Feature: Improve your XP security

In Windows XP Professional, Microsoft has, by default, turned down or completely deactivated several effective security features to improve ease of use.

This opens several doorways into your system, even for attackers without specialist hacker tools.

Take user rights as an example: during installation, Windows automatically creates an unprotected Administrator account and adds the person doing the installation to the list of administrators. This means that any users logged on in this way are granted full Administrator privileges.

This also applies to any viruses that are activated during such a session. However, if you use a few tricks and the right tools, you can quickly transform a vulnerable system into a digital high-security zone.

Check hidden users
By default, Windows XP sets up four predefined accounts during installation: Administrator, Guest, Help Assistant and Support, although most users do not notice this, because the control panel’s User Accounts section only shows two entries: User and Guest.

You have to start the Administrative Tools/Computer Management snap-in before you can see a complete list of default accounts and the user account, in the Local Users and Groups section.

To rectify this, do not give user accounts any Admin privileges and allocate a strong, secure password to each account that has these privileges, as explained below. Do this as a matter of priority.

Instead of going directly to the Windows Welcome screen after start-up, it is better to ensure that only authorised users can access the system, by using the familiar login screen, which has been around since Windows NT.

Controlled access
To change the Welcome screen option and add a password to an unprotected Adminstrator account, logon as Adminstrator by pressing Crtl & Alt & Del twice at the Welcome screen, which will bring up the old-style logon box. Type ‘Administrator’ as the user and leave the password blank – if this works, you know it’s unprotected.

Open the Control Panel, change to User Accounts and click on ‘Change the way users log on and off’, deactivate the ‘Use the Welcome screen’ option and confirm your choice by clicking on ‘Apply options’.

In the User Accounts screen, click on ‘Change an account’ and then the Administrator icon. Click on ‘Add a password’ and enter the password. In the next dialogue answer the question about restricting access to your files and folders with a click on ‘Yes, only for my own use’.

This will stop users with limited privileges from gaining access to files created by the Administrator. You can also reset a password via the Computer Management snap-in, described in the next section.

A secure password does not simply mean a long one, but one that is hard to guess. It ought to have at least 15 characters with a mixture of upper and lower-case letters, numerals and at least one special character such as @, # or $. The more complex, the better, although you need to ensure you can remember it – a sentence or phrase is often more memorable.