if i were to format my computer and then install fresh from a windows xp pro CD from 2001, and did NOT install any updates or service packs, how could the following scenario play out:

lets say im using firefox and always browsing with javascript turned off. i try my best not to go to random, untrusted sites and scan all my downloads manually (with AVG free).

is it possible for someone to simply ping my ip address and start browsing my files (such as a .txt file with passwords in it) or worse, to delete or upload files to me?

my belief was that the browser was the main source of problems, and that switching from IE to firefox was the golden rule of browsing, however what about underlying problems with the windows NT kernal from 2001? are those also to blame? i am also using a router.

i ask this because i am very interested in tweaking. ive noticed that mostly all of the features from sp2 i dont even use (such as windows firewall, and others) and ive installed faithfully almost every windows update uptil until last year, which seems to me now stupid because im hoarding out like 500+ MB of hard drive space for them.

i am mostly following the information found here:

http://www.bold-fortune.com/forums/index.php?showtopic=229


which is truely an amazing guide for deleting unneeded windows xp files, i read the guide took years to make.


thanks for your time!

You are relatively safe behind a router, but it doesn't hurt to be upto date.

I usually use this pack: http://www.ryanvm.net/msfn/ and keep a fairly up to date pre-built iso with updates and some extras. That pack is 46.5MB, even includes DX updates.

That guy might not like nLite, but it's fine if you use it properly, really I'm not bothered about removing stuff, who needs to be miserly over a few meg, personally I just use it for integrating said pack (don't need to) and making a few tweaks here and there.

i see. so a router is the key piece of hardware, barring any updates? what kind of crazy stuff could happen if i was not using a router, hooked directly up to the cable modem? im guessing there are far more things than can happen...

yeah i love that huge post on bold fortune. i bet it took forver to research and then write that huge post. i have a 70 gig WD raptor so every MB counts for me :P.

hey cool! ryanvm.net looks like its a great resource when your about to format your computer. thank you very much for linking me.

if i was not behind a router, would such things like browsing my files and uploading onto my pc be possible even with firefox as the default and only installed browser? (and i was on a stock windows xp pro installtion from 2001)

Without a NAT device, the internet is a teeming cesspool of malicious traffic. Putting an unpatched XP or 2K (or possible 2003) on the internet is a guarantee of several worms infecting you within minutes, no interaction required. For XP, it'll be a variant of Sasser, which kills lsass.exe and shuts your system down while also probing for other hosts, or Blaster or Bagle, which hijacks your system to send out spam & more viruses. (As well as others.) You'd regret getting on quickly, when it takes an hour or two with antivirus/antispyware to untangle the mess.

Even unpatched XP SP2 with firewall up isn't enough; a remote exploit was found for the built-in firewall. It's far better than nothing, but a simple nat router can be found for $10 or less if you look around enough. Then you only have to worry about surfing the internet.....

Ya man, I agree with the Foxy...

Its a huge pain to install XX GB of updates, but you just gotta do it. Even with firewalls, anti-virus and anti-spyware, an unpatched machine is an accident begging to happen. Various anti-spyware labs have done tests of putting unpatched XP machines up on the web and seeing how long it takes to start gettinge infected. Sometimes its a few minutes, but it never takes longer then a few hours.

Just becuase there are lots of files you can delete afterwards, it doesn't mean you shouldn't install the patches in the first place.

IMHO, here is the list of security measures, ranking by how important they are:
1. All patches and updates (MOST important)
2. Hardware NAT in your router (passive firewall)
3. Anti spyware software (I really like the IP address blacklist that SpyBot uses)
4. Anti virus software
5. Software firewall (active) (least important)

oh my god. im learning a ton of new stuff here. so you guys are saying that using a router and updating to service pack 2 after a format are JUST AS important as using a proper browser like firefox?

so happy im clearing this up now before i do something stupid. previously i had thought that simply the browser was the most important part of keeping safe, that the stock installation of IE6 that comes with windows xp is the way most infections occur. but now i understand that sp2 and a router are just as important, correct?

problems with windows istelf, not neccessairly ONLY Internet explorer 6, are what contribute to such security holes?

when you say that people have done tests to see how fast unpatched installations of xp get infected, what particular browser were they using? if i understand correctly then it doesnt even matter right?

i also use peer guadrian 2. would that also help out? i know you guys mentioned an ip blocker from spybot.

LOL so a software firewall is least important. yeah i agree with you there. i have sp2 installed and windows firewall has always been deactivated lmao.

this is extremely interesting to me. i have always been behind a router when using the internet, so i have zero experience on what happens when you dont use one. i have sp2 installed and i use firefox too, but i admit i have not been getting updates for months now.

from what i am able to gather so far, you dont even have to be BROWSING the internet at all, you could just be sitting there staring at your desktop with an active connection and something bad could happen if you dont have the necessary precautions right?

Yes, you are right. I would also advice after doing all the steps mentioned in the above posts to take some time and read about group policy and administrative templates and then use Control Panel | Administrative Tools | Local Security Policy to change the security settings to a more harder-to-break-in set than the default that ships with Windows installations.

You will have to consider your network configuration first (if you have more than 1 computers), because inconsistent settings may hinder pc to pc communication but I believe it worths the extra effort. I personally use the "Secure Server" administrative template (with a minor set of deviating parameters), which I first set-up in my main computer and then transfer to the rest; thus having them all in sync.

