Here's what I do to protect a PC that I "revamp"
Updates:
Clean install with no connection to the Internet. Immediate install of SP2, then use of MBSA
to identify needed additional security patches, which I install.
Networking:
Uncheck File Sharing, disable NetBIOS over TCP/IP.
Software:
User purchases (and I install) McAfee. They register it, I install the antivirus and firewall
components, and update.
Hardware:
Even on a standalone machine, I suggest they get a router. If it has wireless, then I turn off
the radio on it. (For a $10 difference, they might as well get wireless capability for when
they add another PC or a laptop to their home setup).
Antispyware:
Hijack This, MS Antispyware, Lavasoft Adaware, Spybot, Spyware Blaster and CW Shredder
all go on the machine. I update all, but also use the "immunize" functions of 'Blaster
and Spybot. I also use HJT and "safe" all of the legit stuff it picks up in a scan.
Browsing:
I install Firefox and suggest they not use Internet Explorer.
I think this is prettty thorough. Any other ideas on how I can fortify a clean machine
so I never (hopefully) have to return to their home again to clean up spyware, etc...?
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Rename the local administrators username, and check the seven issues that I thiknk you need to do to protect your computer. I've put them all on one page so they don't need to be listed here:
http://www.tryware.dk/Engl
Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark
:o) Your brain is like a parachute. It works best when it's open
Business Accounts
Answer for Membership
by: richrumblePosted on 2005-03-14 at 10:37:40ID: 13537459
The number one best practice for any OS, is to not run as the admin of the box for day2 day activities.
Turn off services that aren't needed, such as messenger service, and the remote registry service, and probably the remote desktop service- but a firewall should stop any that i've mentioned. Turning netbios off is ok, but disabling file and printer sharing is better, as this will keep null sessions from being able to be established. Also of note, disabling netbios over tcp ONLY disables port 139, port 445 is still there on win2k and above ;) File and printer sharing diables 445.
but what you have seems to be a good setup. Wireless access should have a MAC Address Access Contol List, in addtion to WEP encryption at a minimum. Ontop of that, perhaps ipsec or another vpn like tunnel.
Security is a Process, not a program. So education is another hurdle.... they will have to know not to execute programs they recieve in email, or through links they get in email...
-rich