Maintaining Windows Security

Introduction
Keeping your computer secure will protect you against viruses, worms, spyware, hacking attempts, and password theft. Windows security is often neglected, but keeping a Windows computer secure requires just a few straightforward concepts:

Stay on top of Windows Security Updates Always have a Virus Scanner with Updated Definitions Every account on the computer should have a password Always run an updated Software Firewall Don't click on suspicious links and attachments Avoid and remove SpyWare

What happens if I don't keep my computer secure?

A computer that is not constantly kept secure and up to date is vulnerable to many different attacks. The most common is an automated hacking attack called a worm. Worms hack into computers that have security vulnerabilities, then use those computers as slaves to hack into every other computer on the network. Whenever you are vulnerable to a worm, you are also vulnerable to a manual hacking attempt. The main objective of a worm or hacking attempt is usually to hack into more computers. It appears to anyone on the network that the infected computer is attempting to hack into their computer directly. ITS takes all hacking attempts seriously and will block network access for any computer that appears to be attempting to hack into other computers. ITS can only enable these computers after the worm or problem is fully removed and all relevant security patches have been applied. There are other serious implications of hacks and worms. Some attacks aim to steal passwords, software license keys, and credit card numbers. Some attacks turn the computer into a slave computer of the hacker, possibly filling up the hard drive and utilizing your entire network connection.

Keep on top of Security Updates

Security is a proactive process. It is much easier to keep a computer secure and up to date than it is to repair the catastrophic damage caused by leaving a computer vulnerable to attack. All versions of Windows ship with critical security vulnerabilities waiting to be discovered. Historically, every time a critical vulnerability is discovered, Microsoft releases a patch for Windows to fix the problem well before the vulnerability is heavily exploited. They post these updates to the website http://windowsupdate.microsoft.com. It is your responsibility to install these updates as soon as they are posted. Soon after a critical security update is posted to Windows Update, viruses and worms are quickly written to hack into computers that are missing this patch. Vulnerabilities in Windows

or some Microsoft software are discovered and patches are written approximately once per week. You can configure windows to install these Windows updates automatically. On Windows XP, the functionality is automatically included. On other versions of Windows, it is available as an update from the Windows Update website. The configuration for the automatic updates can be found in the Control Panel. On most versions of Windows there is an Automatic Updates icon. If you have XP service pack 2, your Automatic Updates should look like this:

If you have Windows XP and your Automatic Updates does not look like this, you are already behind on security updates. The recommended setting is to have the computer automatically download and install updates whenever you are online. This is especially useful for a lab computer or unattended computer. The second option can be useful for those who have good reason to leave some critical patches uninstalled. All other options should not be used. If you elect to install updates manually, you are responsible for installing them in a timely manner. There are some patches so critical to a system's security that they should be installed before the computer is ever put on a network. These differ depending on what

Operating System is installed: Windows 2000 Windows XP

Install a Virus scanner and keep it up to date

Any virus scanner that is kept up to date should be fine. If you currently have McAfee Antivirus, Sophos, Norton, Symantec, or others, you do not need another antivirus product. Generally, you can only have one antivirus program on a computer at a time. Make sure that the antivirus program you have installed has up to date virus definitions and is allowed to download updates. Make sure that your virus definitions are up to date. The virus definitions for Symantec Antivirus are shown on the main Symantec window as shown below. Because new viruses come out every day, if your definitions are more than a few days old, the antivirus program is useless. You can update the definitions by clicking on the LiveUpdate button.

Another useful antivirus tool is the Stinger Tool from McAfee. Stinger is a standalone antivirus tool that does not require an install. It is a specialized tool that scans for the latest and most common virus threats only. Therefore, it should not be relied upon as your only virus protection, but it can be a useful tool to supplement your current antivirus program. Stinger can be downloaded from http://vil.nai.com/vil/stinger/

Every account should have a password

Every account on the system should either be disabled or password protected. It doesn't matter whether or not you are the only person who uses the computer or if the computer is in a secure locked office. The same password you use to log into the computer is effectively the same password someone would use to log into the computer via the network. Creating an account without a password is an invitation to hackers and worms. Most hackers and worms will try to hack into a computer by rapidly trying a list of passwords, including dictionary words and common passwords. In many password schemes, it is easy to test all approximately 200,000 English words in a matter of seconds. Conversely, testing all arbitrary 8 character passwords with non-letter characters takes thousands of years. This is why it is so important to make sure the passwords you choose are secure passwords.

