E-mail: theorica@gmail.com
All details are available at http://www.theorica.net
DISCLAIMER:
===========
Modifying the registry can cause serious problems that
may require you to reinstall your operating system.
We cannot guarantee that problems resulting from
modifications to the registry can be solved.
Use the information provided at your own risk.
Safe XP v1.5.7.14 Screen shot
ABOUT:
======
Safe XP is a *FREE* software enabling users
to improves their system performance and
makes Windows to run faster, more secure and
more stable!
It is suitable for beginners and experts!
INSTALL:
========
Copy SafeXP.exe (and SafeXp.htm as a Help File optionally) to the
folder that you want.
HOW IT WORKS:
=============
When SafeXP runs, you can
- Disable unnecessary Windows services.
- Prevent Internet attacks.
- Remove Microsoft Windows Messenger (MSN) application completely.
- Disable tracking of your document history.
- Disable Messenger antispam, spyware-like data traffic of System,
Internet Explorer, Media Player, Error Reporting and much more
functions into a single easy to use software.
ADVANTAGES:
===========
- It allows you to take control of your PC.
- Make Windows to run faster and more secure.
- Protect your privacy and strength Internet protection.
- Disable Spyware-like activities of Windows XP (also 2000&ME&98)
Operating System, Media Player, Internet Explorer and Outlook.
- Disable unnecessary Windows services like System updates, error
reporting and much more...
- Prevent Internet attacks, any RPC/DCOM related vulnerabilities
and fix exploits like DSO.
- Disable script-based attacks on Windows Media Player, Internet
Explorer and Outlook.
- Block Windows Messenger (spam) vulnerabilities.
- Restrict the actions of potentially dangerous "HTA" (Hypertext
Application) capabilities in any version of Windows.
- It does not need any DLL or another file(s). It is just a single
"EXE" file: SafeXP.exe
- No installation necessary.
SYSTEM REQUIREMENTS
===================
Thanks to all for the suggestions and comments.
COMPATIBILITY
=============
Safe XP has been successfully tested and developed under Windows 98 and XP.
It also works under all versions of Windows 98, ME, 2000, XP and 2003.
COMMAND LINE
======================
Safe XP allows working with command line parameters now.
It could be helpful if you use SafeXP in any network environment.
Syntax for execution from the command line is as follows:
SafeXP.exe
where
Example:
SafeXP c:\safexp\safexp.dat
This will start Safe XP in minimized (invisible mode), load values from
c:\safexp\safexp.dat. Then it will apply values into the running/calling
workstation. After execution program will be closed automatically.
In network (domain) environment, you can copy both SafeXP.exe and
(for instance) SafeXP.dat files to the Netlogon share to load your
predefined Safe XP settings silently to every workstation which is
connected to the network.
The command-line parameter is optional. If no parameter is specified,
the program will start normally.
TECHNICAL INFORMATION:
======================
* Services XP starts a number of background services automatically,
many are unessential and can be disabled or set to start manually
to improve performance and security.
- Disable Error report service
If a program crashes on your machine, Windows generates an error
report, which it wants to send to Microsoft.
- Disable Remote Desktop support
Prevents your machine from having the ability to be remotely
controlled by a system administrator or via the internet.
- Disable Remote Registry service
Disallows remote computers to access and modify the registry on the
local computer.
- Disable Windows Update service
Changes Windows automatic updates to manual mode.
Disable Windows Messenger Spam
The Messenger service is normally used to transmit service messages
between clients and servers over the Internet. (It should not
be confused with the Windows Messenger instant messaging program).
Advertisers are now increasingly abusing this service by sending
messages to large blocks of random IP addresses via the Internet.
- Disable UPNP/SSDP service
UPnP is a set of communications protocol standards that allow
networked TCP/IP devices to announce their presence to all other
devices on the network and to then inter-operate in a flexible and
pre-defined fashion.
There are currently limited UnPnP devices available and due to a
recent security flaw it's advisable to disable this service. This also
allows you to disable Universal Plug and Play Network Address Translation
discovery which uses the Simple Service Discovery Protocol (SSDP) to
reduce bandwidth and increase security.
- Disable DCOM
Distributed Component Object Model, or DCOM, provides a method for
distributed network applications to communicate with one another.
This setting allow you to disable support for DCOM.
- Disable Internet time synchronize
The system automatically synchronizes it's time with a timeserver at
Microsoft.
- Disable POSIX subsystem
Windows 2000 and XP still come with the POSIX subsystem which allows
the use of Unix commands against your system.
- Disable Help service
Disables Help and Support service to gain much more system resource.
* Miscellaneous
- Clear Pagefile at Shutdown.
Windows does not normally clear or recreate the page file. On a
heavily used system this can be both a security threat and performance
drop. Enabling this setting will cause Windows to clear the page file
whenever the system is shutdown.
- Secure Desktop.
Prevent certain software from sniffing and recording I/O on the
desktop; however, the patch can interfere with other software.
- No File sharing.
Disallows other users on a network from sharing your files.
- No Printer sharing
Disallows other users on the network from sharing your printer.
* TCP/IP &NetBIOS
- Restrict Anonymous Guest Access
There is a security flaw in the kernels of Windows NT, 2000 and XP.
They allow anonymous session access, which can reveal dangerous
information about a computer and its SAM (Security Accounts Manager) accounts.
Discovering a SAM with administrative privileges could allow an attacker
to break into the user's account and jack up account privileges to admin level.
- Protect Against SYN Flood Attacks.
Windows includes protection that allows it to detect and adjust when
the system is being targeted with a SYN flood attack (a type of denial of
service attack). When enabled the connection responses time out more quickly
in the event of an attack.
