*Non technical* weblog about the IT world and its trends...
« Open Source Initiative OSI - WelcomeIPv6 c'est parti! »

Installing & Securing Windows XP (is a tedious task...)

15.09.04

Installing & Securing Windows XP (is a tedious task...)

  10:50:38 pm, by fplanque   , Categories: Geek!, Securité, Windows

Moving in is such a boring thing to do. Almost as much as moving out. You waste time reinstalling everything you had before, but in different places. You also realize some items don't fit their purpose anymore or don't fit into your new place at all... |-|

I was already feeling bored about this when I crashed my PC, just to make it complete! >:(

Yeah yeah I hear you thinking... a backup saves the day (actually the month), right? I actually had a pretty decent backup... and did not loose any personal data. It's just that reinstalling the whole system & apps is such a pain (no, I had no 'disk image' backup) that I decided I would make the most out of it by switching to XP as a replacement to my aging W2K... That's where it started to hurt! XX(

Actually, I had an XP CD+license available from another PC where I had not installed it... The only problem is that CD was 3 years old. The original flavor of XP.

When you install a 3 years old Microsoft OS, the first thing you gotta do is a comprehensive Windows Update and virtually redownload all the files in a newer version, right? That was my plan...

  1. Install XP with default options
  2. Activate basic firewall
  3. Install the DSL modem driver
  4. Connect to the Internet
  5. Run Windows Update... or try to...

I never had a chance to run the update. I had not been connected for longer than two minutes when I got an automatic Windows Shutdown message! WTF ?? :!::?:>:XX

As it turned out, this shutdown was triggered by a (apparently well known?) virus, I had never heard of before. Can you believe this? I got infected in less than 2 minutes just by connecting to the internet with a standard XP installation!? Damn! >:-(

It took me several reinstallations of XP to understand what went wrong! First I could not believe this was a virus. Then I thought the virus was in the modem driver...

After vitually a whole day of fighting with XP I figured that I could not trust it to connect to the internet. I went to my parents' and googled around.

I learnt that I could stop the shutdown with shutdown.exe -a . That was a first step of relief... but at the same time it confirmed I had a virus. :-/

I went on and downloaded the latest ZoneAlarm personal firewall, burned a CD and went back home. I stopped the shutdown, installed ZoneAlarm... and got back online. Much better! Looking at ZoneAlarm's stats I saw that I was receiving attacks at a rate of one every two seconds!!! No wonder I got infected that fast! |-|

Lessons learned:

  1. Those security breaches that MS fixes all the time... they are real! You have to get hit badly before you realize the reality of this fact! :roll:
  2. All personal firewall solutions are not born equal, even if you only consider the incoming traffic. The WinXP emebeded firewall is a joke! The standard (free) ZoneAlarm is much better (not to mention the outgoing traffic filtering). I'd say Microsoft should acquire ZoneLabs or a similar product without further ado...
  3. The only reason I had been living quietly with my DSL so far is probably that I have been using ZoneAlarm all the time on my W2K

Cleanup.

Once I had the situation under control, I still had to clean up the mess that had grown in such a short time. AdAware & Spybot both did a good job again at cleaning up quite a few dirty processes that already managed to sneak in. But I still had to clean up the virus...

I did not have an antivirus before... I had just been Norton's online antivirus check from time to time and since it barely ever found anything, I figured I did not need an antivirus... Disclaimer for the masses: do not try this at home! (not a work either, actually :P) (To be honest, I do use an antivirus most of the time: it's called paranoia! :>> ... but it proved unefficient when installing XP... :-/)

I have tried a couple of free antiviruses (which names I don't seem to remember right now...) and while they found some unexpected viruses that were there too (damn, the situation was even worse than expected! :( ), they just could not find the shutdown thing which continued to activate after each reboot.

Norton's online check detected that bastard, but required that I buy the product to get rid of it. That's fair... but then I remembered I had a Norton Antivirus 2003 trial CD somewhere. I got that with my laptop and had never felt the need to install it. After opening quite a few supplemental moving boxes, I found that CD and... it did the job! Cool! B)

Lesson learned:

  1. All antivirus solutions are not born equal either. Norton was the most efficient in my quick and dirty emergency test.

