Windows XP users get rid of hacker attacks (1)

Windows Xp users get rid of hacker attacks

1. Reject malicious code Malicious web pages have become one of the biggest threats to broadband. I used Modem before, because the speed of opening a webpage is slow, and the malicious webpage is closed before it is completely opened, and the possibility of avoiding the trick is avoided. Now that broadband is so fast, it is easy to be attacked by malicious web pages. Generally, malicious web pages are destructive because they are added with malicious code. These malicious code is equivalent to some small programs, as long as the page is opened, it will be run. So to avoid malicious web attacks, just disable the running of these malicious code. Run Internet Explorer, click "Tools/Internet Options/Security/Custom Level", define the security level as "Security Level-High", and set the second and third items in "ActiveX Controls and Plugins" to "Disable". Set the other items to "Prompts" and click "OK". After this setting, when you use IE to browse the web, you can effectively avoid malicious code attacks on malicious web pages.

2. Cancel folder hidden sharing If you use Windows 2000/XP system, right click on C drive or other disk, select share, you will be surprised to find that it has been set to "Share this folder" "And in the "My Network Places" but can't see these contents, what is going on? Originally, by default, Windows 2000/XP will open hidden shares of all partitions, from "Control Panel /Administrative Tools /Under the "Computer Management" window, select "System Tools /Shared Folders /Sharing", you can see that each partition name on the hard disk is followed by a "$". But just type "computer name or IPC$", the system will ask for the username and password, unfortunately, most of the individual user system administrator password is empty, the intruder can easily see the contents of the C drive, this gives the network Safety brings great hidden dangers. How to eliminate the default share? The method is very simple, open the registry editor, go to "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControl\\SetSevices\\Lanman\\workstation\\parameters", create a new double-byte value named "AutoShareWKs" and Set the value to "0" and restart the computer so the sharing is cancelled.

Three, the "back door" of the hacker is banned. As the saying goes, "No wind and no waves", since hackers can enter, it means that the system must have a "back door" open for them, as long as the back door is blocked, so that hackers have nowhere to start. There is no worries! 1. Delete unnecessary protocols For the server and the host, generally only the TCP/IP protocol is sufficient. Right click on "Network Neighborhood", select "Properties", then right click on "Local Area Connection" and select "Properties" to uninstall unnecessary protocols. NETBIOS is the root cause of many security flaws. For hosts that do not need to provide file and print sharing, you can also disable NETBIOS bound to TCP/IP protocol to avoid attacks against NETBIOS. Select "TCP/IP Protocol/Properties/Advanced", enter the "Advanced TCP/IP Settings" dialog box, select the "WINS" tab, check the "Disable NETBIOS on TCP/IP" item, close NETBIOS. 2. Close " File and Print Sharing" File and print sharing should be a very useful feature, but it is also a good security hole for hackers when it is not needed. So in the absence of "file and print sharing", we can turn it off. Right-click on "Network Neighborhood", select "Properties", and then click the "File and Print Sharing" button to remove the hooks from the two check boxes in the "File and Print Sharing" dialog box that pops up. Although "File and Print Sharing" is turned off, it is not guaranteed to be secure, and the registry is also modified to prevent it from changing "File and Print Sharing". Open the registry editor, select the "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NetWork" primary key, and create a new DWORD type key under the primary key. The key name is "NoFileSharingControl" and the key value is set to "1". Indicates that this function is disabled, so that the purpose of changing the "File and Print Sharing" is prohibited; a key value of "0" indicates that this function is allowed. This way, "File and Print Sharing" disappears in the "Network Neighborhood" Properties dialog box. 3. Disable the Guest account There are many intrusions to obtain administrator passwords or permissions through this account. If you don't want to give your computer a toy, it's forbidden. Open the Control Panel, double-click User and Password, click the Advanced tab, and then click the Advanced button to bring up the Local Users and Groups window. Right click on the Guest account, select Properties, and select "Account is disabled" on the "General" page. In addition, changing the name of the Administrator account can prevent hackers from knowing their own administrator account, which will largely guarantee the security of the computer. 4. Prohibit the establishment of an empty connection By default, any user can connect to the server through an empty connection, enumerate the account and guess the password. Therefore, we must prohibit the establishment of an empty connection. There are two methods: The first method is to modify the registry: Open the registry "HKEY_LOCAL_MACHINE\\System\\CurrentControl\\SetControl\\LSA" and change the key value of the DWORD value "Restrict Anonymous" to "1".

