Securing Your Personal Machine

Securing linux machines is beyond the scope of this document, it is aimed towards windows users.

Why do I need to secure my personal/home machine?

If you have a cable modem or DSL it is very likely that attackers scan your machine for vulnerabilities several times a day. However, even being on dial in does not make you immune.

Risks: A successful attacker can access your files, and then be able to access your accounts and e-mail here, get financial records, whatever you do from your PC. Or they may simply destroy your PC, or just make it very slow. Another attack might be to launch attacks from your machine on other sites, which may lead the police to your door as the origin of the attack.

However, the good news is, that with a few simple ongoing steps, it is fairly easy to thwart the vast majority of hackers. Best of all, everything here is free.

Basic Measures

There are two basic things to guard against most attacks: keeping your operating system updated, and running a current virus scanner.

Windows Update

If you are running any version of Microsoft Windows go to Windows Update to get updates. From this page click on Product Updates and allow it to install the Update Wizard. It will check your machine and post a list of updates it thinks you should have. Definitely install any of the updates under Critical Updates.

We suggest going here about once a month.

Anti-Virus

OIT provides McAffee VirusScan to all people on campus. Go to their OSU's Software Download page page. Click on Windows in the left frame, and scroll to the bottom for the current version of VirusScan. This works on all home versions of Windows.

After installing VirusScan, download the current SuperDAT file to update the virus definitions on your machine. Once downloaded you can run it to update VirusScan. (It is possible to configure VirusScan to automatically update, but getting the SuperDATs is still the easiest and best way to be sure you are up to date.)

We recommend getting a new SuperDAT about once a week.

Other dos and don'ts

• Don't open unknown e-mail attachments.

• Don't click on web browser pop ups, especially ones that want you to install software, or modify your computer.

• Don't blindly accept files through any instant messenger.

• Don't give people control or your computer through video conferencing or instant messenger software.

• Don't run IRC.

• Don't share files or printers from your PC.

• Do make regular backups of your personal files.

Spyware

Spyware is software that tracks what you do with your computer, reporting it to someone else. Spyware is often automatically installed with other dubious programs, such as Kazaa, or by clicking on web pop up ads. Programs like Ad-Aware can remove spyware.

Advanced: Sharing

It is best not to share files or printers, or even to have that component installed.

However, if you must share files or printers, at a minimum set passwords on those shares. Better, unbind the sharing protocol, NetBIOS, from TCP/IP, the internet protocol. Instead run sharing over IPX, a network protocol that won't leave your local home network, and be accessible over the Internet. Or run a personal firewall or NAT routing device.

This page has some information about disabling NetBIOS over TCP/IP in Windows 2000. It should be similar in XP. In Windows 9x, the basic procedure is the same, start by right clicking on Network Neighborhood to bring up the network properties. You would then have to add the IPX protocol and share over that. Again, it's better just not to share. Forget what you learned in kindergarten. :)

Links

• Windows Update
  

• OSU Software Downloads
  OSU's Software Download page.

• CERT: Home Network Security
  CERT's (Computer Emergency Response Team) detailed document on securing home machines

• Gibson Research
  Some tools for testing your PC's security.