Security

Install A Firewall

Our company went from 100% Macintosh to about 95% PC's. Would you believe that within the first 2 months our laptops and servers were hacked no less than *3* separate occasions and have had more Virii than I can count? If I didn't see it myself, I wouldn't have believed it either. Take it seriously. Buy a router, and install Anti-Virus and Anti-Spyware Software. In today's day and age, you have no choice.

Microsoft included a firewall in Windows XP to keep you safe from hackers while you cruise the Internet. How do you know that the Internet Connection Firewall is on? Go to the Control Panel and double-click the Network Connections icon. In the dial-up, DSL, or cable connection dialog that appears, check the Status column. If your firewall is on, it should say Firewalled. You can turn the firewall off with the check box, but unless you are going to add a third party firewall (I personally use Zone Alarm) for heightened security, it's best to leave it on. Truth be told, we were hacked right through Zone Alarm as well. It's only to help keep people out, not guarantee it.

The Internet is getting to be dangerous place. If your workstation is on the internet, you need a personal firewall. I also recommend that workstations used by administrators have a firewall. When the admin's workstation firewalls start popping, you know someone's knocking on your network door. When selecting a personal firewall, you should consider whether you want one that controls outbound communication with the Internet. The advantage is that you are alerted the first time any program tries to call out and you are given the option of deciding whether to allow it one time, always or never. The disadvantage is that you may have no idea what the program trying to call out is or what it does. To be effective, outbound control requires a user who has need or interest and skill or knowledge. XP and W2K have some firewall capability builtin. Read this kb article for info on XP's Internet Connection Firewall For 3rd party solutions:
BlackIce Defender
Strong intrusion detection capabilities. Can be purchased from Amazon
McAfee Personal Firewall
Norton (Symantec) Personal Firewall
V3 alerts you to intrusions, maintains an event log of connection incidents, allows only applications out that you specify, permits cookies only from Web sites you've authorized, blocks Java applets and ActiveX controls by site, and the AutoBlock feature detects and thwarts port scans. Can be purchased from Amazon
Sygate Personal Firewall
Recommended by Steve Gibson. Like XoneAlarm, will block outgoing connections.
Tiny Personal Firewall
Built on ICSA-certified security technology, it is an integral part of The Tiny Software Centrally Managed Desktop Security (CMDS) system selected by the US Air Force for its approximately 500,000 desktop computers. Available FREE for home use. Very configurable.
ZoneAlarm Pro
The choice of many. ZoneAlarm allows only applications out that you specify, has password protection, distinguishes between trusted and untrusted sites and intrusion detection. Can be purchased from Amazon

Zone Alarm. Possibly the best software firewall available & simple to use. Available in Free & Pro versions.

Tiny Firewall - Zone-Alarm-like program, should try it out too.

E-Trust software suite - very extensive software package that works as an antivirus, desktop shield, firewall and a email protector from viruses.

Ad-Aware. Essential utility which scans your system, detects & can remove known Adware files which can be spying on you/your system without you knowing.

AVG anti-virus. One of the very few free virus scanning utilities that comes with regular updates.

Use the group policy tool to restrict access

If you would like to play computer god and limit or control just about every aspect of your computer you can use a great tool called the group policy editor.
Click Start and select Run
Type gpedit.msc in the text box and click on OK.
The group policy editor will load. Navigate through the folders and you will discover hundreds of items that you can limit access to and control.

Automatic Logon

On a dedicated special function server such as print server or application server, one might want to bypass the Logon dialog box and automatically logon to the server. Not recommended. If you want to set it on your standalone workstation at home, well thats a different matter. If you want to set this on a laptop or workstation on a network, consider the word security.
If you need to set autologon and twiddlying with registry hacks is daunting, see Autologon tips which points to freeware utility to do the work for you.

The following registry hack details the registry keys which control automatic logon:

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: AutoAdminLogon
Type: REG_SZ
Value: 1 enable auto logon
Value: 0 disable auto logon

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: DefaultUserName
Type: REG_SZ
Value: account to logon automatically

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: DefaultPassword
Type: REG_SZ
Value: pw for DefaultUserName above
Caution: Password is stored in clear text. Set security permissions on Winlogon subkey to protect the account used.

