As long as Microsoft Windows has been a network capable operating system, it has come with quite a few services turned on by default, and it is a good idea for any security conscious user of Microsoft products to shut down any of these that they are not using.

If you are running Microsoft Windows XP on your desktop system, you should consider turning off the following services, it may surprise you as to what is running without your knowledge.

IIS – Microsoft’s Internet Information Services provide the capabilities of a Webserver for your computer.

NetMeeting Remote Desktop Sharing — NetMeeting is primarily a VoIP and videoconferencing client for Microsoft Windows, but this service in particular is necessary to remote desktop access.

Remote Desktop Help Session Manager – This service is used by the Remote Assistance feature that you can use to allow others remote access to the system to help you troubleshoot problems.

Remote Registry – The Remote Registry service capabilities are frightening to consider from a security perspective. They allow remote users to edit the Windows Registry.

Routing and Remote Access – This service bundles a number of capabilities together. It is rare that any of them should be necessary for a typical desktop system such as XP, however, so they can all conveniently be turned off as a single service. Routing and Remote Access provides the ability to use the system as a router and NAT device, as a dialup access gateway, and a VPN server.

Simple File Sharing – When a computer is not a part of a MS Windows Domain, it is assumed by the default settings that all filesystem shares are meant to be universally accessible. In reality, we would only want to provide shares to very specific, authorized users. Simple File Sharing, which only provides blanket access to shares without exceptions, is not what we want to use for sharing filesystem resources. It is active by default on both MS Windows XP Professional and MS Windows XP Home editions. This cannot be disabled on XP Home. On XP Professional you can disable it by opening My Computer > Tools > Folder Options, clicking the View tab, and unchecking the Use simple file sharing (Recommended) checkbox in the Advanced settings.

SSDP Discovery Service – This service is used to discover UPnP devices on your network, and is required for the Universal Plug and Play Device Host service (see below) to operate.

Telnet – The Telnet service is a very old mechanism for providing remote access to a computer, most commonly known from its use in the bad old days of security for remote command shell access on Unix servers.

Universal Plug and Play Device Host – Once you have your “Plug and Play” devices installed on your system, it is often the case that you will not need this service again.

Windows Messenger Service – Listed in the Services window under the name Messenger, the Windows Messenger Service provides “net send” and “Alerter” functionality. It is NOT related to the Windows Messenger instant messaging client, and is not necessary to use the Windows Messenger IM network.

On your system, these services may not all be turned on, or even installed. Whether a given service is installed and running depends on whether you installed the system yourself, whether you are using XP Home or XP Pro, and from which vendor you got your computer if Windows XP was installed by the vendor.

With the exception of Simple File Sharing, all of the above listed services can be disabled from the same place. Simply click on the Start button, then navigate to Settings > Control Panel, open Administrative Tools, and from there open the Services window. To disable any service in the list, double-click on its entry in that window and change the Startup type/setting.

Generally, you should change services you are turning off for security purposes to ‘Manual’ and if your system is running smoothly you can then change the setting to ‘Disabled’. When in doubt about whether a given service is necessary for other services, check the Dependencies tab in the service’s settings dialog.

This is not a comprehensive list of everything running on your computer that you may want to turn off. It is simply a list of ten items that you do not need to have running, and constitute a security vulnerability if left running.

Most users will never have use for the services in this list, once the computer is up and running. Other services may be disabled without ill effect as well, though you should research each item in the complete services list before you disable it to ensure that you actually do not need it running.

Some of them are quite critical to the normal operation of your system, such as the Remote Procedure Call (RPC) service.

Every running but unused service on your machine is an unnecessary security risk. If a service is not important for authorized users and basic system functionality, turn it off.

I also turn the Windows Automatic Updates in Control Panel\ Administrative Tools\Services to MANUAL as they are nothing more than knee-jerk reactions to Microsoft’s usual bungling. I have seen PC’s with up to 1GB of these Hotfixes, Patches and Updates. All they do is slow down the computer to a crawl. Those that are actually necessary for the system WILL NOT have a Remove button on them in the Add-Remove Program.

Security hotfixes are necessary and you don’t want expose your PC to the Internet with an unpatched system. Hotfix itself is not a problem. The problem is the ‘Hotfix Uninstaller’. They do consume a lot of disk space over time. One great tool to remove all of these junk files is a utility called CCleaner.

