Re: Need help closing security holes in my Windows XP home system!

From: Joe (noone_at_no.com)
Date: 02/25/05 

Date: Fri, 25 Feb 2005 14:21:29 -0800

Leythos wrote:
> On Fri, 25 Feb 2005 04:46:31 -0800, Joe wrote:
>
>
>>Leythos wrote:
>>
>>>On Fri, 25 Feb 2005 03:02:18 -0800, Bob Ladbury wrote:
>>>
>>>
>>>
>>>>I have a two-computer home network system. I only recently learned how
>>>>to setup a network system, and now I'm concerned about having opened up
>>>>new portals of access to internet hackers, because of all the
>>>>configuring I had to do to get this system to work. Here's a list of
>>>>some of those possible security holes:
>>>>
>>>>1. My router came with a default MAC address printed on the bottom.
>>>>Should I change this, if so, to what? (Can you tell I don't know what
>>>>the heck a MAC address is?)
>>>
>>>
>>>No, leave it alone - the MAC address is a physical code that relates to
>>>your unique hardware as in your segment of the network - no other device
>>>in your segment should have the same MAC.
>>>
>>>
>>>
>>>>2. I had to enable the GUEST ACCOUNT in XP Pro in order to get the
>>>>printer sharing to work. Can hackers off the net use this now enabled
>>>>account to access the computer? What about the ADMINISTRATOR account?
>>>
>>>
>>>This is a big screw-up, you never enable GUEST, NEVER! What you needed to
>>>do was setup the same users/passwords on both machines - so that if you
>>>have user s,d,f,g on machine one you have user s,d,f,g with the EXACT SAME
>>>PASSWORDs on machine 2,3,4,5,6....
>>>
>>>
>>>
>>>>3. The remote computer in my 2-comp network is "supposed" to have its IP
>>>>masked because the router is a NAT router (with SPI), that supposedly
>>>>shields all remote computers in the network because it uses what it
>>>>calls a built in "DHCP" server to assign its own internal IP addresses
>>>>to the remote computers. If this is so, why then can I go on the net
>>>>with the remote computer, and any header analysis site will show me my
>>>>real IP address?!
>>>
>>>
>>>NAT only blocks unsolicited INBOUND access, it does not stop your browser
>>>from running a script that can report back to a web site that you visited
>>>what your real, internal, IP address is. What you need to do is visit one
>>>of the network scanner sites that will scan all 65535 ports on your public
>>>IP to see if you have any holes.
>>>
>>>Using IE to browse the Internet in a default config, with GUEST enable, or
>>>even using an Administrator level account, is asking for your machine to
>>>be compromised. Visit the Windows site and seek out the info on how to
>>>secure IE, high-security mode. You could also start using Fire Fox as your
>>>browser, it's not anywhere near as exploited as IE is.
>>>
>>>
>>>
>>>
>>>>4. When programs on my system call out to the net, they are initially
>>>>blocked by my software firewall (which is an SPI firewall). After a few
>>>>adjustments to the personal firewall, they have no problem communicating
>>>>with the net. The router also has an SPI firewall. Why doesn't it block
>>>>the programs as well? Given that it has never impeded access to or from
>>>>anything on my system, it acts like it doesn't even exist!
>>>
>>>
>>>The router is just a router, it's basic function is to ROUTE TRAFFIC ONLY.
>>>If you choose to make a outbound connection the ROUTER will let ANY
>>>traffic out to where it wants to go, that's how routing works. As for
>>>inbound traffic, since the router doesn't see an internal machine
>>>requesting the communication, it blocks those unsolicited inbound
>>>sessions, there is no path back for them.
>>>
>>>As for outbound, since a router is not a firewall, there is no real
>>>outbound blocking.
>>>
>>>
>>>
>>>>5. I set the RPC (Remote Procedure Call) service to avoid rebooting in
>>>>all 3 circumstances, to prevent hackers from rebooting my machine from
>>>>the net. Will this really prevent reboots, and if so, is there any other
>>>>way these cyberscum can automatically reboot my computer?
>>>
>>>
>>>Your computer has a lot of ways it can be compromised, RPC is
>>>insignificant once you're not live on the internet.
>>>
>>>
>>>
>>>>If you have any other important tips on closing security holes to
>>>>prevent hacker access, don't be shy!
>>>
>>>
>>>Stop running Internet Explorer
>>>Stop using Outlook Express / Outlook
>>>Stop browsing questionable sites
>>>Stop sharing files with anything outside your internal network
>>>Stop file sharing programs
>>>Stop loading browser helper tools - not even google/yahoo bars
>>>Stop using the Administrator level account unless making system changes
>>>Stop using GUEST
>>>Apply ALL Windows Updates
>>>Apply ALL MS Office Updates (if you have OE/MS Office)
>>>Apply ALL Antivirus updates, run the update daily
>>>Use a quality Antivirus program
>>>Install AdAwareSE and SpyBot Search & Destroy and run them
>>>Use FireFox and ThunderBird for Browsing and Email
>>>Stop/Don't forward ports through the router to your internal network
>>>Don't let others use your computer
>>>Check for router firmware updates once a month
>>>
>>>
>>>
>>
>>I run OE with no problems ever, IE, no problems ever. I don't like it
>>that people always tell you to do that when at least for me I've never
>>had a problem.
>
>
> Well, I didn't TELL him what to do, he ASKED for options to make his
> entire experience more secure.
>
>
>>I do not use OE right now, but have and never had an
>>issue, I also like firefox much better and use it way more then IE. To
>>tell someone to stop using the admin account in windows i say bull
>>***!! it really ticks me off when people say that cus they are fine. to
