Coping with Windows
This is very old information and therefore of little real value. It remains as an historical relic.
May 2004
Copyright (c) 2004 Terry Gliedt

Suitable for printing

With all of the virus attacks and other ways of attacking Windows machines these days, it seems that unless you are extremely diligent, your Windows machine will become infected. I'm regularly asked by computer-naive family and friends why their Windows machine behaves so slowly or erratically. Without even needing to look, I tell them, "Your machine has been infected. 100% guaranteed. The only chance you have of fixing this is to reinstall Windows and then be very diligent to keep your machine safe."

This conversation has happened so often, I finally decided to put together a guide for those novices for whom the PC is an appliance that seldom works very well.

Realize that what follows is for the very computer naive person at home. There are a million things I might tell my friends and family about this topic, but to do so means they would never do the simplest things. So I have decided to make this as simple as I can get away with and still end up with a secure home environment.

If you think you might be infected, you may find "Who's There?" of interest.

Caveats

My first advice is to not install Windows - choose something else. Buy a Mac. Install Linux.

Still with me, eh? No surprise. Windows is such a monopoly, few people can really avoid it, despite the large burden that comes with ownership.

Well, if you really must, I wrote this for you. It does not address lots of questions. It is aimed only at people I know who have little computer knowledge and who probably have a cable modem connection at home. If you use a dial-up connection, these instructions will be almost what you need.

I do not guarantee anything that follows to work. If things work for you, great. If not, don't tell me about it. Realize what follows will cause you to destroy all data on your machine. I claim it's your only hope of getting a system that works. If you're not willing to format your disk drive, don't continue.

Before proceeding, get all the data off your system that you care about. If you can, create a CD from your data. Maybe you can create a zip file of your data. Maybe you can copy the data to a ZIP drive or floppies. Perhaps you can Email the data to yourself or someone else. Somehow, find your data and copy it somewhere safe where you can restore it later. I'm glossing over lots of important work, but there is almost no chance that I or any other 'guru' can do this for you.

Finding all of your data is sometimes very hard. Windows applications are/were TERRIBLE about where they saved data. No one could reasonably find their data. XP applications often have a better default, but still there is no guarantee. There's plenty of crummy software out there. Make a backup of your data, as best you can find it and realize that you are certainly going to miss something, so just be ready for that. After we're all done, you're going to find out that something is you wish you had has been lost. It's life with computers.

Overview - XP is the Windows Answer

My advice is to always do a 'scratch install' of Windows. Windows of all versions leave so much trash on your disk, the only safe way to know you really have purged your system of all those viruses and crap is to format the disk drive and install a clean version of Windows.

There are all sorts of versions of Windows - Win/95/98/ME/NT etc. The reality is that Windows XP is the only one you have a chance of making work. Microsoft will not provide updates for most other versions. XP is the only game in town if you want a system that will work for more than a few weeks.

The good news is that XP is the first version of Windows that actually behaves well - and this from a Windows-hater. It really is a decent system - finally. It's also far faster than most of its more recent predecessors. Even on old slow machines (as long as you have lots of memory - 256MB), it'll do adequately.

The bad news is that Microsoft has priced XP way out of line. Its list price at your computer store is usually $200. Look for a deal, perhaps from work, or a school or wherever. As a staff member at the University of Michigan I can get it for $15 (a fair price). No, I can't get one for you.

Without XP, there's no point in proceeding, in my opinion. Installing some other version of Windows is just an exercise in installing. You'll be attacked and have viruses or other crap on your system within minutes of connecting to the Net.

Creating a Windows That Works

Windows is so prevalent, that every cracker in the world has targeted it. If you take a cleanly installed version of Windows and connect it to the Internet, it will be attacked within a few minutes (my experience is 90 seconds). As delivered, the XP on your CD is very vulnerable. It is missing dozens of vital updates.

The trick is to install and beat most of the bad guys while you apply Microsoft fixes. Then you install various virus tools and remove the crap that a buggy Windows let get installed.

Finally, once you have everything installed, you repeat this same process - regularly (at least monthly, perhaps more often). Install updates, update your virus tools. Scan your systems for stuff that got through the last time. You sure you don't want to install Linux or buy a Mac?

