StartSafe Recommendations for Personally Owned Windows, Macintosh, and Linux Computers (e.g. home and residence hall computers )

Phishing is as serious a problem as computer viruses. Learn how to avoid fake e-mail and web sites and protect both your JMU and personal accounts. View the video and take the IsItReal? game challenge.

JMU Highly Confidential data (e.g. SSN, banking account numbers, credit cards) about people other than yourself must not be stored on personally owned devices. Any unauthorized storage of JMU Highly Confidential or Protected Data is a violation of university policy. Such data must not be stored in a way that it is exposed to unauthorized access physically or electronically.

• JMU Data Stewardship Policy
• JMU Data Stewardship Standard
  

MacIntosh OS-X Computers (see Mobile section for recommendations for iPad, iPhone, etc)

• Use the Apple Software Update feature to keep defects fixed in your Apple software that may allow a criminal or virus to take control.
• Check vendor sites for additional software you have installed to see if they have posted security updates. If the product supports automatic updating functionality, enable it.
• If you have Microsoft Office for MacIntosh installed, set it up for automatic updates.
• Install JMU provided Symantec anti-virus software
• Configure the computer so it shows file names correctly.
  • Select Preferences under the Finder menu
  • Click on the Advanced tab
  • Check the box labeled Show all file extensions
• Risk can be further reduced by using a safer "standard" non-administrator account for day to day use. Instructions.

Linux/Unix Computers

• Configure the computer to automatically check for and install updates on a regular schedule using methods appropriate for the distribution you are using.
• Risk can be further reduced by using a safer "least privilege" account for day to day use.
• If you run a server on your computer allowing other people to connect to it, you have become a server administrator with much more stringent security requirements. https://www.redhat.com/security/

Windows Computers

Windows versions prior to Windows XP Service Pack 3 are no longer supported by Microsoft and are unsafe to use due to unavailability of security updates. Unsupported versions include XP SP2, Windows 2000, and Windows ME/98/95/NT.

Microsoft Office versions prior to Office 2003 Service Pack 3 are no longer supported by Microsoft and are unsafe to use due to the absence of security updates.

• Step 1 - Download and install all critical security updates from the Microsoft update web site
• Step 2- Set your computer up to download and install future critical security updates automatically
• Step 3 - Install anti-virus software provided by JMU
• Step 4 - Configure your computer to display file names correctly
• Step 5 - Install  security updates for other software you may have installed ( e.g. iTunes, Winamp, Firefox, QuickTime, RealPlayer, Skype, Flash, Adobe Acrobat Reader )
• Step 6 - Password protect your screen saver
• Step 7 - Set up and use a safer account for day to day use
• Step 8 -Review Information on Safe Operating Practices and Current Threats and Issues

STEP 1 - Download and Install All Critical Updates from the Microsoft  Update Web Site

This step will fix defects in Windows software that allows criminals take control of our computers (including our privacy, our identity, our network, etc.). This step can be time consuming because there are so many security updates to install, particularly for older computers. A later StartSafe step will have you configure your computer so it keeps itself up to date automatically.

You must repeat the process until you are told that no more critical updates are available. Doing it once may leave your system vulnerable.

To update your Windows 8 computer:

• Go to the Settings Charm
• Click on Control Panel
• Click on Windows Update
• Click Check for Updates and follow the remaining directions. You'll need to repeat this process until there are no more critical and security updates available.

To update your Windows 7 or Windows Vista computer:

• Open Internet Explorer ( other browsers won't work )
• In the menu bar, click Safety and then select Windows Update
• In the Control Panel window that pops up, click Get updates for more products. This will start the installation of the Microsoft Update program which will better keep your computer up to date than the older Windows Update program.
  • Accept the terms of use.
  • Click install.
• When the Control Panel window reappears, click Check for Updates and follow the remaining directions. You'll need to repeat this process until there are no more critical and security updates available.

To update your Windows XP computer:

• Open Internet Explorer ( other browsers won't work )
• In the menu bar, click Safety and then select Windows Update.
• If you see "NEW! Get Microsoft Update Today", then
  • Click the link and follow the instructions to install Microsoft Update which will help better keep your computer up to date.
• Otherwise,
  • Choose the "Express" button to start the update process.  Follow the instructions to update your computer.  You will need to repeat this process until all critical security updates have been installed.  Windows Update will notify you when your computer is fully up to date.

Older Microsoft Windows operating systems ( XP-SP2, 2000, 95, 98, ME, NT ) are no longer supported by Microsoft.  As a result, security updates are no longer provided for these versions leaving your system in a vulnerable state to newer attacks.

STEP 2 - Set up your computer to automatically download future updates

Once you have installed all critical Windows updates, you will need to install new updates that are released throughout each week. You can do this manually (not recommended) or you can configure Windows Update to download and install the updates for you (recommended). Your computer will check for updates, download them, install them at a time specified by you, and reboot all on its own.  If your computer is turned off at your selected installation time, it will perform the installation the next time it is powered on.

To set up the automatic updates, follow the instructions at Microsoft's Automatic Update Site. Windows Vista, Windows 7, and Windows 8 computers are setup for automatic updates by default.

