Installing Windows XP is only the first step to using it. Chad Perrin advises these additional measures to ensure that your XP systems are protected from proliferating security threats.

Some general security tips apply to all operating systems, but each operating system platform provides its own security challenges. The following tips are tailored to Microsoft Windows XP.

Note: This information also appears as an entry in TechRepublic’s IT Security blog and is available as a PDF download.

#1: Disable dangerous features

Microsoft Windows systems come with a number of features enabled by default that do little or nothing for convenience but that introduce significant security risks. Among these are Autorun, the Guest account, and even Automatic Updates — because letting someone in Redmond, WA, decide when changes should be made to your system, when he has no idea what software you’re running and you haven’t tested the updates yet, is a bad idea. Microsoft Windows provides many features that are activated by default and either poorly conceived from a security perspective or, at best, unnecessary for the vast majority of users. Each of these features introduces its own risks, and any that you do not need should be deactivated.

#2: Disable unneeded services

In addition to local operating system features, you should disable unneeded services. Almost exactly one year ago, my article 10 services to turn off in MS Windows XP provided a brief checklist of services to turn off — or to ensure you know why you’re leaving them on, at least. The list is not comprehensive, of course, but it is a good start.

#3: Employ good e-mail security practices

Make use of some basic email security tips to ensure you do not invite the bad guys to read your e-mail, flood you with spam, and take advantage of you through phishing techniques.

#4: Install and maintain malware protection software

Regardless of the reason for it, the fact remains that malware is a significant threat to Microsoft Windows systems, and running that platform without malware protection is irresponsible. Research your options for antivirus and anti-spyware protection carefully, and choose well. Don’t let your malware protection software’s signature databases get out of date because the software protects only against the threats it can recognize. And don’t rely on your choice of antivirus software from six years ago because there’s no such thing as a trusted brand.

#5: Update more than just Microsoft Windows

In the world of Windows, the majority of the software most people run on their computers often comes from third-party vendors without any connection to Microsoft’s own software distribution channels. This means that when you install something like Adobe Photoshop or Mozilla Firefox, you have to track security updates for them separately from the operating system. Just getting your Microsoft updates every month doesn’t always cover it — sometimes some third-party application needs to be updated, too. You need to keep track of what’s installed and whether or not it has received any updates if you want to maintain security for your system, because security goes beyond the core operating system.

#6: Research and test your updates

It’s important to keep your system updated so that security vulnerabilities that receive patches from Microsoft and other software vendors will not remain open to exploit. It’s also important, however, to ensure that you research and test your software updates before applying them to a production system. All too often, users and sysadmins discover that untested updates are a cure worse than the disease. They may break functionality, open additional vulnerabilities in the system, and even occasionally undo the benefits of previously applied updates. Other users may have tested the updates or have simply applied them and run into problems, so researching others’ experiences can help you plan for such issues as they arise. Then, testing them yourself by installing them on a test system before doing so on your production system is the next necessary step to ensure that your system in particular will not develop problems as the result of a bad update.

#7: Investigate alternatives to your default application choices

Should you be using a Web browser other than Internet Explorer, such as Google Chrome, Mozilla Firefox, or Opera? Is the multiprotocol IM client Pidgin with the OTR encryption plug-in a better option for your instant messaging needs — including security — than the native clients for AIM, MSN, Y!M, ICQ, and gTalk? The only way to be sure is to determine your own needs and make an informed decision. Don’t settle for default applications without knowing the consequences of that choice.

#8: Use a quality desktop firewall

Desktop firewalls are in many respects applications like any other, but they deserve special mention for Windows security. Furthermore, even Windows servers are in effect desktop systems, so don’t let the fact that a given computer is a “server” deter you from installing a good “desktop” firewall application on the system if you can spare the CPU cycles and RAM. On an actual end-user desktop system, desktop firewall software is even more important. Relying on the defaults you get when you buy the computer is a good way to get your system compromised without even knowing it. The Windows Firewall provided with Microsoft Windows after Service Pack 2 is certainly better than nothing, but one can almost always do better. Look into alternatives to the Windows Firewall and select the option that best suits your needs.

#9: Research your options before assuming Windows XP is what you need

The same principles that apply to applications may also apply to operating systems. Different OSes can provide different security and functionality benefits. Are you really certain that Windows XP is the operating system you need? Have you investigated other alternatives? What about Windows 2000 or Vista? Have you checked into the possibility of MacOS X, FreeBSD, or Ubuntu Linux for a workstation? What about OpenBSD, OpenSolaris, or OpenVMS for a server?

#10: Protect yourself the same way you would with any other operating system

In last year’s article 10 security tips for all general-purpose OSes, I laid out a list of security tips that apply for good security practice in the use of any general purpose operating system — including Windows.

Step two

Installing Windows XP is only the first step to using it. If you stop there, you’re likely to run afoul of the various security threats roaming the wilds of the Internet. Make sure you configure your system to best protect you against the dangers that lurk around every corner.