Twelve Steps to PC Hardening


Why:

Want an inexpensive way to add value to a PC and differentiate your product from other white box PCs? How about a "hardened" white box?

Computers with firewalls and backups ready to go instead of having to requiring add-on by in-house IT staff or consultants might be more valuable than those without. Secured computers are also less likely to be returned for warranty service due to viruses or "black hats."

This is for computers intended for sale to SOHOs or households. Companies with IT staff will have their own ideas about securing computers.

How:

1. Install a firewall. I recommend the freeware version of ZoneAlarm (http://www.zonelabs.com).

2. Install any good antiviral software with automatic updates.

3. Make sure Windows Scripting Host is disabled. Find c:%5Cwindows%5CWscript.exe and delete it.

4. Disable file sharing.

Go to Start > Control Panel > Network > File and Print Sharing (button) and uncheck both boxes.

5. Install a copy of AdAware anti-spyware (http://www.lavasoftusa.com).

6. Replace Microsoft Outlook / Outlook Express with any other Windows-compatible mail reader.

7. For Win 9x-2000, remove MSIE using the freeware script available at http://www.98lite.net, install Netscape 4.7x or Netscape 6 as the default. For XP, IE probably can't be removed, simply install Netscape and make it the default.

8. Show all file extensions. See the CERT Advisory for how at http://www.cert.org/incident_notes/IN-2000-07.html.

9. Add a backup HD in a mobile rack. A workable backup program comes with all versions of Windows from 9.x-XP. An Ecrix tape drive bundled with backup software is preferable but much more expensive.

10. Disable cookies. Replace the cookies.txt file found in Netscape and Opera with a cookies.txt subdirectory. Cookies instantly vanish in a way that doesn't usually interfere with site access.

11. Unless you can't, break out the OS/installation separately on the invoice to show it as a separate sale. Backup for Windows requires an installed copy of Windows to make restore from backup possible.

12. Make sure the OS and bundled applications are patched currently.

Recommendations:

Describe what was done for security; a customer or consultant might want to implement different security measures later. Create a maintenance schedule for customers and put it into a shareware/freeware reminder program like X-Reminder Lite.

Add a disclaimer. No computer connected to the Net can be made hackerproof even under the best circumstances. All that can be done is to make it more secure.

A.Lizard is the pseudonym for an Internet consultant living in the San Francisco Bay Area. He has been writing for tech-oriented magazines and Web media such as 8wire and Microtimes since 1987. He is currently working on developing a financial services infrastructure technology.