Browsers cache settings  give your pc the ability to store
frequently visited web pages and also checks for newer web
pages when you navigate to those sites.

Most computers cache setting is left at the default
setting, which can be anything from 250MB to over 1024MB,
which generally speaking is far too high.  You can safely
reduce this to as little as 10 - 20MB.  You may find that
you frequently download large files, for example a file of
50MB, so you would need to adjust you cache size to 60MB so
that if the download is interrupted it will pick up from
where it left off using the cache memory rather than
starting over again.

To adjust the IE cache size:
Start Internet Explorer
Select Tools | Internet Options | General tab
Under Temporary Internet Files click the Settings button.
In the box for the amount of disk space to use, enter a
value between 25 and 50 megabytes.
Click OK to accept the changes.

To adjust the Netscape Navigator cache size:
Start Netscape Navigator
Select Edit | Preferences | Advanced | Cache.
In the box for Disk Cache, enter a value between 5120 and
51200 kilobytes.
Click OK to accept the changes.

By making this simple adjustment, you will save lots of
hard drive space for better uses and it will improve the
overall performance of Internet Explorer.

If you want to have a large cache size, then I recommend
that you clean your cache out regularly.  I do a lot of
browsing and clean mine several times a day, but rather
than go through Internet Properties and start clicking on
various buttons I use ccleaner available for free from
http://www.filehippo.com/download_ccleaner/

CCleaner is a freeware system optimization and privacy
tool. It removes unused files from your system - allowing
Windows to run faster and freeing up valuable hard disk
space by automatically cleaning the cache when run. It also
cleans traces of your online activities such as your
Internet history. It also only takes a few seconds to run
and remove these unwanted files from your pc.

There have been over 55 million downloads of this program

Internet Explorer
Temporary files, URL history, cookies, Autocomplete form
history, index.dat.

Firefox
Temporary files, URL history, cookies, download history.

Opera
Temporary files, URL history, cookies.

Windows
Recycle Bin, Recent Documents, Temporary files and Log
files.

Registry cleaner
Advanced features to remove unused and old entries,
including File Extensions, ActiveX Controls, ClassIDs,
ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files,
Application Paths, Icons, Invalid Shortcuts and more…
also comes with a comprehensive backup feature

Third-party applications
Removes temp files and recent file lists (MRUs) from many
apps including Media Player, eMule, Kazaa, Google Toolbar,
Netscape, MS Office, Nero, Adobe Acrobat, WinRAR, WinAce,
WinZip and many more…

This software does NOT contain any Spyware, Adware or
Viruses.

I set mine up as follows:
Click on the Cleaner Tab on the left and under Windows I
tick all boxes in Internet Explorer, Windows Explorer and
System.  Under Advanced tick only the first 2 boxes.  Then
click on the Applications tab and tick all.

Issues tab:
Unless you are competent at dealing with the registry then
leave this one alone and DO NOT run it.

If you wish to run the Issues to clean the Registry, carry
out the following first:

Backup your Registry. Go to Start, Run and type in regedit
click on OK and the Registry Editor will then open. Go to
the top Tabs and click on File, scroll down until you see
Export, left click it and this will open Export Registry
File window. Save this file to your desktop and in the File
Name box enter Registry Backup File. Click on Save and it
should now be on your desktop. Verify the file is a good
copy, in the Registry Editor window click on File, select
Import, in new panel where it says ‘Look in’ select desktop
and then click on your saved file then click ‘Open’. Once
it says it has been read in successfully, you have a good
backup.

Now if you find that some programs are no longer running
in the way that they should, restore your Registry as
detailed above. CCleaner will also create backup copies of
your Registry and I suggest that if you do choose to run
the Registry Issues untick all of the boxes and tick one
box at a time and run each one separately.

Tools tab: 
Here you will find a list of Uninstall options to remove
programs from your pc, use with caution.  I prefer to use
the Add/Remove function or the programs own uninstaller.

Startup:
Lists all programs that are set to run when you boot up,
if you are unsure about deleting any of these then leave it
as it is.

Options tab:
Settings - Choose your language, untick Run CCleaner when
the computer starts, tick the next 3 boxes, then look at
the Secure Deletion, tick the radio button ‘Secure file
deletion (Slower) and set it to NSA (7 passes)

Cookies - entirely up to the individual, but I don’t save
any cookies.

Custom - You can drag and drop files or folders into the
window or browse for them and on the next run they will be
securely deleted.

