Windows XP
Tweaks + Secrets - Part 2

Go to Windows XP ©Tweaks + Secrets Contents

DEFINITION: The FireWall (FW) is a hardware and/or software based two-way monitor, detector and filter (blocker/unblocker) of ingress/inbound [incoming = originated from internet/network computer(s)] and egress/outbound [outgoing = originated from local networked computer(s)] data/packets, set to block/prevent/stop and/or allow/permit/proxy the transmitting (broadcast) of unauthorized, personal, private and/or local/network computer data/packets to dedicated internet/network based servers/applications and the receiving (download) of unauthorized, internet/network based adware, malware and/or spyware data/packets from reaching/infesting the local/network computer(s).
More info.

The Microsoft Internet Connection Firewall (ICF) installs as part of Windows XP (Home + Professional Editions) and Windows 2003 Server (Standard, Enterprise, Datacenter + Web Editions), but lacks some of the advanced features found in similar 3rd party utilities.
Windows Vista Firewall is even worse, because it gives the user a false sense of security by not prompting whenever it detects an attack/intrusion, according to ZDNet Blogs.
ICF is a Windows XP/2003 built-in internet based intrusion prevention tool designed for users of broadband (xDSL, Cable, Satellite digital modems) and dial-up (analog modems) connections, who are unaware of intrusion threats and of the need for protection, extends the NAT (Network Address Translation) driver, provides ICMP blocking options and activity logging.
NAT is explained @ MegaPath.
More info @ MSKB.
ICF features similar functionality to most hardware based firewalls built into network/broadband routers, a combination of packet and gateway filtering.
FYI: Microsoft acknowledged that ICF blocks ONLY IPv4 traffic, NOT IPv6, without installing Advanced Networking Pack (ANP) for Windows XP/XP SP1/XP SP1a! Windows XP SP2 installs ANP!

NEWS FLASH:
Microsoft released August 2004 Windows XP Service Pack 2 (SP2) [MUST INSTALL!], a huge update package [266 MB], which installs among many security vulnerability + bug fixes the NEW version of ICF, renamed to Windows Firewall (WF).

XP SP2 WF NEW features:

• host based stateful packet + application inspection filtering aimed to drop unsolicited incoming traffic that does not correspond to either traffic sent in response to a computer request (solicited traffic) or unsolicited traffic specified as allowed (excepted traffic).
• certain level of protection from malicious users + programs that rely on unsolicited incoming traffic to attack computers/networks.
• enabled by default for all active connections.
• global configuration options applicable to all active connections.
• set of rules (accessed via dialog boxes) for local configuration.
• computer startup (before Logon) protection.
• excepted traffic can be specified by scope and/or application file name.
• IPv6 + Peer-to-Peer (P2P) networking protocols support.
• configuration options can be applied via Netsh + Group Policy.

Stateful inspection is explained @ Wikipedia.

XP SP2 WF BUGS:

• packet filtering does NOT block the Remote Assistance connection service!
• outbound/outgoing (egress) packet filtering is NOT available!
• packet filtering warnings are NOT available!

ICF/WF can be activated 5 ways:

• Automatically (Windows XP SP2 ONLY): after successfully installing Windows XP SP2, at the begining of the first boot (before the Logon screen), you will be prompted to enable the new Windows Firewall. •MUST• do so unless you are using a better 3rd party FW!
• Automatically: whenever you create a new Internet/Network connection you will be asked if you want to take advantage of the XP Firewall Services. Check the Yes box to enable ICF/WF for your particular connectoid.
• Default (Windows XP SP2 ONLY): right-click the Windows Security Taskbar tray icon -> select Open Security Settings -> check the Windows Firewall box -> click OK.
• Manually: open Control Panel -> (double)-click Network Connections -> right-click on your Internet/Network connection name -> select Properties -> Advanced tab -> check the "Internet Connection Firewall" (Windows XP Pre-SP2 + 2003 ONLY) or "Windows Firewall" (Windows XP SP2 ONLY) box -> click Apply/OK.
• Manually (Windows XP SP2 ONLY): open Control Panel -> (double)-click Windows Firewall -> select the General tab -> check the "On (recommended)" box -> click OK.

