Click here to return to the James Madison University main page
  
 Computing Home | Self-Help | Accounts Info | Downloads | e-campus | Forms | Passwords | JMU  July 24, 2008


Search Computing
Site map
Updates
System Alerts
Security and Virus News
Computer Security
Computer Security Home
StartSafe
R.U.N.S.A.F.E.
Hot Topics - Current Issues
Critical Security Updates
Cleaning Windows Infections
Internet Fraud
SPAM
Report Computer Security Incidents
Security Awareness (only accessible on-campus)
Policies
 
Contact Us:
flynngn@jmu.edu
540.568.2364
Policy & Security
Computer Security
Computing Policies
R.U.N.S.A.F.E.
Report a violation
Computing Links
AVP Information Technology
CampusLink
CampusNet
Computer Purchases
Computing Support
Database Administration
Desktop Services
e-campus
HelpDesk
Information Systems
Labs
Network Engineering
PC Services
Systems and Operations
Technical Services

 

StartSafe Information for Existing Home and Residence Hall Computers

last updated: Friday May 16, 2008 01:03 PM

If you must store sensitive data associated with JMU business or constituents on a laptop or other portable device, contact JMU Security Engineering at it-security@jmu.edu for assistance.

 

Most of these instructions apply to Windows computers. For others:

 

For Windows computers:

 

STEP 1 - Enable the firewall on Windows XP and Windows 2003 Computers. If possible, do this before the computer is ever connected to a network. Note - New Windows XP computers, those running Windows XP Service Pack 2, and computers running Windows Vista have their firewalls enabled by default so no action needs to be taken.

We must enable a firewall to keep criminals and their programs (viruses, worms, etc.) away from the defects on our computers. This will allow us to connect to the Internet and install updates to fix these defects. Afterwards, the firewall will help protect us against future defects and operating mistakes. This step is only necessary for Windows 2000, Windows XP, and Windows 2003 computers.

Windows XP and 2003:

  1. Click Start
  2. Click Control Panel.
  3. Click Network and Internet Connections
  4. Click the Network Connections Control Panel Icon
  5. Right-click Local Area Connection and select Properties
  6. Click the Advanced Tab. If you don't have an Advanced Tab, right-click Local Area Connection again and click Remove from Bridge. Then go back to Properties and Advanced Tab.
  7. Check the box labeled "Protect my computer and network by limiting or preventing access to this computer from the Internet".
  8. Click OK
  9. Connect to the network
  10. Restart the computer

 

Windows 2000 (optional but recommended)

  • Right-click here, select Save Target As.., and download the firewall2000.exe file.
  • Create a folder to store the firewall files.
  • Double-click the downloaded firewall2000.exe file and tell it to install the firewall files in the folder you created.
  • Double-click the firewall.hta file in that folder
  • Select Protect My Computer
  • Click Start.
  • Restart the computer

    •  

    STEP 2 - Download and Install All Critical Updates from the Microsoft Windows Update Web Site

    This step will fix the defects in Windows software that lets criminals take control of our computers (and our privacy, our identity, our network, etc.). This step can be time consuming because there are so many security updates to install, particularly for older computers. A later StartSafe step will have you configure your computer so it keeps itself up to date so you don't have to do this again.

    You must repeat the process until you're told that no more critical updates are available. Doing it once may leave you vulnerable.

    To update your Windows Vista computer:

    • Open Internet Explorer ( other browsers won't work )
    • In the menu bar, click Tools and then select Windows Update
    • In the Control Panel window that pops up, click Get updates for more products. This will start the installation of the Microsoft Update program which will better keep your computer up to date than the older Windows Update program.
      • Accept the terms of use.
      • Click install.
    • When the Control Panel window reappears, click Check for Updates and follow the remaining directions. You'll need to repeat this process until there are no more critical and security updates available.

    To update your Windows 2000, XP, or 2003 computer:

    • Open Internet Explorer ( other browsers won't work )
    • In the menu bar, click Tools and then select Windows Update.
    • If you see "NEW! Get Microsoft Update Today", then
      • Follow the instructions to install the new Microsoft Update program which will better keep your computer up to date than the older Windows Update program. Then come back here.
    • Otherwise,
      • Follow the instructions to update your computer. You'll need to repeat this process until there are no more critical and security updates available.
    • If you need them, instructions showing screen shots are available here but may vary somewhat from what you actually see depending on versions and platform.

    Older Microsoft Windows operating systems ( 95, 98, ME, NT ) are no longer supported, are not provided with security updates, and cannot be secured so they should not be used, particularly on a network.

     

    STEP 3 - Download and Install All Critical Updates from the Microsoft Office Update Web Site

    This step will fix the defects in Microsoft Office software that let criminals take control of your computer (and your privacy, your identity, our network, etc.). The process is relatively simple with three caveats:

    If you are running Microsoft Office 2000 ( as opposed to newer versions of Office ), download and install the Microsoft patch that makes Office 2000 work like more recent versions helping to protect you from automatic exploitations of future Office defects.

