Window Security Protection

As Trojans, viruses, and rogue software become more and more rampant, the Internet can be seen as a "dangerous" phenomenon. If you do not pay attention to it, you will be tempted to install a large number of anti-virus software, firewalls, and other hosts. Not only that, but the current virus and Trojan writers are truly painstaking. Trojan viruses and other technical techniques are becoming increasingly sophisticated and cruel. In the past, they used ghost to back up the system and install restoration software, installed with various types of anti-soft, firewall, and so on, the machine can be used almost safely and surf freely. Today, virus Trojans and other such damage system backup, damage to the anti-soft, leaving many backdoors, I believe that many people will not be able to reinstall or recover the virus and Trojan horse, and I am determined to reload the disk ...... in fact, most of them are motivated by insufficient security awareness.

Viruses and Trojans can only be used to access a computer. First, hackers, such as viruses and Trojans, use user computer vulnerabilities to intrude into the computer, first, users can download and execute their own files by means of disguised spoofing. To avoid such attacks, we must prevent viruses and trojans from being infected. The following describes how to use personal computers. The default settings for windows are full of loopholes, so it is necessary to manually set them.
① Disable default sharing
You may not know whether the default share is enabled. Enter "cmd" in "run", enter "net share" in the command line interface, and press enter to check whether the share is enabled.

