Prepare a Computer for Retirement

When a Windows XP Home Edition computer is not going to be used any more, it should be prepared for retirement. The computer’s hard drive most likely contains information that users might not want others to see. For example, the computer might have files from tax return software. Even if the user deletes all of the tax return-related files and software from the computer, curious people who get access to the computer might be able to recover the tax information using free or inexpensive software utilities specifically designed to recover deleted files. Accordingly, users should ensure that all data on the computer’s hard drive is wiped out before donating, selling, or discarding a computer. Methods of doing this include the following:

 Use a third-party disk scrubbing utility. There are several commercial software products available that are specially designed to remove traces of data from computers. Follow the vendor directions on removing data from the hard drive.

 Retain the hard drive. Following the instructions in the computer vendor’s documentation, a user can remove the hard drive from the computer. If other people want to use the

computer in the future, they can purchase a new hard drive and install Windows XP Home Edition or another operating system onto the computer. This is the best option if the computer is no longer functioning properly, preventing the use of disk scrubbing utilities.

 Destroy the hard drive. Hard drives can be degaussed, which involves applying a magnetic field to the drive that makes it unusable. Hard drives can also be shredded or otherwise physically destroyed through specialized equipment and services.

8.7 Summary

After a Windows XP Home Edition computer has been secured using the guidance provided in previous sections, the computer’s security needs to be maintained on an ongoing basis. This includes the following:

 The administrator or individual users should perform backups of their data and settings on a regular basis.

 The administrator should perform regular security maintenance. This includes ensuring that Windows XP Home Edition and application updates are applied, checking the status of security software, creating new user accounts, and retiring accounts that are no longer needed.

 Each user, including administrative account users, should perform regular security maintenance for their own accounts and data. This includes changing their passwords regularly, deleting unneeded files, and clearing information from Web browsers. Users should also monitor the Security Center on an ongoing basis.

 Administrators should use security assessment tools periodically to identify security issues on Windows XP Home Edition computers.

If a computer begins to display unusual behavior, users and administrators should act quickly to investigate it. Generally, the best first step is to reboot the computer, which can clear many functional errors as well as some forms of malware that are memory-resident. If a problem persists, the next recommended step is to update the computer’s security tools and scan the computer for malware. If no malware is detected, then additional troubleshooting steps need to be performed, such as reinstalling malfunctioning applications, checking antivirus vendor Web sites for information on malware that might be causing the problems, and checking the Microsoft Web site for information on similar problems.

If malware cannot be removed from a computer or other technical problems occur that cannot be resolved, users may need to seek expert assistance. Users should use the Remote Assistance feature built into Windows XP Home Edition or third-party remote access utilities when needed to allow a trusted friend, family member, or coworker to assist in troubleshooting such problems.

Users should also collect information as needed to help others in performing troubleshooting.

Users can also use recovery tools under the guidance of an expert to attempt to recover from major failures or compromises. If all else fails, the user may need to reinstall Windows XP Home Edition and restore all data from previous backups.

This page has been left blank intentionally.

Appendix A—Essential Security Settings

Appendix A contains step-by-step instructions for implementing the most essential recommendations for securing Windows XP Home Edition computers. Implementing the instructions in Sections 5 through 8 provides stronger security than implementing just the instructions in this section. However, there are instances where all of the Section 5 through 8 instructions cannot be followed because of a lack of time or expertise. In these cases, using only the instructions in this section should provide the most essential security protection for a

Windows XP Home Edition computer.

Figure A-1 displays a flowchart of the high-level steps for implementing the most essential security recommendations.

Step 1: Set the default view for Control Panel

Step 2: Ensure a personal firewall is enabled

Step 3: Apply updates

Step 4: Configure the computer for Automatic Updates

Step 5: Install and configure antivirus and antispyware software

Step 6: Set up limited user accounts

Essential recommendations

completed

Figure A-1. Flowchart for Applying Essential Recommendations

Step 1: Set the Default View for Control Panel

Control Panel has two views: Classic and Category. Classic View lists each Control Panel item separately, and Category View groups similar items together. The instructions in this section assume that Classic View is being used.

1. Log on to the computer using an administrative-level account.

2. Open the Control Panel.

3. Look at the text in the upper left hand corner of the Control Panel window.

 If it contains a link that says Switch to Category View, no action is needed because Classic View is already the default setting.

 If it contains a link that says Switch to Classic View, click on that link to change the default view from Category View to Classic View.

 If it does not contain either a Switch to Category View or a Switch to Classic View link, no action is needed because the Windows classic folders option is enabled, which allows only Classic View to be used.