|
Computer Security Recommendations Many new computers ship with very poor default security, which can become hazardous when they are connected to the Internet. This page is intended to provide you with some basic steps you can take to increase the security of your laptop. Several of these suggestions come from the U-M Virus Busters computer security recommendations.
No single product can provide total security; different tools stop different threats. If you implement the suggestions below to add multiple layers of security, your machine will be a lot more difficult to attack. However, there are tradeoffs between computer security and usability; the only way to truly protect your computer is not to use it at all, which is not really an option. You need to find a balance you can live with.
Before Connecting to the Internet for the First Time
After Connecting to the Internet
Before Connecting to the Internet for the First Time
Windows XP Home Edition? Upgrade to Windows XP Pro
If your laptop shipped with Windows XP Home, we strongly urge you to upgrade it immediately to Windows XP Professional.
Enrolled U-M students can purchase Windows XP Pro for $15 at the UM Computer Showcase store, located on the lower level of the Michigan Union on campus. Microsoft suggests a few important steps to take BEFORE installing Windows XP Pro to prevent potential conflicts with other software on your computer.
Use a Secure Password
Select strong, secure passwords for the Administrator account on your computer and for any other accounts that have Administrator privileges. Some suggestions for how to select a good password can be found in Choosing and Changing a Secure UMICH Password (R1162). Don't wait to do this. It is not uncommon to see unprotected machines get infected or hacked within minutes of connecting to the Internet.
|
CAUTION!
Don't forget or lose your password. If you do, Windows XP will lock you out of your computer and you will have to re-install the Windows XP Pro operating system. |
A Personal Firewall is Critical
A personal firewall is a very important first line of defense for computer security as it creates a protective barrier between your computer and the Internet, allowing only approved traffic through. This helps prevent hackers and some viruses from connecting to your computer.
Microsoft Windows XP Professional SP2 includes a built-in Windows Firewall that is turned on by default. You do not have to use Microsoft's Windows Firewall -- you can install and run any firewall that you choose. Evaluate the features of other firewalls and then decide which firewall best meets your needs. However, if you choose to install and run another firewall, turn off Windows Firewall. Never use two software firewalls at the same time.
Make Sure your Computer is Virus-free BEFORE installing antivirus software
Use a free tool from Network Associates called Stinger to scan your computer for viruses. Stinger handles only about 40 of the 91,000+ viruses out there, and it can only detect and remove, not protect. But using it first can make installing regular antivirus software (which CAN protect) much easier.
To install Stinger without connecting to the Internet, download Stinger from us.mcafee.com/virusInfo/default.asp?id=stinger to a flash drive using a computer other than yours known to be virus-free (e.g. the Law School 200HH student lounge). After downloading, take Stinger to your computer and launch the installer. Virus Busters recommends disabling System Restore (if you use WinXP) and then running Stinger after booting in Safe Mode (remember to turn your System Restore back on after using Stinger).
AntiVirus Protection is Critical
Antivirus software helps protect your computer against most viruses, worms, Trojans, and other unwanted software that can infiltrate your PC. It is critical to have antivirus software installed on your computer and configure it to check for updates automatically. U-M's release of VirusScan is configured to regularly check for and install new virus definitions as they become available, when your computer is connected to the Internet.
|
CAUTION!
- Before installing any antivirus program, make sure that you don't already have another antivirus program installed. If you do, you should completely remove the installed antivirus software prior to installing the antivirus program you want.
- Never install and use two antivirus programs at the same time.
|
We strongly recommend that you install VirusScan (or the antivirus program of your choice) before you connect to the Internet. U-M students can obtain McAfee VirusScan free of charge from the Virus Busters Web site. To install VirusScan without connecting to the Internet, download VirusScan 8.5 from virusbusters.itcs.umich.edu/vsdl.html to a flash drive using a computer other than yours known to be virus-free (e.g. the 200HH student lounge). After downloading, take VirusScan to your computer and launch the installer. After installation is complete, connect to the Internet and immediately right-click on the VirusScan shield icon in the System Tray and select Update Now to update the antivirus software.
Other Tips for Protection from Viruses
- DO NOT disable the automatic virus updates
- DO NOT open email attachments from people you do not know
- DO NOT open email attachments from people that you know that you didn't expect to receive, even when they appear to be from someone you trust.
[ Back to the top ]
After Connecting to the Internet
Windows XP Pro or Windows XP Pro SP1 or SP2? Upgrade to SP3
Periodically Microsoft releases security updates to their operating systems. A service pack is a collection of these updates, and sometimes contains updates not available elsewhere. The most current service pack available for Windows XP Pro is Service Pack 3 (SP3) and it is a significant upgrade to the operating system. SP3 can be obtained from Microsoft's Update Web site via your Internet Explorer browser:
- Open Internet Explorer
- Click on the Tools menu
- Select Windows Update
(some laptops have a Windows Update link in the Start menu).
Microsoft suggests a few important steps to take BEFORE installing Windows XP SP3 to prevent potential conflicts with other software on your computer.
Caveat: This is a lengthy install, sometimes taking over one (1) hour to complete.
Microsoft Updates
Don't undermine your computer's protection by providing hackers "back doors" to your computer. Updating your operating system (and your applications such as Microsoft Office and Outlook) plugs security holes that hackers are constantly seeking. Check for Microsoft Updates at least once a week to keep your computer up-to-date with security and other bug patches. Do a first check as "close to immediately" as possible after connecting to the Internet.
- Use the Windows Update link in the Start menu and wait for Internet Explorer to connect to the Microsoft Update Web site.
- Click on Express Install (Recommended): High Priority Updates for Your Computer.
- Choose all the critical updates listed and then click Install...
- After installation you may have to restart your computer.
Be sure to repeat the procedure until no new critical updates remain on the list. If your laptop doesn't have a Windows Update link in the Start menu, you can also access it via your Internet Explorer browser.
- Open the Internet Explorer Web Browser.
- Click on the Tools menu and select Windows Update.
- Microsoft has an agent to automate this. Go to the Control Panel. Click System. Click Automatic Updates.
For more information on Automatic Updates, see Microsoft's Updating Your Computer FAQs.
Other Tips for Protection from Hackers
- Turn machine off when not in use
- Password protect your machine
- DO NOT turn off the firewall
Adware and Spyware
Adware and Spyware are software that secretly monitor your Internet browsing behavior. They are usually used to gather information about you and relay it to advertisers and other interested parties. However, sometimes adware/spyware can adversely affect your computer's performance and may even prevent you from accessing the Law School wireless network.
Adware and/or spyware are something you probably don't want on your computer. Unfortunately, adware/spyware is included in some software packages that you might want and even un-installing the program you want may leave the adware/spyware in place. KaZaA is an example of a product that installs adware (in this case, BDE) surreptitiously.
- VirusScan 8.5 is the first line of defense against adware/spyware. If you need further help:
- Stinger: Free software used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist users when dealing with an infected system.
- Spybot -- Search & Destroy: Free software that scans hard drives for spyware, adware, hijackers, and other malicious software.
- Ad-Aware: same type of software as Spybot.
If you have a problem with adware/spyware, try Stinger first, then Spybot - S & D, and lastly try Ad-Aware. Please run them all while booted into Safe Mode. The "one-two-three" punch seems to detect and eliminate most problems.
Backups are Critical
Part of good security is keeping backups of your important files; multiple backups to flash drive, CD, DVD etc. Backups are inexpensive. Data recovery, on the other hand, is very expensive. Make backups often and check the backups to make sure that they are reliable.
[ Back to the top ] |