Read each of the following write ups and do them in this order. Here's a copy of this document that is suitable for printing. Once you start each step, complete it. However, you can stop and power off your machine after any step and return later to continue. Whatever you do, though, stay off the Net until you have completed the install of updates. The whole process from start to finish will take you at least 4 hours, likely more like 8 or more hours. Good luck, you'll need it.

You will want to read through all of these first, as there are hints and suggestions sprinkled throughout. There are probably a number of things you'll want to get (or ask questions of your local "PC guru') before actually beginning.

Task List

I personally have pretty well weaned myself from using Microsoft systems. I don't pretend to know anything about Windows. I want to know even less. If you don't know me personally, don't bother asking me questions about your Windows system, but find your own personal 'guru'.

Best of luck.



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Who's There?

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

How do you know if you've been 'hacked' (actually the proper geek term is 'cracked', read here)? There are lots of details one could go into, but the fact you are reading this is probably the best. You've noticed your machine has become very slow. Your Internet connect is abysmally slow or you have seen bizarre things happen on your machine. If stuff like that is happening on a machine today, you can bet you have been attacked - and they won.

TCPView Screen shot

One tool I find very useful for this sort of thing is called TCPView and is available from http://www.sysinternals.com/ntw2k/source/tcpview.shtml. This tool simply shows all the connections from your machine to the outside world. There are way more connections than you'd ever guess.

If you download TCPView and double click on it, you will see something like that at the left. Every second or so, the screen will refresh so you can get an idea of the network activity on your machine.

If you think your machine is not doing a thing and you see activity from TCPView - you've probably been cracked. Now there ARE legitimate reasons for your 'idle' machine to connect to other places in the world. XP and your virus scanner will check for updates every now and then, but that doesn't happen too much.

If you see connections from places you don't recognize and they continue to run, you can bet something's running on your machine you did not invite in. It's time for a scan with virus scanner, Stinger or maybe even a complete re-install.

Return to Copying with Windows



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Security and Your Cable/DSL Modem

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

So you've got yourself a broadband connection (cable modem or DSL line) and now you're ready for the Internet? I've got news for you, the Internet is ready for you - more ready for you, than you are for it.

All machines on the Internet are vulnerable to attacks, regardless of their operating system. Windows systems just seem to be more vulnerable. Most people do not apply updates to fix Microsoft bugs. Since Windows is so common, it's also the operating system of choice to be attacked.

Your machine will be attacked, whether it is using a dial-up connection or a broadband connection. 100% guaranteed. This is not a bet, but rather a certainty. The only difference is that dial-ups get attacked slower because they are connected less often and the connection is slower. You are no safer just because you have a dial-up connection.

Securing Broadband Connections

Your Cable or DSL modem provides an Ethernet connection to your computer. It looks to your computer just like it is at the office on your local LAN. This makes it very easy for you to connect - you just plug in a cable. It also makes for a very fast and easy way for other machines on the net to attack your machine.

A router is a box that sits between your machine and the cable/DSL modem and the outside world. It intercepts all the cruft coming in and throws most of it away. If your machine starts something like a web connection to some site, the router lets that data go out and come back. Anything your machine did not invite in, it tosses out. This prevents most kinds of attacks from even getting started.

You absolutely must have a router for your broadband connection. Don't use your new connection for one second one without a router between you and the bad guys.

I've been using a Linksys router, like this for several years. There are several other equally good routers on the market. I have no relationship with Linksys, other than being a happy consumer of their products for many years. These are now very cheap ($60 and less). They are effective. They are easy to set up. Run, don't walk, to a nearby computer store or order on the Internet and get a router and install it right away.

I can't emphasize how important this is. It does you no good to reinstall Windows if your network is completely vulnerable. You won't finish the install and updates before your machine will be re-infected, perhaps to a state you'll never recover. You can be right back to where you started before you ever get going.

This is not an option, if you are serious about keeping your machine usable.

Laptops

Laptop computers pose a special risk because they come in and out of your home network. You may secure your laptop at home behind a nice, safe router. Sometime later you will pick it up and go out into the big bad network world where you aren't protected, get infected and then bring your infected machine back into your home where your laptop attacks your other machines.

So you can't always trust that your machines at home are safe. Even if you are protected by a router, each and everyone of your machines needs to have all the protections I describe because you never know when something will get through. Laptops are just one obvious way to infect your otherwise safe home machines.



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Guide to Installing Windows XP

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

You did backup all your data, right? If not, do not proceed.

