Update our computers regularly.

Defects are frequently found in almost all commercial and open-source computer software. Many of these so-called bugs are just a nuisance but some of them can result in the ability of third parties to run their code on our computers without our permission. This allows them to take control of our computers for their own purposes. Of particular importance, are defects in programs that interact with other computers over the network. A defect in this type of program can enable our computers to be compromised from a remote location. With 600 million of us connected together around the world, that presents a lot of opportunity for mischief...or worse.

Running a computer with such vulnerable software on a network is like leaving the doors of our homes and offices wide open for anyone to enter. The difference is opportunity. Because of our Internet connectivity, people can go through open computer doors from anywhere in the world in seconds almost undetected. Because this activity is almost continuous, a vulnerable computer will be found and compromised in short order.

People don't need to be experts to perform a sophisticated crime. One expert can write a program that gives anyone that downloads it the benefit of the expert's knowledge.

We see scans and probes looking for open doors in our networked computers almost every day. Tools exist that automatically scan large segments of a network and exploit any vulnerable systems that are found giving the user of the tool a cadre of compromised computers for later perusal and expansion. Worms, such as Code Red and Nimda, automate the scanning and exploit process to spread themselves. Most software is out-of-date and full of vulnerable defects on the installation CDs and even sometimes when downloaded from vendor web sites. Scanners and automated worms may find a vulnerable server almost as soon as it is connected to the network. A freshly installed Windows computer can be infected within minutes of it being connected to the network.

Defects in almost any type of software may result in a computer's compromise:

• Defects in client software like web browsers and email readers may allow others to run code on our computer if we receive hostilely formatted email, scripts, or web pages. Such is the case with the Kak virus.
• Defects in server software like web, ftp, and file sharing servers may result in allowing others to run code on our server by improperly handling maliciously created service requests.  Software doesn't have to service hundreds of people to qualify as a server. Microsoft peer file sharing on a Windows 95/98 box is a file server. The Personal Web Service started along with Front Page on a Windows 95/98 box is a web server. Napster, gnutella, and Scour are file servers.
• Defects in core operating system software like Microsoft Windows and Unix may result in allowing unprivileged operators to execute hostile code as a privileged process thus compromising our computer.
• Even defects in seemingly innocuous software like printer drivers and network games have bee known to have security implications.

We can prevent most of these issues from causing us problems by regularly updating our software.

All computer operators:

Defects in popular add-on programs are often discovered that are not covered by automatic update sites. If you run any of the following programs, you will need to visit the vendor's site to make sure you have the most recent, and secure, version:

• Instant Messaging Programs (AOL IM, Yahoo Messenger, Trillian, etc.)
• Media players (RealOne, RealPlayer, Winamp, etc.)
• Document viewing programs (Adobe Reader, Shockwave, etc.)

Keeping track of all your installed software and needed updates is tedious, time consuming, and errorprone. If your Windows computer is managed by JMU IT (set up by IT Desktop Services and joined to the IT domain) many of these tedious tasks are taken care of for you. Currently, IT manages over 2000 campus Windows computers.

One company that makes a product that can help with the update task and that has had favorable reviews is Secunia. They offer a web based service you can visit with a browser that will check your computer for needed updates for a few dozen of the most popular programs. If you want, they will email you reminders on a periodic basis to rescan your computer. They also offer a more comprehensive program that can be downloaded and installed on home computers that can check for updates for thousands of programs. Installing this program on JMU owned computers violates the license terms. As always when using a web service that requires downloading software, the terms and conditions and privacy policies should be examined.

    * Click here for the web based service.
    * Click here to download the program for home computers.

Microsoft Windows Systems

Before connecting such a computer to any network, follow the StartSafe instructions for new Windows computers.

Recommendations for Windows Desktop Operators:

• Follow StartSafe procedures to set up automatic updates.
• Double-click the Symantec Anti-Virus gold shield icon in the lower left of your screen. A Symantec window will come up. Check the date of the Virus Definition File. If it is more than two weeks old, the Symantec Anti-Virus program is not updating itself correctly.
• Upgrade or replace software which Microsoft doesn't or soon won't support with security patches. Of particular importance in this respect are: 
  • Internet Explorer versions prior to version 8 
  • Windows XP
  • Microsoft Office 2003
  • Macintosh OSX Snow Leopard (10.6)
• Cygwin users must also check for defect updates in Unix programs packaged with Cygwin or installed separately. For example, OpenSSH.

Recommendations for Windows Server Operators:

• NEVER bring up a server until all patches and configuration changes have been completed. Unpatched servers have been found and compromised in minutes by automated worms and scripts. Install the software while the machine is disconnected from the network, make sure all servers are shut down, connect to the network and download the patches, disconnect from the network, and apply patches.
• Subscribe to Microsoft's Security Bulletin Mailing List and apply patches as soon after they are announced and can be tested as possible. 
• Cygwin users must also check for defect updates in Unix programs packaged with Cygwin or installed separately. For example, OpenSSH.
• If you install non-Microsoft software, subscribe to vendor security bulletins or check their web site regularly for updates.

Linux and other Unix Systems

These systems often have server programs running after even a default desktop installation.

• NEVER bring up a server on the network until all listening services have been stopped. Unpatched servers have been found and compromised in minutes by automated worms and scripts. Install the software while the machine is disconnected from the network, make sure all services started in the inetd.conf file, /etc/rc* files, or your vendor's equivalent have been disabled and stopped, connect to the network and download the patches, disconnect from the network, and apply patches.
• Subscribe to vendor security bulletins and apply patches as soon after they are available as possible. Click here for a list of various vendor security sites and notification services.

MacIntosh OSX

MacIntosh OSX is based on unix. Many unix related defects also affect MacIntosh OSX.

• You can use the Apple Software Update feature to keep your Macintosh OS X computer up to date.
• Current security roll-up patches can be viewed and downloaded at http://www.info.apple.com/usen/security/security_updates.html
• If you run Windows in Virtual PC, you'll need to use the Windows Update Site to get Windows patches.
• Email notification of security defects in MacOSX can be obtained by subscribing to the Apple notification service at http://lists.apple.com/mailman/listinfo/security-announce
• Use a safer account for day to day use.

Other Systems

• Review computer security Hot Topics page at least monthly for announcements of software defects or other issues that may affect you.
• Keep anti-virus software up to date.
• If available, check your vendor's security site monthly for critical security updates.

Some vendors offer automated email notifications of new security issues. System administrators should take advantage of such services:

The aforementioned sites include updates for the respective vendors' operating systems and software applications. If you're running software not written or distributed by those vendors, you'll need to visit the applicable software vendors' sites for the packages you're running. You'll need to do this on a regular basis. You can also monitor other vendor specific sites where notices are posted of serious security defects and the need for new patches. 

Antivirus tools are designed to detect code patterns or behavior known to be associated with hostile code. People seem to constantly create new hostile code so, like a flu vaccine, antiviral tools must also be updated in order to recognize the new code. If you have installed the campus provided Symantec anti-virus software or had it installed for you on your office computer by Desktop Services, it will automatically and continuously update itself once it is installed. Otherwise, you will need to update the software yourself.