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: DefaultDomainName
Type: REG_SZ
Value: if domain account, domain name; if local account, server name

Windows 2000 / XP has an additional registry setting to force autologon and ignore bypass attempts. This can be valuable with a kiosk environment:

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: ForceAutoLogon
Type: REG_SZ
Value: 1

The following registry values must not exist: LegalNoticeCaption, LegalNoticeText. These values force a person logging into a PC to acknowledge having read the notice. If these values exist, the legal notice dialog hangs until someone hits enter. Don't just null out the values. Delete them.

The value DontDisplayLastUserName determines whether the logon dialog box displays the username of the last user that logged onto the PC. The value does not exist by default. If it exists, you must set it to 0 or the value of DefaultUser will be wiped and autologon will fail.

Finally, the value RunLogonScriptSync determines whether a logon script will run synchronously or asynchronously. It should not effect this process but there have been reports that setting the value=1, that is, sychronous, is more stable.

Whether you use the Autologon utility or the registry approach, there are times when you must logon as another user or need the logon dialog to appear. Hold down the shift key until during boot until the logon dialog appears. For the control freaks, even the shift override can be blocked (also see ForceAutoLogon above) :

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: IgnoreShiftOverride
Type: REG_SZ
Value: 1

If you want to enable autologon for a certain number of times, follow the above instructins and use the following Windows NT / W2K / XP registry hack:

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: AutoLogonCount
Type: REG_SZ
Value: # autologons you want to allow

Microsoft Outlook - Force reading email to plain text

There have been email exploits based on html coding. Outlook 2002 in Office XP Service Pack 1 adds a the capability for individual users to restrict Outlook to read all non-digitally-signed e-mail or nonencrypted e-mail in plain text format. The SP also allows an admin to use a policy to do the same thing for users, groups, ...
For an individual, you can use the following registy hack:

Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Office\10.0\Outlook\Options\Mail
Name: ReadAsPlain
Type: REG_DWORD
Value: 1 disable

This registry hack effects

the preview pane as well as open messages
pictures become attachments to avoid their loss
object model (custom code solutions) may behave unexpectedly
digitally signed messages are not altered.

Change default application installation folder

NT/W2K/XP's default directory for installing applications is the Program Files folder (at least for English language version of NT/Windows 2000/XP). To change the default application installation folder:
Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows\Current Version
Name: ProgramFilesDir
Type: REG_EXPAND_SZ
Value: C:\Program Files default

Please note that some programs ignore this registry setting.

Speed Boost

>>Speed Up Start-Up By 40 Seconds

Go to Device Manager and Expand IDE ATA controllers Right click on Primary go to Properties then Advanced. Anywhere that you do not have a device (HD, CD, etc) set device type to none. Repeat for secondary channel. Reboot.It will cut 40 seconds or more off your boot time. No, I'm not kidding. Works great on laptops too.

BootVis

Download and run it. Now go to File > New and choose "Next boot trace" or "Next boot and drivers
chase". Leave everything else as is and get ready for a reboot in 15 secods.

Ok we are back after a reboot. Click on the Bootvis.exe, it will now output
the results, once it has finished generating the report, you will see graphs
5 or 6 graphs. They look a bit confusing at this stage.

You may see "warning disk write caching is disabled" i am pretty sure
Bootvis Automatically enables this for you... but you can manually enable
this by going to Device manager >> Right click on your hard drive >>
Properties >> Policies Tab >> Check " Enable Disk write caching"

Now this is where the fun begins ! From the main menu .. Click on Trace >>
optimize system.

And yes you guessed it another reboot .... :-)

Once you have re-booted and are back at your desktop, dont touch anything,
just wait.

