Securing your PC with a few clicks (english version)
Zeb Protect is a freeware which lets you secure your PC running under Windows, by closing some critical ports sensitive to Web attacks. You could also find some interesting features like deletion of the shares, or deactivation of the default accounts.
Zeb Protect software is aimed at optimising the security of your operating system simply by clicking where specified. It’s made of several options taken from the tutorial Optimiser la sécurité de votre PC(in French). This software only works with the following operating systems : 2000 – XP Home – XP Pro – 2000 server and 2003 server. It’s still a beta version, we strongly recommend to set a system restore point before installing it.
Downloading the software
Zeb Protect is available here (in this page for the french version), only one file is necessary. If you have Windows XP Home also download HomePack.zip so that to get the Security Tab, which can’t be found in this version. Once downloaded, unzip the file HomePack.zip in the same directory as Zebprotect_en.exe, allowing the installation of the Security tab.
Setting up the software
The software opens on the Main tab. In order to get all the options, go to the Tools menu :
Apply modifications : allows you to apply all the modifications you did within one click
Check all : re-checks all the boxes and re-establishes the previous values
NTFS Options : the window « NTFS Options » is made up of 2 parts :
NTFS Options : this option unlocks some options. If your system was formatted using the FAT32 file system, the conversion option to NTFS file system is then available, you only have to click on the button « Apply » to validate the new parameters. You will then be prompted to restart your PC to apply the option.
XP Home Option : this functionality is only available under XP Home operating system, you could install it only if you have downloaded the file HomePack.zip. This feature installs the « security » tab which can’t be naturally found.
Once you have clicked on the Install button, the process will ask you to replace one file : answer YES to get the English version, you will then be asked to restart your system. Once restarted, you could access the Security tab within the properties of any folder/file as well as the software’s Share deletion options.
If your file system is already set to NTFS, the software will recognize it and the option will be greyed out, as well as the security tab option found under XP Home.
The main tab is made up of four parts :
– Quick Help : gives a quick glance at every options once the mouse cursor goes over it.
– Share Deletion : deletes the default shares found under Windows.
– Account deactivation : deactivates the hazardous accounts.
– Closing critical ports : closes the services which « listen » to some specific ports.
The software automatically ckecks if some options have already been enabled by ticking the specific boxes. You can choose your own options by ticking off the relevant boxes. Some of them are only available if the file system is NTFS.
Once you chose your options, go to Apply button, the software will prompt you to restart the system so that to modify the system..
Deleting the single file and folder sharing under XP Pro :
Windows XP added a new feature which by default shares all the files found under the My Documentsfolder, for any user account set on the PC. This option will let you access the Security tab of the files and folders.
When the single file and folder sharing is disabled, any user who wants to access the PC through the network will need a user authentication.
Deleting shared folders under XP :
This options avoids sharing any user’s files and folders found under My Documents.
Deleting administrative shares (C$ and ADMIN$) :
This option disables the default Windows shares which authorises network administrators to access your PC.
Deleting the remote administration share :
Avoids an administrator to remotely connect onto your PC.
Deleting the printers share :
Closes the printer and folder sharing, in fact it hides away your hard drive shares.
Deactivating the guest account :
Impedes any user to get a connection to the PC, using the guest account.
Deactivating the « Help Assistant » account :
Avoids using the Microsoft help assistant account to connect to Internet.
Deactivating the « Anonymous » access :
Forces any user to authenticate on your PC, if they are not registered, they couldn’t access any shares.
Deactivating « Everybody » rights :
Impedes the system to grant anonymous users with the « Everybody » rights, they have to authenticate.
Deactivating the « Registry Remote Access » :
Forbids any remote connection to the registry in order to avoid any user to control your PC.
Closing critical ports
Port 135 :
Make sure to close the other ports prior to closing port 135.
This service allows Remote Procedure Calls to be carried out. Any remote administrative call uses the RPC service. This port is allegedly a port mapper. When a device tries to reach a service on a remote PC (running under Windows), it first connects to this port (135) so that to locate the real port we want to reach. Then it will directly « talk » with the wished port.
Windows suffered from several flaws, and a couple of worms like Blaster used this port so we highly recommend to close it.
This option will forbid any access to port 135 so that to make it unreachable from the remote network (Internet), we could only use it locally in the local loop (127.0.0.1).
Port 123 :
Closes this port and helps the time synchronisation from connecting to Internet servers.
Port 137/138/139 :
137 NetBios Name Service : allows any search of a PC, without any IP address.
138 NetBios Datagram Service : used to broadcast data on the network (only UDP protocol on this port).
139 NetBios Session Service : this is the one used by 2 PCs when they communicate together. For instance if you explore any PC shares, communications will go through port 139 (Printer, Folders). Only TCP protocol on this one.
445 TCP/UDP :
Performs SMB protocol (sharing folders and printers), closing this port helps from sharing printers and folders on the remote connection.
500 UDP :
Internet Security Association and Key Management Protocol : secured authentication by key sharing, opened with lsass.exe. Explanation of the service as it appears in the service manager : « Saves local users’ security data« .
Closes the port used to share databases distributed transactions.
Shedule 1024 TCP :
Closes the port used with planned task manager.
Closes any access to DNS client service.
Closes and deactivates the message service, which normally allows messages to be sent from one PC to another on a local network, it has though been exploited so that to send ads messages through Internet.
1900 SSPD :
Closes the discovery service « Universal Plug and Play » on your local network, it works with port 5000.
Closes the service which allows your PC to be set in server mode by default, so that to automatically discover new devices installed on your local network, it works directly with port 1900.
This software will be enhanced, to be followed…
If you have any questions relating to the software and how to use it, please refer to this section in the forum Support Zeb Protect.
Translation : Laubean