STEP 3 - Install Anti-Virus Software Provided by JMU

Anti-virus software must be installed to protect you from criminally written programs that you may inadvertently run on your computer or that criminals may force on your computer by using unknown defects. JMU has purchased a site license for Symantec Endpoint Protection anti-virus software that allows all faculty, staff, and students to use it both at the office and at home. The advantage of using this software is that it is provided pre-configured to offer the best security and is fully supported by the JMU Helpdesk. TO PREVENT PROBLEMS, ALL OTHER ANTIVIRUS SOFTWARE SHOULD BE UNINSTALLED FROM YOUR COMPUTER before installing Symantec.

The Symantec anti-virus software can be downloaded from the JMU Computing Downloads web page.

Having anti-virus software does not protect you from new viruses that are released daily. A clean virus scan of a program does not mean it's safe to run.

You cannot legally install or distribute the JMU licensed Symantec anti-virus software on computers owned by people who are not current students or employees of JMU. Microsoft offers a product called Microsoft Security Essentials that is free for home computers. 

STEP 4 - Configure your computer to display file names correctly

Windows hides a files complete name making it easy for virus writers to fool you. It also makes it difficult to change a file’s name. You can configure your computer to show the full name of most files by making the simple change below.

On Windows 8 computers:

• Open any folder
• Click the View tab
• Check the "File name extensions" box

On Windows 7 and Windows Vista computers:

• Click Start
• Select Computer
• Select Organize
• Select Folder and Search Options
• Click the View tab
• Scroll down to the line "Hide file Extensions for known file types" and uncheck the box next to it.
• Click OK

On Windows XP computers:

• Double-click My Computer
• Click the Tools Menu item and then select Folder Options
• Click the View tab
• Scroll down to the line "Hide file Extensions for known file types" and uncheck the box next to it.
• Click OK

Step 5 - Install  security updates for other software you may have installed ( e.g. iTunes, Winamp, Firefox, QuickTime, RealPlayer, Skype, Flash, Adobe Acrobat Reader )

People often add programs to their Windows computer. Many of these programs have security defects that can allow criminals and viruses to take control of the computer. In fact, these programs are currently more often the target of attacks and more responsible for infections than Microsoft software.  A partial list of programs installed on a Windows computer can be found in the 'Add or Remove Programs' Control Panel.

Download locations for programs commonly installed that have serious and/or actively exploited security defects are listed below:

• Adobe Acrobat: http://www.adobe.com/go/getreader
• Adobe Flash: http://www.adobe.com/shockwave/download/alternates/
• Realplayer: http://www.real.com/realplayer.html
• QuickTime for Windows: http://www.apple.com/support/downloads/
• WinZip: http://www.winzip.com/wz7245.htm
• WinAmp: http://www.winamp.com/player/
• Java: http://www.java.com/en/download/manual.jsp
  • Handling Java updates is complicated. First, you have to know if it is installed. Second, you have to know which of four versions you have ( 1.4.x, 1.5.x, 1.6.x, 1.7.x ).
    
    • To verify which version of Java your computer is running visit http://www.java.com/en/download/installed.jsp and click the "Verify now" link:
    • If you have it installed, the best general recommendation is to uninstall any old versions and install the latest version of 1.7, also known as 'Java 7'. Oracle dropped public support, including security updates, for versions prior to Java 7. Macintosh computers running OSX versions 10.6 (Snow Leopard) and older cannot run Java 7. Apple is currently still supporting Java 6 independantly but owners of these older computers should start making plans to upgrade to OSX 10.8 (Mountain Lion) as soon as possible.

Keeping track of all your installed software and needed updates is tedious, time consuming, and errorprone. The company Secunia makes a product that can help with this task and  has had favorable reviews. They offer a web based service you can visit with a browser that will check your computer for needed updates for a few dozen of the most popular programs. If you want, they will email you reminders on a periodic basis to rescan your computer. They also offer a more comprehensive program that can be downloaded and installed on home computers that can check for updates for thousands of programs. As always when using a web service that requires downloading software, the terms and conditions and privacy policies should be examined.

    * Click here for the web based service.
    * Click here to download the program for home computers.

Step 6 - Password protect your screen saver

Set your screen saver up so that you're required to type your password before it will unlock.

• right-click any blank portion of the screen and select properties
• click the Screen Saver tab
• Click the On resume, password protect checkbox

Step 7 ( optional but STRONGLY recommended )  - Set up and use a safer account for day to day use

Standard accounts for day to day use on Windows are safer and easy to setup. If you want one more step that will reduce risk more effectively than many of the other recommendations, set up a “standard” account on your Windows 7 or Windows 8 computer for day to day use rather than an Administrator account ( procedure for Windows XP is similar except that the account is called 'limited' instead of 'standard'). 

Many of today's viruses and spyware will not install when using such an account. If they do install, their damage should be limited.  If you don't use such an account, the chances are high your computer will be infected with Spyware and other unwanted programs.

Step 8 - Review Information on Safe Operating Practices and Current Threats and Issues

Once you have set up your computer in a way that will protect it and you, it is important to realize that your operating habits can reverse all the work you've done and allow criminals or viruses to take control of your computer or information. Please review the JMU Computing Security web page for guidelines on operating it in a safe manner, common mistakes, and current threats and issues.  

JMU Highly Confidential data (e.g. SSN, banking account numbers, credit cards) about people other than yourself must not be stored on personally owned devices. Unauthorized storage of JMU Highly Confidential or Protected Data is a violation of university policy. Such data must not be stored in a way that it is exposed to unauthorized access physically or electronically.

• JMU Data Stewardship Policy
• JMU Data Stewardship Standard