encrypt your file or folder. Hit ‘ok’ to confirm. You’ll notice the icon text has changed to green to indicate that the file is encrypted.

 

If you wish to allow certain other users access to the file or folder, right click the encrypted file again, choose ‘properties’ and ‘advanced’ then hit the ‘details’ button at the bottom of the screen.

 

Under the ‘users who can transparently access this file’ heading, use the ‘add’ button to add any users you want to allow access to.

 

Note that files and folders are encrypted using a numerical key derived from the unique SID (Security IDentifier) number assigned to each XP user account. This means that you MUST un-encrypt your files if you plan to either delete your user or re-install WindowsXP. Even if you create a new user with the same name and password, they will not be able to access the files.

 

Only the original creator and users they designate can open encrypted documents.

 

 

Before I end, here are the usual disclaimers – take full backups, have a system restore point, be very careful before meddling with registry keys or system configurations, blah, blah, blah 🙂

 

That is it for this blog.  Have a Happy & Secure 2010.

 

Comments are closed.