Wednesday, September 21, 2005

Windows XP security tip #1

Last night I was helping a friend fix a Windows XP computer. I was amazed yet again at how "wide open" people leave their machines. So I thought I would start collecting some simple Windows XP security tips for you to try on your machine.

Here is tip number 1, and it comes in three parts.

Part 1: If you have a "family computer" in your house, then each person who uses it should have their own account. So for example, if you and your spouse and one of the kids are sharing a machine, then all three of you should have your own accounts. And the accounts should have passwords. These accounts are incredibly easy to create. There are at least four good reasons to create these accounts:
  1. When the kids use the machine, they will not be able to "get into" any of your files. They won't be able to accidentally delete or move any of your files, they won't be able to access your sensitive information, they won't be able to get into your email, and so on.

  2. If someone (say a babysitter) comes over and uses your machine, he/she won't be able to access/destroy any of your stuff either.

  3. You will be able to have your desktop the way you like it, and your spouse and kids will be able to have their desktops the way they like it, and you will never be bothering each other.

  4. All of your settings will be yours and yours alone. So, for example, if you want to set up "one click" access on Amazon, you don't have to worry about the kids accidentally using it and ordering 10 books.
From a security standpoint, reasons #1 and #2 are incredibly important. #3 and #4 make life much easier. Once you set up these accounts you will amazed at how much easier things will be. You will never have to worry about other people "messing up your stuff."

To set up accounts, click the "Start" button. Find "Control Panel" and click on it. Click on "User Accounts". Click on "Create a new account". Create one account for each person who uses the machine. If you have a babysitter or friend who frequently comes over and wants to check email or something, create an account for him/her as well. Or create a generic "Friends" account and let all of these people share it.

When you create an account, you will be asked whether you want the account to be "Limited" or not. Especially with kids and friends (and possibly with your spouse, if he/she is computer-illiterate), all new accounts should be "Limited". This way, your kids and friends will not be able to install any new software on your machine without your permission.

Part 2: Each of these accounts needs to have a password. Click on "Change an account" to set a password on each account.

When you set a password, you will have the option of making your files "private". You definitely should do this. Here's what you are doing: You are making it so that only the account owner can view the files in your account. If you do not make your files private, then the kids (for example) can open up your directory and look at all of your files with a few mouse clicks. The entire hard disk is wide open. If you make your files private, then that option goes away. The kids will not be able to get into your account, AND they will not be able to look at any of your files on the hard disk.

What if you are the only one using your machine? You should put a password on your machine's single account (it was created when XP was installed) and make your files private. That way if a random friend comes over and decides to use your machine, he/she will not be able to get into your files. Create a separate "Friends" account for your friend to use (see part 1), and all of your stuff will remain private.

Part 3: Now there is one last thing you need to do -- activate a screen saver.
  1. Go into each account.
  2. Right click on the desktop and select "Properties".
  3. Set up a screen saver (use the "blank" one if you do not like screen savers)
  4. Set a wait time of perhaps 5 minutes. 10 at the most.
  5. Click the check box that says, "On resume, display the welcome screen".
  6. Do this in every account.
What you are doing is telling the machine, "If I step away from the machine for 5 minutes, make me log in again." If you don't do this, then your passwords will be useless. You will log in, get up and leave your machine for an hour, and anyone who sits down at the machine will have wide-open access to your account.

If you ever get up and want to immediately lock your machine, use the "Log off" option in the "Start" menu. You do not actually have to log off (which can take a minute or two) – just click "Switch user" and you will get the Welcome Screen.

Setting up these accounts will take less than five minutes. I know it sounds a little complicated if this is the first time you've seen the process, but it really is easy. You are doing three simple things:
  1. Create an account for each person who uses your machine
  2. Set a password on each account. Make sure the files are private.
  3. Activate the screen saver in each account.
These simple steps make your Windows XP machine far more secure than it is now.

Comments:
I agree. Reason #4 by itself (settings) is a great reason to set up accounts for each user. You can have your own Internet favorites and passwords, and so can your wife. It reduces arguments - a good thing in any marriage.
 
Can also use "Windows Key + L" to lock your Windows XP computer as a shortcut.
 
Or you can just buy a Mac and not have to fret over such things…

http://azplace.net
 
Great advice for the home user!

I'd like to add -- do NOT give yourself Administrator level access. Instead create an account called "Parents" and give that account Administrator level access. You'll use this "Parents" account ONLY for making any changes or installing new software.

Password protect the Administrator account, then NEVER use it. You'll use this account ONLY if there's a real problem with the "Parents" account.
 
I am securing my workstation as we speak. Thank you.
 
Christ Marshall... tell them that running an MS box is like inviting a mistress into your life with all the damn time and money you have to spend for her upkeep. Go buy a Mac or download the latest Ubuntu free Linux!
 
These tips are like bathroom locks that help keep family and friends in line. Putting on a good keyed lock that keeps the bad guys out and your personal data safe is more difficult, and more important.

Consider what a thief might do with your stolen computer. They might sell it for parts. Or worse, they might keep and use it to impersonate you, to look at your personal data files, to learn who you are by reading the details you have accumulated in your computer's files. All your e-commerce user names, passwords, financial records, tax returns, banking records, personal and business letters, email, etc. are there for the thief to exploit now, or even months or years later.

Identity theft, is a crime that can devastate anyone, at anytime, and your computer is likely to contain everything the identity thief needs. This site will help you protect yourself by making the private data in your computer very close to impossible to access and use.

I have researched many ways to protect your computer. The methods and products range from simple to complex, free to very expensive.

The simple methods are often ineffective. For example, Windows XP provides for a computer's administrator and users to each have their own passwords to login, and it can even encrypt your files. It is fairly easy to setup and use. It sounds safe. It is not. A thief needs one easy to make floppy or cd that will crack the password and remove the encryption in only a few minutes. No special talent or technical savvy is needed. The instructions are easy to find and use.

Windows also offers high security with features like EFS, syskey, file & folder encryption, and various NTFS security settings. These features offer very good security, but it is at the price of being very difficult to learn, setup, and administer. Further, they add considerable complexity in maintaining, backing up, troubleshooting, and restoring your PC when the need arises. Windows’ own built in security, effectively applied, is a career in itself.

I have put together a fairly simple, and completely free guide to the easy use of an open source, and very secure data vault - TrueCrypt. It is a place you can put your files that you would never want anyone to have access to - tax documents, banking documents, legal files, etc.

freeandsafe.blogspot.com
 
Post a Comment

<< Home
ARCHIVES © Copyright 2003-2005 by Marshall Brain

RSS

This page is powered by Blogger. Isn't yours?