>>tell a user like Bob, someone who doesn't seem to know anything really,
>>stop using the win xp user account with admin, that makes it even harder
>>for him and 99.9% of the time he won't ever have a problem running with
>>admin rights. dang, i just freaken hate it when people say don't use
>>windows as the admin, there's nothing wrong with it. again, i never have
>>issues and won't ever run as a limited user, that's just bull crap.
>
>
> If you really think that using the Admin level account don't expose the
> user to a higher level of risk all the time, and that it's fine to run as
> a Admin level account, then you really don't understand security for the
> masses of ignorant users. It's a simple fact that running as an
> Administrator level account user is the easiest way to compromise your
> computer while browsing or reading email. You can "freaken hate it", but
> the fact is that few people have problems running as a Limited User
> account type as there are only a couple commercial apps that don't comply
> with basic security.
>
> To make a blanket statement that there is nothing wrong with running as an
> Admin is to be completely ignorant of the different threats, to ignore
> what MS suggests, and to ignore what all the security people around the
> world suggest, and to put users that listen to you into a vulnerable
> situation.
>
> Now, as an example, I run as a local admin on all of my Windows computers,
> but I also have a real firewall appliance, filter HTTP sessions to remove
> malicious content, use Outlook with Exchange, but also remove all
> malicious scripts and attachments from email before it reaches the mail
> server, and I also have quality AV software on my machine. I'm also a
> security expert, so I know what to look for, don't run crap/P2P apps,
> don't visit questionable web sites, don't open/review questionable email,
> don't really do anything to put myself in harms way - the same can not be
> said for the general public.
>
>
>>checking for router firmware, lol, if it aint broke dont fix it. most
>>companies, I'll bet none do that often of an update. maybe once every
>>few months is ok and only when having issues. otherwise it's fine.
>
>
> If you don't check how do you know if it's broke or not - They don't
> produce firmware to change the colors of the interface, they produce new
> firmware to fix issues in the old version. While a router with 5 year old
> firmware may appear to be working fine, there may be an exploit or some
> other vulnerability that you are unaware of in your blissfully ignorant
> state.
>
>
>>don't let others use the pc is like telling you lock yerself in yer home
>>and don't go out and dont let people in.
>
>
> No it's not, a limited use account that's been locked down is fine, but
> more times than not, a guest (not guest account) using a computer will
> compromise your machine since they don't have as much concern about it as
> the owner would.
>
>
>>adaware and stuff i guess is ok, but again, i never have to and never
>>have problems. and i have tried them before and guess what. no
>>problems,. it only finds cookies and they are harmless.
>
>
> Again, we're talking about the masses, and those products are very good at
> determining if you are clean and in helping one stay clean. Not all
> cookies are harmless.
>
>
>>the only thing i really agree with you on Leythos is apply all updates
>>to all programs.
>>
>>anyway im not going to reply again to this thread since you now will
>>reply to me in a rage or fight me, so i don't want conflict, i just got
>>annoyed at you for a lot of stuff you said and i wanted to reply. im
>>sorry, :(
>
>
> If you don't care to learn from your mistake then you don't have to reply,
> but it's obvious that either you don't understand threats in the real
> world or that your trying to help people compromise their machines.
>
> Don't forget, the OP asked for advise, it was not posted without being
> asked. While you may not care about security of systems many others do,
> and there is nothing wrong with what I posted. Even MS, for several month,
> recommended that users stop using IE 6.
>
> I don't post to fight, just to state facts, you might try learning about
> security.
>
>

I know about security and I follow your guidelines myself. I just never
run as a limited user because I've never had problems with the default
accounts made durring windows install. I always run behind a NAT router
or now my sonicwall router. I always have a virus app installed, norton
or AVG free. I even ran windows one time without a virus app for a while
and didn't have any issues with anything. I don't use p2p apps and if I
did I wouldn't download exe files or anything that could contain a
virus. I do always apply the latest application updates and MS windows
updates. I never have issues using IE cus I only got to news sites like
cnn or whatever or just clean sites. I have gone to porn sites, but none
that would have a browser highjacker and what not. I've never installed
anything that messed up the pc. I also use vmware workstation running
windows xp to install any new software i would like to try or test and
make sure it's good. this way i don't mess with the main system and if
anything goes bad in vmware i can just reinstall windows. i don't think
a user needs a software firewall if running behind a simple linksys
router or any of those unless the user will be installing anything under
the sun, then maybe they'd want something to check outgoing stuff.

I am sorry for sounding upset and just irritable.
i look at myself and i guess i just think most people do that same type
of protection stuff or at least most people know enough.