I was looking for links to tools that would be helpful, and ran across this book. I thought it might be better to post a bit more info than just the links within the site. While at the site, I tossed a request up to my local library to get a copy. I'll also put it on my "must get" book list. I am not intending that this be an advertisement for the guy's book, but it's getting kinda hard to not do something like that without stretching this country's draconian copyright/IP/linking laws too far out of shape. Apologies to any that feel apologies are due. http://basicsec.org/ http://basicsec.org/intro.html Finally, a complete guide to system hardening, online anonymity, encryption, and data hygiene for Windows and Linux, written in plain language for everyday computer users. The book offers easy-to-follow, yet truly comprehensive, tutorials for protecting your privacy, preventing system attacks, and, most importantly, avoiding difficulties from buggy programs and software laced with hidden functions and secret networking capabilities. Thomas C. Greene serves as Associate Editor of The Register, the leading independent IT news daily, based in London, where he has been an editor and columnist for over six years. From his office in Washington, DC, Tom covers cybercrime, computer and network security, and Washington politics and legislation related to information technology. http://basicsec.org/tools.html A slew of links to useful tools and information. http://basicsec.org/toc.html Table of Contents with a sample chapter http://basicsec.org/update.html [The author] contribute to this page [..] occasionally, whenever there is news that might be of use, or of interest, to readers. Please consult the errata page for blunders and omissions. Contents: Windows XP SP2 Mozilla Firefox Phishing Ximian Evolution for Windows Database Hell A Risky 'Feature' in Mozilla Data Hygiene Problems with Freenet Last updated: 15 May 2005 Windows XP Service Pack 2 (SP2) Many readers have asked if this major security update, released in August of 2004, affects or duplicates any of the system hardening procedures in the book. After testing SP2 thoroughly on clean installs of XP Home and XP Pro, I can say that it has no effect. It represents a significant step toward tightening the underlying Windows code, but, unfortunately, it involves no improvements in Windows' default system configurations. Virtually all of SP2's changes are "under the hood," so to speak, intended to mitigate problems such as stack and buffer overflows and the like. SP2 does not prevent Windows from enabling the same vast collection of unnecessary and often insecure networking services and components by default; it does not address the myriad default configuration blunders and scripting vulnerabilities plauguing Internet Explorer and Outlook Express; it does not address Windows' long-term problems with data hygiene; and, while the native MS packet filter is finally enabled by default, it still lacks a capacity for egress filtering, which renders it as useless for detecting adware and spyware as its predecessor. A third-party packet filter capable of egress filtering is still a basic necessity for all Windows users. Additionally, Windows Indexing Service, DCOM, Client for Microsoft Networks, File and Print Sharing, and the QoS Packet Scheduler are still installed and/or enabled by default. NetBIOS over TCP/IP is enabled, as are Remote Assistance and Remote Registry. Finally, user permissions remain a disaster, as SP2 still encourages the system owner to run their machine from the Administrator account. Sadly, there is not a single hardening procedure (detailed in Chapters 2 and 4) that SP2 has made unnecessary.