    JMU has purchased a license for Microsoft products making newer versions of Office available to faculty and staff for their home computers under the "Work at Home" license terms. Upgrading Office 2000 to a newer version is particularly recommended. Installation CDs are available from the JMU Bookstore for $5-$6.

    STEP 4 - Set up your computer so it automatically downloads and installs future updates

    Once you are caught up with current critical Windows updates, you'll need to install new ones that come out about monthly. You can do this manually, or, if you have a Windows 2000, XP, or 2003 computer, you can set it up so that it takes care of itself. Your computer will check for updates, download them, install them at a time specified by you, and reboot all on its own.  If your computer is turned off at your selected installation time, it will perform the installation the next time it is powered on.

    To set up the automatic updates, follow the instructions at Microsoft's Automatic Update Site.

    Note - The Microsoft  update service does not support Office 2000 ( including Outlook ) products. If you are using Office 2000, you will need to visit the Microsoft Office Update web site once a month.

     

     

    STEP 5 - Install Anti-Virus Software Provided by JMU

    Anti-virus software must be installed to protect us from criminally written programs that we may inadvertently run on our computers or that criminals may caused to be run by using unknown defects. JMU has purchased a site license for Symantec Corporate Edition that allows all faculty, staff, and students to use the software both at the office and at home. The advantage of using this software is that it is provided pre-configured to offer the best security and is fully supported by the JMU Helpdesk. TO PREVENT PROBLEMS, ALL OTHER ANTIVIRUS SOFTWARE SHOULD BE UNINSTALLED FROM YOUR COMPUTER. We have experienced instances where the installation of the Symantec software on computers that have other anti-virus software installed destroys the computer necessitating a complete rebuild.

    The Symantec anti-virus software can be downloaded from the JMU Computing Downloads web page. On a dial-up line, this can take several hours.

    If you find that your computer is already infected with a virus that cannot be removed by the Symantec software, you will have to download and run special cleaning tools using a special procedure. Guidelines can be found by clicking here.

    Having anti-virus software does not protect you from new viruses that are released daily. A clean virus scan of a program does not mean its safe to run.

    You cannot legally install or distribute the JMU licensed Symantec anti-virus software on computers owned by people who are not current students or employees of JMU. You can, however, get free anti-virus software elsewhere. Here are three review articles on free anti-virus software products:

    http://www.pcmag.com/article2/0,1895,1864601,00.asp
    http://www.pcworld.com/reviews/article/0,aid,124475,00.asp
    http://antivirus.about.com/od/antivirussoftwarereviews/a/freeav.htm?rd=1

     

    STEP 6 - Make sure you have a STRONG password set on the Administrator account on Windows NT, 2000, XP, and 2003.

    Windows computers allow people and programs (or criminals and viruses) that can guess the Administrator password to take full control of your computer over the network. This happens quite often.

    If, when you follow these instructions to set the password, you get an error message like "access denied" it means you're logged into the machine with a non-privileged account. Simply logout (Start->Log Off (username)) and log back in as Administrator using a blank password. If your computer normally logs into Novell, you'll need to click the box on the login screen that says "workstation only" so you only log in to the local computer and not Novell.

    • On Windows NT systems:

       

      • Click Start->Programs->Administrative Tools->User Manager.
      • Double-click the Administrator entry and set a strong password..
      • Do not forget the password.

       

    • On Windows 2000 systems:

       

      • Right-click on the My Computer icon on your desktop and select Manage
      • Double-click on Local Users and Groups
      • Double-click on the Users folder.
      • Right-click on the Administrator icon and click once on Set Password.
      • Set a strong password.  Do not forget the password.
      • Click OK

       

    • On Windows XP systems:

      To change the Windows XP Administrator account password if you're logged in as Administrator:

      • Hit the Ctrl Delete and Alt keys simultaneously.
      • Click Change Password
      • Type Administrator into the user box.
      • Type in a new strong password twice. Do not forget the password.
      • Click OK.

      To reset the Windows XP Administrator password:

      • Right-click on the My Computer icon on your desktop and select Manage
      • Double-click on Local Users and Groups
      • Double-click on the Users folder.
      • Right-click on the Administrator icon and click once on Set Password.
      • Set a strong password.  Do not forget the password.
      • Click OK

     

    STEP 7 - Configure your computer to display file names correctly

    Windows hides the real names of files from you which makes it easy for virus writers to fool you. It also makes it difficult to do something which should be simple - change a file name. You can tell your computer to tell you the truth about most file names by making the simple change below.

    On Windows Vista computers:

    • Click Start
    • Select Computer
    • Select Organize
    • Select Folder and Search Options
    • Click the View tab
    • Scroll down to the line "Hide file Extensions for known file types" and uncheck the box next to it.
    • Click OK

    On Windows XP, 2000, and 2003 computers:

    • Double-click My Computer
    • Click the Tools Menu item and then select Folder Options
    • Click the View tab
    • Scroll down to the line "Hide file Extensions for known file types" and uncheck the box next to it.
    • Click OK

     

    STEP 8 - Run a Spyware Removal Tool on Your Computer

    Note: Anti-spyware and anti-virus programs are always out of date and susceptible to the newest threats. Using the optional safer account described at the bottom of this page can prevent even new ones from being able to fully infect your computer. If you use such an account, you do not need to install the anti-spyware software described here.

