Saturday, May 06, 2006

Perils of Windows XP Home

Before getting my laptop, I had worked only on Windows 2000 and XP Professional editions of Windows. With my Sony VAIO they provided me with XP Home edition. I thought that the underlying OS is the same and so things would not be quite different. True, the User Interface is the same as XP Pro.

So I was satisfied with XP Home for 2 or 3 days. Until I had internet connection. With internet connection one needs to be highly conscious of the risks involved nowadays (viruses, malware, spyware etc.). So I downloaded Firefox 1.5 to reduce 50% of the security risks and I don't have MS Outlook installed. So pretty cool. Another 40% of security comes from NTFS file permissions (well in Windows terminology: Access Control).

So I created a limited user account and internet would be used only from that account. To my surprise there was no "Local Users and Groups" snap-in in the windows management console. This was so frustrating because I use this snap-in regularly to create users and modify their groups (and hence their control over the computer). Windows XP Home provides only two types of user accounts: admins and limited ones (actually three types including guest). There is no way to create the intermediate "Power User" whose power actually lies somewhere between that of admins and limited accounts.

Now comes the real weakness of XP Home. After creating a limited account I tried to set permission to the entire C: drive so that only admins and System account would be able to write there. Rest of the user accounts would have only read-only access to C: drive. Again Surprise! The "Security" tab in a file property dialog is missing. Oh! I would just disable "simple file sharing" and "Security" tab would appear (just as in XP Pro). Surprise again! Simple file sharing cannot be disabled in XP Home (it is fundamentally restricted, not that you could do it by manipulating registry directly).

Now Access Controls are a feature of NTFS file system and not of the underlying OS (try having access control on a FAT32 partition). The Microsoft guys disabled this feature in XP Home just to frustrate users like me and force them into an XP Pro upgrade. Real shit man! What's the point of auto updates and XP SP2 when you have disabled the basic security mechanisms?

From my experience under Windows XP Pro I feel that 90% of the security problems can be avoided keeping these in mind:
  • Don't use IE and Outlook (try Firefox/Thunderbird instead).
  • Have proper access permissions on your files (at least secure the C: drive).
  • Download all updates (of utility software as well as OS) and install them on regular basis.
If you follow these instructions you don't even need to have an anti-virus software installed. Rest 10% of the risk can be left at fate (for these 10% of the problems even anti-virus cannot help much).

My XP Home was under attack just within 2 days of internet connection by something called winkve32.dll. Thanks to the tools from SysInternals I got rid of the dll easily. But now I feel very insecure working in XP Home environment, even when working in limited account with Firefox.

My advice to all the readers of my Blog: please do not buy any laptop/desktop with pre-loaded XP Home. Pay the extra bucks needed for XP Pro. Those extra bucks are really worth paying. If you have already got XP Home (like me), consider an upgrade to the Pro version ($200 extra).


Anonymous Anonymous said...

People in open source community would suggest using SELinux or openSolaris 10 for better security.

10:29 PM  

Post a Comment

<< Home