Five steps to Security for User-managed PCs (Windows XP, Vista)

1. Use passwords to control access to your PC2. Install Windows Updates to guard against network worms3. Install a virus checker and set it to scan your whole hard disk at least weekly4. Use a personal firewall5. Remove Spyware

1 Use passwords to control access to your PC

You need a password for your PC, to keep it safe from other people’s misuse.

To set your password, open the Control Panel and use the User Accountsicon. Double-click to open it, then choose Change an Account; click on yourname, and choose Create a password from the list of tasks.

(Vista users ignore this paragraph) To set a password for the computer’s Administrator is more difficult, because you don’t normally see it in Windows XP, it is only seen by IT Administrators who are logging in to your computer from another computer in order to make changes to yours. In order to see the Administrator, you have to start the computer in Safe Mode. Re-start the PC, and press F8 as soon as it re-starts. When you are offered a choice, choose Safe Mode. The display will be very chunky, but you will see that Administrator is one of the people who can log on. Log on as Administrator, then proceed as above. When you have finished, re-start the computer as normal. KEEP THE PASSWORD SOMEWHERE SAFE.

2 Install Windows Updates to guard against network worms

A network worm is usually a standalone program that tries to copy itself to other computers connected to the same Local Area Network so it can do damage or find information. Hackers and criminals keep finding problems in Windows that can be exploited, so Microsoft needs to keep updating it to close the holes. Updates (sometimes called patches) address these issues when they are found and help protect your computer against known security threats which have been discovered since Windows was released. Microsoft usually releases these updates once a month, on the second Monday or Tuesday of the month. However, at times of crisis they can release updates at other times, so you need to set your computer to look for these daily. It is a good principle never to keep any updates waiting, always install them immediately. You can continue to work while they are being installed. Don’t postpone the installation because you are too busy; if all of your data is destroyed, you may never be busy again!

First, check to see if you have any updates waiting to be installed. Look at the extreme right of your task bar, next to the clock. If any icons are hidden, you will see an arrow which you can click to reveal unused icons

Updates waiting to be installed will appear here as a yellow shield.

Page 1 http://www.ucl.ac.uk/is/security/

Click here to view unused icons

If you see the yellow shield, click it and follow instructions to install the update. It will minimise and allow you to keep working, though you may sometimes have to agree to an End User License Agreement, and occasionally you may have to re-start the computer to complete the installation. You can wait until your next break before re-starting, or just switch off as normal when you go home and the re-installation will be completed when you switch on in the morning.

If there are no updates waiting to be installed on your computer, you need to go to the Windows Update site to see if there are any available there.

Windows XP users, click on the Start button, then Programs, and look at the top section for the Windows Update icon.

Click the Windows Update icon to go to the Windows Update site. If you get the option to upgrade to Microsoft Update, please do so – you’ll get MS Office updates as well.

Everything happens automatically, so click on Express Install when you see it. Just read the instructions and follow them to get the critical and security updates your computer needs. If there are a lot of updates, you may find that you can only install a few, and must connect again when that has been done to get the rest.

Vista users get updates via the Control Panel in the Security Centre .Both Vista and XP users need set up the computer to fetch its own updates in future. Open the Control Panel then the Security Centre.

Towards the bottom of the dialog box, under the heading Manage security settings for you should see the icon illustrated.

Page 2 http://www.ucl.ac.uk/is/security/

Windows Update icon

Opening Automatic Updates allows you to set a schedule for the updates. Because of the occasional crisis, you are best to set this to Automatic, and do it Every day. Set the time for some period when your computer will be turned on. It will not disrupt your work, indeed you won’t be aware of it, although you may be asked to agree to a licence.

3 Install a virus checker and set it to scan your whole hard disk at least weekly

Firewall and anti-virus software is freely available to all UCL staff and students, and our licences allow for the software to be used on home computers too.

The recommended one is F-Secure, which you can download from http://www.ucl.ac.uk/fsecure/You are not obliged to have it, but UCL has already paid for it, it is reasonably user-friendly and help is available on-line for setting it up. However, if you have any other anti-virus product installed, YOU MUST REMOVE IT FIRST. (Use Control Panel, Add/Remove Programs. Ensure you remove all the parts of any previous software. If you have a previous version of F-Secure, you do not usually need to un-install that.)