Find your XP installation disk. This might have come with your machine. Your vendor should have provided one or perhaps you bought one. There are probably lots of variations of install disks and I can't possibly give you precise instructions. With any luck what you see here will closely resemble what you see, but there are no guarantees (have I said that often enough yet?).

There are surely a bunch of other resources on the net that will also guide you through installing XP. One such site is blackviper.com (see the section at the bottom of the page). After you all done with your install, you might consider applying his "Super Tweaks" (be sure to apply the Home or Professional tweaks as is correct for you).

At some point you'll also be asked for a "product key". Dell puts this on your PC. It might be on the CD itself. Without it, there's no point in starting. I have two different disks with XP. Their product codes look completely different as you can see:

  CW876 X55B5 66QKH M6CR2 G1G1Y
    or
  Y09-84172

Yours will probably look similarly bizarre, but there's no telling for sure. You won't know for sure, until you get by the product key prompt in 15-45 minutes from now.

Disconnect your machine from the Internet. Unplug the Ethernet cable that goes into the back of your PC. If you use dial-up, then you don't need to worry about this now. Don't assume you are safe because you have a router in place. You probably are reasonably safe, but don't assume so. Disconnect. During the install your machine is at its most vulnerable. Take no chances, unplug your machine from the Net for now.

Finally, put the XP installation CD in your CD drive and reboot. Each machine does this step differently. Often times during the reboot, you'll see something like

  Press any key to boot from the CDROM

If you ignore this or are too slow, you'll boot your old system. Sometimes you must get your BIOS to allow you to boot from a CD. This can be ugly. Hope it isn't. I can't give you any help here. If you can't get your CD to boot, you are stuck and need to find a 'guru' to help you out. Don't ask me, I can be of no help.

Installation Notes

What follows are my notes from two different scratch installs of XP. Every XP CD will vary somewhat, so what you see might vary from my notes below. That screen details are not complete, but are only here to suggest what you might see. Your action is labeled with a '==>'. Good luck !

Welcome to Setup

  * To set up Windows XP now, press ENTER
  * To repair a Windows XP installation using
    Recovery Console, press R
  * To quit Setup without installing Windows XP, press F3

==> ENTER

Licensing agreement

==> You have no choice - press F8

Windows XP Setup

Use the UP and DOWN ARROW keys to select an installation

  * To repair the selected XP installation, press R
  * To continue installing a fresh copy of Windows XP
    without repairing, press ESC

==> ESC  (always install a fresh copy unless you are really really sure)

Windows XP Setup

Use the UP and DOWN ARROW keys to select an item in the list

  * To set up Windows XP on the selected item, press ENTER
  * To create a partition in the unpartitioned space, press C
  * To delete the selected partition, press D

  [[[ you'll see SOME combination of these lines ]]]
  
3910 MB Disk 0 etc

  C: Partition [NTFS]         3910 MB (1276 MB Free)
  Unpartitioned space         3910 MB
  C: Partition1 [ New (Raw)]  3000 MB (3000 MB Free)
  D: Partition2 [ New (Raw)]  3910 MB ( 909 MB Free)
  

Not all of the options listed will be on your screen. The idea here is that your disk drive can be broken into 'partitions' (chunks) which Windows identifies as the C: and D: drive. You must have a C: drive. In general it's a good idea to have two partitions. so you can save your data on the D: partition. When you have to re-install Windows, only the files on C: are destroyed. If you were careful/lucky, you can save your data on D: and make it easier to restore things after the next install. You might not even lose data. However, if your drive is less than 10GB (10000 MB), just use one partition (the C:).

If you enter the letter 'D' (delete), you'll have to confirm you want to delete. Read the screens and delete by eventually typing 'L'. If you decide to make a C: and D: partition and currently only have a C:, you'll have to first delete C: and then create a smaller C: and then D: using the rest of drive.

If you enter the letter 'C', you must then decide how big the partition should be. There is no general guideline here, but using about half your drive for C: is a reasonable guide.

Don't get too confused by all this. Heck, you can't get it wrong. It'll Windows will either install or it won't and you can get back to this point pretty easily. If you aren't sure about this partition stuff, just make sure you see one C: partition (or create one for the whole disk) and use that. Your system will work.

Eventually, you should move the highlighted line to C: and press ENTER to start the install.

