Do you Want secure your to secure Windows2000 / XP to the max....then follow these basic steps [:)]

IMPORTANT INFORMATION REGARDING WINDOWSXP SP2 Some security softwares have had problems with Service Pack 2, like for example ZoneAlarm and some antivirus software. Also, there has been other issues regarding the SP2, I have personally found out that after installing it my computer stops working properly, I have not yet managed to solve the situation. Also, the SP2 has some changes regarding the settings of Internet Explorer, Windows ICF and other issues, so this page is not updated to meet SP2 details for now. My suggestion regarding SP2 is, that you should backup and try it out. If it works, fine, Microsoft has fixed some major security issues with it so you likely safe enought for now on default install on SP2 if you follow its security center guides. If you cannot install SP2 or get it working, then restore the old WindowsXP and use the settings and tips in this page as it is. Try later to install SP2 when Microsoft either fixes its bugs or we can discover some way to counter them.

These settings can be used with both Windows 2000 and WindowsXP to *really* secure the system and also boost up its performance. Depending upon your version and whether it is Win2k or XP, you might notice that some of the features/options arent there. Just skip and move on until you hit something that IS on YOUR Windows2k/XP. The "best" option of all is to have WindowsXP professional, since the screenshots are from WindowsXP professional. However, please notice that you can access some of the features in WindowsXP professional even if you are installing home edition, by booting into "Safe Mode" some time.

WindowsXP offers pretty good security features, but only if you know how to use them. By default, WindowsXP is clumsy and has many possible security holes due to its poor default settings. If you use WindowsXP pro, you can really make your computer your fortress against almost any invader. The build-in EFS (Encrypting File System with NTFS), strong authentication methods, firewall, etc. give you good tools for it. Home edition does not have all these features but you can always implement your own according to these guidelines. These principles are designed for ONLY single-user "home" computers (standalone), NOT computers in, lets say, corporate networks! On standalone computers you can and should fill all holes possible but in corporate enviroment, the whole point is to allow computers to be used via corporate networks or intranet. You can still take suggestions and clues here and implement them properly if you are installing or using Windows2k/XP in corporate enviroment or are using multiple user accounts.

Please remember!
As sayed earlier, these settings work like dream for me and most 2k / XP users too, but not with all of them. The best option would be to either make and "image" of your C-drive or write down your original settings before you start implementing these settings. The problems that might occur are mostly related to network connections / internet access. You can also troubleshoot the problems using the Windows Help and Support while going throught the settings to see what needs perhaps to be enabled. And if the worst happens...And you just cant revert the changes you made, run "repair install" using your Win2k/XP cdrom. It will keep all the programs etc. but restore regular settings. Remember to update and patch your software after this "repair install".

When you do some alterations to settings, make sure you exit that window by pressing OK or YES keys. If you simply close the window clicking from the X in the corner of it or press CANCEL, the alterations you just made will NOT become affective!

Two good links related to securing and tweaking Windows 2000 and Windows XP
Black Viper's guide on Windows 2000 and XP services
NSA security guides on securing WindowsNT, 2000 and XP (in corporate/network enviroment)

Before installing Windows 2000 / XP
-> Physically disconnect from the net!
- -> Do NOT plug the network cable/internet connection!

-> Backup all your personal files and documents to different HDD or partition
--> Optionally back up to CDRW or external HDD

During installation of Windows 2000 / XP
-> Delete old system partition(s), install from "fresh"!
--> Its a good idea to create atleast two partitions, one for the system (you need atleast 5 Gb for this one, but 10-20 Gb is better) and second for your own files and images from first partition (rest of the HDD space, but atleast double the amount of what is the size of first partition, so atleast 10, but 20-40 Gb is better). Ofcourse, if you have backed up your data to some other partition than C:, then do NOT remove or format that partition or your backups will be lost!
---> Format partitions to NTFS.

-> Create one account for yourself (besides the default "administrator account" there already is). This account does not have password by default.

-> Use good passphrases, atleast 14 marks long, containing both letters, numbers and special marks (like !"#¤%&/().). To be ultra-secure, use over 28 marks long Administrator passphrases.
--> Never use the same passphrase in two places/systems

After installation is done
-> When logging in first time when "Welcome" screen appears
--> Press ctrl+alt+del (couple times in row perhaps)
---> Login as Administrator and with administrator passphrase

Try to close all ports and shares
-> Control Panel
--> Network and Internet connections
---> Network connections
----> Select connections and right click on them
-----> Properties
------> Select all other items (one by one) than: TCP/IP
-------> Uninstall
------> Select: TCP/IP
-------> Properties
--------> Advanced
---------> WINS
----------> Remove: Enable LMhosts lookup
----------> Select: Disable Netbios over TCP/IP
---> Repeat the procedure on all other connections too

-> Control panel
--> Performance and maintenance
---> Administrative tools
----> Computer management
-----> Shared folders
------> Shares
-------> (delete everything inside)

-> (WindowsXP ONLY) Run: regedit.exe
--> Go to (if key/value does not exist, create one by right clicking in the right window)
---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
----> EnableDCOM (REG_SZ)
-----> Set to: N
---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
----> Value: DCOM Protocols
-----> Remove ncacn_ip_tcp
---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\
----> Value: MaxCachedSockets (REG_DWORD)
-----> Set to: 0
---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
----> SmbDeviceEnabled (REG_DWORD)
-----> Set to: 0
---> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\
----> REG_DWORD
-----> AutoShareServer
------> Set to: 0
-----> AutoShareWks
------> Set to: 0
---> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSession Pipes\
----> NullSessionPipes
-----> (Delete all value data INSIDE this key)
----> NullSessionShares
-----> (Delete all value data INSIDE this key)
---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\
----> Machine
-----> (Delete all value data INSIDE this key)

Enable Windows XP internet connection firewall (ICF)
-> Control Panel
--> Network and internet connections
---> Network connections
----> Select connection and right click on them
-----> Properties
------> Advanced
-------> Internet Connection Firewall (enable it)
--------> Settings
---------> Make sure NOTHING is selected/enabled
----> Repeat the procedure on all other connections too