So here's what I run now:

  • Adaware & Spybot against spyware, but I wish these would keep up to date and scan automagically whithout me thinking about it.
  • ZoneAlarm, but it doesn't handle Windows' Internet Connection Sharing very well.
  • Norton Antivirus (at least until my trial subscription expires), but it feels quite bulky sometimes... Opening an Excel file has become more frustrating than Opening Dreamweaver MX (which is already one of the slowest loading applications ever conceived by mankind...)

While these tools do their job, they're not perfect. I'd be glad to get your opinions on all this before I go and buy ZoneAlam Pro, Norton and maybe some PestPatrol kind of thing. I could save a few bucks by buying a whole suite from ZoneLabs or from Norton, but I'm not sure all their components are equally good... remember lesson learned "they're not born equal"! :|

Finally, I think I still lack a tool that will would let me monitor (or do it automagically dynamically) all open processes and tell me which is what and warn me if some of them should not be there. You just can't tell by the process names. If I tried to guess, I'd kill half of Windows' legitimate processes. Any thoughts on that?

5 comments

Comment from: Kochise [Visitor]
Kochise

When I reinstall Windows, I first install some hotfixes I downloaded before and etched on a CD. I install a firewall and an antivirus, THEN i connect the internet to update Windows…

What I use, everything free and updates free as well :

- Firewall : http://smb.sygate.com/products/spf_standard.htm
- Antivirus : http://www.free-av.com/ ou http://www.free-av.de/
- Ad remover : http://www.lavasoftusa.com/software/adaware/
- Spy remover : http://www.safer-networking.org/fr/index.html
- XP tweaker : http://www.xp-antispy.org/
- Optimize Windows : http://telechargement.zebulon.fr/14-Optimisation-Windows-3.04.html

Otherwise, I also use various tools :

- Explorer replacement : http://www.ghisler.com/
- Some useful plugins : http://www.totalcmd.net/
- Picture manager : http://www.irfanview.com/
- Web browser (w/ popup blocker) : http://www.opera.com/

And suddetly, my PC feels alot better !

Kochise

09/16/04 @ 08:18
Comment from: Son [Visitor]
Son

François,
first I’d like to say that I’m using b2Evolution since a month or so and I’m very happy with it. I’m learning a lot (just started to build my website in July this year) and have a lot of fun!

I’ve been confronted to the problem of backup for a long time now, not the data part (easy), but the whole application part, to avoid re-installing from scratch when changing HDD or having a virus etc…

I used to use norton ghost, which allows to pack the executables on a simple 3.5 floppy disk, and which was always robust, but I gave up recently, because it could not recognize a second HDD or my DVD burner, nor write to / restore from NTFS partitions.

I now use Acronis True Image [url]http://www.acronis.com/products/trueimage/[/url], and I’m VERY happy at it. It does not need a bootup floppy or CD (you can make one if you wish), as it
1) can back up without leaving windows
2) for restore of your OS partition, you will still need to reboot, but can load up the acronis programm right after your bios starts

It’s really a great piece of software, you can backup your whole partition to another HDD or partition, it will compress the files, not backup unecessary files (such as the page file) and even do incremental backups.

If you computer crashes tomorrow, you just need to restore the partition in one go… all your apps will be back.

10/02/04 @ 19:34
Comment from: ReCh [Visitor]
ReCh

well, the next time you install win xp, apart of all that you did, you must run services.msc and stop the “messenger” service. Is a lame peer to peer way of messaging, and allow to virus to infect your pc.

c ya.

10/04/04 @ 02:19
Comment from: dAniel [Visitor]
dAniel

For a firewall I’d recommend Kerio Personal Firefall (free without add/popup blocker). For addblocking and any other aspect of webfiltering Proxomitron is a must-have.

Against viruses I use AVG, where version 6 is also free (and leightweight). - though Kaspersky AV should be probably better and more powerful. Like you say, brain (paranoia/taking care) is the best protection anyway.

best wishes.

10/07/04 @ 23:41
Comment from: Win~0z [Visitor]
Win~0z

boot windows in a sandbox… ;-)

I use then
Privoxy ( junkbuster reburn GPL )
+ Proxomodo ( proxomitron… free )
+ tiny II ( 2.0.15a )… tiny !
+ Packets viewer 2006

02/08/06 @ 20:36