How Do I Lock Down a System?

  • Thread starter Thread starter Robert Paris
  • Start date Start date
R

Robert Paris

I want lock down a Win2k Pro system so spyware, etc cannot install. What
does this entail? How do I go about it? (And...what are the repercusions?)

I believe this means, no write access to system files and directories, or
the registry?

Thanks!
 
If you logon to a computer as a regular user that is not in the local administrators
or power users group, that will restrict access to the system folders and most of the
registry for the local machine. I notice that SpyBot Search and Destroy has an
immunize mode and other options to lock down your computer from spyware as do other
spyware programs and some will alert you to attempts by spyware to modify your
computer. The downside is that you might find that you can not change Internet
Explorer settings after that until you undo the settings. Of course this is no
guarantee that you can not be compromised as new threats pop up all the time. I would
also check out the two links below. The first one has recommended minimum security
settings for IE. The second one is more secure yet and shows how a Windows 2003
Server is configured for Internet Explorer by default which takes advantage of using
Web Content Zones and sets the default internet zone security to high and used the
trusted zone for know secure websites at a medium security setting. Of course keeping
current with critical updates at Windows Updates is important to keeping a computer
secure. --- Steve

http://mvps.org/winhelp2002/unwanted.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;815141
http://www.microsoft.com/athome/security/protect/default.aspx -- MS minimum security
recommendations.
 
Robert Paris said:
I want lock down a Win2k Pro system so spyware, etc cannot install. What
does this entail? How do I go about it? (And...what are the repercusions?)

I believe this means, no write access to system files and directories, or
the registry?

Thanks!
Click to expand...

For general information on how to make your Windows system more secure
against a variety of threats:

http://securityadmin.info/faq.asp#harden
http://securityadmin.info/faq.asp#adware
http://securityadmin.info/faq.asp#pop-ups

For preventing spyware, some anti-virus programs like McAfee claim to
detect some spyware. Keeping fully patched at least once a month and
using a firewall such as the free www.sygate.com or www.kerio.com
could not hurt. Making sure you're not logged in as a local
Administrator equivalent account is necessary if you want to prevent
access to certain system files. Malware scanners such as Spybot
Search & Destroy and/or Ad-aware and/or a Browser Helper Object
detection tool can be helpful in detecting and removing adware once it
is on the system. There are various free programs that monitor the
various startup locations on your computer and prevent items from
being added to them. Using a pop-up blocker that blocks web browser
popups in Internet Explorer could help as well, as that is one avenue
that is used to perform cross-domain attacks that can install malware
through the browser. There are various solutions out there as well
that block your access to known adware sites... one such solution is
the hosts file that is somewhere at www.mvps.org, it can be found by
searching that site or searching Google.

There are also some suggestions on increasing browser security at
www.microsoft.com/security. Most importantly, click on the
"download_ject" link and follow those recommendations, especially the
link to the article on hardening the local computer zone. If you were
running Windows XP, install XP Service Pack 2. If you wish to try an
alternate browser such as Mozilla, Firefox, Netscape, etc., and you
don't mind losing some of the features of Internet Explorer, that
might help prevent some adware [although doing so arguably does not
increase the overall security of your computer that much, because the
Windows components that are often exploited in IE vulnerabilities
remain whether you use IE or not].
 
Back
Top