Windows XP Setup

Use the UP and DOWN ARROW keys to select the file system
you want and then press ENTER.

  * Format the partition using the NTFS file system (quick)
  * Format the partition using the FAT file system (quick)
  * Format the partition using the NTFS file system
  * Format the partition using the FAT file system

Choose the first (NTFS, quick). Formatting will start and then Windows files will get copied to the disk. Now's a good time to go do something else. This will take 5-30 minutes. You have now gone past the point of no return. Your machine is not usable in the slightest now.

After files are copied the machine will reboot. This should avoid booting from the CD again, but if you find yourself right back at the beginning again (Welcome to Setup), remove the CD and reboot manually. Now XP starts copying more files to your disk (you might have to put the CD back in). Note: On the lower left hand side you might see something like "Setup will complete in approximately: XX minutes" In my experience this is always wrong.

Regional and Language Options

  Probably nothing here for folks in the USA

==> Next

Personalize Your Software

==> Name:  Myfirstname Mylastname
==> Organization:  Home

==> Next

Your Product Key

Enter your product code that I mentioned at the start of this.

==> Next

Enter no spaces or dashes. Case does not matter. Here's where you find out if Windows will play with you. If you don't get this right, your disk has been formatted and you have an unusable system. How happy are you that Microsoft chose to ask this question after it screwed up your disk? Note: sometimes this is not asked for, depends on your CD.

Computer Name and Administrator Password

==> Next

If you want to name your computer, pick anything you want (short and no blanks is best). Maybe something like "toms-pc". Always set a password, even if you are at home and you are the only person using the machine. No, don't pick your name. When you are done, write it down somewhere where you won't lose it. You'll want to use this again later cause XP doesn't really set the password you want.

Modem Dialing Information

  If you use dialup for net access, you'll know these values
  if you don't, you won't. They can always be reset later.
  In order to proceed you need to provide at least your area code.

==> Next

Date and Time Settings

  The time might be right cause your machine remembered it.
  
  The timezone is almost always wrong as it usually defaults
  to Microsoft's timezone. Use the drop down to select the
  correct timezone. You really should have this correct.

==> Next

Before continuing it's time to plug in your network cable, unless you have a dialup connection. (Actually I'm not 100% if this is necessary, but it seems a good idea for the next step.) What follows are notes for the network setup using an Ethernet connection (cable modem/DSL users). If you are using a dialup connection, then read about dialups here.

Network Settings

==> Typical Settings
    This has to do with Ethernet connections, finding out
    what your IP address is, your name server etc. For simple
    situations like at home with a router, this is almost
    always right. It can be fixed later.
    
==> Next

Windows tries to find your network card and set things up. After this is done, unplug your cable again. Maybe plugging in your cable wasn't even necessary for this step. In any case, it's time to be paranoid again.

Workgroup or Computer Domain

==> No, this computer is not on a network, or is on a network
    without a domain. etc.

==> Next

This parts takes some minutes. Time for another break. Eventually XP will reboot again like before. When the reboot happens, you can take the CD out.

Welcome to Microsoft Windows

  Lets spend a few minutes setting up your computer

==> Next

Now it really is necessary to plug in your network cable. XP is about to set up your network connection and it's way easier to let XP figure it out, than for you to do it later.

How will this computer connect to the Internet?

  * Telephone modem
  * Digital subscriber line (DSL) or cable modem
  * Local area network (LAN)

==> LAN, for most everyone
  
==> Next

Most everyone will choose LAN, including people with a router installed. You HAVE read Security and Your Cable/DSL Modem, right? Modem (dialup) users should be reading here and will continue with Ready to register with Microsoft?.

Setting up a high speed connection

==> Check 'Obtain IP automatically'
==> Check 'Obtain DNS automatically'

==> Next

This is for cable modem/DSL users (i.e. a LAN connection).

Ready to register with Microsoft?

==> No 

==> Next

At this point I'd say advise to NOT register. You are on the Internet and subject to attack. Don't waste time with stuff that does not matter, until you install tools to make your machine safe. Besides I've never seen that registering actually confers any benefits.

Who will use this computer?

==> 'Your name' 

==> Next

This is asking for a userid for XP so you can login. You MUST have one, even if you are the only person using the machine. The name can be anything, but you'll find it useful to use your first name or even your Email account name. If more than one person will use this machine, you can enter names for them now -- or later. 'Your name' will be the administrator for the machine. You can add other administrators later.