Secure your Internet Explorer settings
-> Control Panel
--> Network and Internet connections
---> Internet Options
----> General
-----> Temporary internet files
------> Settings
-------> Set to: Every visit to page
-----> Days to keep pages in history
------> Set to: 0
----> Security
-----> Internet
------> Custom level
-------> Reset to: High
--------> Reset (yes)
------> Scroll down to "File download"
-------> Set to: Enable (yes) (THAT IS, IF YOU WANT USERS TO BE ABLE TO DOWNLOAD FILES FROM THE INTERNET!)
-----> Local intranet
------> Sites
-------> Make sure nothing is selected!
-----> Trusted sites
------> Sites
-------> Add this web site to the zone:
--------> Add all the domains here you can absolutely trust here (and press add after each domain)
---------> For example, add: *.microsoft.com
---------> For example, add: *.passport.com
---------> For example, add: *.msn.com
---------> For example, add: *.markusjansson.net
--------> Make sure "require server verification..." is not selected!
------> Move the tab to "Medium"
-----> Restricted Sites
------> Custom level
-------> Reset to: High
--------> Reset (yes)
------> Scroll down to "File download"
-------> Set to: Enable (yes)
----> Privacy
-----> Advanced
------> Override automatic cookie handling
-------> First party cookies: Block
-------> Third-party cookies: Block
-------> Enable: Always allow session cookies
----> Content
-----> Autocomplete
------> Disable all
------> Clear forms (yes)
------> Clear passwords (yes)
------> Programs
------> Disable: Internet Explorer should check whether it is the default web browser
----> Advanced
-----> Disable everything else, but enable the following
+ Always send URL:s as UTF-8
+ Disable script debugging
+ Enable folder view on FTP sites
+ Enable page transitions
+ Show friendly http error messages
+ Show go button in address bar
+ Use passive ftp
+ Use smooth scrolling
+ Use http 1.1
+ Use http 1.1 through proxy connections
+ Dont display online media content in the media bar
+ Play animations in webpages
+ Play sounds in webpages
+ Play videos in webpages
+ Show pictures
+ Smart image dithering
+ Check for publishers certificate revocation
+ Check for server certificate revocation
+ Check signatures on downloaded programs
+ Do not save encrypted pages to disk
+ Use SSL 3.0
+ Use TLS 1.0
+ Warn about invalid site certificates
+ Warn if form submittal is being redirected

Turn Telnet NTLM logings off
-> Run: telnet.exe
--> Type (and press enter): unset ntlm

Turn SYSKEY on
-> Run: syskey.exe
--> Encryption enabled
---> Update
----> Store key locally

Turn extra accounts off
-> Control Panel
--> Performance and maintenance
---> Administrator tools
----> Computer management
-----> Local Users and groups
------> Local Users
-------> Delete all users other than "Administrator" and "Guest" and the user accounts you specially have created.

Create/edit user level accounts
-> Run: control userpasswords2
--> Here you can easily add, remove and edit existing accounts. Ideal composition is that you have administrator account and one user account per every user who uses your computer (and they all are protected by good passwords). If you didn't create a user level account during setup, you can easily change one of the accounts here from "administrators group" to "user".
--> Enable: Users must enter a user name and password to use this computer
--> After installing, you usually have TWO accounts that are in administrator group. One that is "administrator" and other that is account in administrators group (named as you named it during Windows XP installation).
---> Select the latter account
----> Properties
-----> Group membership
------> Set to "Restricted User"
----> Reset password
-----> Set the password what you desire, but do not use the same password as you used with your administrator account

Turn safer login on
-> Control Panel
--> User Accounts
---> Change the way users login
----> Disable: Use welcome screen

-> Run: regedit.exe
--> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
---> DefaultPassword
----> (Delete this KEY if present)

Optionally) Create password reset diskettes
-> Control Panel
--> User Accounts
---> Click onto account you want to create password reset diskette to
----> Related tasks
-----> Prevent a forgotten password, etc.
------> Keep that diskette in SAFE place!

Close all not-needed services
-> Control Panel
--> Performance and maintenance
---> Administrative tools
----> Services
-----> Go to every service EXCEPT
+ Application Layer Gateway Service
+ Application Management
+ Automatic Updates
+ Backround Intelligent Transfer Service
+ Cryptographic Services
+ DHCP Client
+ Event Log
+ Help and support
+ Human Interface Device Access
+ Internet Connection Firewall
+ Network Connections
+ Network Location Awareness (NLA)
+ Plug and Play
+ Print Spooler (if you have printers)
+ Remote Access Connection Manager
+ Remote Procedure Call (RPC)
+ System Event Notification
+ Task Scheduler
+ Telephony
+ Themes (hey, you dont want to shutdown cute themes right?)
+ Windows Audio
+ Windows Image Acquisition (if you have scanners or digital cameras attached)
+ Windows Installer
+ Windows Management Instrumentation
+ Windows Management Instrumentation Driver Extensions
------> Doubleclick with left mouse button or click right mouse button and select "Properties"
-------> Startup type
--------> Set to: Disabled
-----> Go to
+ Automatic Updates
------> Startup type
-------> Set to: Automatic

Prevent not-needed programs from starting up
-> Run: msconfig.exe
--> Startup
---> Unselect all (unless you KNOW that there is some specific program launching up that you need, for example third party application for your printer, xDSL connection or similiar).
----> If you are unsure, still unselect all. You can later come back and re-select some if it was important

