Re: Need help closing security holes in my Windows XP home system!
From: Leythos (void_at_nowhere.lan)
Date: Fri, 25 Feb 2005 22:08:00 GMT
On Fri, 25 Feb 2005 13:43:15 -0800, rladbury wrote:
> Thanks for your input. I found your response to be helpful. Could use
> some clarification though...
> "This is a big screw-up, you never enable GUEST, NEVER! What you needed
> to do was setup the same users/passwords on both machines - so that if
> you have user s,d,f,g on machine one you have user s,d,f,g with the
> EXACT SAME PASSWORDs on machine 2,3,4,5,6.... "
> Sorry! I had to enable GUEST account because even though I had set up an
> account with the same user name/password, seems I couldn't get it to
> print unless GUEST was enabled as well. I'll have to double check, but
Do you have SIMPLE FILE/PRINT SHARING enabled? If so, disable it. This
will give you normal network sharing ability.
I setup workgroups all the time, make sure they are all the same workgroup
name, make sure that you have the SP2 firewall disabled as it's not doing
you any good behind the router, disable simple file sharing, disable
GUEST, and make sure that all computers have the same set of User Names
and that each of those has matching passwords on each computer.
Now, share a printer on computer 1, give permission for Everyone to have
full access and permission (so they can delete their own documents
remotely if needed). Now open Network Neighborhood from computer 2, browse
to computer 1, open the printers folder, see the printer you shared, right
click and select CONNECT, it should install the shared printer on computer
#2 without any problem. As you browser from Computer 2 to Computer 1 it
should not ask you for a user/password if you have them matching between
> I'm 90% sure of this. "Phoenix" above said so long as all my little
> boxes are green in ShieldsUp test, "I won't have problems". So who's
> right here? Can hacker's get past my router and access my GUEST account?
> (BTW, I stopped putting much weight in the ShieldsUp test, after I
> proudly displayed a screen full of green boxes, and hackers managed to
> hack into my system despite it).
Since you're on a router, unless you ask for a conversation, the hacker
can't invite themselves into your computer. Now, there are other means
they can get in, such as using an insecure browser of any type and
visiting a site with malicious code - there was an exploit for Linksys
routers that when a user clicked on a web link a script would run and
reset the router and password and allow the hacker to have control of the
router - for users that didn't have a default IP Subnet and used a
non-default password this didn't work.
Scanning your network, even using ShieldsUp, is a good thing, it will tell
you if you've got any gaping holes in your router.
The real threat is what you do from your computer on the Internet, meaning
email, browsing, FTP, https, etc... Anytime you leave your local network
you risk running something on your local computer that can compromise your
security - that's why MS has a clear method to secure IE, even if it
breaks most websites.
Just consider the router as a 1 way filter, it only blocks inbound
connections from external users that your computers have not contacted -
now, this doesn't mean you always know when your computers are contacting
If you have a compatible router you can download WallWatcher and monitor
your real-time in/out bound traffic, remember to download the program and
it's second set of files (libraries). http://www.sonic.net/wallwatcher/
> "Using IE to browse the Internet in a default config, with GUEST enable,
> even using an Administrator level account, is asking for your machine to
> be compromised. Visit the Windows site and seek out the info on how to
> secure IE, high-security mode. You could also start using Fire Fox as
> your browser, it's not anywhere near as exploited as IE is."
> Sorry, but I don't use IE (or OE) and never did, unless a site won't
> work in Opera or Firefox. And even if I have to use IE, I use Avant. But
> this is precisely why I posted this message, because I'm not sure what
> default configs on my system need to be changed. I don't find it very
> practical to have to keep changing accounts every time I want to use one
> app or another (ie. log into one account surf the net, log into another
> account to write letters, etc) But if I do set up a limited account and
> do my work from there, and use the Administrator when I want to install
> programs, does this really mean a trojan can't run or that a hacker
> can't hack into my administrator account, simply because I'm using a
> limited account to surf the net?
I have a mother in-law, before I could setup her computer (Windows XP) she
and her son (40) put it online directly on the net, it was compromised in
less than an hour and I was out of two for two weeks at the time. When I
came back there were dialers, spyware, trojans, worms, and even a couple
viruses - it was the spyware and dialers (she was on cable) that bothered
me - luckily she didn't connect a phone line to the modem. I wiped her
machine, setup the Administrator account and her account as Admins,
installed all her apps, setup everything, got it all working and then set
her login to limited. She can run everything except QuickBooks and play
online games using IE at POGO.COM. All of the MS Office suite, once it was
initialized as Admin level works fine as a limited account, as do all of
her apps and such. I installed FireFox and Thunderbird for her
browser/email and she's been online for more than 6 months without any
problems. Oh, almost forgot, I also bought her a Linksys router BEFSR41
and set it for 192.168.10.0/24, she's behind it. Between the router with
NAT and the user account limitations (and I forgot that I remove
file/printer sharing as she only has one computer) she's not had any
problem. She logs on as Admin to run QB and play POGO, but she's religious
about not going anywhere else while on Admin. She even setup her
granddaughter as a limited account and the GD didn't even notice.
> "Your computer has a lot of ways it can be compromised, RPC is
> insignificant once you're not live on the internet."
> Although I'm quite aware there are security issues with being both
> online and offline, RPC is VERY significant to me, since that is what
> hackers have used to reboot my system and activate trojans or whatever
> else they can do once the system reboots. My question was, does my
> playing around with the properties in the RPC service prevent it from
> rebooting, and are there other means they can reboot the computer when
> I'm online?
Once a user compromises your system they can reboot it by issuing a
command or my just using your own interface (screen) to reboot it, RPC
does not stop them.
As a side note, I've been working with, coding, designing, etc... computer
systems since the 70's and I've never personally had a compromised
computer under my control and none of our clients have either, but I'm
very strict on security and use quality firewall appliances and I know how
to limit exposure while not impeding the ability to do work.
-- firstname.lastname@example.org remove 999 in order to email me