- Prevent Denial of Service Attacks.
Denial of service attacks are network attacks that are aimed at
making a computer or a particular service unavailable to network users.
These settings can be used to increase the ability for Windows to defend
against these attacks when connected directly to the Internet.
- Disable listening on TCP port 445
Disables the raw SMB transport to cause malicious NetBIOS attacks and protect
users from inadvertently exposing files on their computers, and also to block
worms which spread via open file shares.
* Internet Explorer 6
- Disable Automatic Updates
The Internet Explorer automatically connects to MS and checks for
updates by default.
- Disable Scheduled Updates
The Internet Explorer periodically checks for updates (usually once a
month).
- Disable Windows Authentication
Deactivates integrated Windows authentication so the current user can
be identified over the internet.
- Prevent Execution of Risky Commands
Prevents download permission for unsigned ActiveX controls and disables
the vulnerability of mhtml documents. This restriction also removes the file
association for .HTA extension to prevent infection by worms-like-viruses. It is
safe for you if you do not use any HTML applications (HTA-files) at your computer.
- Disable internal Java JIT compiler
Disables Internet Explorer's internal Java Just-In-Time (JIT) compiler.
- Disable Script Debugger
If you run a script in Internet Explorer that results in an error, Internet
Explorer gives you the option to debug the script.
- Disable Watson Debug Log
When Internet Explorer crashes, it asks you if you would like to send
an error report to Microsoft. Doing this may help the Internet Explorer
development team improve stability in future releases, however you can
disable this by checking the tick in the box. Internet Explorer 6.0 only!
* Media Player Windows Media Player has some kind of Spyware features.
But you still have some control over your personal computer.
- Disable Auto Upgrade and User Tracking
Windows Media Player (WMP) will check from time to time if a new
version of WMP is available by connecting to the microsoft.com site.
If you do not want this to happen, mark this option.
- Disable Sending User Identifier
Windows Media Player sends a "serial number" unique to your system
(GUID: global unique identifier) to Microsoft & other content
providers. For enhanced privacy, check (disable) this option.
- Disable Automatic Codec Download
Codecs are what Windows Media Player uses to decode encoded media
files (such as MP3, AVI etc.). If you try to play a file that Windows
Media Player does not have a codec for, enabling this option will allow
it to download one from Microsoft's web site automatically.
Disabling this will make it ask you first.
- Disable Processing of Scripts in Files
Disables Windows Media Player from running embedded HTML script
commands which can contain malicious code and should be disabled.
- Disable Recent files in Media Player
This restriction will disable Windows Media Player from creating
recently used lists.
- Disable Acquire licenses automatically
This restriction will disable Windows Media Player from connecting to
Internet sites for acquiring licenses. You acquired your license when
you bought the CD, you should be able to copy it to your hard disk.
- Disable Auto-update Media Information
This restriction will disable Windows Media Player from connecting to
Internet sites for updating media information.
- MS Office XP Block Linked Images in Documents
As an added security measure you can configure Office XP to block
linked Hypertext Transfer Protocol (HTTP) images that are placed in
documents. This is useful to avoid to ability for documents to be
tracked using hidden images.
- Disable Error Reporting
In the event of a program crash with Microsoft Internet Explorer
version 5 and 6, Office XP and also Windows XP itself, the user has
the option to send debugging information to Microsoft. In theory this
sounds like a smart function which should help Microsoft create more
stable software. However, users sending these reports should be aware
that sensitive or personal information may be sent to Microsoft along
with debugging information.
* Remove from Start Menu
- Recent Documents
This setting can be used to remove the Recent Documents folder from
the Start Menu.
- Favorites
This tweak allows you to remove the Favorites folder from the Start
Menu.
- My Documents
This restriction removes My Documents which is shown under the
Documents folder on the Start Menu.
- My Pictures
This restriction removes My Pictures from the Documents folder on the
Start Menu.
- My Music
This restriction removes My Music from the Documents folder on the
Start Menu.
- Recent Documents History
Normally when you open or access a document or file it is added to
the list of recent documents on the Start Menu. This tweak will stop
files from being added to the list.
- Recent Shares
This restriction stops remote shared folders from being added to
Network Places whenever you open a document in the shared folder.
- Help and Support
This restriction removes the Help feature from the Start Menu.
- Run
Removes the ability to launch commands or processes from the Start
menu by removing the Run option.
* MSN Windows Messenger
- Disable in Outlook and IE
It is used to remove MSN Instant Messenger functionality and
integration from Outlook Express.
- Disable Autostart MSN
Prevent certain software from sniffing and recording I/O on the
desktop; however, the patch can interfere with other software.
- Disable MSN completely
It is used to disable the ability to run the Microsoft MSN Instant
Messenger client.
* Network
- Disable Automatic Hidden Shares
It is possible to control automatically created hidden shares (C$,
D$, E$ and so on) by Windows networking.
- Hide Computer from the Browser List
If you have a secure server or workstation you wish to hide from the
general browser list, then enable this setting.
- Secure DNS cache against pollution
DNS cache pollution can occur if Domain Naming Service (DNS)
"spoofing" has been encountered. The term "spoofing" describes the
sending of non-secure data in response to a DNS query. DNS spoofing can
be used to redirect queries to a rogue DNS server and can be malicious
in nature.
THANKS:
=======
Thanks to all for the suggestions and comments.
BUG REPORT:
===========
Before you e-mail me about possible bug, check my homepage and be
sure you have the newest version of the file.
CONTACT:
========
If you have any questions, suggestions, bug reports or anything else,
feel free to contact me at theorica@gmail.com or visit the web site
below:
http://www.theorica.net
Tidak ada komentar:
Posting Komentar