Use a Software Firewall

Most versions of Windows run server-level services that allow network users to connect and login to the computer. Most people would never use these services, but many of them cannot be turned off. To protect your computer against possible security vulnerabilities in these services, you should run a firewall program which protects these services from unauthorized access. Windows XP comes with a simple software firewall. This firewall was extended significantly in Service Pack 2. To turn on the firewall, go into the Control Panel, then click on Windows Firewall. It should look like this:

If you have Windows XP, but you do not have a Windows Firewall Control Panel icon, you are behind on your security updates, and should download Service Pack 2. In the meantime, you may turn on the firewall inside of an internet connection according to our network documentation. If you are running other versions of Windows, such as Windows 2000, it is recommended to use a third-party firewall, such as Symantec Client Security, Symantec Personal Firewall, or Zone Alarm.

Be careful of what you click on

Assume that every email and webpage could be malicious to your computer. Emails can contain viruses, and webpages are often set up to install spyware on your computer. If you ever receive an email attachment, make sure you are expecting it and know what it is before attempting to open it. Also, make sure the email has specific details or instructions, such as, "This is that proposal we talked about at the conference on Tuesday", and not "Here is a happy game. Please enjoy". Be careful, even if the email appears to be coming from someone you know and trust. If you have any doubts about an attachment, you can save it somewhere, such as your desktop, right click on it, then click on scan for viruses. This should only take a few seconds.

In the first few days after a virus is created, virus scanners cannot typically find it. Therefore, you should be wary of attachments, even if the virus scanner says it does not contain a virus.

Protect your Computer from Spyware

Spyware is a type of program similar to a virus that runs invisibly and collects information about the person using that computer. There are several types of software similar and effectively synonymous to Spyware, including Adware, Malware, and others. Spyware can have many adverse effects, such as slowing down the computer, collecting passwords and credit card numbers, tracking web access, and breaking Windows components. The best way to protect your computer from spyware is to avoid it. Once spyware is installed, it is hard to remove, and may have already damaged critical Windows components. Two common spyware sources are Active X/Install For the Web and addons to other programs. Install For the Web is a service by which websites offer to install programs for you automatically. Unless these programs are written by well-known, reputable vendors, such as Macromedia Flash, or Sun Java, you should never install these. A typical Install For the Web spyware installer looks like this:

You should always click No on windows that look like this unless you know exactly what it is you'd be installing. Windows XP Service Pack 2 may automatically try to block these installers. Reputable vendors such as Adobe and Microsoft are not known to include spyware addons with their software. Spyware add-ons usually come from smaller shareware programs and Peer-to-Peer network programs. Kazaa is known to install a large amount of spyware, including spyware programs that constantly download more spyware. Peer-

to-Peer network programs such as Kazaa, LimeWire, Morpheus, iMesh, and others should not be used on the ITS network. If you already have spyware on your computer (most people do), there are ways to remove it. However, these methods can lead to network problems, software malfunctioning, and result in Windows no longer starting. Therefore, the following methods are provided as-is, with no support, and it is strongly recommended that you backup your computer before attempting any of the following. Ad-Aware and Spy-Bot S&D are two programs that can be used to clean up spyware. These programs work similar to a virus scanner. They must be updated, then they scan the computer for spyware. It is recommended that you use the backup/quarantine features of these programs rather than deleting spyware outright.

Test your Computer's Security

One useful tool for testing your computer's security is the Microsoft Baseline Security Analyzer. This program checks to make sure all of your Microsoft products are up-todate, and that there are no clear security flaws in your Windows settings. The Microsoft Baseline Security Analyzer should only be run from the computer that needs to be scanned, as scanning other computers remotely could be seen as a security threat.