If you click on F-Secure Anti-Virus Client Security with firewall, rootkit and spyware removal (currently version 8.00) you will be taken to the download page.

These details may change slightly with time. Before you click the Download button, make a note of the Keycode, as you will be asked for it during the installation.

Click the Download button and choose Save. If you save it to your Desktop, it will be easy to find. When the download is complete, double-click the icon and follow the instructions – you need to enter the keycode when asked, and should just be able to accept all the defaults by clicking Next until the installation is complete.

Once you have installed the program, you will be asked to re-start the computer. You will then need to be patient as it will attempt to do a large download from F-Secure to bring the virus protection right up-to-date.

Page 3 http://www.ucl.ac.uk/is/security/

These are the recommended settings for your Automatic Updates.

Set-up instructions are on the Web, on the extreme left at the very top of the page – scroll right up and click on .Setting up F-Secure Firewall

Follow this link to configure F-Secure so that it works in the best way to keep you safe. There are plenty of screen dumps on these Web pages to guide you through the set-up.

You also need to make sure F-Secure is set for Web Scanning so that it scans web traffic for viruses as you browse the web. Then a virus can be stopped before the data is forwarded into your web browser.

Click on Virus & Spy Protection, then on Configure next to Real Time Scanning.

Make sure there is a tick in the box that says Scan web traffic and remove found viruses

Page 4 http://www.ucl.ac.uk/is/security/

There is something else you need to do. You need to set F-Secure to scan your whole hard disk regularly for problems. The virus scanner is always active for programs you open, but it may fail to notice network worms or rootkits, so you must do a full scan regularly (either daily or weekly).

If F-Secure is now shut, open it again by double-clicking the blue triangle on the right of your taskbar.

Click on Virus & Spy Protection, then on Configure next to Scheduled Scanning.

A weekly scan is probably sufficient. If you set it for a suitable start time; you can work while it is scanning; setting it to scan during lunch means you will not be bothered by it. PLEASE take care though to ensure that you check that scanning has taken place – see what the latest report is. You can start a manual scan if you are worried, or if your last scan was over a week ago.

F-Secure will automatically download virus definition updates to take care of any new virus. Its icon, the blue triangle, found on the right of your taskbar, near your clock, will show you warnings if it has any problems. You MUST keep an eye on it to make sure it is operating correctly. Please look at the table illustrated on the next page, and be aware of the meaning of any different appearance of the icon. Remember, this bit is YOUR responsibility.

Page 5 http://www.ucl.ac.uk/is/security/

Remember to click here to enable the scan

To update the virus definitions manually (they update every hour, so if you’ve been away for a few days, they quickly get out of date), you need to open F-Secure, and click the Automatic Updates button. Then you can click on Check now.

Click here first. Then click here.

Page 6 http://www.ucl.ac.uk/is/security/

4 Use a Personal Firewall

A firewall is something that stops unwanted things coming from outside onto your PC and it also stops things on your PC connecting to the Internet unless you want them to. If you followed the instructions in Section 3 above, you installed a firewall along with the virus checker.

You may need to make some modifications to the F-Secure firewall if you share to another computer or to a server. Notes about how to do this are on the UCL website. One the top left of the web page http://www.ucl.ac.uk/fsecure/ you will see the heading INFORMATION ABOUT and under it, Setting up F-Secure Firewall. Follow the link for good clear instructions.

Periodically, F-Secure will open a dialog box to let you know something is happening. You may see something like this:

This is where you have to use your common sense. The new connection attempt warning above was caused when I tried to open Firefox for the first time, and it tried to connect to the Internet through my firewall. Because I opened it myself, I clicked the box Do not show this dialogue for this program again, then I clicked Allow. If you open a program you want to use, and the Firewall warns you that the program is connecting to the Internet, THINK before you click. Internet Explorer, Firefox, Eudora, Outlook, Citrix (for WTS) Windows or MS Office Help are all examples of things that need to connect to the Internet, so you need to let them through the Firewall. Similarly, programs that update themselves such as Acrobat or RealPlayer need to be allowed through.