Secure settings
-> Control panel
--> Performance and maintenance
---> Administrative tools
----> Local security policy
-----> Account policies
------> Password policy
------> Enforce password history - 0 passwords remembered
------> Maximum password age - 360 days
------> Minimum password age - 0 days
------> Minimum password lenght - 14 characters
------> Password must meet complexity requirements - Enabled
------> Store passwords using reversible encryption for all users in the domain - Disable
-----> Account lockout policy
------> Account lockout threshold - 3 invalid logon attempts.
------> Account lockout duration - 15 minutes
------> Reset account lockout counter after - 15 minutes
-----> Local policies
------> Audit policy
-------> Audit account logon events - Success, failure
-------> Audit account management - Success, failure
-------> Audit logon events - Success, failure
-------> Audit Object access - Success, failure
-------> Audit policy change - Success, failure
-------> Audit system events - Success, failure
------> User rights assignment
-------> Access this computer from the network -
-------> Act as part of the operating system -
-------> Add workstations to domain -
-------> Adjust memory quotas for a process - LOCAL SERVICE,NETWORK SERVICE,Administrators
-------> Allow logon through Terminal Services -
-------> Back up files and directories - Administrators
-------> Bypass traverse checking - Authenticated Users,Administrators
-------> Change the system time - Administrators
-------> Create a pagefile - Administrators
-------> Create a token object -
-------> Create permanent shared objects -
-------> Debug programs - Administrators
-------> Deny access to this computer from the network - Everyone
-------> Deny logon as a batch job -
-------> Deny logon as a service -
-------> Deny logon locally -
-------> Deny logon through Terminal Services - Everyone
-------> Enable computer and user accounts to be trusted for delegation -
-------> Force shutdown from a remote system -
-------> Generate security audits - LOCAL SERVICE,NETWORK SERVICE
-------> Increase scheduling priority - Administrators
-------> Load and unload device drivers - Administrators
-------> Lock pages in memory - LOCAL SERVICE, Authenticated Users,Administrators
-------> Log on as a batch job -
-------> Log on as a service -
-------> Log on locally - Authenticated Users, Administrators
-------> Manage auditing and security log - Administrators
-------> Modify firmware environment values - Administrators
-------> Perform volume maintenance tasks - Administrators
-------> Profile single process -
-------> Profile system performance -
-------> Remove computer from docking station - Authenticated Users,Administrators
-------> Replace a process level token - LOCAL SERVICE
-------> Restore files and directories - Administrators
-------> Shut down the system - Authenticated Users, Administrators
-------> Synchronize directory service data -
-------> Take ownership of files or other objects - Administrators
------> Security options
-------> Accounts: Administrator account status - Enabled
-------> Accounts: Guest account status - Disabled
-------> Accounts: Limit local account use of blank passwords to console logon only - Enabled
-------> Accounts: Rename administrator account - (TYPE SOME NAME HERE AND USE IT WHEN YOU LOGIN AS ADMINISTRATOR IN THE FUTURE)
-------> Accounts: Rename guest account - Guest
-------> Audit: Audit the access of global system objects - Disabled
-------> Audit: Audit the use of Backup and Restore privilege - Disabled
-------> Audit: Shut down system immediately if unable to log security audits - Disabled
-------> Devices: Allow undock without having to log on - Disabled
-------> Devices: Allowed to format and eject removable media - Administrators
-------> Devices: Prevent users from installing printer drivers - Enabled
-------> Devices: Restrict CD-ROM access to locally logged-on user only - Enabled
-------> Devices: Restrict floppy access to locally logged-on user only - Enabled
-------> Devices: Unsigned driver installation behavior - DO not allow installation
-------> Domain controller: Allow server operators to schedule tasks - Disabled
-------> Domain controller: LDAP server signing requirements - Not defined
-------> Domain controller: Refuse machine account password changes - Enabled
-------> Domain member: Digitally encrypt or sign secure channel data (always) - Enabled
-------> Domain member: Digitally encrypt secure channel data (when possible) - Enabled
-------> Domain member: Digitally sign secure channel data (when possible) - Enabled
-------> Domain member: Disable machine account password changes - Enabled
-------> Domain member: Maximum machine account password age - 1
-------> Domain member: Require strong (Windows 2000 or later) session key - Enabled
-------> Interactive logon: Do not display last user name - Enabled
-------> Interactive logon: Do not require CTRL+ALT+DEL - Disabled
-------> Interactive logon: Message text for users attempting to log on -
-------> Interactive logon: Message title for users attempting to log on -
-------> Interactive logon: Number of previous logons to cache (in case domain controller is not vailable) - 0 logons
-------> Interactive logon: Prompt user to change password before expiration - 14 days
-------> Interactive logon: Require Domain Controller authentication to unlock workstation - Enabled
-------> Interactive logon: Smart card removal behavior - Lock Workstation
-------> Microsoft network client: Digitally sign communications (always) - Enabled
-------> Microsoft network client: Digitally sign communications (if server agrees) - Enabled
-------> Microsoft network client: Send unencrypted password to third-party SMB servers - Disabled
-------> Microsoft network server: Amount of idle time required before suspending session - 1
-------> Microsoft network server: Digitally sign communications (always) - Enabled
-------> Microsoft network server: Digitally sign communications (if client agrees) - Enabled
-------> Microsoft network server: Disconnect clients when logon hours expire - Enabled
-------> Network access: Allow anonymous SID/Name translation - Disabled
-------> Network access: Do not allow anonymous enumeration of SAM accounts - Enabled
-------> Network access: Do not allow anonymous enumeration of SAM accounts and shares - Enabled
-------> Network access: Do not allow storage of credentials or .NET Passports for network authentication - Enabled
-------> Network access: Let Everyone permissions apply to anonymous users - Disabled
-------> Network access: Named Pipes that can be accessed anonymously -
-------> Network access: Remotely accessible registry paths -
-------> Network access: Shares that can be accessed anonymously -
-------> Network access: Sharing and security model for local accounts - Classic local users authenticate as themselves
-------> Network security: Do not store LAN Manager hash value on next password change - Enabled
-------> Network security: Force logoff when logon hours expire - Disabled
-------> Network security: LAN Manager authentication level - Send NTLMv2 response only\refuse LM & NTLM
-------> Network security: LDAP client signing requirements - Require signing
-------> Network security: Minimum session security for NTLM SSP based (including secure RPC) clients - Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
-------> Network security: Minimum session security for NTLM SSP based (including secure RPC) servers - Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
-------> Recovery console: Allow automatic administrative logon - Disabled
-------> Recovery console: Allow floppy copy and access to all drives and all folders - Disabled
-------> Shutdown: Allow system to be shut down without having to log on - Disabled
-------> Shutdown: Clear virtual memory pagefile - Enabled
-------> System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing - Enabled
-------> System objects: Default owner for objects created by members of the Administrators group - Object creator
-------> System objects: Require case insensitivity for non-Windows subsystems - Enabled
-------> System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) - Enabled

Secure various other settings
-> Control Panel
--> Appearance and Themes
---> Display
----> Screen Saver
-----> Set to: Blank
-----> Set to: Wait 15 minutes
-----> Enable: On resume, password protect
---> Folder options
----> View
-----> Make sure the following are enabled:
+ Display the content of system folders
+ Display full address in address bar
+ Show hidden files and folders
+ Show encrypted and compressed NTFS files in color
-----> Make sure the following are NOT enabled:
+ Automatically search for network folders and printers
+ Hide extension of known file types
+ Hide protected operating system files
+ Restore previous folder windows at logon
+ Use simple sharing
--> Performance and maintenance
---> System properties
----> Advanced
-----> Performance - Settings
------> Advanced
-------> Virtual memory
--------> If you have plenty or RAM (lets say 512MB or more), you can disable Windows Swapfile. This will increase performance and security, since no sensitive data can be written on the hdd (swapfile) in any situation. If you dont have that much RAM, in theory it is good idea to have fixed size swap file, lets say 256 or 512MB.
---------> Select each partition and "No paging file" (or set it as fixed on one partition if you dont have 512MB or more RAM)
-----> Startup and recovery - Settings
------> System failure
-------> Unselect all
-------> Write debugging information
--------> None
-----> Error reporting
------> Select: Disable error reporting, but notify me when critical errors occur
----> Automatic Updates
-----> Enable: Keep my computer up to date
-----> Select: Download the updates automatically and notify me when they are ready to be installed
----> Remote
-----> Unselect: Remote Assistance
-----> Uselect: Remote Desktop
---> Power Options
----> Hibernate
-----> Disable: Enable Hibernation