Thank you!

==> Next

Dial-up users have not yet actually connected to the Net. Cable modem/DSL users are all set. Whenever you attempt to use the Internet, you'll be prompted to dial your ISP. Go ahead and see if it work. Click on Start, then Control Panel, then Network and Internet Connections, then Network Connections and finally double click on the "My ISP" icon to dial your ISP for the first time. You must get your dialup connection working to finish this whole process.

Logging on XP for the First Time

Now you are logged on XP for the first time. Your machine is like a new-born baby -- completely vulnerable to attack. In fact if you are on a dialup, as you read this you be possibly be probed and the attacks are getting ready. You need to install, update, and install and then update some more.



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Virus Tools

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

Virus Scan Tools

By now I hope you all are familiar with some virus scan tools. These are a class of program that is always running on your Windows machine. They look at every file that comes into your machine and try to match the incoming file against patterns of known viruses. They all rely on databases on your machine of patterns which you must be sure are updated regularly. Any tool worth its salt today will "just work". You install it and it goes off regularly to update its virus lists.

Your computer most likely comes with some such tool. A few popular ones are (again I have no financial interest in any of these):

Scan for updates

These tools are only as useful as their virus database. They must update regularly - and most require yearly subscriptions for this service. It is very possible your employer will already have you covered. Most employers have figured out it's in their own interest to make sure your Windows machine at home is reasonably safe, lest you bring viruses from home into work. Check with your local IT people and see if this is the case. This can save you the cost of a yearly subscription.

Your brand-new Windows machine comes with nothing to help you. One of the very first things you should do is install your virus scanning program. The exact details will vary by product, but all tools will start off by getting the latest virus updates and then scanning every file on your machine.

As soon as this scan gets started, you should disconnect from the Internet. You have to wait until the scan starts, because the virus tool should first go out on the Net and get its updates. You need to be connected for that. As soon as the scan begins, you can and should disconnect so you don't get infected WHILE the scan is going on. This scan will take some time -- many minutes. Time for yet another coffee break. It would not be surprising if it already finds something on your brand new machine because you were, after all, on the Net right? Your virus scanner should delete the virus. When the scanning is done, reconnect to the Net.


Windows Update

After the install/scan is complete, you'll see the virus program is running and has a small icon in the lower right hand corner of the screen. Do a right-click on this and you'll have several options.


Re-scan for updates

Two options you want to know about will say 'Update Now' or the like (get the most recent virus updates) and maybe 'VirusScan Console' or the like. This latter will show a window maybe something like this - where you can control all sorts of options. Once in a while (perhaps monthly), you should get to this console and re-scan your entire machine again. Just in case - you can never be too safe, right?

The McAfee product has several interesting options from this right-click menu. One is to look for 'unexpected programs'. Sometimes you get infected and people install other programs besides viruses on your machine. This option will find them and ask if you really want them. Your product may or may not offer something like this.

Spyware Checkers

'Spyware' is a class of software that gets installed on your Windows machines in all sorts of ways... including courtesy of whoever sells you your PC. You can delay installing spyware checkers until you have completed your re-install of Windows. Here's the description for one such piece of 'spyware':

Gator tracks the sites that users visit and forwards that data back to the company's servers. Gator sells the use of this information to advertisers who can purchase the opportunity to make ads pop up at certain moments, such as when specific words appear on a screen. It also lets companies launch a pop-up ad when users visit a competitor's Web site."

Running Ad-aware and Spybot is optional. Your machine is 'safe' (not infected). If you are comfortable that someone is tracking what you do on your machine, then you can skip running these two programs. If you don't think you like this behavior, feel free to install the programs mentioned below and run them regularly (once a month). I ran these on my machines at home and while I have been very very careful, I still found 16 cases of 'low-risk' spyware.

There seem to be at least two freely available versions of spyware checkers that are popular, Ad-aware and Spybot. I'm told that neither finds everything, but together they do a good job. Both work similarly to virus scan programs in that they must get updates for the database of things to search for. Unlike virus scan software, these programs do not run all the time, but rather you must remember to invoke them once in a while.

Ad-aware start

Ad-aware

This software is available from http://www.ada-ware.com/. The install is pretty normal. Once you start the program, you must first click on 'Check for updates'. It'd be better if the program would attempt this when you first start up, but it doesn't at least in the version I've seen.

