Update our computers regularly.

Defects are frequently found in almost all commercial and open-source computer software. Many of these so-called bugs are just a nuisance but some of them can result in the ability of third parties to run their code on our computers without our permission. This allows them to take control of our computers for their own purposes. Of particular importance, are defects in programs that interact with other computers over the network. A defect in this type of program can enable our computers to be compromised from a remote location. With 600 million of us connected together around the world, that presents a lot of opportunity for mischief...or worse.

Running a computer with such vulnerable software on a network is like leaving the doors of our homes and offices wide open for anyone to enter. The difference is opportunity. Because of our Internet connectivity, people can go through open computer doors from anywhere in the world in seconds almost undetected. Because this activity is almost continuous, a vulnerable computer will be found and compromised in short order.

People don't need to be experts to perform a sophisticated crime. One expert can write a program that gives anyone that downloads it the benefit of the expert's knowledge.

We see scans and probes looking for open doors in our networked computers almost every day as do others. Tools exist that automatically scan large segments of a network and exploit any vulnerable systems that are found giving the user of the tool a cadre of compromised computers for later perusal and expansion. Worms, such as Code Red and Nimda, automate the scanning and exploit process to spread themselves. Most software is out-of-date and full of vulnerable defects on the installation CDs and even sometimes when downloaded from vendor web sites. Scanners and automated worms may find a vulnerable server almost as soon as it is connected to the network. A freshly installed Windows computer can be infected within minutes of it being connected to the network.

Defects in almost any type of software may result in a computer's compromise:

• Defects in client software like web browsers and email readers may allow others to run code on our computer if we receive hostilely formatted email, scripts, or web pages. Such is the case with the Kak virus.
• Defects in server software like web, ftp, and file sharing servers may result in allowing others to run code on our server by improperly handling maliciously created service requests.  Software doesn't have to service hundreds of people to qualify as a server. Microsoft peer file sharing on a Windows 95/98 box is a file server. The Personal Web Service started along with Front Page on a Windows 95/98 box is a web server. Napster, gnutella, and Scour are file servers.
• Defects in core operating system software like Microsoft Windows and Unix may result in allowing unprivileged operators to execute hostile code as a privileged process thus compromising our computer.
• Even defects in seemingly innocuous software like printer drivers and network games have bee known to have security implications.

We can prevent most of these issues from causing us problems by regularly updating our software.

All computer operators:

Defects in popular add-on programs are often discovered that are not covered by automatic update sites. If you run any of the following programs, you will need to visit the vendor's site to make sure you have the most recent, and secure, version:

• Instant Messaging Programs (AOL IM, Yahoo Messenger, Trillian, etc.)
• Media players (RealOne, RealPlayer, Winamp, etc.)
• Document viewing programs (Adobe Reader, Shockwave, etc.)

The Cassandra service will allow you to set up profiles indicating products of interest to you and receive email notifications when vulnerabilities associated with those products are reported. The service is offered by the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.

Microsoft Windows Systems

Due to several defects discovered in Microsoft Windows NT, 2000, XP, and 2003 since August 2003, and associated exploitation of those defects by automated worms and criminals, it is no longer safe to plug a new computer running those versions of Windows into a network without following special procedures. To do so would mean a race against worms and hackers to get patches installed. Before connecting such a computer to any network, follow the StartSafe instructions for new Windows computers.

Recommendations for Windows Desktop Operators: (note: Microsoft no longer supports Windows 95 and 98)

• Follow StartSafe procedures to set up automatic updates.
• Use Microsoft's Baseline Security Analyzer tool to check Windows NT, 2000, XP, and 2003 systems for updates and best practices configuration recommendations when the computer:
  • Is used to access accounts with elevated privileges.
  • Runs remotely accessible services such as web, database, or file shares.
• If Microsoft Office is installed and you're running Windows 2000, visit the Office Update Site monthly. You'll need the original distribution media to install Office patches.
• Double-click the Norton Anti-Virus gold shield icon in the lower left of your screen. A Norton window will come up. Check the date of the Virus Definition File. If it is more than two weeks old, the Norton Anti-Virus program is not updating itself correctly. Click here for further instructions.
• Upgrade or replace software which Microsoft doesn't support with security patches. Of particular importance in this respect are: 
  • Internet Explorer versions 3 and 4  
  • Office 97 and 98 for Windows
  • Windows 95. 98, and ME
• Cygwin users must also check for defect updates in Unix programs packaged with Cygwin or installed separately. For example, OpenSSH.
• Review computer security Hot Topics page at least monthly for announcements of software defects or other issues that may affect you.
• The Microsoft Office Web Site offers an update service similar to the Windows Update Service. It is accessible through the "Update Your Software" link. It addresses security defects in the components that make up Microsoft Office. It is not on the general list of recommendations for Windows operators yet because of the need for distribution CDs to apply some of the patches and the desire to create consistent, simple installations using the Novell ZEN product.