It can be seen that my computer has opened the IPC $ sharing service, and some have C $, d $, etc. This is the hidden default sharing on your computer, the trojan virus can easily intrude into the computer through this sharing. How can we prevent it? The procedure is as follows:
1. Disable NULL connections for enumeration (this operation cannot prevent the establishment of NULL connections)
First Run regedit, find the following structure [HKEY_LOCAL_MACHINE/system/CurrentControlSet/control/LSA]
Restrictanonymous = DWORD key value changed to: 00000001.
Restrictanonymous REG_DWORD
0x0 default
0x1 anonymous users cannot list local users
0x2 anonymous users cannot connect to the local IPC $ share
Note: 2 is not recommended; otherwise, some of your services may fail to start, such as SQL Server.
2. Disable default sharing.
In cmd, run the following command to delete all listed shares (input one at a time ):
NET Share IPC $/delete
NET Share ADMIN $/delete
NET Share C $/delete
NET Share d $/delete (if E, F ,...... Can continue to delete)
Modify registry to delete share:
Run-Regedit
Find the following primary key: [HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/LanmanServer/parameters]
Change the key value of AutoShareServer (DWORD) to 0000000.
If the preceding primary key does not exist, a new primary key (right-click-New-double byte value) is created and the key value is changed.
3. Stop the Server Service
Permanently disable IPC $ and the default shared dependency service: LanmanServer is the server service.
Control Panel-Administrative Tools-service-find Server Service (right-click)-properties-General-Startup Type-disabled.
② Turn off dangerous services
In addition to the preceding sever as a dangerous service, the following services are also dangerous. Generally, individual users do not need these service features, so they are prohibited from being able to enhance security:
Open "Control Panel"-"Administrative Tools"-"service" to view the service list in the system.
Find the following services:
Messenger
Remote Registry
Server (haha, repeated)
Telnet
Terminal Services
Task Scheduler
In addition to the preceding scenarios, all the other tasks, including scheduler-related services, are double-clicked on the scheduler. In the displayed dialog box, change it to "disabled ". These services are worrying services, so it is better to disable them.
③ Set the user account password
For the convenience of illustration, many users are too reluctant to change the password of their sub-accounts by default, so it is no wonder that the sub-accounts are infiltrated and leave a backdoor. Or open "Administrative Tools", open "Computer Management", there are accounts and user groups in it, rename "Administrator" (right-click to rename) and change the password (double-click it and change it in the pop-up dialog box), and find other accounts such as "guest", "support_3889", and "helpassistant, of course, it is better to delete unnecessary accounts. You can use the following command in "run"-"cmd" to delete unused accounts:
Net user username/delete
Net localgroup user group username/delete
The preceding command directly deletes an account. The following command is used to delete the account in a user group. For example, deleting a "guest" account: Net user guest/delete
You can also create a user group and user name here.
④ Enable Windows Firewall
On the Control Panel, find "Windows Firewall" and enable it.
⑤ Disable automatic operation of disks
This is not a vulnerability. We often use it. For example, when you plug in a USB flash drive, your host will pop up an automatic dialog box, or you can open "my computer"-"Tools"-"Folder Options"-"View ", select "Hide protected operating system files" and "show all files and folders", and remove "Hide extensions of known file types, check whether there is Autorun in each disk on your machine. INF and other files. Be careful if necessary. We often use a USB flash drive to transmit data. We do not know that a USB flash drive is a major way of virus infection. Changing this item will not cause any faults, but greatly increase the sub-host security.
It is troublesome to modify the Registry. We recommend a tool to modify it directly.
Tweak UI, (you can download it from my e drive)
I only set here to allow automatic operation of the CD, and all others will disable automatic operation, huh, so when someone inserts a virus-infected USB flash drive, my machine is also safe and sound.
⑥ Prevent File Association
"Run"-"Regedit", open it, find and expand this "hkey_classes_root/exefile/Shell/Open/command", right-click and choose "permission ",
As shown in
Click "advanced" and "add". Then "select user or group" is displayed. Click "advanced" and click "Search now" in the upper right corner ", all users and user groups on the host are automatically listed. After "everyone" is selected, click "OK"-"OK". A permission Setting dialog box is displayed. In "set value ", "Create subitem", "delete", and other items "reject" are checked. OK. This prevents trojans from modifying the Registry to associate the EXE file. You can also set ". RAR ",". bat ",". com ",". TXT ",". htm ",". doc ",". cmd ",". CHM ",". zip ",". cpl ",". you can set the suffix of common files such as lnk to prevent the file association from being modified and used by the Trojan horse.
7. Prevent Trojan viruses from loading self-boot items
After the trojan virus is run on the host, you must try to enable it to start automatically, that is, the trojan virus will run automatically at the next boot. To prevent this, you can modify the Registry-related startup Item permission to disable loading of Trojan viruses:
Follow the settings in Step 6 to set the following items. Set the Everyone group of the registry items to be readable, writable, or unchangeable.
HKEY_LOCAL_MACHINE/system/CurrentControlSet/control/Terminal Server/WDS/rdpwd
HKEY_LOCAL_MACHINE/software/Microsoft/Windows NT/CurrentVersion/Winlogon
HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects
HKEY_CURRENT_USER/software/Microsoft/Internet Explorer/urlsearchhooks
HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/Winsock2/parameters/protocol_catalog9
------------------------------------ Ensure that the sub-account is logged on normally or the Internet is normal, and then change the permission ---------------------------------------
HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runonce
HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runonceex
HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runservices
HKLM/software/Microsoft/Windows/CurrentVersion/run
HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/run
HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/runonce
------------------------------------- Change the permission before installing the common software ---------------------------------------------

HKEY_LOCAL_MACHINE/system/CurrentControlSet/services
-------------------- Change the permission before the system service and driver are installed normally ----------------------------------------
Of course, there is also a "start" folder to find out which hidden files can be deleted, huh, huh
Folder permission settings
Haha, the system disk is in the NTFS format, but it does not matter if it is in the FAT32 format. You only need a command in Windows to convert it without disrupting any system settings, but before the conversion, I want to know that NTFS does not support pure dos access, if it is in pure DoS or the DOS boot disk does not support the NTFS format, and you need to use ghost to restore the system, do not change it, in addition, comrades with the one-click recovery function of the sub-machine should also back up the backup after the backup is converted to the NTFS format in FAT32 format. Of course, DOS can also access NTFS format partitions. You can find them online.
Enter: Convert/? In cmd /?
You can see the command usage help, for example, converting the system disk C: To the NTFS format (you don't need to convert it, you can see it in the context menu of the drive letter ):
Convert C:/Fs: NTFS
After the command is successful, the system will be automatically converted after restart.
After the conversion is successful, the folder or file in the NTFS format disk has a "security" tab in the right-click menu (some do not have to be activated ), you can set permissions for files and folders.
You can set different permissions for some important folders. You can set C in the System Disk: /Documents and Settings/your username/Local Settings/Temp folder permission settings the Everyone group is set to reject "traversing folders/running files" (the specific setting method is the same as described in section 6 ), this prevents trojans from browsing the Web page. In addition, set "cmd.exe", "net.exe", "net1.exe", "format.exe", "ftp.exe", "tftp.exe", "cacls.exe ", "ipconfig.exe", "command.com", and so on are set to the Everyone group to prohibit access or operation, and delete all files in the Windows/system32/dllcache/directory (haha, delete the file system in this folder ). Set permissions for important files such as "assumer.exe", "regedit.exe", "regedit32.exe", "notepad.exe", "regsvr32.exe", and "taskmgr.exe" to be readable only by the administrator account, access from other accounts is rejected. This greatly reduces the chances of hackers or viruses exploiting system vulnerabilities to intrude into or infect computers. If you want to set the parameters, make sure that the system is running properly. For example, command.comfile, svchost.exefile, and rundll32.exe. Of course, if you want to prevent trojans from generating a file in your folder, create a folder with the same name and set it to read-only. For example, if you create a folder named "3721" in the C:/Program Files directory and set the permission to deny any permissions of the Everyone group, it is difficult to install the 3721 network real-name plug-in the future.
⑨ Back up important materials or files
If you are afraid that the system registry is maliciously modified or some files cannot be recovered due to virus infection, you can use this backup:
Open "run", type "cmd", and then enter: md d:/bak .. /generates a Bak under D. folder. You can enter D:/bak .. /. copy and paste some important backup files to this folder. to delete this folder, first clear all the files in the folder, and then enter rd d in cmd: /bak ... The files in this folder cannot run. To run these files, you must copy them before running them. Of course, the virus Trojan is helpless to the information in this folder. Copy all important files and put them in this special folder. You will not be afraid that these files will not be backed up in the future. You can set the registry, driver, and favorites, all the necessary installation files are included. These files will be specially protected.
Frequently patched by ghost
As we all know, Microsoft has many windows patches. Therefore, it is necessary to install patches frequently to avoid the intrusion of some popular viruses or hackers. It is much better than frequently upgrading anti-virus software.
There are specialized tools for upgrading and patching. We recommend that you use 360-degree security guard here. You can go to www.360safe.com. You cannot download one from an available proxy on CERNET. Here we will show you the IP below: http: // 220.181.34.241/setup.exe
This tool can automatically scan all vulnerabilities on the machine. You only need to select the patch to download.
TIPS: Some Pirated Windows XP systems will rebound after some patches are installed, that is, they need to be re-activated. Haha, I have not encountered such a situation, so it is hard to say that it is too dead.
Most important: Security Awareness + security knowledge
Don't ask me about these things. You can find them in Baidu or Google. Good security awareness is one hundred times better than that of the best anti-virus software. The rich security knowledge is the strongest firewall.

Add: Use group policies to maintain system security
The group policy is available only in WindowsXP javassinal version. Open "run" and enter "gpedit. msc. The full use of the Group Policy can effectively ensure the security of the machine and sub-accounts. I will not describe them one by one, because the help files provided by windows are very detailed. Let's take a closer look at the Software Restriction Policies, IP security policies, public key policies, and other setting methods in the Group Policy. Using these policies can effectively exert the security performance of Windows XP, you can understand it by yourself. In addition, the security template in the Group Policy is some common settings of the system, and you do not need to find some software to set it.