Spybot start

SpyBot Search & Destroy

This software is available from http://www.safer-networking.org/. The install is pretty normal. Its behavior is much like Ad-aware, but I find the interface less obvious. One nice feature is that it is aware of Ad-aware so it does not trip over things Ad-aware finds.

These two programs will not run themselves automatically. You need to remember to run them every once in a while. You'll have other maintenance things to do regularly and these scans could just be another thing to do.



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Updating Windows XP

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

After you login to XP the first time, you need to install fixes from Microsoft (called updates). Microsoft provides new fixes regularly (the schedule varies). After your first install you will have hundreds of fixes to install. After that there will be fewer.

There are two ways to do this. You can fetch the updates over the network and apply them. This takes a fair amount of time (sometime hours) and has the disadvantage that while you are connected getting your updates, you are open to attack. Still, it's better than not doing it. If you have a router in place, you're pretty safe, so go ahead and use the Network update.

Alternatively, you can get the updates on a CD, apply them offline (disconnected from the network) so when you do first connect to the Net, you've got most of the critical updates applied. If you apply updates from a CD, be sure to disconnect from the network - again, just to be safe.

Updates From a CD

Anytime you get updates from a CD, you will always be a little out of date. So, even if you apply updates from a CD, you must also immeditately get your updates over the Net. The number of updates will, however, be very small compared to getting them all over the Net. You can get a CD with Microsoft updates from at least these sources:

Installing from CD may likely require several iterations and reboots (this is Windows after all). Keeping installing until you are told you have all the updates applied. Now you are up-to-date with the CD - but not with the entire world. Get your updates from the Net now.

Windows updates

Updates Over the Net

Be sure you are connected to the network for this.

The first time this is will take quite some time. Depending on your version of XP this might be 30MB or more. This will download the files and install them. There's a good chance this will require several reboots.

Just downloading data this large will take a long time. If you are using a dial-up, this will take hours and hours. Don't avoid applying the updates just because it'll take a long time, because your machine will be completely vulnerable. Go to bed and hope the dial-up connection stays up long enough for the data to be downloaded.

No critical updates

After the reboot, login again, and repeat this process. Don't be surprised that you must update and reboot several times. Continue installing updates until Microsoft says there are no more for you. You are just a little more secure now.

This updating is a process you'll be doing at least monthly as long as you use Windows. The default mode is for XP to download updates regularly and prompt you to install them. Do it every time. You can delay for a day or whatever because it's not a convenient time, but don't forget. To forget is to make yourself vulnerable to attack.



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Closing the Barn Doors

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

Set password

Front Door - Login Password

During the install of XP you set the administrator's password and then later you specified the name of a userid to be created. Now it's time to set a password for the account that was created (why didn't Microsoft force you to set a password?). Click on Start, then Control Panel and then User Accounts. Pick your account (there will only be one valid choice, 'Guest' is disabled, leave it that way). Now you can 'Create a password'. I always use the password I chose for the administrator. Whatever password you choose, just don't make it too trivial.


Back Doors

Windows intentionally has dozens of ways some knowledgeable person can run programs on your machine without you ever inviting them in or even knowing it is going on. The document describes how to shut some of the doors.

In theory, if you are on an isolated and protected network (e.g. at home with a router preventing the bad guys from knocking), you do not need to close any 'doors'. However, I'll claim it is worth closing these doors anyway. You never know when something will fail or an infected laptop will join your network and attack your home machine. If you are using this guide for a laptop, you definitely should follow these instructions.

Note there are legitimate reasons to allow some of these things to exist. Many are provided for sophisticated things that might be used at your work place or to allow machines to talk to each other - to share data. Very few, if any, of these things apply to you at home. However, if you just blindly follow the instructions here, something you want might break, so caveat emptor.

The following applies only to people who have XP installed. If you do not have XP, don't do this, you won't like the result.

Everything here can be undone, but undoing these things (e.g. re-opening the barn door) is not for the faint of heart. The first step is to disable various 'services' provided by Microsoft:

If you want to allow one of these, do not do the following, otherwise download and save the file WinXP-services.reg and then double click on it. If you don't know if you want these things, you probably don't. Ask your 'guru'. If you don't have a guru, then you don't need these and should apply the changes.

