WiFi and Windows XP Tips

Reading time ~5 minutes

Being that I am in the Bay Area, and my Aunt and her kids live down in the Santa Cruz area, every once in a while I feel the need to go down there and see them. This time, I even gave them more than a few hours of notice that I was coming so I could see at least one of my cousins, whom complains she never gets to see me.

Anyway, after the usual discussions about my mom, the rest of the family, politics and religion, the conversation drifted into computers. Apparently, my uncle had bought a Linksys WRT54GS and was trying to use his laptop in the living room. He had bought one of those WiFi repeaters that Linksys sells because he was having signal issues. He was worried, rightfully so, about not having any of this secured.

The Linksys WiFi repeater is particularly difficult to configure, since it has no Ethernet port. It's even worse when you are trying to use it with WPA. I eventually gave up using it myself. I found that proper location of the WiFi router, hi-gain antennas, and third-party firmware such as DD-WRT resolved the vast majority of my issues. The main reason for the third party firmware: the ability to adjust your transmit power to at least 50mW. Unfortunately, he has one of the newer WRT54GS units. You know, the ones Linksys neutered so that it is difficult to flash third party firmware on them. Still, antennas and orientation will work wonders.

Later on, I had pulled out my MacBook to show some photos and videos I took with my various Nokia handsets. They really liked the FrontRow interface of the Mac. After we finished with that, I had iStumbler running and picked up a half dozen WiFi access points--most of them on channel 6. Of course their access point was also running on channel 6. I suggested changing to either channel 1 or channel 11. Of course, I suggested killing that WiFi repeater because even I have a problem configuring that thing. I can't imagine my uncle, who is a semi-computer literate person in his 60s, trying to accomplish this.

Then we got onto the whole spyware/virus/cookie thing. Like most people, they are running on their computers as administrator. That's dangerous, even for someone like me who knows what they are doing. It is not a very good idea for most people to operate in that fashion. Of course, Microsoft and application vendors make it difficult to do properly. You should also use Firefox instead of Internet Explorer and/or configure Internet Explorer with safer default settings to reduce your exposure risk.

Because the above was a lot of information, I am going to summarize in bullet form with links to tools and articles.

WiFi Hints

  • Don't buy a repeater. They are almost¬†never¬†easy to configure.
  • Buy a higher-gain antenna set for your router. If your router doesn't have detachable antennas, get a router that does.
  • If you have a Linksys WiFi router, vertically mount the unit on the wall so the antennas and the rest of the unit is a flat plane. This maximizes the router's ability to broadcast. You may need a Linksys SM-1 mounting bracket to accomplish this. I bought them on eBay, but you can get them on Amazon.com and other places.
  • Check what channel your neighors are using. Pick a less-crowded channel. Channel 6 is the default for most routers. Use a tool like¬†NetStumbler¬†(PC) or¬†iStumbler¬†(Mac) to find out what WiFis are in use in your neighborhood. Look for routers in channels 1, 6, and 11. Choose one of these three with the least amount of routers.
  • If you're willing to spend money on new cards¬†and¬†new routers, go get one of the Draft-N WiFi routers and cards (from the same manufacturer). Your range should improve.
  • Configure your router to use WPA. Use a totally random, long, secure passphrase from¬†grc.com/passwords.

Protecting Your Windows XP Box

  • If you haven't already, make sure Service Pack 2 is loaded.
  • Enable the firewall¬†if it's not already.
  • Use¬†Firefox!
  • If you¬†must¬†use Internet Explorer, set your default security settings in Internet Explorer to HIGH. This can be done under Tools > Internet Options > Privacy tab. This will prevent sites you don't explicitly trust from running ActiveX controls, Javascript, or anything like that. You can then click on the Sites button to add the sites you trust. Yes, this takes a little due-diligence on your part, but you really block against unwanted things entering your platform via Internet Explorer.
  • Use Limited user accounts on Windows XP. Each person that uses your PC should have an account that is a Limited user. This should stop¬†most¬†malware from doing anything¬†to¬†the computer aside from possibly deleting user data. It also prevents¬†stupid user mistakes¬†as well. They can still run programs, of course, but they cannot be permanently installed by a Limited user. One¬†administrator account should exist on the computer, but nobody should use it on a regular basis except to install new software or browser plugins. User accounts can be edited by going to Start > Control Panel, then click on User Accounts, and then either create new accounts as appropriate, or editing the existing accounts and clicking on "Change my account type" and setting the type to Limited.

Of course, after my uncle and my cousin saw how sexy my Mac was, how you could also run Windows on it, and how easy it was to use, they were thinking maybe they'd buy a Mac next. Considering the price isn't all that different nowadays, it's worth it to buy a compuer capable of running two operating systems (MacOS and Windows) instead of just one (Windows).

An Updated Word About Competition in the Information Security Industry

A year ago, I had written a post about competition in the informationsecurity space, of which I work as a part of for a vendor that has b...… Continue reading