-> Run: mmc.exe
--> File
---> Add/Remove snap-in
----> Add
-----> Select: Group policy
------> Finish/Close/OK
--> Local Computer Policy
---> Computer configuration
----> Administrative Templates
-----> Windows Components
------> Netmeeting
-------> Disable remote desktop sharing - Enabled
-----> System
------> User profiles
-------> Only allow local user profiles - Enabled
------> Remote assistance
-------> Solicited remote assistance - Disabled
-------> Offer remote assistance - Disabled
------> Turn off autoplay - Enabled (all drives)
------> Network
-------> Offline Files
--------> Allow or disallow use of the Offline Files feature - Disabled
-> Notice that you can use this group policy tool to restric users from altering all kinds of settings in your computer. For example, you could set up Internet Explorer settings very secure (and prevent downloading of files), and then prevent users from altering those settings. This is excellent tool when you learn to use it properly.

Adjust event viewer settings
-> Control Panel
--> Performance and maintenance
---> Administrative tools
----> Event viewer
-----> Right click: Application
------> Properties
-------> Maximum log size: 10048
-------> Select: OVerwrite events as needed
-----> Right click: Security
------> Properties
-------> Maximum log size: 10048
--------> Select: Overwrite events as needed
-----> Right click: System
------> Properties
-------> Maximum log size: 10048
--------> Select: Overwrite events as needed

Secure file and folder permissions
-> My Computer
--> Right click on your mouse to C:\
---> Properties
----> General
-----> Disable: Allow indexing service to index this disk for fast file searching
----> Security
-----> Add
------> Type: Authenticated Users
-------> Press enter
-----> Select: Authenticated Users
------> Allow: Read & Execute, List folder content, Read
-----> Advanced
------> Unselect: Inherent from parent permission entries...
-------> Copy
------> Remove all other users except: Administrator, System and Authenticated Users
-------> Select: Replace permissions entries...
--------> OK
---------> Yes
--> Go to C:\documents and settings\
---> Right click on your mouse to Administrator folder
----> Properties
-----> Security
------> Advanced
-------> Unselect: Inherent from parent permission entries...
--------> Copy
---------> Remove: Authenticated Users
----------> Select: Replace permission entries...
-----------> OK
------------> Yes
---> Right click on your mouse to, one at the time, all other user folders (like "mom", "userX", etc.)
----> Properties
-----> Security
------> Advanced
-------> Unselect: Inherent parent permission entries
--------> Copy
--------> Remove: Authenticated users
---------> Add that users name (like "mom", "userX", etc.) who's folders these are. This will prevent all other users except admins from getting into their folders.
----------> Allow: Full Control
---------> Select: Replace permission entries...
----------> OK
-----------> Yes
--> Go to C:\windows (or if your Windows is installed onto some other directory, then go there)
---> Select "temp" folder
----> Properties
-----> Security
------> Select: Authenticated Users
-------> Allow: Full Control
--> You can also set permissions like this in other partitions and folders. Please be adviced, that if you store something like games in somewhere, users who need to play those games need to have, usually, full control on those folders so that they can save games etc. Same goes if you store other files in those partitions, like music, documents etc. that other people want to not only access, but also save and edit. Then you should give "Authenticated Users" full permissions on those folders. The main thing is, that your personal folders (C:\documents and settings\userX\) are safe from other peoples tampering and so are important system folders (C:\windows\).

-> To encrypt (EFS) the content of directories and prevent all other users (including administrators) from reading the content of files inside (only in XP pro version) the directory (notice: they can still see the file names and alter folder settings)
-> Only use this for YOUR personal directories (like to folders where you keep personal documents etc.), do not use on system, program, etc. directories!
--> Right click on your mouse to the directory you wish to encrypt
---> Properties
----> General
-----> Advanced
------> Enable: Encrypt the contents to secure data (notice: If you are logged in as administrator, this will encrypt the data for administrator account only. To encrypt data for your USER account, please secure you WindowsXP installation, login as user and then start encrypting your folders)

(Optionally) Export your EFS certificate
-> Make sure you have encrypted some directory with the user that you wish to export the EFS certificate from (otherwise you dont have EFS certificate which to export)
-> Run: MMC
--> File
---> Add/Remove Snap-in
----> Add
-----> Select: Certificates
------> Add
-------> Select: My user account
--------> Finish/close/OK
--> Certificates - Current User
---> Personal
----> Certificates
-----> Select your certificate from the right window
------> Right click with your mouse
-------> All tasks - Export
--------> Next
---------> Select: Yes, export the private
----------> Next
-----------> Write a passphrase to protect the certificate and remember it!
------------> Choose where and under what name to export it
-------------> Next, etc. etc.

Reboot your computer
-> If/When "Welcome" screen appears
--> Press ctrl+alt+del (couple times in row perhaps)
---> Login as (WHATEVER NAME YOU RENAMED THE ADMINISTRATOR ACCOUNT AS) and with administrator passphrase

Now you can physically connect to internet!
-> Plug in the network cable etc.
--> Set whatever settings needed to make it possible for you to connect to internet.

Update Windows
-> Go to http://windowsupdate.microsoft.com
--> Download ALL updates available
---> Reboot when asked to administrator account again
----> Return to this site to download more and more and more patches
-----> Continue to download/install patches, rebooting and returning to this page until you have downloaded ALL patches and cannot download any more patches.
-> Remember to come back to see new patches hopefully every week but atleast once a month! We have set automatic Windowsupdate, but I STILL insist that you recheck for ANY new updates every once and while. Just to be sure. Updating your Windows, Windows Media Player, Internet Explorer, Outlook Express etc. is REALLY THAT IMPORTANT!