4. Hidden IP Addresses Hackers often use some network detection technology to view our host information. The main purpose is to get the IP address of the host in the network. IP address is a very important concept in network security. If an attacker knows your IP address and is ready for his attack, he can launch various attacks on this IP, such as DoS (Denial of Service) attacks. , Floop overflow attacks, etc. The primary method of hiding an IP address is to use a proxy server. Compared with directly connecting to the Internet, the use of a proxy server can protect the IP address of Internet users, thus ensuring Internet security. The principle of the proxy server is to set up a "transit station" between the client (the computer that the user accesses the Internet) and the remote server (such as the user wants to access the remote WWW server). When the client requests the service from the remote server, the proxy server first The user's request is intercepted, and then the proxy server forwards the service request to the remote server, thereby enabling the connection between the client and the remote server. Obviously, after using the proxy server, other users can only detect the IP address of the proxy server instead of the IP address of the user. This achieves the purpose of hiding the user's IP address and ensuring the security of the user's Internet. There are many websites that offer free proxy servers, and you can also find them yourself with tools such as proxy hunters. 5. Turn off unnecessary ports Hackers often scan your computer port during an intrusion. If a port monitor (such as Netwatch) is installed, the monitor will have a warning. If you encounter such an intrusion, you can use the tool software to close the ports that are not used. For example, use "Norton Internet Security" to close the ports 80 and 443 for providing web services, and other ports that are not commonly used can be closed. 6. Change the administrator account The Administrator account has the highest system privileges. Once the account is used, the consequences are unimaginable. One of the common ways to hack is to try to get the password for the Administrator account, so we have to reconfigure the Administrator account. The first is to set a strong and complex password for the Administrator account, then we rename the Administrator account, and then create an Administrator account without administrator privileges to deceive the intruder. In this way, it is difficult for an intruder to figure out which account actually has administrator privileges, which reduces the risk to a certain extent. Seven, to prevent the invasion of the Guest account Guest account is the so-called guest account, it can access the computer, but is restricted. Unfortunately, Guest has also opened the door for hacking! There are many articles on the Internet that describe how to use the Guest user to get administrator privileges, so you should put an end to the system invasion based on the Guest account. Disabling or completely removing the Guest account is the best way, but in some cases where you must use the Guest account, you need to do some other defenses. First, give the Guest a strong password, and then set the Guest account access to the physical path in detail. For example,

Say, if you want to prevent Guest users from accessing the tool folder, you can right click on the folder and select the "Security" tab in the pop-up menu, from which you can see all the folders you can access. user. Just delete all users except the administrator. Or set the permissions for the corresponding users in the permissions, for example, only "list the folder directory" and "read", so it is much safer. Eight, install the necessary security software We should also install and use the necessary anti-blackware in the computer, anti-virus software and firewall are essential. Open them when you are online, so even if a hacker attacks our security, it is guaranteed.

Nine, the Trojan horse program will steal useful information from the embedded computer, so we must also prevent hackers from implanting Trojans. The common methods are: ● Put the file first when you download the file. In the newly created folder, it is detected by anti-virus software, which plays a role in prevention in advance. ● Check whether there are any unknown running items in the “Start” → “Programs” → “Start” or “Start” → “Programs” → “Startup” options. If so, delete them. ● Delete all suspicious programs prefixed with “Run” under HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run in the registry. 10. Don't go back to strangers' emails. Some hackers may pretend to be the names of some regular websites. Then, make a sounding reason to send a letter to the user name and password that you are asked to enter. If you press "OK", you The account number and password entered the hacker's mailbox. So don't just go back to the stranger's mail, even if he says it will be tempting and tempting. XI, do a good job of IE security settings ActiveX controls and Applets have strong features, but there are hidden dangers of being exploited. The malicious code in the web page is often a small program written with these controls, as long as the web page is opened, it will be run. . Therefore, to avoid malicious webpage attacks, only the malicious code is prohibited from running. IE provides a variety of options for this. The specific setup steps are: "Tools" → "Internet Options" → "Security" → "Custom Level". It is recommended that you disable ActiveX controls and related options. There is nothing wrong with being cautious! In addition, in the security settings of IE, we can only set the Internet, local intranet, trusted sites, restricted sites. However, Microsoft hides the security settings of "My Computer" here. By modifying the registry to open this option, we can have more choices when dealing with ActiveX controls and applets, and generate more security for local computers. Great impact. The following is the specific method: open "Run" in the "Start" menu, enter Regedit.exe in the "Run" dialog box that pops up, open the Registry Editor, click on the "+" in front to expand to: HKEY_CURRE -NT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\Zones\\0, find the DWORD value "Flags" in the right window, the default key value is hexadecimal 21 (decimal 33), double-click "Flags", pop up In the dialog box, change its key value to "1" to close the registry editor. You don't need to restart your computer, re-open IE, click the "Tools → Internet Options → Security" tab again, you will see an additional "My Computer" icon, where you can set its security level. Set its security level higher, so that the defense is more strict. Finally, I suggest that you patch your system. Microsoft's endless patches are still very useful!