|
Recommendations for Securing Windows 9x/ME
Last Modified
On: 09/28/2001
Windows 9x/ME operating systems are fairly easy to protect
with only a few simple precautions.
These measures are designed to
protect your system from remote security issues and do not include
day-to-day usage practices (such as don’t open attachments from
people you don’t know.)
1) INTALL VIRUS PROTECTION.This cannot be emphasized
enough.95% of all security related problems seen at Astalavista
could have been avoided with virus protection.
Visit
http://www.sophos.com for more information and to get your virus
software.
2) Turn off File and Print Sharing. You can do this
through the network control panel. It is simply a matter of
un-checking 2 boxes. Almost all of the remote security issues with
Windows 9x/ME revolve around File and Print Sharing. Windows
9x/ME are not server operating systems and should not be used as
such.
a. If you MUST enable File and Print Sharing then:
i. Make sure all of your
shares are password protect.
ii. Make sure the
invisible “$” shares on the drives themselves are either removed or
password protected.
iii. Never, under any
circumstances, allow write privileges to your shares. If read only
access in not good enough then you should be working with a file
server, not sharing files from a desktop machine. Why shouldn’t you
allow write access? Because once you do your system’s integrity is
exposed to anyone who either has the password or who can crack the
password, which is much easier than you may think. There are a
number of worms going around which travel through file shares to
which they can get easy access, all they need is write privileges.
3) Regularly check http://windowsupdate.microsoft.com/ for
operating system updates. You can install the Critical Update
Notification to inform you when there are new updates, so you don’t
have to worry about remembering.
4) Install all Outlook Security Patches
http://office.microsoft.com/downloads/2000/Out2ksec.aspx
5)You may want to consider a personal firewall. However,
personal firewalls can be somewhat complex and intrusive… and really
their need is greater the more access you allow to your machine.
For instance, if you enable File and Print Sharing the need for a
personal firewall increases greatly.
6) Test your configuration: Scan yourself via the web.
A couple of links are below which include more thorough
information and how-tos.
http://www.microsoft.com/technet/security/tools.asp
http://www.cert.org/tech_tips/win-resources.html
Hyperlinks
Personal Firewall Scoreboard
http://grc.com/lt/scoreboard.htm
http://www.microsoft.com/technet/security/tools.asp
http://www.cert.org/tech_tips/win-resources.html
Credits
Core Member of Astalavista Group
rOOtless - rootless@astalavista.com
|