PDA

View Full Version : Tools for Hardening Windows XP


purple_minion
03-13-2009, 05:54 PM
I have used Samurai in the past but recently came across it again. For anyone interested in hardening their windows xp against big brother/hackers/virus's these are worth a look.

http://www.sniff-em.com/hardenit.shtml
http://download.cnet.com/Samurai/3000-2092_4-10633655.html
http://www.sniff-em.com/secureit.shtml
http://www.majorgeeks.com/xpy_d4218.html

nonchalant
03-14-2009, 12:09 AM
Good post. Im always on the lookout for programs/ideas that I can incorporate into a freshly formatted PC to keep my customers out of trouble. Perhaps we could add some more posts to this thread that cover similar tricks/ideas to increase security and save the customer from themselves? Im going to incorporate a couple of these programs into a couple of builds I have on the go atm where the customer seems to always get themselves infected with something or another.

Couple of things to be wary of though -

According to comments on Samurai it 'contained a password stealing trojan(Trojan-PWS.Win32.QQPass.pb) according to the Ikarus antivirus scanner'.

Also though I could see how some users could benefit from xpy I dont think most of my customers would want MS updates & IE disabled.

purple_minion
03-14-2009, 01:17 AM
Good post. Im always on the lookout for programs/ideas that I can incorporate into a freshly formatted PC to keep my customers out of trouble. Perhaps we could add some more posts to this thread that cover similar tricks/ideas to increase security and save the customer from themselves? Im going to incorporate a couple of these programs into a couple of builds I have on the go atm where the customer seems to always get themselves infected with something or another.

Couple of things to be wary of though -

According to comments on Samurai it 'contained a password stealing trojan(Trojan-PWS.Win32.QQPass.pb) according to the Ikarus antivirus scanner'.

Also though I could see how some users could benefit from xpy I dont think most of my customers would want MS updates & IE disabled.

Well you could go back and reenable the updates. I installed all of them and it does even change the look and feel. They all give you options of what you want or don't want to do. xpy gives you a whole list that you can check box what you want to do, it even comes up when you click apply with a warning to not just blindly apply all but to go through them all.

As for the trojan... well it does a lot of powerful stuff and I've seen even tools on my usb drive for computer repair flag avira.
Here (http://www.virustotal.com/analisis/3d1f1cdc0e550278a562f3aa0b8ed36e) is where I uploaded the executable to virustotal. The big AV's say it's clean. You cannot rely on just one av software, unfortunately you can't run more then one at a time on your computer, but for files virustotal rocks.

aircave
03-16-2009, 12:30 AM
Nice post. I'll contribute... But I can't post links yet.

BugOff - softpedia
SafeXP - majorgeeks
Security and Privacy Complete - Sourceforge

purple_minion
03-16-2009, 12:45 AM
Nice post. I'll contribute... But I can't post links yet.

BugOff - softpedia
SafeXP - majorgeeks
Security and Privacy Complete - Sourceforge

I think I've seen SafeXP but no the others. Good find.

PatrickB
03-16-2009, 03:31 AM
Thank you for the links purple minion.

Without further comments, I would be hesitant to try the BugOff or SafeXP since their development has been inactive for a few years. Windows may have already fixed what they fix. Any thoughts here?

Also, I would highly recommend adding the Web Of Trust add-on (http://www.mywot.com/) to Firefox or IE. If a site is known as a bad site, it is automatically blocked -- unless you click on the override button. This is more responsive to changes in websites than McAfee's SiteAdvisor (http://www.siteadvisor.com/). There is also the NetCraft anti-phishing toolbar: http://toolbar.netcraft.com/.

I would not dream of surfing without the Firefox add-on: No-Script (http://noscript.net/). Even if you allow scripts globally, this add-on will protect you from click-jacking. With it, the user is protected from websites that may have malicious scripts that do bad things just by arriving at a website.

I also find the FF add-on: SSL Blacklist (http://codefromthe70s.org/sslblacklist.aspx) a useful to help protect from fake https websites. Users can feel a little more confident that their bank website really is their bank website.

The best thing to do is to set computers to use OpenDNS (http://www.opendns.com/). This uses the OpenDNS DNS servers instead of the ISP's so that known malicious websites are automatically blocked. If you sign up for a free account, you can customize it to block classes of sites, such as porn or social networking. You can also whitelist specific sites. Of course, if your customer manages their own DNS server, it would be best to leave DNS up to them. This system stays current on its own and does not require the constant importing of Hosts file entries. It also leaves your Hosts file with its default 1 entry so that the Windows DNS Client does not have tens of thousands to go through every time you click a link.

The four highlighted above go on every computer.

-- Patrick B.

nonchalant
03-16-2009, 02:37 PM
Online Armour is a free firewall that has an intelligent 'learning mode', low RAM usage, and doesnt continually pop up like some of the paid internet security suites http://www.tallemu.com/free-firewall-protection-software.html

PatrickB
03-17-2009, 10:53 PM
Agreed Ron. At the perimeter is the best place to stop the bad guys. For customers that have only a couple of PC's, the cost of a security appliance is often not considered worthwhile. I recommend a router/firewall for them plus the software. For larger customers, a security appliance at the perimeter would be better.

