Apply special security fixes for Windows XP

last revision August 10, 2004

Suggestions to secure your Windows PC:
  1. Use strong passwords
  2. Install security patches
  3. Share files correctly
  4. Use anti-virus software
  5. Protect against email viruses
  6. Install PCLeland
  7. Minimize open network services
  8. Run a security analyzer
  9. Do regular backups
  10. Apply special Windows XP fixes

Windows XP has special security issues, particularly in the Home Edition, that must be addressed before connecting to the Stanford network. These problems, mentioned in the various sections above, are summarized here.

All user accounts on Windows XP Home Edition are created by default with administrator group privilege and no password. Because of automatic file sharing via hidden "administrative shares", this lack of passwords makes a computer with the default Windows XP Home Edition configuration completely open to hackers if placed on our network. Strong passwords must be set for all user accounts on a Windows XP Home Edition system before connecting to the Stanford network.

The default Simple File Sharing mode of Windows XP may not be used on the Stanford network, because it can not be protected against hackers. It always allows access by anyone, without a password. Microsoft intends for this file sharing mode to be used only on networks protected by a "firewall". Stanford does not protect its network with a firewall.

You can share files from a Windows XP Professional Edition computer on the Stanford network by switching to the Classic file sharing mode and then following the instructions for Windows 2000 file sharing.

You may not enable any kind of file sharing on a Windows XP Home Edition computer on the Stanford network. Windows XP Home Edition always uses Simple File Sharing and thus can never be password protected. Disable the File and Printer Sharing for Microsoft Networks feature on any Windows XP Home Edition computer that is connected to the Stanford network.

Use the UnPlug and Pray utility from Gibson Research to disable Universal Plug and Play on Windows XP systems. This unnecessary network service has severe security flaws.

Comments or Questions?