Windows 95
Windows 95
Configuring Cisco Denial of Service Security Features - Part 1
Configuring Cisco Denial of Service Security Features - Part 2
Dysfunctional Controls: Useless, Impractical, Inefficient and Poorly-Designed
In 1995, Microsoft delivered the long-awaited Windows 95. As supposedly it was a new operating system, I anticipated that Microsoft would build security in to the product. Well, it did and it didn't. While, there were some built-in security features provided, they were a far sight from what you might expect from an operating system in 1995. Windows 95 provides:
-
Unified logon prompt to logon once to all networks
-
User-level or share-level security to protect shared resources
-
Password caching in a password list
-
Password list editor to view and delete contents of your password list files.
These things are promising. Unfortunately with the exception of Windows NT, Windows' overall security has not kept up with the value of the data you are storing on your system. All other versions, including Windows 95, have one or more gaping holes that can put you at risk to accidental access or intentional snooping.
Here, then, are some preliminary thoughts on bettering the security of your Windows 95 system by controlling some of the more egregious problems.
-
Create a Startup disk when installing Windows 95. If you didn't create a startup disk when you installed your system, then select the Add/Remove Programs option in the Control Panel, and click on the Startup Disk tab.
-
Download the improved password catching Dynamic Link Library (DLL) from Microsoft and install it.
-
Open the Passwords applet in the Control Panel, click on the User Profiles tab, and then click on "Users can customize their preferences." Use the Windows 95's Policy Editor from the Resource Kit to set logon settings and access privileges differently than the default Windows 95 logon. Each logon can have individual privileges and access to different files. You can severely limit what a default logon can do.
-
Disable network-password caching (saving to the .PWL file) under Windows 95 by using the System Policy Editor.
-
To secure your application passwords, open the Windows folder, search for a file with the password extension of .PWL, and delete the file. When you're prompted to enter new passwords, ensure you have not checked the Save Password box. Saving your password is a sure fire way to ensure that someone will steal your identity when they get onto your PC.
-
Examine your Control Panel TCP/IP properties in the Network applet to make sure you have not checked File and Print Sharing in the Bindings tab dialog.
-
Using Explorer, right-click on each drive you have, and set up passwords for each with the Sharing menu.
-
Avoid share-level security like the plague since it just cannot be done easily and effectively.
-
Should you insist upon using share-level security, protect your directories. You can share a directory and hide it from the Network Neighborhood browsing list by adding a $ to the end of its share name (for example, PUBLIC$).
-
Use the Notepad application to edit the CONTROL.INI file in the Windows directory and remove icons from the Control Panel.
The solutions summarized here are simple; however, the challenge is to discover them. As I said in my last column, it's not difficult to do these things. What is difficult is to discover these solutions in the first place and then strictly apply them.
One place to look for solutions is on the Internet. Start by checking out Microsoft Security Issues. You also might want to try LinkExchange and Windows 95 Help Pages. In addition, try the following Usenet newsgroups: alt.windows.95.beta, alt.windows95, comp.os.ms-windows.apps.compability.win95, comp.os.ms-windows.apps.utilities.win95, comp.os.ms-windows.networking.win95, comp.os.ms-windows.setup.win95, comp.os.ms-windows.win95.misc, and comp.os.ms-windows.win95.setup. Connect to IRC channels #Windows95 and #Win95 if you are so bent. Well there, that should get you started. Oh by the way, if these sources don't solve your problem, check out alt.os.windows.crash.crash.crash!