A good rule to observe is ‘If in doubt, DENY’. If you don’t know what it is, don’t let it connect and see if anything stops working. Another good tip is to type into Google the name of the program trying to connect and see what it finds – you will often get a good idea of what something is.

After you have finished setting up F-Secure, you can delete the installer you downloaded.

Page 7 http://www.ucl.ac.uk/is/security/

Sections 3 and 4 have been all about F-Secure. If you are using something else, you can ignore them. However, here are some warnings.

You may prefer to use a different product. There is no problem with using something else, if you bear the following points in mind.

1. McAfee and Norton are not free, so you need to pay. They update their virus definitions every day, so if you let them become out of date, you will very quickly leave your computer at risk. (F-Secure updates virus definitions every hour)

2. F-Secure provides virus checking, a firewall, and spyware/adware protection. YOU NEED ALL THREE. If the product you choose doesn’t have all three, you need to add the missing bits. For instance, Sophos Version 7.6.4 (current) has spyware and adware detection and removal tools but NO built-in firewall. It provides the firewall as an extra, so download that separately. You do need a firewall. For further information, consult http://www.firewallguide.com/

3. If you have broadband at home, you probably already have a hardware firewall in your broadband router. However, this should not conflict with F-Secure’s one. Home use of F-Secure is covered by the UCL license, as is Sophos. You could also consider AVG, a free anti-virus product provided by Grisoft - http://free.grisoft.com/

5 Remove SpywareSpyware is software that covertly gathers user information through your Internet connection without your knowledge, usually for advertising purposes. Spyware programs are frequently bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet.

Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Such programs can monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. Spyware can gather information about e-mail addresses and even passwords and credit card numbers. Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but thee agreement may not always be read completely because it is often couched in obtuse, hard-to-read legal disclaimers.

Aside from the questions of ethics and privacy, spyware steals from you by using your computer’s memory resources and also by eating up bandwidth as it sends information back to the spyware's home base via your Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

If you are using F-Secure, you are protected already. The current version of F-Secure for workstations has spyware and adware detection and removal tools. Installing additional anti-spyware programs may prevent F-Secure from working properly or slow the entire system down. Sophos also has spyware protection.

If you don’t have any Spyware protection, you definitely need it. Microsoft produces an excellent free one, called Windows Defender. (not available for Windows 2000) It will scan your hard disk, find any Spyware, describe the risks associated with anything it finds and advise you what to do about it. It will also continue to monitor your computer to see if anything is being downloaded without your knowledge. Windows XP users should download it from www.microsoft.com, and is, at the time of writing still free. Windows Vista users will find they have it installed already.

Page 8 http://www.ucl.ac.uk/is/security/

Alternative well known products for Windows XP users are Ad-Aware and Spybot. (Type either of these into Google, and you’ll be offered various download sites.) These are both good, but the free versions of these programs do not monitor your computer, so if you decide to use one of these, you must scan your disk regularly for spyware – preferably every day.

The latest version of Internet Explorer - 7- incorporates pop-up blocking, as well as a Search box which you can direct at Google when you set up the software for the first time. The software does not distinguish between pop-ups you want and pop-ups you don’t want, so you may see that a pop-up has been blocked when you click on a link. You will then have to allow pop-ups on that site. You can also use the Google Toolbar as well if you want, which also blocks pop-ups. You can get it from http://toolbar.google.com/

Provided you turn on the Phishing filter, Internet Explorer 7 will also warn you if you find yourself on a ‘phishing’ site - a bogus web site where you are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that a legitimate organization already has.

What Next?

You PC has been set up safely, but there are other things you need to do.

1. You need to keep the PC clean by clearing your temporary files and temporary Internet files regularly

2. You need to backup your data3. You need to consider if some or all of your data needs to be encrypted.

These topics will be explored in a further session.

Page 9 http://www.ucl.ac.uk/is/security/