Defaults are set mainly for outbound traffic, and out-of-the-box ICF/WF blocks only a few ports and protocols Microsoft deems unsafe, which is way too risky for every day browsing. :(
Therefore it is strongly advised to tweak them manually to enjoy a safer Internet experience: select the Network Connection Settings tab -> click the Settings button -> customize ICF/WF to your needs.
The good news is ICF/WF blocks RPC calls to TCP port 135 (see port list below for details) by default. :)
Start by making rules (as you should with any decent FW) for each app, domain, protocol, port etc, separately for outbound and/or inbound, respectively.
A rule set does one of two things: (1) blocks [disables] or (2) unblocks [enables] a particular app/port/protocol/domain/IP/server/computer/etc from/to access(ing) the internet as a whole, or targets one or more specific internet/network(s) port(s)/domain(s)/server(s)/computer(s).

More ICF/WF info + tools:

• Microsoft: Understanding Windows Firewall.
• Microsoft: Using ICF.
• Microsoft: Enable/Disable ICF.
• MS TechNet: Windows Firewall Operations Guide.
• MS TechNet: Manually Configuring Firewall in XP SP2.
• MS DOC: Deploying Windows Firewall Settings in XP SP2 [1 MB, DOC format, right-click to save!].
• MS DOC: Using Firewall INF in XP SP2 [110 KB, DOC format, right-click to save!].
• MSKB: Troubleshoot Windows Firewall Settings in XP SP2.
• MSKB: How To Turn On/Off ICF in Windows XP.
• Ramesh: About Windows XP Internet Connection Firewall.
• TweakHound: The Windows XP Security Center.
• TweakHound: Securing Windows XP.
• The Register: WinXP SP2 = Security Placebo?
• DShield.
• Practically Networked.
• XP Firemon [freeware].
• FireLogXP ICF Log Interpreter [freeware].
• XP Firewall Log Viewer [freeware].
• XP Logger [freeware].
• Microsoft OEM FireWall (OEMFWALL.EXE) tool [free].
• MS TechNet: ICF security log overview.

DEFINITIONS:

• PORT: Positive integer number used to identify an endpoint to a logical connection among TCP/IP and UDP networked computers. Each assigned port number transmits/receives specific data.

• PROTOCOL: Standardized format for transmitting/receiving data among devices:
  • TCP PROTOCOL: transmits/receives data among connected computers while forming a session, ensuring delivery and error checking.
  • UDP PROTOCOL: transmits/receives data among connected computers without forming a session, confirmation, nor error checking.

• IP ADDRESS: 32-bit identifier (numeric address) formed of a group of four 1-3 digit positive integer numbers separated by dots (.) used to identify a networked computer/device. Format:
  xxx.xxx.xxx.xxx
  where xxx = any positive integer number between 0 and 255.
  Local/private networked computers/devices can be assigned any random (unique) IP address specific only to that particular network.
  Internet/public IP addresses must be registered with a regional Internet registry (ARIN, RIPE NCC or APNIC) to avoid duplication.

FYI: See my Glossary for terms definitions.

Most frequently used (a.k.a. common, known, assigned) ports in alphabetical order [can't surf without them ;)]:

