Resouce Guides / Windows XP / Security

Configuring Windows XP security after you install Service Pack 2

Windows XP Service Pack 2 is a major upgrade in functionality. Although your old settings are retained, SP2 adds some important new features that may need to be customized to fit your needs. One major change that most users will notice and benefit from is an improved version of Internet Explorer. (You will have IE 6.0.2900.2180.xpsp_sp2_rtm.xxxxx or later after the upgrade.) There is also a new Security Center and other changes that will require some tweaking after SP2 is installed.

Pop-up blocker

By default, the new pop-up blocker in IE 6 will be turned on and configured at the Medium setting when SP2 is installed. Since some pop-ups are necessary, IE will normally notify you when it blocks one, giving you the option of permitting it. This is a fairly smart tool. For example, by default, it won't block pop-ups when you deliberately click on a link that opens one up.

Since some pop-ups are generated locally by adware or spyware, you may still see some pop-ups even with the maximum blocking settings, but that probably indicates that you have a local malware problem.

To find the Pop-up Blocker in IE, click Tools | Pop-up Blocker | Pop-up Blocker Settings. (Don't look for the Pop-up Blocker in the new Security Center because it's not in there.) To disable Pop-up Blocker, simply click Tools | Pop-up Blocker | Turn Off Pop-up Blocker. To always allow pop-ups from specific sites, add them to the Allowed Sites list in settings. Under Notifications and Filter Level you can check or uncheck the boxes to control how you are notified when a pop-up is blocked.

There are three filter levels, and you may want to change from the default, the Medium setting, which will block most automatic pop-ups. The Low setting will permit pop-ups to be displayed automatically if they come from secure sites. The High setting attempts to block all pop-ups that aren't specifically entered in your Allowed Sites list. When you choose the maximum protection, you won't even see pop-ups from links or buttons you click, unless you hold down [Ctrl].

Security Center

Also new is the Security Center, a one-stop security monitor and setup utility for Windows XP. It is located in the Control Panel. Here, you can set Internet Options, control Automatic Updates, and access the Windows Firewall. In addition, the Security Center monitors the overall security of your system, alerting you, for example, if you don't have an active antivirus program.

Even if you have no intention of using Security Center, you need to adjust the alert levels to avoid annoying warnings. There is a new set of security warning icons that display in the Notification area (System Tray):

The primary security icon indicates important security information and settings.

Security question: potential security risk.

The following three icons describe the security spectrum - from more secure to a potential security risk.

Situation is more secure. Your computer is using recommended security settings.

Warning: situation is potentially harmful. Consider adjusting security settings to enhance the security of your computer.

Your computer's current security settings are not recommended.

Windows Firewall

here aren't really any major changes to XP's Internet Connection Firewall, except that it's now called the "Windows Firewall." But when you install SP2, this firewall will now be turned on by default. If you have another firewall such as Zone Alarm, you should turn off the Windows Firewall. The simplest way to check the status is from the Security Center but, although you can simply click a button to turn the firewall on from the Security Center, turning it off isn't nearly as easily. To turn off the Windows Firewall:

Go to the bottom of the Security Center window and click Windows Firewall (or simply go to the Control Panel and click the Windows Firewall applet).
In the General tab, select Off.
Now the Security Center will indicate that the Windows Firewall is OFF.
You should see a warning icon (the red shield with the X) in the Notification are if you don't have another desktop firewall already active. If you do have another desktop firewall (one that Windows XP recognizes), it should be listed under Firewall in the Security Center. For example, it would say "Zone Alarm Firewall is currently ON."
If the Firewall is listed as OFF in the Security Center, click on the Recommendations button, which will open a dialog box where you can turn on the Windows Firewall.

There are three basic settings for the Windows Firewall: ON, ON with no exceptions, and OFF. If you want basic firewall protection but also want to permit certain actions as specified in the exceptions list, choose the simple ON setting. To really lock down the firewall (for example, if you are using a wireless connection at a remote site), go into the Windows Firewall and check the Don't Allow Exceptions box. The firewall will then ignore the exceptions list.

To configure programs to work with firewall, click the Exceptions tab. There, you can easily allow or block File and Printer Sharing, Remote Assistance, Remote Desktop, Windows Messenger, Yahoo Messenger, and other programs. From this screen, you can also choose to be notified when the firewall blocks a program. The Add Program tab lets you add programs that should be permitted to communicate over the network. Click on Change scope and fine tune which computers will be affected by the program or port settings.

To manually open ports on the firewall, click Add Port on the Exceptions tab to allow specific TCP and UDP ports to be opened through the firewall. On the Advanced tab, you can select which network adapters are filtered by the firewall. Click on Settings for each adapter to allow or disallow the various Services and ICMP features for each separate connection. On the Advanced tab, you can also click on Settings under Security Logging to enable logging and/or dropped packets or successful connections, as well as to specify maximum log size, name, and location. Under Settings in ICMP, you can set universal permissions for any network connection. This can be modified by exceptions set for individual connections.

Automatic Updates

The Security Center shows whether Automatic Updates is active or turned off. Here, you can turn on Automatic Updates with the click of a button, but you can't turn the feature off from here. To block automatic updates:

Go to the bottom of the screen (Manage Security Settings For:) and click on Automatic Updates or open Automatic Updates from the Control Panel.
If you select Automatic, you can specify the schedule you want Windows to use. The next option allows Windows to download all updates, but you have to approve installation. Another option allows you to be notified when updates are available but never automatically downloads or installs updates.
Choose the final option, Turn off Automatic Updates, to block the feature. (This will show up as an alert in the Security Center.)

Virus protection

By default, the Security Center will automatically monitor the status of antivirus software to make sure that scanning is turned on and that virus signatures are up to dates. If you do not want Windows XP to monitor your antivirus software then follow these steps:

Turn off your antivirus software.
Go into the Security Center.
Under Virus Protection, click on the Recommendations button.
Check the box that tells Security Center to ignore the antivirus program because you are managing updates yourself.

Alert settings

To block unnecessary security warnings, go to the Resources box (on the left side of the Security Center) and click on Change The Way Security Center Alerts Me. In the Alert Settings window, uncheck Firewall, Automatic Updates, or Virus Protection to block future warnings about possible security problems with those tools. The Resources section also contains shortcuts to software update and security information from Microsoft's Web site.