And finally...
-> Go throught this list AGAIN, since so might have missed something, or some updates/patches might have changed some settings, for example downloading Windows Messenger update automatically changes your ICF setting (!!!), opening few ports on your system!
-> When you are done installing, updating and securing your Windows XP, login as USER with the passphrase you resetted it to previously. Only use ADMINISTRATOR account/permissions when you REALLY need to install/update/modify some settings. Logging in as administrator permissions is severe security risk and it should be avoided at all costs.
--> Remember to change the password in all new account when you login for the first time. By default, new accounts have NO password set. Press Ctrl+Alt+Del and Change Password to change your password.

Regards....

TheSolutionProvider

for all those people who want to enjoy windows environment but still want to install linux.... U can use VMWARE.....

first of all thanks to my Best Friend Jagtesh singh Chadda (Jaggu) who enlightened me on this topic...

VMWare runs Windows inside Linux, and it works ...very well too


If you switch to Linux and get rid of Windows, your computer will run without crashing and will be immune to all the problems that plague Windows. But let's be real. You'll have another set of problems to deal with.

You won't be able to run any of your Windows software. You won't be able to run Microsoft Money or Quicken. You won't be able to run Microsoft Word or Excel, or any of the thousands of other good Windows programs.

You'll have a lot of good Linux software to choose from, but sometimes there is no substitute for the stuff you're used to.

An easy way around this is to create a dual-boot PC. When you install most modern versions of Linux, you can set aside space on your hard drive for Linux while keeping everything the way it is for Windows. When your PC boots up, you can choose one or the other. That way, you can reboot when running Linux and come up running Windows. This is ideal for anyone who plays a lot of Windows games, because Windows is a wonderful operating system for games.

But a dual-boot PC won't let you run Windows programs while you're running Linux. To do that, you need VMWare.

VMWare, from a California company with the same name, lets you run the entire Windows operating system inside a window on your Linux PC. While your PC is running Linux, you can click over to your Windows desktop and work in Excel or check your finances with Microsoft Money. You can run Outlook Express or Family Tree Maker or any other Windows program. You can do this while continuing to run all your Linux software, too. Windows becomes just another program in Linux.

After running VMWare for many weeks on my main Linux PC, I'm convinced it's about as close as you can come to a miracle this side of Heaven. It ran every normal Windows program I installed -- I didn't try any major games, but I ran all my standard software -- and VMWare hardly slowed down my Linux PC at all.

You'd probably think I'm exaggerating when I describe what VMWare does, so let me give you a short list.

VMWare:

-- Can run many copies of Windows on one PC, all while Linux is doing its normal functions, without requiring a reboot. In other words, you could have Windows 98 and Windows 2000 running separately from each other in your Linux PC.

-- Keeps the Windows operating system and all Windows programs isolated from Linux. A crash in Windows has no effect on your PC.

-- Connects the Linux and Windows operating systems to each other by a virtual network within the PC. No networking card is needed.

-- Allows quick cut-and-paste operations between Windows and Linux.
VMWare costs $100 for individuals or $300 for businesses. You can download a free trial copy or find out more about VMWare from the company's Web site at http://vmware.com/ . The company also sells a version of VMWare that uses Windows NT or Windows 2000 as the host operating system, but I didn't try that version. (Because Windows is less stable than Linux and because Linux is free, I can't recommend the NT version of VMWare. If you want to run VMWare, install Linux first.)

VMWare works by creating one or more virtual machines (VMs) inside the Linux operating system. A virtual machine is something that acts just like a real thing -- in this case, a PC -- while not existing at all except as a software program. In VMWare, each virtual machine acts like a totally separate computer. These virtual machines can run any version of Windows -- from Windows 3.1 to Windows 2000 -- and they can also run other PC operating systems such as Linux or the PC version of Sun's Solaris.

VMWare could be described as a PC emulator or Windows emulator, but that's not what it is. PC emulators do all their work in software, but VMWare takes advantage of a function of the Intel computer-chip design that allows the creation of a virtual machine within the processor. The virtual computer VMWare creates uses the PC's peripherals and hardware directly, just as a normal PC would. Because of the advanced multitasking of Linux, VMWare is able to make Windows run smoothly without slowing down anything on the Linux side.

Your PC needs a lot of memory -- 128 megs is the minimum for normal operation, although 96 megabytes would be OK if you can't add more at the moment -- and it needs a fast processor. My experience running VMWare on my cousins 450 MHZ Pentium II showed that you need all the speed you can get. His processor actually runs at 464 MHZ (I turned up the speed slightly), but this didn't help boost VMWare much.

My guess is that a 500 MHZ Pentium III PC would give a virtual PC speed of 100 MHZ to 133 MHZ. If this seems to be a big loss in speed, keep in mind that all other operations on the Linux PC are unaffected. I saw no perceptible loss in the speed of most other operations in Linux when Windows 98 was running in VMWare.

...so give it a try

regards...
thesolutionprovider

Click here to join my group TheSolutionProvider on yahoo network
Click to join TheSolutionProvider




The basics
Grid computing is a form of distributed computing that involves coordinating and sharing computing, application, data, storage, or network resources across dynamic and geographically dispersed organizations. Grid technologies promise to change the way organizations tackle complex computational problems. However, the vision of large scale resource sharing is not yet a reality in many areas — Grid computing is an evolving area of computing, where standards and technology are still being developed to enable this new paradigm.



Why is it important?
Time and Money. Organizations that depend on access to computational power to advance their business objectives often sacrifice or scale back new projects, design ideas, or innovations due to sheer lack of computational bandwidth. Project demands simply outstrip computational power, even if an organization has significant investments in dedicated computing resources.

Even given the potential financial rewards from additional computational access, many enterprises struggle to balance the need for additional computing resources with the need to control costs. Upgrading and purchasing new hardware is a costly proposition, and with the rate of technology obsolescence, it is eventually a losing one. By better utilizing and distributing existing compute resources, Grid computing will help alleviate this problem.


The benefits of building an enterprise grid with Grid MP platform include:

Lower Computing Costs
On a price-to-performance basis, the Grid MP platform gets more work done with less administration and budget than dedicated hardware solutions. Depending on the size of your network, the price-for-performance ratio for computing power can literally improve by an order of magnitude.

Faster Project Results
The extra power generated by the Grid MP platform can directly impact an organization's ability to win in the marketplace by shortening product development cycles and accelerating research and development processes.

Better Product Results
Increased, affordable computing power means not having to ignore promising avenues or solutions because of a limited budget or schedule. The power created by the Grid MP platform can help to ensure a higher quality product by allowing higher-resolution testing and results, and can permit an organization to test more extensively prior to product release.