• DCE [port 135] = Distributed Computing Environment endpoint resolution mapper [RPC (Remote Procedure Calls) locator service]. Used by fault tolerant networks to remotely manage services and distributed applications. Always block if not using such services/apps.
  Broadcast port for messaging purposes only, used for example by Microsoft Windows Media Player (WMP) to send personal data [talk about privacy! :(] from users' computers to their spamming/spying "dedicated" servers.
  VIRUS ALERT!
  ALL Windows XP/XP SP1/XP SP1a/XP MCE/2003 users MUST INSTALL this Microsoft Fix (English) in order to close RPC service (port 135) from unauthorized requests, and avoid being "infected" by the Blaster/MSBlast/Lovesan Worm!
  Win2003 Pre-SP1 RPC Fix [2.84 MB].
  WinXP Pre-SP2 RPC Fix [3.08 MB].
  Windows XP SP2 + 2003 SP1 include this Fix!
  See also:
  • Symantec Blaster Worm Removal Guide.
  • Symantec Blaster Worm Removal Tool.
  • GRC DCOMbobulator disables DCOM and closes port 135.
  • Microsoft Malicious Software Removal Tool for Windows 2000/XP/2003.
• DHCP [ports 67/68 + 546/547] = Dynamic Host Configuration Protocol assigns dynamic IP addresses to network devices, mandatory for net access. •Never• block.
• DNS [port 53] = Domain Name System (or Service) translates internet Domain Names (alphabetic) into IP addresses (numeric). Must be •always• open. Let through 100%.
• Finger [port 79] = Interface protocol for RUIP (Remote User Information Program) connections. Always block, unless using it.
• FTP [ports 20 (data) + 21 (control)] = File Transfer Protocol used for uploading and downloading files to and from FTP host servers, which can block unauthorized access by requesting user id and/or password. Block only for outbound (outgoing), unless user id and/or password required to log on to specific servers.
• Gopher [port 70] = Old text based data retrieval protocol, very rarely used nowadays. Always block if not using any Gopher apps.
• HTTP [port 80] = HyperText Transfer Protocol defines the way web browsers communicate (through client outgoing requests followed by host incoming reactions) with host servers located on the WWW (World Wide Web), which constitutes the largest internet "slice". Mandatory for web access. •Always• let through, unless you refuse to surf the net. ;-)
• HTTPS [ports 443 + 445] = HyperText Transfer Protocol Secure. Used by SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols, for example in web based monetary transactions. Block •only• if you do not make any purchases over the internet nor wish to access any secure web pages.
• Ident/Auth [port 113] = Identification/Authentication protocol used by some servers (like IRC) to uniquely recognize a user or computer upon query. Block •only• if not using IRC or similar recognition software.
• IMAP [port 143] = Internet Message Access Protocol (gradually replaced by IMAP4) used for sending and retrieving email to and from dedicated servers. Unblock •only• for email apps using the IMAP standard.
• NetBIOS [ports 137 (name), 138 (datagram) + 139 (session)] = Network Basic Input Output System. API (Application Programming Interface) used on LANs (Local Area Networks). •Always• block, unless using NetBIOS on your network(s) and/or on the network(s) you connect to.
• NNTP [ports 119 + 563] = Network News Transfer Protocol used to post, distribute and retrieve USENET messages. Block •only• if not using USENET.
• NTP [port 123] = Network Time Protocol (UTC based) standard used by dedicated atomic clock servers to adjust periodically the CMOS clock time on client computers accurately. Block •only• if not using this feature.
• Ping [various ports, server dependent] = Packet Internet Groper used for troubleshooting IP address connections through ICMP (Internet Control Message Protocol). Always block, unless testing your machine's MTU (Maximum Transmission Unit) by "pinging" your ISP (Internet Service Provider). :)
• POP3 [ports 110 + 995 (TLS/SSL)] = Post Office Protocol version 3 used for sending and retrieving email to and from dedicated servers. Unblock •only• for email apps using POP3 standard.
• SMTP [port 25] = Simple Mail Transfer Protocol used for sending email by clients to servers and among servers. Unblock •only• for email apps.
• SNMP [ports 161 + 162] = Simple Network Management Protocol is a set of protocols for managing complex networks. Unblock •only• if using SNMP based network(s).
• TCP [various ports, application/server dependent] = Transmission Control Protocol mandatory for connecting to and exchanging information with any host computer. Let through on individual rule/app/server basis.
• Telnet [port 23] = Character based protocol used by Unix/Linux/BSD machines. Always block, unless using any Telnet apps over the internet/network(s).
• TFTP [port 69] = Trivial File Transfer Protocol used for uploading and downloading files to and from TFTP host servers, which do not restrict access. Block only for outbound (outgoing).
• UDP [various ports, application/server dependent] = User Datagram Protocol. Try to block when possible, especially to prevent private info "leakage". Broadcast ports for messaging purposes only, used for example by Real(One) Player (RP) and Microsoft Windows Media Player (WMP) to send personal data [talk about privacy! :(] from users' computers to their spamming/spying "dedicated" servers.

