Almost 90 per cent of all PCs run the Windows operating systems. With million lines of code, it is a given that vulnerabilities will exist in the operating system and Microsoft being slow on patching it makes it a bigger problem. The fact remains that securing your desktop is still something you need to do and i will be talking about some preliminary way to do that.
- Before anything else: patch, patch,patch!i.e Update your system to windows latest update :-New vulnerabilities are constantly being discovered. Microsoft regularly releases security updates and patches for affected operating systems and application software. To ensure that the security update or patch is applied as soon as it is available, turn on Automatic Updates. To do that, open the Control Panel, click on System, and select the A u t o m a t i c Updates tab.
Choose the first option to download the updates and get a notification when they are ready to be installed. Other than operating system u p d a t e s , Automatic Updates also downloads all h i g h – p r i o r i t y updates for Microsoft Office XP, Microsoft Office 2003, Microsoft SQL Server, and Microsoft Exchange Server.
- Ensure disks are formatted with NTFS :- NTFS is the recommended file system for Windows XP. It gives better access control protection for files and folders as compared to the FAT family of file systems. NTFS enables you to specify which users or user groups have access to which files and folders on your computer. You can also determine what the permission level for each user and user group should be. User permissions can be set to full control, change (cannot delete) or read only. It also gives better performance on hard disks that are larger than 32 GB in size.
- Turn off file sharing :- If you are not using filesharingÂ on your system because you dont need it, just turn it off.As this is one of the easiest gateways to enter your system and weaken the security of your system easily. To turn off file sharing, go to Control panel >Network Connections>Local area connection properties.
If you just wana disable file sharing, untick the file sharing option as shown, otherwise if you want u can uninstall it permanently but its not advised.
- Use user accounts and passwords :– Just use custom user names instead of the default ones like Administrator and Guest.Create your own user name to operate your system.Also use passwords with each account.Dont let a account on your system without a paswsword.
- Strong password policiesÂ :- use strong passwords with complex combination of letters words and special characters.
- Mark personal folders with â€œMake Privateâ€ (XP Home) : – Login using administrator account and go to folder properties of the folder you want to make privateÂ or unaccessible to other users. Right click on the folder and click properties. Then on Sharing tab of the properties, tick the option which says” make this folder private” as shown below.
- Turn off or disable the Guest Account :- If your computer is a standalone system that only connects to the Internet, you should disable / turn off the guest accountâ€”just so people you havenâ€™t given out your password to wonâ€™t be able to access your computer. The Guest Account is also used to allow unauthenticated users from a LAN to access shared folders and files on your computer.
Go to Control Panel > User Accounts. To delete the Guest Account, just select it and hit Remove. However, it is better to disable it as there is a chance that you may require the account at some point in the future.
Select the Advanced tab and click Advanced. In the â€œLocal Users and Groupsâ€ window, select the Users branch of the tree in the left pane. Right-click on the Guest Account and select Properties. In the resulting dialog box, select the â€œAccount is Disabledâ€ checkbox. The Guest account will no longer be accessible for logging on either locally or from another computer on the network. Note that this procedure may vary slightly for
Windows XP Home.
- Delete / Disable Unused User Accounts : –If you got any unused user accounts or obselete ones, just delete those accounts as these may be used to compromise your desktop security.