The Anna Kournikova e-mail worm that whacked networks this week was not the work of a skilled cracker. It was created using one of the many virus-generating kits that are easily available on the Internet.

The kits, which have names like Satanic Brain Virus Tools 1.0, Instant Virus Production Kit, and Ye Olde Funky Virus Generator, make writing a virus a straightforward and uncomplicated task.

If you can install a program on a computer, you can also -- using one of these kits -- write and release a virus just like the authors of Cartman, Poppy and Kenny did.

Anna was created by a 20-year-old Dutch man who calls himself "OnTheFly" using the VBS Worm Generator, an application credited to a cracker known as [K]alamar, who is believed to be based in Buenos Aires.


[K]alamar's VBS Worm Generator 1.5 includes a well-written readme file, and an easy-to-understand point-and-click interface.

"A 10-year-old could use [K]alamar's VBS Worm Generator 1.5 to create a worm," said Ken Dunham, a senior analyst with SecurityPortal.

Sporting a polished interface with pop-up windows and handy help files that walk you right through the process, the VBS Worm Generator first asks you to name your virus and designate an author.

The writer of the Anna worm called it OnTheFly, the name he also used as its author.

In the program, the user is then asked to choose a method to spread the virus, either as an e-mail attachment or via Internet relay chat. Either way, the virus is spread via an attachment that is affixed to an e-mail or a file.

OnTheFly opted to transmit Anna by e-mail.

Then comes the fun part. The toolkit asks the user to choose up to four actions, known as payloads, which determine how the virus will affect the computers that it infects.

There are a variety of payloads: flashing sarcastic text messages to the infected machine's user, forcing the computer to connect to any designated website or making the worm crash the infected computer.

OnTheFly chose the least offensive action: Anna was coded to connect to a Dutch computer shop's website next January. OnTheFly stated in an e-mail that he assumed Anna would not be active by next year.

The Anna Kournikova worm is contained in a Visual Basic script (VBS) attachment. When the attachment is clicked, the worm sends itself via e-mail to all addresses found in a user's Outlook address book. The virus also uses encryption to hide itself, a feature included in the kit, which makes it harder for antiviral software to detect it.

"These virus kits are bad juju. People who wouldn't normally dream of releasing a virus are too tempted by the ease of writing and releasing crap with those kits," a cracker named Taltos wrote in an e-mail.

OnTheFly has admitted to being tempted, and has since expressed deep remorse for writing the Anna Kournikova worm.

"And there are going to be more and more of these viruses released, mark my words. Maybe OnTheFly did people a favor by releasing his harmless virus," Taltos said. "Maybe people will wise up and stop clicking on everything that lands in their e-mail boxes before some kiddie unleashes something that's really destructive."

Jesper Johansson, professor of computer science at Boston University, agrees with Taltos. He does not think other virus writers will be deterred by OnTheFly's legal problems.

"Criminals never think they will get caught. I think we will see a lot of 'kit' viruses," said Johansson, adding he has no respect for virus kit users.

"Do I think they are elite? No, I don't. I think they are petty criminals."
"Do they know a lot about the systems they are breaking? No. Do they have a specific objective, such as breaking into System X? No, not usually. These are simple vandals, who basically get their kicks from destroying things for other people. That does not make them elite, nor does it prove how knowledgeable they are, other than in a very narrow circle of like-minded deviants."

Virus creation kits are not new. The Mutation Engine (MtE), Virus Creation Laboratory (VCL), and Phalcon/Skism Mass-Produced Code Generator were developed in the early 1990s, Dunham said.

Richard Smith of the Privacy Foundation, said there are at least 100 virus-writing kits available on the Internet. He believes that creating viruses via kits may replacing childish stunts like prank phone calls -- but are much more insidious.

Smith, who was instrumental in tracking down the authors of both the Melissa and the ILOVEYOU worms, likened the wide availability of virus-creation kits to "giving a loaded gun to a kid."

"The main reason kids and young adults don't release more viruses is that most people know it is wrong and they don't want to go to jail," Smith said. "I think the rather heavy sentences handed out to virus writers and hackers are acting as a deterrent."

Smith believes that e-mail program vendors must also take responsibility, and should put a lock on their products.

"We need to get all the e-mail vendors (Microsoft, Netscape, Lotus, Qualcomm, etc.) to fix this problem of e-mail viruses. Dangerous file attachments such as script files and .exe files should automatically be thrown away," Smith said.

Microsoft has already made the change in Outlook with its e-mail security patch. "But I think Microsoft needs a similar patch for Outlook Express and Hotmail," Smith said. "And other vendors need to follow Microsoft's lead here."

Both Smith and Dunham said that the creators of the kits do have some cracking skills.

"If you're creating a virus-creation utility, you have to know more than the average bear," Dunham said.

But Dunham added that while viruses can easily be created with such tools, distributing them without getting into legal trouble is an entirely different manner.

Dunham said that many users might play with virus kits and only share creations with friends. But only a select few go a bit further and attempt to distribute new viruses on the Internet.

"It takes more knowledge, time and motivation to learn how to conceal your identity as well as being able to create new viruses that are different enough to not be picked up by current antiviral programs on the market," Dunham said.

Dunham also said that OnTheFly demonstrated a great grasp of psychology when he dubbed his worm after the sexy tennis star.

"Imagine if that attachment had been named after someone else. Would that have made a difference? What if Anna had been called SeanConnery.jpg.vbs? You might get only 40 percent of Anna's share on the market with that one."

Dunham thinks that an ElvisPresleyLives.jpg.vbs could be really successful, but believes that something like ExplicitHotPorn.jpg.vbs would have the greatest potential.

"It has everything the average employee is looking for when reading e-mail," Dunham said. "Attachments such as TasksToComplete.jpg.vbs would not be popular."

we have seen all kinds of viruses!!


we have seen all kinds of viruses!!
but the worst one's are those which you get when you have them
in your belongings..be it your body or your machine.
but wer'e here to talk only about the viruses that exist on the machine.

let me start of with a brief intoduction about viruses and then let me move you to methods of detection and fianlly i will also suggest you some of the best ANTI-Virus solution available in the market.

so let's begin with the very basic defintion



First, what is a virus?