Most frequently used Trojan/Zombie ports [malware, •MUST ALWAYS• block!]:

• 123 + 10100 = GiFt.
• 146, 17569, 34763 + 35000 = Infector.
• 623 = RTB666.
• 901, 902 + 903 = Net-Devil.
• 1243, 6776 + 27374 = Subseven.
• 1560, 2001 + 2002 = Duddies.
• 2800, 3000, 3700 + 7000 = Theef.
• 3128 = Masters Paradise + RingZero.
• 5151 = Optix.
• 7410 = Phoenix II.
• 9696 = Ghost.
• 10528, 11051 + 15094 = Host Control.
• 12345, 12346 + 20034 = NetBus.
• 12348 + 12349 = BioNet.
• 25685 + 25686 = MoonPie.
• 31337 = Back Orifice.

There are a total of 65535 ports (a.k.a. address numbers), used by networked computers to create logical connections, and categorized as follows:

• 0-1023 = standard (known) ports: see examples above.
• 1024-49151 = registered ports (regulated): assigned by IANA to net based services (e.g. ISPs).
• 49152-65535 = dynamic (private) ports (unregulated): unassigned, thus some are available to knowledgeable hackers for privacy invasion purposes. :(

More port info:

• Gibson Research: TCP/IP Ports.
• Gibson Research: Port Authority Database.
• AnalogX: IPSec and You.
• SANS Institute: Known Trojans Ports.
• PC Flank: Ports Database.
• Simovits Consulting: Trojan Port Numbers.
• Practically Networked: Special Application Port List.
• Network Sorcery: IP Ports List.
• Wikipedia: List of TCP + UDP Port Numbers.
• ISS: Port Knowledgebase.
• Microsoft: Windows 2000/2003 Server Service + Network Port Requirements.

Note that port numbers are assigned on per application/server approval basis by IANA (Internet Assigned Numbers Authority), the world wide (global) profit-free organization responsible for managing and distributing internet ports to companies, businesses, vendors, ISPs etc.
IANA posts periodically a complete list of all ports (must be in public domain) and entities currently using them.

Also, open the %windir%\System32\Drivers\Etc\SERVICES (plain text) file in Notepad and take a look at the Microsoft list of known/used ports.

ICF/WF guidelines: when you let an app through, open ONLY the TCP/UDP port(s) you know it needs to use in order to operate over the internet/network(s), and close ALL OTHER ports, especially the ones you know are on the "black" list: some of the known exposed (dangerous) ports are listed after you complete the security port scan tests at Gibson Research.
More internet security sites.

A blocked app means that all its ports/protocols are closed as far as it is concerned, both outbound (outgoing) and inbound (incoming).
You also need to make it work with your particular apps, and at the same time have some degree of protection from "unscheduled outbound travellers". ;-)
• Quoted from the Stargate SG-1 Sci-Fi TV series (Stargate theatrical film spin-off).

Try not to block/unblock both TCP and UDP within the same rule for the same app/protocol, make separate rules for each, as you should also for outbound and inbound, respectively.

Note that software based firewalls are never as secure as network/internet routers/switchers/splitters that have built-in hardware based firewalls (low level = block unwanted apps/ports before reaching the OS), because it is very difficult and time consuming to block •every• dangerous port from within the OS (high level = block unwanted apps/ports after reaching the OS).
Example: software FWs do NOT filter/protect NOR provide firewall services whenever you start up or shut down your machine! Therefore, during the startup and/or shutdown routines ANY user can connect to your computer and/or to ANY running services/applications... feeling vulnerable already? :(

That's why I STRONGLY recommend, especially if surfing on broadband (xDSL, Cable or Satellite) and/or using more than one PC to access the internet, to purchase a good multipurpose 4 port (or more, depending on your needs) router with built-in hardware firewall. I use Linksys Instant Broadband EtherFast Cable/DSL Firewall Router with 4 Port Switch/VPN Endpoint [model BEFSX41], which sells for ~ $60-70 (USD) at most computer outlets. Similar Linksys products.
Shop B4 U buy: check PriceWatch for best deals.
These guys reviewed these routers for you.

IMPORTANT: •Always• allow full access to these 2 XP OS services (both files reside in the %windir%\System32 folder, usually C:\Windows\System32):

• Alg.exe (Application Layer Gateway Service) = integral part of the built-in ICF/WF, controls FTP connections among other functions. Needs to run for the ICF/WF to work properly.