You will see a message box "Please wait for bootvis to load" ... about 20
seconds later another meassge box will appear "Optimising system for boot
performance" basicallay bootvis is happily rearranging the boot files for a
faster startup

Visual effects in system panel

A noticeable performance boost can be found when you turn off alot of the eye candy in Win XP

Right click my computer, hit properties
advanced --> Performance --> settings
Adjust for best performance

Set the system to give priority to a major device (by its IRQ)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl]

IRQ8Priority=1 Determine the IRQ of the device you want to give top priority. Create an entry with the IRQ number (e.g. IRQ5Priority) and give it a value of 1. Recommended that System CMOS/Real Time Clock be given the top priority to provide greatest overall system boost.

Convert Fat 32 to NTFS

I won't bore you with the details about the differences between NTFS and Fat32. You'll just have to trust me on this one. NTFS is faster and more secure than Fat32 is on larger drives. On smaller like sub 25Gb drives Fat32 is faster. NTFS's speed advantage only kicks in on higher capacity drives. There's a rather simple command that isn't very easy to find that will convert your FAT32 partition to NTFS. Open the command prompt by hitting start and then selecting run and type: "Convert C: /FS:NTFS". Replace C: with whatever the drive letter you'd like to convert is. Also make sure there is a space between the C: and the foward slash (/). Once you press enter it will ask you for confirmation and press Y. Then press Y and enter once more to reboot. It will take between one hour and 15 minutes to convert to NTFS. Now you can set passwords for files and use encryption. This also works for windows XP Home. Unfortunately this makes the default cluster size 512 bytes instead of the 4kb that a clean format of NTFS provides.

>>Make NTFS run better

Now that you've converted over to NTFS or you had it already there's a few things that you'll want to do to make it run faster. NTFS was designed more for the server market and there's some features that we don't really need and can either tune a little bit or disable all together.

1. Last access update is another feature that I'd turn off and will help you get a little more performance out of your hard drive. What is this? NTFS updates the date stamp on directories whenever it opens the directory. To turn this rather useless feature off browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentContolSet\Control\Filesystem and change the NtfsDisableLastAccessUpdate registry entry to 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisableLastAccessUpdate"=dword:00000001

System Cache Boost

The XP kernel can be loaded into your RAM with a simple registry edit. This can greatly improve performance since the NT Kernel will always be in your RAM. With this edit you will allocate roughly 4Mb of your RAM for the kernel. Sometimes more RAM is used but most of the time it is only 4Mb. The entry that you will need to find is called LargeSystemCache and you'll need to change this from 0 to 1 in order to enable this.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"LargeSystemCache"=dword:00000001

>>Shut Down Faster

There's quite a few things related to shutting down your system faster located in HKEY_CURRENT_USER\Control Panel\Desktop

AutoEndTasks (set to 1) will automatically kill hung up programs for you. The next one is HungAppTimeout (make sure it's 3000). Next up is WaitToKillAppTimeout. Which should be set to 2000 (default is 20000).

Since we have the programs being killed after a certain amount of time you will also want to do the same for services. Change the WaitToKillServiceTimeout to 2000 as well.

To make your start menu show things quite a bit faster you will want to edit the MenuShowDelay key. Changing that to a lower number will result in faster performance.

[HKEY_CURRENT_USER\Control Panel\desktop]
"AutoEndTasks"="1"
"HungAppTimeout"="3000"
"MenuShowDelay"="0"
"WaitToKillAppTimeout"="2000"
"WaitToKillServiceTimeout"="2000"

The XP Prefetcher

Windows XP has a service called the Prefetcher. It basically monitors the different programs that start during startup and helps them launch faster.

To find this tool browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

The important key is EnablePrefetcher. Default value for this is 3. You will want to try numbers between 1 and 6. 5 seems to work best for me but your mileage may vary.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"EnablePrefetcher"="5"

Cleaning Prefetch

Just like everything else in windows after a while the prefetch ends up with files that haven't been used in quite a while. Every so often you should browse to C:/windows/prefetch and clean out what you don't need.

>>Share browsing speedup

Why does browsing shared folders on some computers take so much longer than it does on some other machines? Something as simple as having any Scheduled tasks on the computer you're trying to browse can add up to 30 seconds of waiting! Fortunately, it’s fairly easy to disable this process. You'll have to open up regedit. IE 6.0 wants to run a schelduled task everytime it connects to a server. This results in slower browsing.

