Hi,
I admin a bunch of WinXP systems at work, and this answer is made from
that experience:
Paul wrote:
My question relates to security. I'm pretty confident about Mac
security, but with Windows running within it, I'm interested in what
security precautions to take.
For example, should the Windows firewall be on?
Unless you need to disable it for some specific reason, yes. More layers
of protection rarely hurt.
Do I need to install the regular Windows OS updates.
You absolutely must keep it up to date. E-mail is not the only exploit
vector. For example, the recent WMF security hole could probably attack
you through a Visio file with an embedded WMF image.
Note I don't run any Windows email, so consider anti-virus to be
unnecessary.
That's not entirely true, but you'll probably be fine. I'd recommend
installing and using AVG from grisoft.com anyway. If you're confident
you can avoid getting the system infected, I wouldn't bother letting it
remain resident, instead just run scans occasionally. Mostly though it's
safer to let it run resident ("continuous scanning" essentially).
I have only had to use Explorer once, to access a
trusted site that doesn't support Safari/Firefox - so I also consider
anti-spyware to be unnecessary also.
You're probably OK there. I wouldn't want to use any persistent/resident
spyware scanner (many of which cause more problems than they solve), but
do consider using something like AdAware from lavasoft.de to do scans
every few months.
Note I'm connected to the Internet via ADSL with a NAT router. So
I'll raise the other niggling question - without Virtual PC running,
should the Mac firewall be on or not? I've heard conflicting
positions on whether the NAT router is adequate protection or not.
A NAT router makes it difficult to initiate a connection to your systems
from the outside world. The extremely basic firewalls in Mac OS X and
Windows XP are intended to do much the same thing. Things that can make
it through NAT (e-mail borne nasties, IRC / instant messenger attacks,
browser exploits, etc) will most often also make it through the XP and
Mac OS X firewalls.
That said, unless you specifically need to disable the firewall for some
reason, leave it enabled.
I personally wouldn't let windows near the net without AVG anti-virus
and ZoneAlarm firewall.
I agree with regards to AVG, though if you're a careful and informed
user you can usually get away without running it in resident mode. I
think ZoneAlarm is unncessary for most users with XP SP2, and it can
cause more problems than it solves.
I've had to fix more Windows boxes that broke due to ZoneAlarm
(conflicts, bad upgrades, broken uninstalls, etc) than due to viruses.
I cant emphasise the iffy security of IE enough.
This is especially true right now, where any website can take total
control of your computer through an image. That means that (eg) some web
forums will permit another poster to put up an image that'll control
your computer.
Given what you have said, Windows OS updates should only be necessary
*if* the normal operation of the OS and programs specifically require
it. You can, given enough patience, install just required updates.
Noo! Just turn on automatic updates. It's low fuss (though sometimes
really annoying about bugging you to reboot), works well, and won't
break things.
Also it may improve your mileage if you turn off:
Active desktop
Screen saver
Auto shut-down/sleep
Messenger service
Auto updates
I'd recommend leaving automatic updates enabled.
Off-line files
System recovery
By disabling system restore, you turn off the ability to repair your
system after a bad program/driver install. This can cost you a lot of
time and frustration, since while it's turned off it doesn't collect any
of the information needed to do recovery.
It does have a small but detectable performance impact. Despite that I'd
recommend leaving it on unless you keep backups of your Virtual PC disk
images somewhere, or are willing to risk the possibility of having to
erase and start again.
Menu fading/transition, window animation(?) (plus a few other items on
the same list in Display panel, this is from memory as I don't have
access to XP at this juncture; HOORAY!)
These are important, they cause surprisingly large slowdowns especially
under emulators. Switching the Windows XP theme back to the older
Windows 2000 style also puts a real rocket behind the OS. IIRC you can
do this in the Display control panel, or right click on the desktop
background and chose properties. I'm not 100% sure as I'd have to reboot
to check, and I'm using a real OS right now.
--
Craig Ringer