• Svchost.exe (Generic Host Process for Win32 Services) = integral part of XP OS, mandatory to run at all times, it canNOT be stopped or (re)started manually, loads/unloads/manages internal/external 32-bit DLLs/other services, and in normal conditions more than one Svchost.exe instance/thread will always be open.

IMHO:
As an avid internet user, I can't rely on XP's rudimentary firewall to take care of business [nor should you! ;)], so I strongly recommend to install one of these freeware firewalls.

FYI:
FW + Security references.

Back to XP's ICF/WF...
Go to: Control Panel -> Networks -> your Internet/Network connection -> Properties -> Advanced -> Parameters -> Services list -> Adjust -> Description of Service -> type your own description [i.e. Windows Messenger UDP] -> Name/IP box -> type your computer or IP name/address -> External Port -> check TCP or UDP -> click OK or press Enter.
Note that a port you want open and an internal port unfortunately mean the same thing in Microsoft's "lingo". :(
Now create a new rule for each port you want opened (or closed), folowing the port table examples below for known applications.
Here are only a few, but you need to study the manufacturer's documents/guides regarding specific port numbers assigned to your particular net apps, games, tools etc:

MegaPath: More frequently used ports.
MSKB: Programs that may require to open ports manually.

FYI: See "INTERNET TIME THROUGH FIREWALL", also in TIPSXP.TXT [part of W95-11D.EXE], to learn how to synchronize your PC time with a dedicated time server while using ICF/WF.

shutdown [-i|-l|-s|-r|-a] [-f] [-m \\computername] [-t xx] [-c "Text"] [-d[u][p]:xx:yy]

Valid command line switches:

-a = Abort system shutdown in progress ONLY IF the -t xx timeout option was already set to ANY value other than 0. ALL switches except -l and -m are ignored during abort.

-c "Text" = Text comment (case insensitive) to be displayed in the Message area of the System Shutdown window. MUST be enclosed between quotes. Maximum allowed 127 ASCII characters.

-d [u][p]:xx:yy = Reason code for shutdown:

u = User code.
p = Planned shutdown code.
xx = Major reason code. Positive integer number less than 256.
yy = Minor reason code. Positive integer number less than 65536.

-f = Force running applications to close without warning.

-i = Display the shutdown interface (GUI). MUST be the first option!

-l = Log off the current user of the local computer (default action). CanNOT be used with the -m option unless the current user has Administrator rights, in which case the -m switch takes precedence.

-m \\computername = Remote/network computer name (most always case sensitive) to log off/restart/shut down. Current user MUST have Administrator rights to be allowed to use this switch!

-s = Shut down the local computer.

-r = Shut down and restart (reboot) the local computer.

-t xx = Set shutdown timer to timeout for xx seconds. IF NOT specified defaults to 20 seconds. Allowed values between 0 and 99 seconds. The -a switch is the ONLY one that CAN be used during the timeout period.

NOTES:

• The dash (-) in front of these switches can be replaced by a forward slash (/).
• Spaces are NOT required to separate the shutdown command from ANY following switches, but ARE required to separate ANY switch from its following parameter(s), if any.

For example:

shutdown -s -c "Shutting down!" -t 3

tells your computer to shutdown after waiting for 3 seconds while the System Shutdown window will display text above in the Message area.

Optional: after you're done creating your customized shortcut for shutdown -> right-click on it -> select Properties -> enter your desired key "combo" in the Shortcut Key box (example: Ctrl + Alt + End) -> click OK/Apply.
From now on just left-click on your shutdown shortcut or hit that key combination to turn off/restart/log off your XP computer. :)

FYI: Windows NT4/2000 owners can use this similar 3rd party ShutDown command line tool [40 KB, freeware].

1. BUG:

   Users of CD/DVD (re)writing software (Roxio/Adaptec Easy CD Creator + DirectCD, Ahead Nero Burning ROM etc) may bump into error messages such as "No ASPI devices installed" while using any of these utilities.
   This is due to a flaw into the Adaptec ASPI Layer settings.
   ASPI stands for Advanced SCSI Programming Interface, but this applies to ALL (E)IDE/ATAPI/SCSI CD-R(W)/DVD-R(W)/DVD-RAM drive owners.