A virus is simply a computer program that is intentionally written to attach itself to other programs or disk boot sectors and replicate whenever those programs are executed or those infected disks are accessed. Viruses, as purely replicating entities, will not harm your system as long as they are coded properly. Any system damage resulting from a purely replicating virus happens because of bugs in the code that conflict with the system's configuration. In other words, a well-written virus that only contains code to infect programs will not damage your system. Your programs will contain the virus, but no other harm is done. The real damage--the erasing of files, the formatting of hard drives, the scrambling of partition tables, etc.--is caused by intentional destructive code contained within the virus. Generally, the destructive part of a virus is programmed to execute when certain conditions are met, usually a certain date, day, time, or number of infections. An example is the now infamous Michelangelo virus. This virus can run rampant on your computer for months and you won't notice that anything is wrong. That is because even though your hard disk's master boot record is infected with the virus, the destructive code has not yet been executed. The virus is programmed to trigger its destructive code on March 6, Michelangelo's birthday. Therefore, if Michelangelo contained no destructive code, nothing bad would happen to your computer even though it was infected with a virus.


An important thing to remember is that not all virus attacks produce catastrophic results. For example, one of the most common viruses in the world is called Form. I got Form from a floppy disk given to me by a friend who didn't know he had the virus. In fact, I didn't know I had it either until I received a call from a company to whom I mailed my resume using that floppy disk. They called me, not to tell me that I got the job, of course, but rather that my computer had the Form virus. How embarrassing! Apparently, Form had been on my computer for a long time, but its effects were so slight that I never noticed it. The only peculiarity I encountered was a clicking sound that emitted from my PC speaker every time I pressed a key, but this only happened for one day. Later, I learned that Form is programmed to trigger this action on the 18th of every month. Other than that, it doesn't contain any destructive code.

The only other time my system actually became infected was considerably more serious. It happened only a few months ago on the job. I was scanning a large stack of diskettes for viruses when I was distracted by a phone call. After completing the lengthy call I turned my computer off and took a short break. When I returned I booted my computer, forgetting that I had left a diskette in the A drive. I discovered my error when the floppy drive began to spin. At that point I also noticed that the disk was being accessed far too much for a non-system disk. Upon rebooting from the hard drive, I quickly realized my mistake. A virus called Junkie was all over my hard drive. It had infected command.com, as well as my screen reading software and all associated drivers. The Junkie virus was alive in the boot sector of the diskette that I inadvertently left in the drive, and it ran wild when I accidentally tried to boot from it. Junkie is a perfect example of a virus that, if written properly, would not have damaged my system. It contains no destructive code. It simply replicates by infecting .com files. However, not all .com files are structurally accurate. Without getting too technical, .com files are raw binary data read by your computer, and .exe files need to be interpreted first. There are some files, particularly ones used by memory management software, that have .com extensions, but that are actually written more like .exe files. When Junkie infects one of these types of files, it becomes corrupted because it is essentially an .exe file, but Junkie has appended .com-like instructions to it; similar to repairing a can opener with parts from a toaster.

After the near heart attack I had during my battle with the Junkie virus, I began to study the phenomenon very seriously, and since then, though I have run into many viruses on the job, none of them has infected my computer. This is because I now have an effective antivirus strategy in place.

What Is A Macro Virus?



The most common viruses that infect computers today--viruses such as Concept, Nuclear, Showoff, Adam, Wazzu, and Laroux--are macro viruses. They replicate by a completely different method than conventional viruses. We said earlier that a virus is a small computer program that needs to be executed by either running it or having it load from the boot sector of a disk. These types of viruses can spread through any program that they attach themselves to. Macro viruses can not attach themselves to just any program. Rather, each one can only spread through one specific program. The two most common types of macro viruses are Microsoft Word and Microsoft Excel viruses. These two programs are equipped with sophisticated macro languages so that many tasks can be automated with little or no input from the user. Virus writers quickly realized that it would be possible to construct self-replicating macros using these languages. The reason why this is possible is because Word documents and Excel spreadsheets can contain auto open macros. This means that when you open a Word Document in Word or an Excel spreadsheet in Excel any auto open macros contained within the document will execute automatically and you won't even know it's happening. In addition to auto open macros, both of these programs make use of a global macro template, which means that any macros stored in this global file will automatically execute whenever something is opened in that program. Macro viruses exploit these two aspects to enable themselves to replicate.

Here's how it works... You open an infected document in Microsoft Word. (Remember, Word documents can contain auto open macros). These macros, which in this example, contain a virus, execute when the document is opened and copy themselves into the global template that Word uses to store global macros. Now, since the infected macros are now part of your global template file they will automatically execute and copy themselves into other word documents whenever you open any document in Microsoft Word. Excel macro viruses work in relatively the same way. Because Word documents and Excel spreadsheets contain auto open macros it is important to think of them as computer programs in a sense. In other words, when you open Word documents in Word, or excel spreadsheets in Excel, you could be executing harmful code that is built right into the objects you're opening. They should be checked thoroughly for viruses before you open them in their respective programs. It is important to have an effective anti-virus strategy in place to prevent infection by these and all other kinds of viruses.

How to avoid viruses...?



Anyone who does a lot of downloading, like me or accesses diskettes from the outside world on a regular basis should develop an antivirus strategy. The most important weapon in your antivirus arsenal is a clean, write-protected bootable system diskette. Booting from a clean write-protected diskette is the only way to start up your system without any viruses in memory. No virus scanner/cleaner of any quality will run if there is a virus in memory because more programs can be infected by the virus as the scanner opens the files to check them. This diskette should also contain a record of your hard disk's master boot record, partition table, and your computer's CMOS data. Most antivirus packages contain utilities that can store this information for you. Lastly, this diskette should contain your favorite scanning/cleaning software because a virus may have infected this program on your hard drive. Running it from a clean diskette will ensure that you're not spreading the virus further.

A second effective defense against viruses is a clean backup of your hard drive. Many antivirus packages will attempt to disinfect infected programs for you so that the virus is no longer in your system. However, there are times when removing the harmful code from programs or from the master boot record does not solve the problem completely. Some programs may not run properly because their code has been altered, or your system may not boot properly because of the alterations made to the master boot record. In addition, there are some viruses, Midnight for example, that encrypt or scramble the data files associated with a program which are then descrambled by the virus when the program is executed. If you remove the virus from the program the data is still scrambled and the virus is not there anymore to descramble it. A good reliable backup ensures that all of these problems are solved and everything is back to normal.

