StartSafe Information for Existing Home and Residence Hall Computers
If you must store sensitive data associated with JMU business or constituents on a laptop or other portable device, contact JMU Security Engineering at firstname.lastname@example.org for assistance.
Steps to setup your Mac, Windows and Linux computers with JMU StartSafe security recommendations.
For Windows computers:
Windows versions prior to Windows XP Service Pack 3 are no longer supported by Microsoft and are unsafe as Microsoft no longer provides security updates for these versions. Unsupported versions include XP SP2, Windows 2000, and Windows ME/98/95/NT.
Microsoft Office versions prior to Office 2003 Service Pack 3 are no longer supported by Microsoft and are unsafe to use due to the absence of security updates. JMU has purchased a license for Microsoft products making newer versions of Office available to faculty and staff for their home computers under the "Work at Home" license terms. Please contact the JMU Bookstore for information about purchasing a “Work at Home” license.
If possible, do this before the computer is ever connected to a network. Note: All versions of Microsoft Windows after Windows XP Service Pack 2 (Vista, Windows 7) come with the firewall enabled. Therefore, unless you've disabled it, there is nothing for you to do here.
We must enable a firewall to keep criminals and their programs (viruses, worms, etc.) away from the defects on our computers. This will allow us to connect to the Internet and install updates to fix these defects. Afterwards, the firewall will help protect us against future defects and operating mistakes. This step is only necessary for Windows XP and older versions of Windows. The Windows Vista and Windows 7 firewall is turned on by default.
This step will fix the defects in Microsoft software that allows criminals to take control of your computer (including your privacy, your identity, your network, etc.). This step can be time consuming because there are so many security updates to install, particularly for older computers. A later StartSafe step will have you configure your computer so it keeps itself up to date automatically.
You must repeat the process until you're told that no more critical updates are available. Doing it once may leave your system vulnerable.
To update your Windows 7 or Windows Vista computer:
To update your Windows XP computer:
Older Microsoft Windows operating systems ( XPSP2, 2000, 95, 98, ME, NT ) are no longer supported by Microsoft. As a result, security updates are no longer provided for these versions leaving your system in a vulnerable state to newer attacks.
Once you have installed all critical Windows updates, you will need to install new updates that are released throughout each week. You can do this manually (not recommended) or you can configure Windows Update to download and install the updates for you (recommended). Your computer will check for updates, download them, install them at a time specified by you, and reboot all on its own. If your computer is turned off at your selected installation time, it will perform the installation the next time it is powered on.
To set up the automatic updates, follow the instructions at Microsoft's Automatic Update Site. Windows Vista and Windows 7 computers are set up for automatic updates by default.
Anti-virus software must be installed to protect us from criminally written programs that we may inadvertently run on our computers or that criminals may force to run on your computer by using unknown defects. JMU has purchased a site license for Symantec Corporate Edition that allows all faculty, staff, and students to use the software both at the office and at home. The advantage of using this software is that it is provided pre-configured to offer the best security and is fully supported by the JMU Computing HelpDesk. TO PREVENT PROBLEMS, ALL OTHER ANTIVIRUS SOFTWARE SHOULD BE UNINSTALLED FROM YOUR COMPUTER. We have experienced instances where the installation of the Symantec software on computers that have other anti-virus software installed destroys the computer necessitating a complete rebuild.
The Symantec anti-virus software can be downloaded from the JMU Computing Downloads web page. On a dial-up line, this can take several hours.
If you find that your computer is already infected with a virus that cannot be removed by the Symantec software, you will have to download and run special cleaning tools using a special procedure. Guidelines can be found by clicking here.
Having anti-virus software does not protect you from new viruses that are released daily. A clean virus scan of a program does not mean it's safe to run.
You cannot legally install or distribute the JMU licensed Symantec anti-virus software on computers owned by people who are not current students or employees of JMU. You can, however, get free anti-virus software elsewhere. Microsoft offers a product called Microsoft Security Essentials that is free for home computers.
Windows hides a file’s complete name making it easy for virus writers to fool you. It also makes it difficult to change a file’s name. You can configure your computer to show the full name of most files by making the simple change below.
On Windows 7 and Windows Vista computers:
On Windows XP:
Several types of malicious programs not detected by anti-virus software have become common on the Internet and many computers have become infected with them. These programs can compromise your privacy and cause your computer to operate poorly. One tool to fight these programs is available on the JMU Computing Downloads site. It is called SpyBot Search and Destroy.
Depending upon your browsing and download/software installation habits, it would be a good idea to use the extra protection provided by SpyBot.
Step 7 - Install security updates for other software you may have installed ( e.g. iTunes, Winamp, Firefox, QuickTime, RealPlayer, Skype, Flash, Adobe Acrobat Reader )
People often add programs to their Windows computer. Many of these programs have security defects that can allow criminals and viruses to take control of the computer. In fact, these programs are currently more often the target of attacks and more responsible for infections than Microsoft software. Common sites for vendor updates are listed on the JMU RUNSAFE web site. See the Securityfocus vulnerabilities web site for a more comprehensive list. You only need to update these programs if they have been installed on your computer. A partial list of programs installed on a Windows computer can be found in the 'Add or Remove Programs' section of the Control Panel.
Download locations for programs commonly installed that have serious and/or actively exploited security defects are listed below:
Keeping track of all your installed software and needed updates is tedious, time consuming, and error-prone. The company Secunia makes a product that can help with this task and has had favorable reviews. They offer a web based service you can visit with a browser that will check your computer for needed updates for a few dozen of the most popular programs. If you want, they will email you reminders on a periodic basis to rescan your computer. They also offer a more comprehensive program that can be downloaded and installed on home computers that can check for updates for thousands of programs. As always when using a web service that requires downloading software, the terms and conditions and privacy policies should be examined.
Set your screen saver up so that you are required to type your password before it will unlock.
Step 9 ( optional but STRONGLY recommended ) - Set up and use a "standard" account for day to day use
Standard accounts for day to day use on Windows are safer and easy to set up. If you want one more step that will reduce risk more effectively than many of the other recommendations, set up a "standard" account on your Windows 7/Vista computer for day to day use rather than an Administrator account ( procedure for Windows XP is similar except that the account is called 'limited' instead of 'standard' ).
Many of today's viruses and spyware will not install when using such an account. If they do install, their damage should be limited. If you don't use such an account, the chances are high your computer will be infected with Spyware and other unwanted programs.
Once you have set up your computer in a way that will protect it and you, it is important to realize that your operating habits can reverse all the work you've done and allow criminals or viruses to take control of your computer or information. Please review the JMU Computing Security web page for guidelines on operating it in a safe manner, common mistakes, and current threats and issues.
JMU sensitive information must NOT be stored on personally owned computers or devices. Such data may only be stored on approved JMU owned devices and only with prior approval (contact JMU Security Engineering at email@example.com for assistance).
Set a security PIN on all mobile devices to protect stored data and accesesible accounts
USB Portable Storage Devices
There are large numbers of malicious programs circulating that will infect such devices or allow such devices to infect computers to which they are connected. USB devices include USB keys, USB disk drives, cameras, and digital picture frames. Risk reduction measures: