"Deep in the sea are riches beyond compare.
But if you seek safety, it is on the shore."

Tweaks and tricks for security and privacy : Part One

Here I will show you few tricks and tweaks on how to improve your security and privacy. First, we will adjust your Internet Explorer settings so they are a bit safer. Then we will disable Netbios from bothering you, take care of the Index.dat files privacy issue and get rid of System Restore from ever causing you any privacy or other problems. At last, I show you how to find and delete not-needed files easily from your computer. If Microsoft had bothered to make Windows secure by default, we wouldnt be here doing it for them. ;) The sad fact is that there are just so many privacy and security issues related to default settings of any Windows operating system, that they need to be taken seriously. If you are using Windows2000 or WindowsXP, please consult the "Win2k/XP" page for other tweaks.

An example about safe settings for Internet Explorer:
These settings apply mainly to Internet Explorer 6 but in most cases to older versions too. Internet Explorer's default settings are very insecure. Not to mention about all the javascript and active-x vulnerabilities there has been in IE! I suggest that you update to latest version of Internet Explorer and download all the patches needed for it to be even relatively safe. If you are still using some 4.xx or 5.xx versions, you should update NOW! Yes, I do know it takes a lot of time to download if you are using modem but there are so many bugs and security holes in old versions that if you dont update...well... Still, I suggest using some other browser for security reasons, like Opera or Netscape or Mozilla. :) Anyway, here are the secure settings for IE.

Attention! Some people prefer using "host files" or "Restricted Sites Zone" for securing their Internet Explorer. I strongly recommend that you DO NOT follow these kinds of practises, or atleast do not trust that they provide any security. The reason for this is that you cannot know the hostile internet sites before you hit them. And then its already too late. Trying to keep up with the "bad sites" using some list of known "bad sites" is a waste of time since there will be plenty of new "bad sites" that will never be added to such list. The ONLY way to be sure is to concider ALL sites in the internet as "possibly hostile until proven friendly". This means that you secure all the settings and only allow things like javascript on sites that you can absolutely trust. Most sites will work just fine without javascript etc. enabled anyway.

1. Go to the menu in the bottom left corner in the screen and choose "Start" - "Settings" - "Control Panel" and doubleclick "Internet Options".

2. Go to next page "Security" and move the security level bar on this "Internet zone" to "High". If you cant see the security level bar, click "Default level" and then move it to "High". This will save you from many dangers, like harmfull Active-X content and so on.

3. Now, click "Trusted Sites" on this page and move the security level bar in here to "medium low". If you cant see the security level bar, click "Default level" and then move it to "Medium low". Now, you MUST add sites you absolutely trust to your "Trusted Sites" by pressing the button "Sites". Add pages like [without quotas] "*.microsoft.com" and press "Add". Now all the pages belong to Microsoft [like http://windowsupdate.microsoft.com] are concidered trusted. Also, remember to disable "Require server verification (https) for all sites in this zone"! It is important to add sites you trust here, so cookies, javascript, Active-X and so on, work in these pages...but only on those pages you trust! Press OK to go back to the rest of the settings.

4. Then click the other zones and change security preferences on those zone to "High". This will ensure that every other zone than "Trusted Sites" zone is as secure as possible.

5. Go to the next page called "Privacy" and move the bar to the top. This makes sure no cookies are stored on your computer from internet sites. The pages you have added to your "Trusted Sites" will still be able to set cookies to your computer as they are supposed to.

6. Go to the next page called "Content" and in that page go to "Autocomplete". Disable all marks, this makes sure that no passwords or forms are saved to the browser so that someone might easily use them for whatever he desires. Passwords are meant to be kept in memory, not saved on anywhere! Also, remember to clear both passwords and forms now. Press OK to go back to rest of the settings.

7. a) Go to the final page "Advanced" and make sure you have the following enabled:
- "Automaticly check for Internet Explorer updates"
- "Use SSL 3"
- "Use TLS 1"
- "Check for signatures on downloaded programs"
- "Check for publisher's certificate revocation"
- "Check for server certificate revokation"
- "Do not save encrypted pages to disk"
- "Warn about invalid site sertificates"
b) Make sure you have the following disabled:
- "Install on demand -other"
- "Use AutoComplete"
- "Use third-party browser extensions"
- "Enable install on demand"
- "Enable integrated Windows authentication"

8. IMPORTANT! At the end, press OK so that the settings will be used by the Internet Explorer!

If you, for some reason, want to able to download files from all over the internet, you should tweak the settings a bit after making the changes described above. The "High" security settings dont allow files to be downloaded from the internet you see. Follow the steps 1 and 2 but when you are in the "Security" page and "Internet" -zone, choose "Custom level". Scroll it down until you see "Download" - "File download" and choose "Enable". You should be very carefull when downloading files from the internet. NEVER execute files directly from the internet. Always download and then execute the file from your computer if you are absolutely sure it is safe to execute that particular file.

-Markus Jansson