Recommendations for Windows Server Operators:

• NEVER bring up a server until all patches and configuration changes have been completed. Unpatched servers have been found and compromised in minutes by automated worms and scripts. Install the software while the machine is disconnected from the network, make sure all servers are shut down, connect to the network and download the patches, disconnect from the network, and apply patches.
• Use Microsoft's Baseline Security Analyzer tool to check Windows NT, 2000, XP, and 2003 systems for updates and best practices configuration recommendations. Windows Update is not sufficient for servers. It does not check some software for updates nor does it check for vulnerabilities due to configuration mistakes.
• Subscribe to Microsoft's Security Bulletin Mailing List and apply patches as soon after they are announced and can be tested as possible. 
• Cygwin users must also check for defect updates in Unix programs packaged with Cygwin or installed separately. For example, OpenSSH.
• Review computer security Hot Topics page weekly for announcements of software defects or other issues that may affect you.
• If you install non-Microsoft software, subscribe to vendor security bulletins or check their web site regularly for updates.

Linux and other Unix Systems

These systems often have server programs running after even a default desktop installation.

• NEVER bring up a server on the network until all listening services have been stopped. Unpatched servers have been found and compromised in minutes by automated worms and scripts. Install the software while the machine is disconnected from the network, make sure all services started in the inetd.conf file, /etc/rc* files, or your vendor's equivalent have been disabled and stopped, connect to the network and download the patches, disconnect from the network, and apply patches.
• Subscribe to vendor security bulletins and apply patches as soon after they are available as possible. Click here for a list of various vendor security sites and notification services.
• Review computer security Hot Topics page at least monthly for announcements of software defects or other issues that may affect you. Server operators should check the Hot Topics  page weekly.

MacIntosh OSX

MacIntosh OSX is based on unix. Many unix related defects also affect MacIntosh OSX.

• You can use the Apple Software Update feature to keep your Macintosh OS X computer up to date.
• Current security roll-up patches can be viewed and downloaded at http://www.info.apple.com/usen/security/security_updates.html
• If you run Windows in Virtual PC, you'll need to use the Windows Update Site to get Windows patches.
• Email notification of security defects in MacOSX can be obtained by subscribing to the Apple notification service at http://lists.apple.com/mailman/listinfo/security-announce
• Use a safer account for day to day use.

Other Systems

• Review computer security Hot Topics page at least monthly for announcements of software defects or other issues that may affect you.
• Keep anti-virus software up to date.
• If available, check your vendor's security site monthly for critical security updates.

Some vendors offer automated email notifications of new security issues. System administrators should take advantage of such services:

Note: The Cassandra service will allow you to set up profiles indicating products of interest to you and receive email notifications when vulnerabilities associated with those products are reported. The service is offered by the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.

The aforementioned sites include updates for the respective vendors' operating systems and software applications. If you're running software not written or distributed by those vendors, you'll need to visit the applicable software vendors' sites for the packages you're running. You'll need to do this on a regular basis. You can also monitor the Hot Topics! page and other vendor specific sites where notices are posted of serious security defects and the need for new patches. For example, a defect allowing the possible compromise of a computer through the popular Adobe Acrobat reader was posted to the Hot Topics! page that wouldn't be found on the Microsoft or Linux web sites.

Antivirus tools are designed to detect code patterns or behavior known to be associated with hostile code. People seem to constantly create new hostile code so, like a flu vaccine, antiviral tools must also be updated in order to recognize the new code. If you have installed the campus provided Symantec anti-virus software or had it installed for you on your office computer by Desktop Services, it will automatically and continuously update itself once it is installed. Otherwise, you will need to update the software yourself.