login on xp standalone terminal

Eurorunner

How secure is the standard login password thats input on my standalone xp pro (sp2) machine if it comes up against a reasonably advanced techie?

If its not secure, what can I do to make it so?


Also, whilst i've tightened security on dsl router, I'd like to be confident that theres no software keylogging, etc being done on my machine. I'm only concerned with what could potentially be already setup on there (it can't be too easily accessed anymore due to MAC Control & disabled access to my ip from theirs). I run AVG regularly but what else would I need to run for peace of mind that my data isnt being emailed out, etc.?

seamus

If someone has access to your physical machine and they really want your data, they can get it.

It's massively unlikely that anyone would spend their time breaking into your system unless you're George Bush. Even some of the cheaper security systems will require a fairly significant amount of time spent to get around it, so for the sake of your personal files, nobody is going to go to that trouble.

The biggest threat to home users comes from trojans, viruses and spyware - this is how information gets stolen from your Joe Soap. Rather than break into your system, the thief just gets you to install the software for him, then he has control of your machine.

Provided your AV is up to date and you have some form of anti-spyware software in place, you should be reasonably safe. You router/firewall will keep out most automated/bot attacks.

Eurorunner

Thanks for that Seamus. I update and run AVG regularly. Must get something specifically geared to anti-spyware just for peace of mind.

It was this that got me thinking about this. Don't suppose you're aware of a logical explaination for two similar hostnames?

seamus

Eurorunner wrote: »

Thanks for that Seamus. I update and run AVG regularly. Must get something specifically geared to anti-spyware just for peace of mind.

It was this that got me thinking about this. Don't suppose you're aware of a logical explaination for two similar hostnames?

I would go with Bushy's explanation. If it's a dynamic routing table, one entry is out of date, it failed to delete the entry after your machine received a different IP from the router.

RobbieMc

Windows XP is so lame, as already said. If a person has physical access to the system, getting past your login is easy
As for making your DSL router more secure, what type is it. do you have wireless on it. Is your firewall feature turned on. Have you latest firmware version are you file sharing? what AV software are you using?

All these and more to be asked and answered but can all play a part in either opening your system to someone or closing it off

With enough free software out there to get past most basic system security, If you have something to hide, then go set yourself up with all the latest security, otherwise install Norton and have some fun.:rolleyes:

Don't get too uptight, if you have something that somone wants, they'll get it anyway.
Rob
:cool:

Eurorunner

RobbieMc wrote: »

Windows XP is so lame, as already said./QUOTE]
They have physical access to the machine. Surely there must be some way I can tighen this up?

RobbieMc wrote: »

As for making your DSL router more secure, what type is it. do you have wireless on it. Is your firewall feature turned on. Have you latest firmware version are you file sharing? what AV software are you using?

I'm pretty happy with my router setup now - having tightened things up last night. I have wireless on it with WPA-PSK encryption. MAC Address Filtering now setup. Reserved IP's for each MAC. IP Filtering - banning any traffic between his ip and mine. Its a BT Voyager 2110. Firewall turned on - will have to double check firmware version later but as of 6 months ago, had the current version. No file sharing setup.

RobbieMc wrote: »

What AV software are you using?

Using AVG Anti Virus - updated daily - have been doing a full scan every week or so.

As regards my pc's hostname, it was listed alongside my MAC but it was also listed alongside HIS MAC (I recognise both and took a screenshot of it). There were two other entries - one showed up as expired - the other 1 was the MAC of a networked device alongside its hostname as normal. There are only ever 3 entries at most and I recognise the MACs of all three. I refreshed the list a couple of times but it stayed the same.
From an exploits point of view, is there a benefit in spoofing someones terminal hostname???

numbnuts

Eurorunner wrote: »

I run AVG regularly but what else would I need to run for peace of mind that my data isnt being emailed out, etc.?

Some tips below for you..

numbnuts...:)



"So how did I get infected in the first place?" © Tony Klein

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

1.) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

2.) Go to IE > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed.
If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

3.) Open IE and go to Internet Options > Security > Internet, then press "Default Level", then OK.

• Now press "Custom Level."

In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

4.) Install Javacool's SpywareBlaster

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

7.) Another excellent program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

8.) IE-SPYAD puts over 25000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerioand Sygate

10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.

11.) Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.

Happy safe computing!!



Credits : Anti-spyware Community - for suggesting additions to this article
Revised: TonyKlein,Oct 30 2005, 05:00 AM

Reproduced with permission of the author.
Updated Windows Defender and IE-Spyad Links with permission of the author.

monkey tennis

If you can, try to use a non-administrative account for day-to-day work. It can be a pain in the hole, but there are provisions made for it in XP ('Run As'), and it's easier again in Vista.

wandererz

Download & run the F-Secure Blacklight rootkit eliminator.
It scans your system for processes which are configured to hide themselves while running.

Capt'n Midnight

monkey tennis wrote: »

If you can, try to use a non-administrative account for day-to-day work. It can be a pain in the hole, but there are provisions made for it in XP ('Run As'), and it's easier again in Vista.

you can set up a short cut to CMD this way , and when the window pops up you can drag and drop icons to it to run them, only thing to watch out for is that if you have an application open already the second copy may not run as admin

Blowfish

Eurorunner wrote: »

RobbieMc wrote: »

Windows XP is so lame, as already said./QUOTE]
They have physical access to the machine. Surely there must be some way I can tighen this up?

Well I'm far from an expert at bypassing security, but the first thing I'd do to gain access to someones data would be to ignore the password alltogether by just booting a live Linux cd with NTFS support. Adding a BIOS password (so people can't change the boot order) and encrypting the entire drive (so that if they remove the hdd and stick it in another machine they will still have to work out how to bypass the password) should go some way to preventing that. In reality though I doubt it's likely that you would be able to prevent someone who is determined and knowledgable in the area if they have physical access.

Redisle

If someone has physical access they can boot the computer with a certain boot disc and actually change the password for any of your windows account, be it your own or the administrator account, it would be a bit more difficult if you set a bios password for bootup and for entering the setup and disabled all forms of booting other than the harddrive. And as others said you could always encrypt your drive but again its not foolproof, what you could do, rather than encrypting your entire drive, is to put all your important/sensitive files into an encrypted volume, one such program that can do this for you is truecrypt, read about that here