Dangerous Defaults on The XP Desktop

Swap file. Normal Windows operation can leave unencrypted text (including passwords) on your machine, in files you would never think to look in—but a hacker might. The first thing to do is to set your machine to clear the system paging file (swap file) at shutdown. Go to the Start menu and click on Run, type regedit, and click on OK. Go to HKEY_local_machine\system\currentcontrolset\control\ sessionmanager\memory management. Find or create the ClearPageFileAtShutdown Dword and make its value 1.

Dump file. A dump file stores data from memory during a system crash and can be helpful when diagnosing problems, but like a swap file, it can also expose a lot of sensitive, unencrypted data. To prevent Windows from creating the file, go to Control Panel | System. Click on the Advanced tab and then the Settings button on the Startup and Recovery pane. Set the drop-down menu under Write debugging information to (none). Similarly, the debugging program Dr. Watson saves information when applications crash. To disable it, go to HKEY_local_machine\software\Microsoft\WindowsNT\CurrentVersion\ AeDebug and set the Auto string to 0. Then use Windows Explorer to go to Documents and Settings\All Users\Shared Documents\DrWatson. Delete User.dmp and Drwtsn32.log, the insecure logs the program creates.

POSIX. Windows XP still ships with a subsystem called POSIX, which allows the use of Unix commands. Disabling POSIX prevents hackers from using Unix commands against your system. Go to Run and type regedt32 (not regedit). Find HKEY_ local_machine\system\currentcontrolset\Control\Session Manager\SubSystems and click on the multistring called Optional in the right-hand pane. By default, the multistring’s value will be POSIX; delete that value and leave the space empty (but don’t delete the Optional multistring). Then click on the actual POSIX multistring in the same pane. Note that it points to a file in your Windows System32 directory called Psxss.exe. Delete that file using Windows Explorer, use the Registry Editor to delete the POSIX string, and then reboot.

Other services. Unless you need one of them, it’s a good idea to disable several services that may open up back doors to your system: NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager, Remote Registry, Routing and Remote Access, SSDP Discovery Service, telnet, and Universal Plug and Play Device Host. Go to Control Panel | Administrative Tools and click on the services you don’t need and select Stop this service in the left-hand pane.