Advanced - Untick boxes 1-3 tick all others.

Finally click on the Cleaner tab on the left and you have
the option to Analyze or Run Cleaner. When you are
comfortable using this program you won’t use Analyze, but
initially do use it to see what can be deleted and the
approximate size of files to be deleted.

Important
This will remove any saved passwords and usernames that
you have, so make sure that you have a copy of them all
before proceeding to clean.

Open a text document, enter the URL, username and
password, save this to floppy, external drive or print it
off.  Do NOT save this text file to your hard drive.

There is an excellent program for saving your passwords
etc available from http://www.roboform.com/
I will cover this in more detail another time.

As always, back-up your system or create a restore point
before making any changes.

To your safety and security online
cotojo
 

Identity theft is an very real problem and you need to actively protect yourself from it!
 
If your identity is ever stolen, it can be used in Fraudulent or Criminal activities, to obtain a job where you end up liable for the taxes, to make purchases of products and services that you WILL end up having to pay for, can completely devastate and destroy your credit, and take literally many years for you get it all straightened out.
 
Never give out personal information on the phone, through Postal Services, through e-mail or over the Internet in any other way, unless you’ve initiated the contact and you are sure you know who you’re dealing with.
 
Identity thieves can be skilled liars, and may pose as representatives of banks, government agencies, owners of a company, and yes, they can even pose as Internet service providers (ISPs) to get you to reveal identifying information. Before you divulge any personal information, confirm that you’re dealing with a legitimate representative of a legitimate organization. Double check by calling customer service using the number on your account statement, listed in the telephone book, or obtained via a Telephone Operator.
 
Your computer can be a goldmine of personal information to an identity thief. Here are some points on how you can safeguard your computer and the personal information it stores:

· Update your virus protection software regularly. Computer viruses can have damaging effects, including introducing program code that causes your computer to send out files or other stored information.
 
· Regularly check for security repairs and patches you can download from your operating system’s Web site.
 
· Don’t download files from strangers or click on hyperlinks from people you don’t know, especially when it comes to e-mail where the e-mail contains an attachment. Clicking a link or opening a file could expose your system to a computer virus or a program that could hijack your modem like a Trojan.
 
· Use a firewall, especially if you have a high-speed or “always on” connection to the Internet. A firewall allows you to limit uninvited access to your computer. Without a firewall, hackers can enter your computer remotely from anywhere in the world and even take over your computer and access sensitive information without you even knowing it.
I recommend the use of ZoneAlarm free firewall which can be found at  http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

· To guard the safety of your online transactions always be sure the Web site you are on uses a secure browser software that encrypts or scrambles information you send over the Internet. When you’re submitting information, the address of the Web page should start with “https://” (apposed to the normal surfing address of http://), and also look for the “lock” icon on the status bar. It’s a symbol that your information is secure during transmission.
 
· Try not to store financial information on your PC or laptop unless absolutely necessary. If you do, use a “strong” password that is a combination of letters (upper and lower case) and numbers.
 
· Avoid using an automatic login feature that saves your user name and password; and always log off when you’re finished working in a password protected entry area. If your PC or laptop ever gets stolen, the thief will have a hard time accessing sensitive information if they need to enter usernames and passwords to access something.
 
· Delete any personal information stored on your computer before you dispose of it. Use a “wipe” utility program, which overwrites the entire hard drive and makes the files unrecoverable.  Use Ccleaner available for free at http://www.filehippo.com/download_ccleaner/ and when installed select ‘Options’ then select ‘Settings.  Under the heading ‘Secure Deletion’ click the ‘Secure file deletion (Slower)’ radio button and change the setting to NSA (7 passes).
 
· Read Web site privacy policies. They should answer questions about the access to and accuracy, security, and control of personal information the site collects, as well as how sensitive information will be used, and whether it will be provided to third parties.
 
· Never provide personally identifiable information like a username and password, a government issued number that identifies you, financial details, e-mail addresses, phone numbers, or your home address in areas like chat rooms, forums, instant messengers, e-mail, or any other area over the Internet that gives others access to the information.

Remember, always back-up your system before making any changes.  If using ccleaner make sure you know your passwords.  I suggest you open a spreadheet or word processor, enter the site url, username and password and save it to floppy.  Do NOT save this information on your hard drive.

To your privacy and safer surfing

cotojo