The third part of your antivirus strategy should be antivirus software, preferably more than one package since no one product can do everything. There are many products out there to help you guard against viruses. Since other people have gone to great lengths to review these products I am not going to go into detail about them. I will briefly talk about which programs I use to give you an example of how antivirus software can be used, but please remember that these are only my opinions and should not be considered advertisements for other companies...

some terms you must know

MBR: Master Boot Record


The master boot record is, in a sense, a small program that is automatically executed when the computer is booted. It resides in the hard drive's master boot sector which is located at the very beginning of the drive. The main function of the code contained within the MBR is to give the operating system valuable information about how the hard drive is organized. Since the MBR is accessed so early on in the boot process, it is an excellent target for viral infection. A boot sector virus will overwrite the MBR's code with its own code so that it is executed first. The virus will generally copy the actual MBR to another place on the hard drive and give control back to it after the virus gets a chance to execute.

Partition Table The partition table is a small storehouse of information that tells the operating system where to look for its specific boot code. It is located in the master boot sector and is read by the master boot record at bootup. Thus, if you had both DOS and Linux installed on your hard drive, the partition table would contain the information pointing to the boot code of each of these operating systems. This information is often either moved, or encrypted by boot sector viruses.

CMOS The CMOS, complimentary Metal Oxide Semiconductor, is a small segment of internal memory which contains vital information about your entire computer: its number of drives, their size, amount of RAM, etc. Without the information contained in the CMOS your computer would be virtually useless. At the present time, only a handful of viruses, most notably exebug, will target the CMOS.

.com file A .com file is a program that ends with an extension of .com. The vast majority of PC-based viruses are .com programs. There are several reasons for this. The most important reasons are: 1) Since .com programs contain instructions that can be executed by a computer without interpretation they tend to operate faster. 2) .com programs are much more compact than their .exe counterparts so they are easier to hide. 3) In DOS, except for internal commands, .com files will always execute before any other program of the same name with a different extension. For example, if you have three programs called chart.com, chart.exe, and chart.bat in the same directory, typing "chart" will execute chart.com. A special type of virus called a companion virus exploits this situation by searching for a file with an .exe extension and creating a hidden file of the same name with a .com extension containing a virus. Thus, typing a program's name will execute the virus first, (since it has a .com extension), then code contained within the virus will start the actual .exe program.

.exe file A .exe file is the most common type of program in the PC world. Though they are not as compact as .com programs, they provide a great deal of functionality and flexibility in terms of what they can accomplish. Viruses that can infect .exe files generally have a better chance of surviving because there are more places in an .exe file for a virus to hide. All .exe files begin with a header that tells the program how large it is an how much memory it needs to allocate. After the header there is a blank space, usually about 512 bytes long, that contains nothing but blank characters. This space is a perfect place for a virus to hide itself. Since the virus is simply filling a blank space in the file, the size of the infected file does not change, making the infection much more inconspicuous.

TSR TSR stands for terminate, but stay resident. A TSR program will remain resident in your computer's memory after it executes. Programs such as memory managers, disk caching software, and device drivers reserve a section of your computer's memory so that they can continue to perform their function for the whole time your system is turned on. Many viruses, (particularly boot sector viruses), will stay resident in memory so they can spread to other disks and programs much faster and more transparently. In addition, once a virus becomes memory-resident it is much harder to detect because it can monitor every action taken by your computer and cover its tracks accordingly.


how anti viruses work??



Anti-virus software typically uses two different techniques to accomplish this: Examining files to look for known viruses by means of a virus dictionary Identifying suspicious behavior from any computer program which might indicate infection Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.

Virus dictionary approach In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.

To be successful in the medium and long term, the virus dictionary approach requires periodic online downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically minded and technically inclined users can send their infected files to the authors of anti-virus software, who then include information about the new viruses in their dictionaries.

Dictionary-based anti-virus software typically examines files when the computer's operating system creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be detected immediately upon receipt. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis.

Although the dictionary approach is considered effective, virus authors have tried to stay a step ahead of such software by writing "polymorphic viruses", which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.

Suspicious behavior approach

The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do.

Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it also sounds a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks "Accept" on every such warning, then the anti-virus software is obviously useless to that user. This problem has especially been made worse over the past 7 years, since many more nonmalicious program designs chose to modify other .exes without regards to this false positive issue. Thus, most modern anti virus software uses this technique less and less.

Other ways to detect viruses

Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus (it immeadeatly tries to find other executables), one could assume that the executable has been infected with a virus. However, this method results in a lot of false positives.

Yet another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, the sandbox is analysed for changes which might indicate a virus. Because of performance issues this type of detection is normally only performed during on-demand scans.


now for some good antiviruses for u other than normal onesItalic text... (FULL VERSIONs)

Sophos Anti-Virus provides best-of-breed anti-virus protection for file servers, desktops and laptops on a wide range of platforms, including Windows, Macintosh, Linux, NetWare and UNIX. It also protects NetApp Storage Systems.

download link -- http://urlsh.com/?WKXY98cC

CA eTrust PestPatrol Anti-Spyware v8.0.0.7 provide powerful protection against spyware, adware and other non-viral threats. These threats are rapidly growing, causing PCs and networks to slow to a crawl, increasing helpdesk calls for IT departments and introducing new and dangerous security and privacy risks that can expose your confidential information. These solutions offer business-grade anti-spyware protection that detect and remove spyware in real time, streamline management and update you on the latest threats, enabling you to surf the Web with confidence.

download link -- http://rapidshare.de/files/27889159/share_id_4_rancord.rar.html

ClamWin is a Free Antivirus for Microsoft Windows 98/Me/2000/XP/2003. It provides a graphical user interface to the Clam AntiVirus engine. It features a command line interface for scanning files, updating the virus definitions, and a daemon for faster scanning needed on high performance systems

download link --http://puzzle.dl.sourceforge.net/sourceforge/clamwin/clamwin-0.88.4-setup.exe

Portable Anti-Virus AIO package...

download link --http://rapidshare.de/files/28253134/Port_Antivir.rar

The Best in AntiVirus 6 in 1

except for the norton which is also present in the package..

download link --http://rapidshare.de/files/10624896/AtV.rar.html password... www.soft-force.com

Avira AntiVir PersonalEdition Premium 7

download link -- http://rapidshare.de/files/28486523/antivirys.rar


Panda Titanium Antivirus keeps your computer safe from attacks from all types of viruses, worms and Trojans. To guarantee your peace of mind, it also incorporates TruPrevent Technologies capable of detecting and blocking unknown viruses that can slip past traditional antivirus products. It includes anti-spyware and anti-dialer software along with firewall technology against hackers

download link --http://rapidshare.de/files/15704939/Panda.Titanium.v5.rar password : www.2baksa.net


this is what all i have provided you people with the details.. any more quiries just post it on the group..

regards.. TheSolutionProvider