Best Hardening Tool

I know some will say it's not needed while other say it is.But what would be the best one for hardening? I now have seconfig xp. Would adding Xp Antispy,Harden It,WWDC,Safe Xp or some other one help in any way? I have XP Home and wondering if just Seconfig Xp shuts off enough unnessery services that I don't need. Just a stand alone home PC,no sharing,peer to peer or anything like that.Not looking to add much more since just losing PG Free,Snoopfree and A Squared.Just wondering.

 

Hi, folks: Hi, travellingman, a hardening tool may still be needed depending upon individual's situation, but it reminds me of the similiar case of front-wheel drive vs all-wheel drive. The later one that I refer is whitelist protection, ie. anti-execution app. Your scoty and its sibling would have given you enough protection against unwanted services popping up. The AE may further strengthen and harden your configurations. IMO, a hardening tool may be a yesterday's toy, hardening too deeply may cause system to loose flexibilities. After all, we want full protection, not a stiff box needing WD-40.

 

I use the following tools:

Harden-it
Samurai HIPS
Seconfig XP
xp-antispy

For the most part, they dont overlap so each has its part in securing my computer.

If youre just concerned about shutting off services, Seconfig XP may be enough.

 

I didn't harden either, my security is mainly based on recovery and whitelists.
I did it extreme, because I replace my system partition with a new one during each reboot, which keeps my system clean, malware-free and trouble-free.
I don't want to waste my time on solving problems caused by myself, the bad guys or the good guys. I solve all my problems with a reboot, even frozen BSOD's.
I don't even have to know what happened or how to fix it. Another year working like this and I will be the most stupid member at Wilders.

 

So then Seconfig Xp should be enough. Thanks WSFuser.

 

Already have that one installed and running.I was just curious about some of the other one's thou. But thanks for your input.

 

I only used wwdc and kill the messenger as a tool. I compared information at the other 4 links for what services I disabled. I also made a list of 'before and after' notes prior to disabling my services. I ended up having to enable a few because some programs (Windows Defender)wouldn't work properly. If you do it manually, it's probably best to disable one at a time. I didn't, I disabled about 20 services with proper notes and was really lucky the troubleshooting was easy. It's also good to do manually as you learn about some of the services on your machine. I hope this helps a little.

http://www.tweakhound.com/xp/security/page_3.htm
http://www.theeldergeek.com/services_guide.htm
https://www.wilderssecurity.com/showpost.php?p=896115&postcount=44
http://www.blackviper.com/
http://www.firewallleaktester.com/wwdc.htm

 

I wonder what hardening tools are out or going to be out for Windows Vista.

dja2k

 

Erik, i have to admit, you have a very unorthodox philosophy or strategic solution to put it in layman's terms, but all in all the chief result is that it WORKS! 100% safe and effective with little or no overhead as in a series of security programs/scanners and all the time which would be required to fish thru those results or even for the programs to solve the issues.

 

Well it works, because I'm testing it.
Yesterday, I deleted these folders completely under "Program Files"
- Microsoft Office = 234MB = 1690 Files + 50 Subfolders
- Mozilla Firefox = 17,9 MB = 171 Files + 21 Subfolders (the rest is on my data partition [D:])
- Mozilla Thunderbird = 22,8 MB = 153 Files + 24 Subfolders (the rest is on my data partition [D:])
I did a simple reboot and everything was back and working properly + 100% malware-free in just 2 minuts.

That's what I call real Immediate System Recovery and I can do this with any object on my system partition.
Each day I'm getting closer to what I really want.

 

Hello,

I have an even more radical approach that works. It's called F2 = Firewall + Firefox. 100% safe and effective and no overhead.

If you're lazy, throw in an imaging software once a month or so ...

Mrk

 

That's not secure enough, that is just a personal approach without guarantees. Take another person and it won't be Mrkvonic anymore, end of security. I do have Image Backup, too slow and too unhandy.

 

Hello,
It works for quite a few people I know - or have taught this concept.
Very simple. Very straightforward.
Mrk

 

Yes very simple and very straightforward and after awhile you use Image Backup to restore a fresh image to remove all the infections. Good security, if you don't care about anything.

 

Erik,

Do you boot to a frozen SS? What do you do in the case where you add a software to your primary SS?

Reason I ask is: I have several SS going back several days. Each one is updated a day after the last. In other words: today, Thursday, I can go back "as far as" Sunday, tomorrow, Friday I can go back "as far as" Monday. So in case I get infected lets say today and don't realize it until Saturday. I can pick a SS that is 4 days old, boot and copy / update all newer "infected" SS.
I also have an archived SS copied / updated every Sunday. This is just-in-case I totally drop the ball.

