-downloads -screenshot -report a bug -request support -request features The settings: -System -Security -Services -Media-Player -Internet Explorer -Mozilla Firefox Software: -Tor SVN Builds contact: cmia[~at~]users.sourceforge.net German Site |
Security settingsClear pagefile at shutdownThe pagefile (pagefile.sys) is virtual RAM of Windows. This file might contain passwords or other unwanted traces. You should consider using this function to clean it at shutdown process. Since the file will be completely overwritten the shutdown will take some time longer (e.g. 10 seconds). Disable DCOM DCOM (Distributed Component Object Model) offers software components the ability to communicate over networks. However this function only seems to be used by Microsoft itself, because the communication over TCP/IP seems better to many developers. If you disable DCOM some applications may not work anymore (I don't know a single one) Disable epmap epmap is Port 135. This seems to be in use by RPC-services. This function decreases RPC functionality what results in heavily improved security! It has been reported that after disabling epmap Outlook won't be able to communicate with an Exchange Server anymore. So if you have such a combination leave it enabled. Disable Storage of Credentials and .NET Passwords Windows XP offers the ability to integrate a .NET Passport account into the Windows user account. If you don't want usernames and passwords of those to be saved disable it here. Disable LMHash The LM hash (LAN Manager hash) is a hash of your user account password that is just implemented for backwards compatibility reasons for old versions of Windows. Compared to the NT-hash it can be really easily cracked. So if you're not on a network with Windows 95/98 computers you should disable it. Afterwards you will have to reboot your computer and change your password! - CAREFUL: The LM hash is needed for authentication on networks with Windows 95/98 computers! Disable Microsoft data interrogation (RegDone) Before using Windows Update the first time the Windows copy is being \"registered\". But you can fake a registered system using this function. (which would be set by Microsoft after registration) Disable NetBIOS over TCP/IP Here you can disable NetBIOS over TCP/IP for all network interfaces. This will close the following three ports: netbios-ssn, netbios-dgm, netbios-ns. This option requires a reboot of your computer. Disable Null Sessions If Null-Sessions are active any Internet user can connect to your computer through IPC$ and gather much information. I recommend to urgently disable this! Disable Recycle Bin This function doesn't delete the trash-bin at all, but it prevents that deleted data can be restored out of it. Please note that Windows doesn't really delete the files and they can be restored so consider using some secure file erasing tool! Disable Remote Desktop The Remote Desktop allows e.g. support teams to gain full control over your system. They then can see your screen and lock your mouse+keyboard and use their own to control your computer. This feature makes sense but could easily be abused so only enable it when you need it! Set read-only for the hosts file The hosts file (located in "C:\%WinDir%\system32\drivers\etc\hosts") is used by many malicious programs to redirect websites to advertisement servers. You won't notice that but it could also be used to redirect you to a fake website and steal passwords, etc! Disable Server Message Block Server Message Block (SMB) is the name of the protocol which is used by Windows for network shares. If you are not on a network you should disable this which will close Port 445 (microsoft-ds).\nThis function requires a reboot of Windows. |