Configure the Windows XP SP 2 firewall:


Windows XP's Service Pack 2 contains a considerable upgrade to the operating system's built-in firewall software.


For one thing, the firewall is enabled by default, unless you have another form of software firewall installed on your PC such as Zonealarm. The new version of the firewall also contains more flexibility, and watches out for some new threats and actions.


To configure the SP2 Windows XP firewall go to start>> control panel>>windows firewall.


If the firewall is enabled, it will be "on" here. The "don't allow exceptions" option allows no internal software to accept outside connections.


Exceptions, as accessed by the "exceptions" tab, allow certain programs installed on your computer to accept connections from the Internet which would otherwise be blocked by the firewall. You can choose "add program"' to add any application from a list of all that are installed on your PC. Once checked, this program can act as though the firewall did not exist.


The "advanced" tab contains several options. The most important is the "services" settings. You can access these by highlighting your Internet connection in the "network connection settings" window and hitting "settings".


This is more or less identical to the pre-SP2 firewall configuration. These "services" allow information to pass through the firewall on certain ports, similar to the "exceptions" we talked about earlier. These are based on the ports used by each service, not on applications though. If you wish to host a web site or FTP site on your firewalled PC, check those options here.



back to top



Encrypt your important files (XP Professional):


Windows XP Professional contains a built-in file encryption utility which can make your essential data inaccessible to anyone who does not possess the correct user name and password. Essentially, no one can read the encrypted files except you.


To encrypt your data, right click a file or folder you wish to encrypt and choose "properties". Then click the 'advanced' button at the bottom.


Check the "encrypt contents to secure data" button to encrypt your file or folder. Hit "ok" to confirm. You'll notice the icon text has changed to green to indicate that the file is encrypted.


If you wish to allow certain other users access to the file or folder, right click the encrypted file again, choose "properties" and "advanced" then hit the "details" button at the bottom of the screen.


Under the "users who can transparently access this file" heading, use the "add" button to add any users you want to allow access to.


Note that files and folders are encrypted using a numerical key derived from the unique SID (Security IDentifier) number assigned to each XP user account. This means that you MUST un-encrypt your files if you plan to either delete your user or re-install Windows XP. Even if you create a new user with the same name and password, they will not be able to access the files.


Only the original creator and users they designate can open encrypted documents.


Windows XP allows the creation of a recovery agent which can transfer the ability to open encrypted files to another user account.



back to top



Prevent computer users from logging on to Windows at certain times:


If you would like to prevent a member of your household or office from logging into his or her computer at certain times, you can create restrictions on their user account to do this.


To restrict access times for a certain user open the command prompt


(start>> run and type "cmd"). To restrict a certain user's log in times to Monday - Friday, 5AM to 8PM, type "net user (username) /time:m-f,5am-8pm".


Replace (username) with the required user name. You can change the days using (m,t,w,th,f,s,su) and change times using the same method shown. The user will not be allowed to log in at any other time.


Note that this will not prevent users from using the computer during restricted times if they have already logged in. It only prevents them from booting into Windows.



back to top



Scan your computer for vulnerabilities with Microsoft's free security scanner:


Microsoft provides a tool called the Baseline Security Analyzer (MBSA) to help network administrators or concerned users check their machines for security vulnerabilities. The software is available here.


Download and run the device to test both your local computer and any PCs on your network (you will need access to an administrative account on all machines you wish to scan). The MBSA creates a security log for each scanned computer which contains easy to read info on any vulnerability that may exist and how to correct them.



back to top



Disable USB storage device writing (Service Pack 2):


USB storage devices are very easy to use in Windows XP. Since they use the built-in mass storage drivers, anyone can just plug in a memory key and download whatever they want onto it. This can be a security concern for both business networks and home users who let others have access to their PCs. This is especially true because of the large amount of information that can be put on the typical memory key, and the speed of their use.


If you are concerned about this issue, Windows XP Service Pack 2 contains a feature that lets you combat it. You can now make USB storage devices read-only, meaning that no one will be able to move data onto them.


To make USB mass-storage devices read only:


Open Regedit (Start menu>> run>> type regedit) and navigate to


"HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Control key"


Highlight the subkey "StorageDevicePolicies" If there is no such subkey, create it by right clicking "control key" and choosing "'new\key"'. Once you have the "StorageDevicePolicies" subkey highlighted, right click it and select "new\ DWORD value." Give the value the name "WriteProtect". Double click the new value and give it the value of "1" Exit and restart.



back to top



Don't have anti-virus software? check your PC for viruses online:


If you don't currently have anti-virus software installed, and your computer is behaving oddly, you can check for virus infections online at a number of different anti-virus manufacturer's websites. Most only offer scans, not full virus removal, but some do both.


These are not a substitute for a full Anti-virus software package, but they are much, much better than nothing. Remember to download an anti-spyware utility like Ad-Aware and check for spyware as well.


Some free online virus scan utilities:


Panda Activescan
Bit Defender

Symantec security scan (scan only)
Trend Micro Housecall (scan only)
Computer associates



back to top



Test your PC's security with online security probes:


Are you security conscious? Have you secured your PC with anti-virus and firewall software? Whether you answered yes or no to these questions, you should still test your PC for security vulnerabilities with free online security-scanning services.


They will probe your computer for security weaknesses which could be used by a malicious hacker or virus to compromise your PC and data. Use these services to ensure that you are well secured, or use them as an incentive to fix your insecure system; just use them.


Here is a free online security scanner: Shields Up




back to top





Tips & tricks