 

I don't have a primary snapshot (= work snapshot) and secondary snapshot (= rollback snapshot) anymore.
I have an off-line snapshot and an on-line snapshot and both are work snapshots.
Both have common softwares, but also different softwares, which means I can't copy/update between both snapshots anymore or I would destroy one of them. Peter has a similar setup, but his snapshots have a total different usage than mine.

My online-snapshot is frozen, because I need an automatic copy/update, which I can't forget. I can do it manually, but that's not so easy (I'm too lazy.)

If I have a new software, I install it off-line and re-freeze my snapshot, but that doesn't happen often. I have all the softwares I need.

BUT, I try alot of new softwares just to see it one time and then I reboot to get rid of it.

I always boot in the SAME on-line snapshot and my freeze storage cleans it before Windows starts.
I have only two snapshot with an archive for each, but my on-line archive is also used as freeze storage.

As you know FDISR starts with two snapshots (work and rollback) to learn FDISR, but once you are experienced, you start improvising and that's why most experienced users use FDISR in a different way, sometimes very different. FDISR has no rules, only technical rules, that's why it's so versatile.

My personal data, emails, etc. is on another harddrive/partition and that gives me total freedom in my system partition.

 

Seems to me that we're using two totally different procedures to accomplish basically the same end result: keep a clean machine.
I think I'll stick w/ my method. Although I use much more HDD space. It gives me the versatility to try a new app (for up to 7 days) without giving it much thought.

 

I want 4 things with the same solution :
1. A clean system partition without crap.
2. A 100% malware-free system partition.
3. A trouble-free system partition.
4. A test machine.
Each problem, IF it happens is solved with a reboot and a reboot doesn't require a deep knowledge.

My off-line snapshot is for working quietly without any disturbance and is my refuge snapshot, if something terrible happens in my on-line snapshot.

 

Hi, folks: Hi, Screamer: Allow me to drop in. Although I do not have FD-ISR anymore-since I use DeepFreeze. I do miss its versatility, I wish FD-ISR can stay w/ DF. Screamer, the method you use may have a disadvantage: You have 7 snapshots covering 7 days, and relacing them w/ newer one as day goes by. Let us assume you would have got infected on SS#3, and you did not realize until day 5, when you decided to run a scanner(your real time one would have spotted the malware the moment it attacked you on day#3). How do you know on which day you get infected when scanner discovered the problem, and subsequently revert it to there? Meantime you already have few not-so-cleaned days lapsed w/o knowing it, does this bother you at all ? Rebooting w/ frozen SS in FD-ISR's case may consume more disk space, but one fact is very clear= having a clean and safe system everyday, everytime. That is exactly what I have discovered w/ DF's frozen mode. Just few thoughts for your consideration. Have a nice one.

 

Hello,

Erik, no infections whatsoever.

That's what I told you already. Get off the panic tree and enjoy the ride. No special magic is needed to enjoy fun Internet. No infections if you use F2. Only need to follow 4 golden rules:

1. Default deny; deny first, ask a smart friend later.
2. Do not open stupid attachments - ask friend.
3. Do not download crap - ask friend.
4. Update your software periodically.

That's it. No reimaging to clean installations. Takes talent to get infected.

Mrk

 

In Win9x days we called it "tweaking" and most was done manually, such as taking care of NetBios, which programs like Seconfig XP can to more easily.

Programs like the MS PowerToys, including TweakUI, permit Registry changes through a GUI rather than manually in the Registry. I still use SendTo and DosHERE, along with TweakUI and others.

My caution with these is that you should know exactly what they do. Example:

XPAntispy description
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/XPAntispy.shtml

I would be 'suspicious' and wary about letting a program disable stuff without my approving it - which maybe you can, but I would be sure.

Too many examples of people arbitrarily disabling things, only to find out later that one of their programs doesn't work properly.

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

Too many human mistakes possible and people DO make mistakes.
I want my system back, even when I make a mistake.

 

Hi Perman,

Since my SS are rotating daily. The only possibility of infection is in SS #1 (the current / Primary SS) If I do not "catch it" until day three,(allowing Primary to update / copy to Daily SS, Second SS or Third SS) I know enough to copy / update any SS prior to the detection of infection.

Then again, that's where real-time AV & AS apps are necessary.

 

That's the main reason, why my freeze storage is based on an off-line installation and why my security setup has NO scanners anymore.
I don't need scanners to clean my computer, because I use my freeze storage as a WHITELIST for my frozen on-line snapshot. No missing signatures and no false/positives anymore and I clean my computer 100% in 100 seconds during reboot.