To disable this, delete the following key: HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Explorer/RemoteComputer/NameSpace directory. Browse through the contents and find a key called {D6277990-4C6A-11CF-8D87-00AA0060F5BF}. Delete this nasty little key. As with all registry changes, it will require a reboot for the changes to take affect.

Slow boot on network

Sometimes when connected to a LAN the boot time can take a few minutes. Load times shouldn't be anywhere near that! Signs of this include the system seemingly freezes after logging in, your desktop showing up but for some reason you just can't click on anything or run things for a minute or two. This can be traced back to mrxsmb.dll by using bootvis.exe. This can of course be a number of other things but most of the time it's your file and printer sharing.

1. Right click on Network Places --> Properties
2. Right click on your Ethernet Adapter connection --> properties
3. Un-check "File and Printer Sharing for Microsoft Networks" --> OK
4. reboot
5. If you need file or printer sharing, repeat the above, re-check the box and re-boot again.

Simply uninstalling and reinstalling your file and printer sharing will fix this up. Another case of funky MS syndrome. AKA keep BigCheeze Employed bug.

1. make sure your logged on as actually "Administrator". do not log on with any account that just has administrator privileges.
2. start - run - type gpedit.msc (not available in home version)
3. expand the "local computer policy" branch
4. expand the "administrative templates" branch
5. expand the "network branch"
6. Highlight the "QoS Packet Scheduler" in left window
7. in right window double click the "limit reservable bandwidth" setting
8. on setting tab check the "enabled" item
9.where it says "Bandwidth limit %" change it to read 0

Increase Simultaneous Downloads in IE6

Allow more than 2 simultaneous downloads in IE 6
This is to increase the the number of max downloads to 10.

1. Start Registry Editor
2. Locate the following key in the registry:
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/InternetSettings
3. On the Edit menu, click Add DWord Value , and then add the following registry values:
"MaxConnectionsPer1_0Server"=Dword:0000000a
"MaxConnectionsPerServer"=Dword:0000000a
4. Quit Registry Editor.
Reboot

>>Mouse Tweak

The higher the sample rate of your mouse the better for gaming !

It is very easy to tweak your mouse.
Open Control Panel
Click on the mouse Applet
Click on the "Hardware" tab.
Click on properties.
Click on "Advanced Settings" tab
Make adjustments to suit. I set mine to 200 (See Image)
Reboot.

Advanced performance options

Right click on My Computer & select Properties, then the Advanced tab & the Performance Settings button, followed by the Advanced tab.

Memory usage. When set to System cache Windows XP uses RAM less 4MB for disk caching purposes (Disabled by default). On PCs with a good deal of RAM (256MB or more preferably) installed this should result in best system performance, although for those with less RAM available setting this to Programs will result in best overall system performance. NOTE – This is the same option as the LargeSystemCache entry in the registry (covered next).

Click Ok & restart your PC for the changes to take effect.

Speed up Memory Management

The registry contains several settings which allow you to further configure memory management features in Windows XP. Used properly this can further improve your PCs memory performance.

Click on Start, Run. Type in regedit & hit Enter. Go to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management]. You can edit the following entries as you see fit for your PC.

ClearPageFileAtShutdown. For the more paranoid Users out there this option will be of some use. Right click on this entry & select Modify. A value of 1 specifies that the Pagefile(s) are to be wiped of content during the shut down process. This will result in system shut down times taking longer, although you can be confident that no data stored in it will be able to be accessed as a result (As it will be empty upon shutting down). Setting this to 0 will disable clearing the Pagefile(s) & result in fastest system shut down.

DisablePagingExecutive. Right click on this entry & select Modify. When set to 1 this disables pageable code (Drivers, executables, etc.) from being sent to the Pagefile, rather being kept in RAM instead. This can greatly improve performance given that RAM is a great deal faster than any Hard Drive. That said this requires a great deal of RAM installed to be of any benefit, as such I’d recommend leaving this set to 0 unless you have 256MB RAM or more.