This next step sets 'policies' - rules to tell XP what to do when it gets network traffic. Our rules are:

Again, if you want to allow one of these, do not do the following. If you don't know anything about these things, you should probably follow these instructions. This is more clumsy to run because you must first get a tool from the XP CD that was not installed.



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Install Applications

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

At this point you've installed XP and applied Microsoft updates. You've got your virus scanner installed and working. Now it's time to get the software you use installed.

Get out your CDs and start installing stuff you want. This might take you quite a bit of time and certainly is no fun. It's also a good time to clean house and be more selective about what you need installed.

Updates from MS

More Microsoft Updates

You may well be installing more software from Microsoft (Office is common). If you do, you must apply Microsoft fixes, just like for XP. Again there are plenty of security bugs for Word and OutLook (especially). Don't use these applications until you have applied the updates.

After instaling Office, you need to install updates from Microsoft. Microsoft provides new fixes regularly (the schedule varies). After your first install of Office you will have hundreds of fixes to install. After that there will be fewer.

Start by visiting the Microsoft web site at http://www.microsoft.com/ and click on Office Update on the left hand side.


Check for Updates

Then click on Check for Updates and after a bit you'll either see something about "No critical updates available at this time" or something like that below inviting you to download and install some updates.

As with the updates for XP, these can be very large. The first time you'll be asked to approve a certificate from Microsoft. Unlike with the XP update process, Microsoft will probably insist you have your Office CD around. You didn't put it away, did you? You probably have to dig this CD out every time Office updates are applied.


Install Updates

You need to check these updates regularly. XP will not be checking for you, but rather you must remember to do this. Office products (especially Word and OutLook) are favorite applications that crackers try to trick. There's a long history of these applications failing and installing software that infects your machine, so be careful to regularly check for Office Updates.

Finally

Now after you've got your applications installed and the last of your first set of Microsoft Updates applied, you can try to restore the data you saved before and get your Email working. You now can have some reasonable confidence that your applications will work reasonably and not infect you.



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Additional Scanner

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

stinger.exe

At this point you've installed XP and applied Microsoft updates. You've got your virus scanner installed and working. You have installed your applications and data and applied yet more updates from Microsoft for Office (if you have that). You're feeling pretty safe and secure.

Well, I've got one more tool for you to run. If everything was working well, you should be safe, but just in case, here's one last thing to know about.

Scan for updates

The McAfee AVERT Stinger is a freely available program to scan your disk yet again to detect and remove specific viruses. If somehow something got through, this is your last chance to find it. Visit http://vil.nai.com/vil/stinger/ and download the binary. There's no fancy install, it's just one program so you should save it someplace where you'll find it. I always put it at C:\ so I don't have to rummage all over the place looking for it.

Find and double click on Stinger and click on 'Scan Now'. It's time for yet another scan of all your files. This'll take a while (5-30 minutes) so it's a good time for another break. If Stinger finds anything, it'll tell you about it and remove the file.

Once in a while (perhaps monthly), you should rerun Stinger and re-scan your entire machine again. Just in case - you can never be too safe, right?



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Spyware Checkers

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

'Spyware' is a class of software that gets installed on your Windows machines in all sorts of ways... including courtesy of whoever sold you your PC. You can delay installing spyware checkers until you have completed your re-install of Windows. Here's the description for one such piece of 'spyware':

Gator tracks the sites that users visit and forwards that data back to the company's servers. Gator sells the use of this information to advertisers who can purchase the opportunity to make ads pop up at certain moments, such as when specific words appear on a screen. It also lets companies launch a pop-up ad when users visit a competitor's Web site."

Running Ad-aware and Spybot is optional. Your machine is 'safe' (not infected) without these being installed. If you are comfortable that someone is tracking what you do on your machine, then you can skip running these two programs. If you don't like this behavior, feel free to install the programs mentioned below and run them regularly (once a month). I ran these on my machines at home and while I have been very very careful, I still found 16 cases of 'low-risk' spyware.

There seem to be at least two freely available versions of spyware checkers that are popular, Ad-aware and Spybot. I'm told that neither finds everything, but together they do a good job. Both work similarly to virus scan programs in that they must get updates for the database of things to search for. Unlike virus scan software, these programs do not run all the time, but rather you must remember to invoke them once in a while.

