StartSafe - Without these initial steps, your computer is almost guaranteed to be infected and your information compromised

Click the link below corresponding to your situation to determine the proper StartSafe steps:

• Students setting up a new computer that has never been connected to the Internet in the past

•   Home or residence hall computer

• JMU owned computer

Optional Risk Reduction Measures that will protect you and your computer even more

The steps described in the sections above are the absolute minimum steps required for all computers. If they are not done, the computer is almost certain to be infected and compromised. These steps are equivalent to buckling a seat belt before driving. The following steps are more advanced, requiring additional computer knowledge and/or a willingness to trade some convenience, time, or functionality for additional risk reduction. These steps are oriented toward individuals more proficient with computers or as guidelines for support staff implementing organizational standards.

Intermediate Risk Reduction Measures

• Use a standard user account for day to day use. This step will be the greatest defense against threats with the least tradeoffs. Instructions for Windows XP computers can be found here ( procedure for Windows Vista and Windows 7 is similar except that the account is called 'standard' instead of 'limited' ). For Macintosh computers, click here. For unix computers, don't use the root account.
• If you set up a wireless network or make frequent use of public wireless networks review this material Wireless Network Usage and Setup Information
• Windows specific:
  • Upgrade to Internet Explorer 9. It has many features and improvements to reduce risk.
  • Enable the Data Execution Protection (DEP) feature on Windows for all programs. This may cause problems with some programs but any that experience problems can easily be put in an exception list. If you get a message about a program you start being closed to protect your computer, it will give you an option to change settings so you can add the program to the exception list making it easy to use.
  • Enable auditing using local security policy or group policies
  • Use Microsoft's Baseline Security Analyzer tool  on a bimonthly basis and after changes to check your work. It will report many common security mistakes.
  • Disable the ability for the administrator account to login to the computer over the network using local security policy or group policies 

Advanced Risk Reduction Measures

Generally harder to accomplish and more visible than the intermediate steps

• Use Windows XP/Vista Software Restriction Policies or Windows 7 AppLocker to limit the computer to running only approved programs. This is particularly recommended for shared or unattended computers or those used by children.

• Disable scripting and other browser functionality that increases risk. If using Internet Explorer, you can do this selectively allowing trusted sites to have more functionality and control over your browser than untrusted or unknown ones. Add-ons for some other browsers exist ( e.g. noscript for Firefox ) to provide similar functionality.

• Disable all unnecessary processes, services, and network listeners.

• Use file integrity monitoring software  to detect system changes

• Use host intrusion detection/prevention software ( e.g. Snort, Windows Defender ) to warn about or stop defined network or system behaviors.

• Monitor system and application logs for unusual activity. This is best done with automated log parsing and reporting tools.