What can you tell us about SonicWall? Price, throughput, effectiveness, etc.

Do you have information on any others like www.astaro.com (http://www.astaro.com)?

We had a little discussion on this at this topic: "firewall (http://www.technibble.com/forums/showthread.php?t=5211)" and this one: "DSL & Cable questions (http://www.technibble.com/forums/showthread.php?t=921)", and this one: "Untangle/eBox for business (http://www.technibble.com/forums/showthread.php?t=5229)", but I am interested in more of this type of discussion.

-- Patrick B.

purple_minion
03-18-2009, 01:31 AM
Hi Patrick.

Sonicwall has a site with some info, namely:

http://www.sonicwall.com/us/Products_Solutions.html

and

http://www.sonicwall.com/us/products/UTM_Firewall_VPN.html

Pricing, details, etc are there as well.

Yes, it is a bit expensive, so in these down times of the economy, there are alternative solutions that while they may not be as all-inclusive-in-one-hardware-package-ready-to-go, they are still viable.

Let's roll with your example, a customer with a single router and a few Windows PCs, that's pretty average for home/small businesses, so what I offer to them is a Linux server. You can take a pretty mediocre PC, (20GB drive, 512MB RAM, etc) and toss on a flavor of Linux, configure it to do any number of things such as, but not limited to, the following:

DNS Server
FTP Server
VPN Gateway
Firewall
File Server
Print Server
etc

If the customer has a router, changes are it's a D-Link, NetGear, LinkSys, I would suggest upgrading to a Business Class LinkSys model. Now granted, I am keeping this on the lower cost spectrum.

As for what flavor Linux to use, I like CentOS (flavor of Red Hat Enterprise, only free), Ubuntu, or if you want to compile everything from source, Gentoo.

I have to say I've been impressed with Endian Firewall and eBox (still sorting it out... eventually). I haven't had a chance to try untangle yet. I have an endian firewall running on an old P3 I believe with not much memory and it works very well. eBox has quite a lot of features, and I like their QoS setting better, but still have to get the gateway setup. Take an old junker pc and get a whole lot of usefulness out of it.

purple_minion
03-18-2009, 01:34 AM
I really want to chip in with a software for XP security, but the more I think of it, the more I have to say that this really extends beyond *JUST* XP for security, it is for ANY operating system. If you rely on software installed on a PC to help with the security; it's a nice after-thought and an additional layer which may help somewhat, but really you need to stop intruders and viruses etc at the entry/exit point for your network - the router.

Hardware solutions such as SonicWall are infinitely superior to any computer software solutions. UTM, (Unified Threat Management) is what you need and are looking for. Part of UTM is having a subscription for an anti-virus that runs right on the hardware itself, before it ever hits your PCs. (Yes, I'd still run anti-virus on my Windows PCs - just in case.)

Point blank: If you are relying on software solutions to stop an intruder, the intruders' already in too far because they hit your PC. Stop them BEFORE they get onto your PC or your network.

Part of hardening windows is from the actual users themselves. I think it is trying to lock down windows more from such things as booting from CD's, disabling USB/firewire, etc. While it's true that if someone has physical access to the machine, and they know what they are doing, you're toast... you can make it MORE secure then it is by default. And really the only way to be truely safe is to never connect to the internet, have the pc in a locked room with security cameras, with a locked case, MBR and bootloader hashes, and an encrypted HD.

purple_minion
03-18-2009, 06:31 PM
Security is not a setting.
Security is not hardware.
Security is not software.
Security is a mindset.
Security is a way of operating.

The greatest strength or weakness in any chain of security is the user.

If someone wants in, they will get in. It is not a matter of "IF", but "WHEN" and "HOW". A locked door just keeps an honest person honest, but if they want in, they will just break a Window (or Windows, in this case .. pun intended). At that point, all you can hope to do is either A) Catch them in the act or B) Hope they left enough evidence behind to catch them after the fact.

I think we have a good discussion going, and while these tools are all fine and dandy, as there are many tools, many ways to configure them, what one thing that is too often overlooked and missed, is education of the user.

Well I agree. However why do we even lock our front doors since we have how many windows that are much much much easier to get into then breaking a door or picking a lock? How about your car, why lock it when you could simple smash the window and grab whatever. Why even have an ignition key since if someone is serious they will know how to bypass it and take your car anyway. All you can do it make it more difficult, but as can be since with copy protection in software nothing you can do will stop someone who wants to do something. If it was made by people it can be broke by people. Kind of like building something idiot proof and then along comes a better idiot, along comes someone smarter that figures out a way to get around your protection.

Galdorf
03-18-2009, 08:43 PM
I currently use Threatfire i have done extensive testing going to known bad sites i have yet to get infected by spyware, i scan my pc every 3 days never turns up with anything.

It works with most AV it really does what it says.

http://www.threatfire.com/