I suggest also to turn automatic updates on, in the Windows Security Center (it will show up when you install SP2); this will make installation of patches a lot easier and timely.

You have a lot of work to do. But this is always the case when you start over from scratch. Good luck :)!

By the way, something I forgot to mention. Check out nLite. Not only can you customize windows as much as you'd like in a very simple fashion, like removing all those unnecessary drivers, you can also integrate (slipstream) SP2 and whatever post-SP2 security updates you want, without having to do it manually. Plus other software, in case you favor zonealarm or such, so you don't have to go online to get it. It even works with OEM installations, if that's what you're forced to use.

And yeah, as for XP getting hijacked, it's as simple as turning it on and plugging the network cable in; IP sweeps are constantly happening, which a router will otherwise stop. Some of the services that were all on in default XP are off with SP2, others are just hardened. Some of that can also be changed by nLite.

i will definitly be using nlite when i format my computer in the comming weeks. thank you for that suggestion man!

whoa. the local security settings are pretty deep, to be honest i didnt even know they existed. wow, what a ton of things you can change like password complexity, and the kerberos trust settings. LOL damn! ill try to read more about what im doing in here.

oh and i had another question about the DMZ host for routers. currently i have my computer set as the De-Militarized Host which means i am exposed to the internet. i know this is stupid but i had to host a lot of diablo 2 lan games where my friends that were playing couldnt get on battle.net cause they didnt have valid cd keys. anyway i was wondering, does setting yourself as the DMZ on your router make you JUST AS vulernurable as if you were not even using a router? is DMZ even recommended to use at all for any reason? i have to admit i have been using it for months at a time :( lol

and finally i love doing tweaking for the services in services.msc for windows xp, right now i only have 4 services running on automatic, everything else is set to disabled and i only turn them on when i need them, for example windows driver mode framework i need that for my mp3 player hooking it up to the usb port, but as soon as i am done i disable it. you guys into that too?


thanks for all of the friendly and helpful replies so far!!

You might also want to rename, change to user and disable the bult in administrator account since all these accounts have the same SID.

Slipstreaming the service packs and updates will save you literally hours of time...

anyway i was wondering, does setting yourself as the DMZ on your router make you JUST AS vulernurable as if you were not even using a router? is DMZ even recommended to use at all for any reason?

No, not "just as vunerable", but very close.
DMZ is BAD BAD BAD, you should turn it off immediately.

If you need DMZ, you really should learn how to forward ports the correct way. Usually, this involves setting a static IP for your PC, and then forwarding ports to that static IP. This website has a TON of guides on the topic, including a lot of router-specific info:
http://www.portforward.com/

and finally i love doing tweaking for the services in services.msc for windows xp, right now i only have 4 services running on automatic, everything else is set to disabled and i only turn them on when i need them...you guys into that too?


I used to do that, but frankly, it can make trouble shooting dificult when things go wrong. I usually go in and turn off a few things that I know I don't need, but I leave everything that I MIGHT need on... it just causes less problems, and besides, memory is at MUCH LESS of a premium then it was when XP first came out.

Of course, if you manually set a static IP in XP, then you can turn off your DHCP service.... :)

The HardOCP forums are full of great info about tweaking your OS:
http://www.hardforum.com/

I completely disagree with updating windows. I higly recomend disabling auto-updates in all programs especially windows. You need to be in full control of all changes to your system. I'm running xp home sp1 and have no security problems*. If it's not broke, don't fix it.

One of the most important things for security is a good software firewall. You would be suprised how many things try to talk to the internet, block them all (unless they are really needed). You need to be in control of exactly what goes in and out of your computer.

With a good software firewall, spyware isn't even a problem if you end up with some because as soon as it tries to phone home, you will know about it, and be able to block it, and delete it.

After firewall, the next most important thing is surfing habits. Using a good browser and not randomly installing things that you don't know what they are.

*I haven't had any problems in years, so I figure I'm doing something right.

You have a point, but its still a risky strategy... one screw up, one little toe in the door by a piece of malware and your computer is borked very quickly. Besides, keeping your firewall at 100% is something most people don't have the skills or patience to maintain.

I agree that auto updates is a bad idea (I like having more control then that), but installing the updates can only make your comp SAFER.


Furthermore, "using a good browser" is an illlusory saftey blanket: if you use Windows, you use IE, wether you like it or not. Its part of the system, and should be patched wether you use it or not.

I agree that "browsing habits" is very important, however. The best technological protections are pretty much useless against the oldest trick in the hacker's book: "social engineering".

I completely disagree with updating windows. I higly recomend disabling auto-updates in all programs especially windows. You need to be in full control of all changes to your system...

The first problem with this is that you don't get security patches for exploits (attacks that can succeed due to errors in program logic of your software). Software isn't perfect and thus you have to regularly update. Else you are vulnerable even if you have the best surfing habits of the world due to the coded in the system weekness.

The second problem is that most users cannot be in full control of all changes to their system because they do not possess the needed technical expertise. Thus, they need help and this is a very helpful mechanism to keep your system updated.

Even experienced admins do not update their system software manually in a timely fashion simply because it is such a boring process.