    Several types of malicious programs not detected by anti-virus software have become common on the Internet and many computers have become infected with them. These programs can compromise your privacy and cause your computer to operate poorly. Two tools, Adaware and SpyBot, are available on the JMU Computing Downloads site.

    Depending upon your browsing and download/software installation habits, it would be a good idea to run one of these programs monthly. You can use the Windows Task Scheduler to start this automatically so you don't have to remember. Simply set up the Widows Task Scheduler to run it, for example, on the second Thursday of every month or whatever schedule would be best for you. To set this up following these instructions:

    • Click Start -> Programs -> Accessories -> System Tools -> Scheduled Task
    • Click Add Task
    • Select the program and schedule you want to run. It is not necessary to run both anti-spyware programs every month unless you are very promiscuous about your web browsing and download/software installation habits.

     

    Step 9 - Install  security updates for other software you may have installed ( e.g. iTunes, Winamp, Firefox, QuickTime, RealPlayer, Skype, Flash, Adobe Acrobat Reader )

    People often add programs to their Windows computer. Many of these programs have security defects that can allow criminals and viruses to take control of the computer. Check the list of critical security updates for software that you may have installed on your computer. You only need to update these programs if they have been installed on your computer. A list of programs installed on a Windows computer can be found in the 'Add or Remove Programs' Control Panel.

    Download locations for programs commonly installed that have serious and/or actively exploited security defects are listed below:

     

     

    STEP 10 - Configure your e-mail client to keep your communications with the JMU e-mail server private

    If you use an IMAP or POP e-mail client ( e.g. Outlook, Thunderbird, Entourage, Netscape, Eudora ) set it up to require SSL protected sessions. Instructions for the JMU e-mail service can be found here.

    In addition to ensuring your communications are private, if you don't do this, you may not be able to reach the JMU e-mail server from off-campus.

     

    Step 11 - Password protect your screen saver

    Set your screen saver up so that you're required to type your password before it will unlock. On Windows XP:

    • right-click any blank portion of the screen and select properties
    • click the Screen Saver tab
    • Click the On resume, password protect checkbox

     

    Step 12 ( optional but STRONGLY recommended )  - Set up and use a safer account for day to day use

    Safer accounts for day to day use on Windows XP and Vista computers can be set up fairly simply. If you want to take one more step that will reduce risk more effectively than many of the other recommendations, set up a limited account on your Windows XP computer for day to day use ( procedure for Windows Vista is similar except that the account is called 'standard' instead of 'limited' ).

    Most of today's viruses and spyware will not install when using such an account. If they do install, their damage will be limited.

    If you don't use such an account, the chances are high your computer will be infected with Spyware and other unwanted programs, particularly if you use Internet Explorer as your browser.

     

    Step 13 - Review Information on Safe Operating Practices and Current Threats and Issues

    Once you have set up your computer in a way that will protect it and you, it is important to realize that your operating habits can reverse all the work you've done and allow criminals or viruses to take control of your computer or information. Please review the JMU Computing Security web page for guidelines on operating it in a safe manner, common mistakes, and current threats and issues. If you handle constituent, partner, financial, or other sensitive information, please review the Protecting Sensitive Information material. JMU sensitive information must not be stored on personally owned computers or devices. Such data may only be stored on approved JMU owned devices and only with prior approval.

     

    Addendum:

    • File/Music Sharing Programs
    • USB Portable Storage Devices

     

    File/Music Sharing Programs

    If not configured, maintained, and operated properly, file sharing programs may be the cause of numerous problems:

     

    • They may share sensitive information stored on your computer with the whole world
    • They may share copyrighted information stored on your computer exposing you to serious fines, legal problems, and/or action by JMU offices such as Judicial Affairs, Human Resources, and JMU IT.
    • Security defects in the software may allow others to take control of your computer
    • They may expose you to malicious files

    The University of Chicago has published a comprehensive web providing instructions to prevent popular file sharing programs from publishing to the Internet. It is strongly recommended that you use the instructions to disable publishing.

     

    USB Portable Storage Devices

    There are large numbers of malicious programs circulating that will infect such devices or allow such devices to infect computers to which they are connected. USB devices include USB keys, USB disk drives, cameras, and digital picture frames. Risk reduction measures:

    • Do not plug or allow others to plug unknown or untrusted USB devices of any type into your computer, particularly if the computer processes or stores sensitive data. On Windows computers, hold the shift key down while inserting the device and continue holding it down until windows tells you the device is ready. This will disable any autorun functionality. You may need to double click the folder to view the contents and, if trusted, open individual files.
    • Use caution when plugging your USB device into an unknown or untrusted computer. If the device has a write protect switch, use it. If the device contains sensitive data, do not plug it into unknown or untrusted computers at all.

     

     

     

     

     
    JMU Division of Administration and Finance James Madison University Website
    Publisher:  Security Engineering   Contact: Security Engineering
    Last Revised: May 16, 2008 Privacy Statement