   FIX:

   Start by installing the current Windows NT4/2000/XP/2003 Standard ASPI Layer drivers from Adaptec.
   Direct download [510 KB, free].
   Make sure to use the INSTALL.BAT file provided with the package to copy ONLY the appropriate drivers for these Win32 OSes: ASPI32.SYS (in %windir%\System32\Drivers) + WNASPI32.DLL (in %windir%\System32).
   Open Windows Explorer and delete (if present) WOWPOST.EXE + WINASPI.DLL from %windir%\System.
   Reboot when done.
   Run ASPICHK.EXE (also included) to make sure you have properly upgraded to version 4.7x.
   Now copy & paste text between lines below into Notepad and save this as a .REG file [name doesn't matter, only the extension does :)]:

   -----Begin cut & paste here-----
   REGEDIT4

   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aspi32]
   "ErrorControl"=dword:00000001
   "Type"=dword:00000001
   "Start"=dword:00000002

   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aspi32\Parameters]
   "ExcludeMiniports"=""
   ------End cut & paste here------

   Finally, double-click on the REG file in Windows Explorer.
   Reboot one more time.
   Done.

   NOTE: If still having problems using your Roxio recording software, replace 2 with 1 on the "Start" line above, and then merge (run) the modified .REG file into your Registry one more time.

   FYI: Similar fixes:

   • Microsoft: Windows XP CDR Fix.
   • NT Compatible: ASPI REG Fix for Windows NT4/2000/XP/2003 [2 KB, free].
   • Alex Nichol (MS-MVP): Burning CDs in Windows XP.
   • Alex Nichol (MS-MVP): CD REG Fix [2 KB, free].
   • Radified: ASPI.
   • Radified: Force ASPI.
   • Computall: ASPI drivers explained.

2. BUG:

   After installing/uninstalling Roxio (Adaptec) Easy CD Creator and/or DirectCD on/from your Windows NT4/2000/XP/2003 system, your CD-ROM/CD-R(W)/DVD-ROM/DVD-R(W)/DVD-RAM drives may get suddenly lost. :( The CD/DVD drive icon(s) may disappear from My Computer, Windows Explorer and any other disk/file browsing app. Also, if you try to view/open/run any CD/DVD based folder/file, you may encounter several popup messages linked to one of these error Codes: 19, 31, 32, 39 and/or 41.

   FIX:

   But these BUGs can be fixed by hacking your Registry.
   You must be logged on with Administrator rights to be allowed to edit the Registry.
   Fire up Regedit or Regedt32 and go to:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}

   Make sure Read only mode is disabled in Options menu.

   BACKUP this Registry key BEFORE MAKING ANY CHANGES:
   Highlight it -> click Registry from the File menu -> select Export Registry File... -> browse to your desired location -> type a file name -> click Save.
   Now look in the right hand pane for these 2 REG_MULTI_SZ Values: "UpperFilters" and "LowerFilters". Right-click on each one, select Delete and click OK.
   Close the Registry Editor and restart Windows when done.
   The catch is that after doing this you may also lose your CD/DVD recording capabilites. :(
   In this case, check this Roxio Support page for software patches/updates/fixes [free subscription required!], and install the current ones applying to your particular versions(s).
   These Roxio Support pages may also provide some help:

   • Easy CD Creator 5.xx Basic.
   • Easy CD Creator 5.xx Platinum.
   Uninstalling and/or reinstalling the affected Roxio software may also solve this issue.
   If none of these methods work, then open Windows Explorer and (double)-click the REG file created when you backed up the Registry key above to restore the original values. Restart Windows when done.

   FYI: More info + FIXes @ Microsoft:

   • MSKB: Troubleshoot: Write Data to CD-R(W) Optical Disc in Windows XP.
   • MSKB: CD/DVD Drive Missing After Installing Windows XP.
   • MSKB: Windows XP Missing Files/Folders or Unreadable CD-R(W) Fix.
   • MSKB: Windows XP Registry Fix.
   • MSKB: How to Copy Information to CD in Windows XP.
   • MSKB: Cannot Start Easy CD Creator 5.02 After Upgraded to Windows XP.
   • MSKB: Easy CD Creator Error Messages in Windows XP.
   • MSKB: Windows 2000 Registry Fix.
   • MS Expert Zone: CD Burning Becomes Routine in Windows XP.
   • MS Expert Zone: Windows XP CD Burning Secrets.