LargeSystemCache. This setting specifies whether or not the XP uses RAM less 4MB for disk caching purposes. This will be disabled by default. On PCs with a good deal of RAM (256MB or more preferably) installed setting this to 1 (enabled) should result in best system performance, although for those with less RAM available setting this to 0 will result in best overall performance. This is the same as the Memory usage option in System Properties. **Warning** At this time, ATI Cards don't like this at all when used in certain systems. It will cause a "delayed write failed" error. This can either be minor or major, depending on weather or not the hard drive inolved was the C: drive or not. In this case, leave it on 0.

IoPageLockLimit. This DWORD value limits the maximum amount of kilobytes that can be locked for I/O operations. Right click on this setting & select Modify, then select the Decimal button. The default value for this is 512 & on some systems you may find increasing this value to improve system performance. The maximum value for this setting is RAM less pad. Pad being based on the amount of RAM installed in the system, e.g. Pad is around 64MB with 512MB RAM installed. This is a more useful setting if your system is used for file sharing, or server tasks.

PagingFiles. This option contains the location of the Pagefile & the Initial & Maximum size values. This is useful should you wish to rename the Pagefile, e.g. pagefile.sys to win386.swp, to do so select this entry, Right click on it & select Modify.

SecondLevelDataCache. For those of you with older CPUs (Pre-Pentium 2 basically), this DWORD Value specifies the amount of L2 (Secondary) Cache on your CPU. Normally this amount will be determined via the HAL, although with older CPUs with off-die L2 Cache this may not be the case. Those with semi-modern CPUs (Pentium 2 or newer) should leave this set to 0 (As should those with Multiple CPUs). If you have greater than, or less than 256KB of L2 Cache on your (old) CPU then Right click on this entry & select Modify. Select the Decimal button & enter in the amount of L2 Cache available, e.g. If you have 512KB L2 Cache then enter in 512. Thanks Ojatex. Where Windows XP in unable to determine the L2 Cache available & this is set to 0 it will default to assuming 256KB L2 Cache is available.

Defragmenting the Pagefile (& Registry)
Using SysInternals PageDefrag you can optimize the system Registry, Event logs, Hibernation files & the Pagefile by defragmenting them the next your system boots up. This can improve performance on systems with highly fragmented files as you can guess. Download now at SysInternals.

Run every week or so this will keep down the fragmentation level to a minimum. Be sure to run some form of Disk Defragmenter on your Drives regularly as well of course.

For optimal Pagefile defragmentation your Disk Defragmenter should be able to allow you to place the Pagefile on the outer edge of the Hard Drive, which can be accessed the fastest. Although you may require a 3rd party Disk Defragmenter to gain such a feature.

Internet Explorer 6 Starts Running Slow

If Internet Explorer (IE) 6 is slowing to a crawl and/or hanging and starts to use 100 percent of CPU time it may well be a corruption of the "Temporary Internet Files folder". In particular, trying to delete Temporary Internet files via Tools, Internet Options or other privacy software seems to trigger this behavior. Also, attempts to view files in the Temporary Internet Files folder may show the folder as already empty when it is not. This behavior occurs because the Temporary Internet files database is corrupt.

The Temporary Internet files aren't really files but entries in %systemdrive%\Documents and Settings\%username%\Local Settings\Temporary Internet Files\Content.IE5\index.dat. Deleting that file solves the problem. This same problem has occured for NT users and the fix works for XP.

1. Open a command prompt window on the desktop (Start/Run/command).

2. Exit IE and Windows Explorer (iexplore.exe and explorer.exe, respectively, in Task Manager, i.e - Ctrl-Alt-Del/Task Manager/Processes/End Process for each).

3. Use the following command exactly from your command prompt window to delete the corrupt file:

C:\>del "%systemdrive%\Documents and Settings\%username%\Local Settings\Temporary Internet Files\Content.IE5\index.dat"

4. Restart Windows Explorer with Task Manager (Ctrl-Alt-Del/Task Manager/Applications/New task/Browse/C:\Windows\explorer.exe[or your path]) or Shutdown/Restart the computer from Task Manager.

IE should now work properly.