NEW IN PLAINTEXT: Securing Windows XP

By Peter Piazza

More than seven out of 10 home computers run Windows XP, so locking down these computers is an essential task, because poorly protected home computers are often the source of attacks against corporate networks. Windows XP Security Solutions is a book from security expert and author Dan DiNicolo that provides in-depth and easy-to-follow advice on securing XP computers.

DiNicolo’s recommendations and suggestions presuppose no advanced understanding of XP or computer systems. He starts from the beginning with XP’s use of separate user accounts, in particular a password-protected account for an administrator; this account is the only one authorized to install software, and should only be used to perform administrative tasks.

Other, limited accounts allow users to configure their workspaces, use installed programs, and surf the Web; but no virus or worm will be able to surreptitiously install software when one of these accounts is being used.

The author provides detailed advice for readers. He doesn’t simply advise using good, strong passwords for XP accounts; he explains how to do this, gives tips for password mnemonics, and points readers to free software that can be used to safely manage Web passwords.

He also suggests password-protecting a computer’s BIOS configuration settings (BIOS is the built-in software that the computer uses when it starts booting up into an operating system) to prevent someone with physical access from altering these settings in a way that would allow the computer to be booted from a malicious floppy or USB token rather than the hard drive. This is likely a good (if paranoid) suggestion, and it’s not one I’ve ever heard before—but it’s advice I’ll take.

If the book suffers any flaws, they’re the same ones that Windows itself has. For example, DiNicolo writes that policy settings are one of the “most powerful ways to control the configuration of a Windows XP system,” but then notes that the graphical interface that simplifies this task is only available in XP Professional, not the Home version.

DiNicolo then explains that home users can change policies only by editing the registry, a difficult process that, if done improperly, can render a computer unusable. Why this process should be made difficult for the home user novice is a mystery, and the author does not step in to correct this problem. Rather, he merely sends the reader to a Web-based guide to setting policies through the registry.

Still, the book contains many resources that were new to me (including a free antivirus software product) and covers everything an XP user needs to know, from how to encrypt files to how to erase a hard drive securely. It is a great resource for the beginner or novice.

The book is published by Wiley Publishing, Inc., and is available from the Wiley Web site for $29.99.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.