Ad-aware start

Ad-aware

This software is available from http://www.lavasoftusa.com. Their simplest version of Ad-aware is free for personal use. They offer more automated versions for sale. The install is pretty normal. Once you start the program, you must first click on 'Check for updates'.

Spybot start

SpyBot Search & Destroy

This software is available from http://www.safer-networking.org/. The install is pretty normal. Its behavior is much like Ad-aware, but I find the interface less obvious. One nice feature is that it is aware of Ad-aware so it does not trip over things Ad-aware finds (see here).

These two programs will not run themselves automatically. You need to remember to run them every once in a while. You'll have other maintenance things to do regularly and these scans could just be another thing to do.



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Staying Safe

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

At this point you've installed XP and applied Microsoft updates. You've got your virus scanner installed and working. You have installed your applications and data and applied yet more updates from Microsoft for Office (if you have that). You've run Stinger and everything is clean.

Your machine is as safe as possible. Now if you turn it off and never use it again, it'll stay that way. But you won't, you'll use the dang thing and every time you do, there's some small chance that a new virus will come by and attack your machine and get past everything.

Just Say No

All the procedures and virus checkers will do you no good if you are constantly installing crap (sometimes call 'software') on your machine. One survey concluded that almost half of so-called free software contained viruses. Don't open attachments. Ever. Unless you were told the attachment is coming and you want it. Just because it seems to come from someone you know, doesn't mean your friend really sent it. Viruses often fake the sender addresses.

You are constantly presented with opportunities to install things on your machine. Unless you know exactly what it is and you actually believe it to be safe, do without. You can't afford it. Do you really need all those 'toolbars', those 'joke programs', that 'game' from your neighbor's friend? Every time you install something on your machine, there is a risk you will get infected. Do it as little as you can get away with.

Sure, I install stuff, but only stuff I intentionally seek out and can't do without. Yes, I have Acrobat Reader installed, but not the five other things Adobe wants to fob off on me. Show some restraint. Here's some further reading:

Update Bubble

Regular Maintenance Task List

Your virus scanner software will most likely connect to the Net every now and then and get the latest updates to its database. XP will contact Microsoft every now and then and if there are updates to apply. You'll get a 'balloon' in the lower right hand corner that says something about "You have updates to apply". It might even go out and get and apply the updates. If it does not, you should do it yourself.

All this is good, but it may not happen often enough or soon enough. You should make a pro active effort to check your machine. Just like your car needs regular attention, so does the security of your machine. Once a month or even more often, you should repeat parts of this install process. No, you won't need to install XP again, but your regular maintenance should include:


ReRun Stinger

Running any machine connected to the Net these days requires vigilance. Windows has a particularly high burden. If you slack off and start skipping regular maintenance, in time you'll be burned and be right back where you started. Many times you can just start a scan and then let it run while you make supper or sleep or whatever. With a little planning doing regular maintenance will actually require little real time while you sit in front of the computer.

As the ad says, "Just do it".



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004

Safer Applications

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

Microsoft distributes a few applications that have proven historically been very dangerous - namely, OutLook and Internet Explorer (IE, the web browser). Because so many people use these, they are the primary applications used by crackers to attack your system. Unfortunately, they also have a history of letting the bad guys in too. While not required, I'd encourage you do seriously consider finding alternatives for Email and your web browser. Here are some safer choices:

Email Programs

Email has been around for a very long time - long before Microsoft has been offering OutLook. Unless you have some very important requirement to use OutLook, I'd encourage you to find an alternative. Some popular choices are:

You do not need to ever use OutLook, and should not. You'll not actually be able to remove it completely from your system, but you can at least delete the icon from your desktop (if you see it there).

Web Browser Programs

Internet Explorer (IE) should be avoided as much as you can. Some places on the web create web sites which require IE (for no good reason). Many times the Microsoft site will just not work without IE, so you can't just get away with never using it, but you can avoid using it as little as possible. Find an alternative. Some popular choices are:

Unlike OutLook, you cannot avoid using IE for some tasks. Microsoft will sometimes require you to use IE (for updates, for instance). Some web sites are so Microsoft-centric, that they only test for IE and code their HTML pages to require it.

Word

Microsoft Word is very popular and can do an amazing range of things. Most people only need a very basic word processing program. Since Word is so popular, it's also a target for crackers. If your needs are simple, consider using an alternative (and saving the cost of Office).



Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Jun 19, 2004