Keeping Your PC Secure

Recent outbreaks of various worms and viruses have demonstrated the importance of keeping all PCs secure. These programs took control of hundreds of thousands of computers, and their attempts to find more PCs to infect swamped the Internet. And the big ones were relatively benign--they did nothing but attempt to propagate themselves. Had they been programmed to do something harmful after taking over a computer, it could have been much worse.

The Threat

Today's computing environment is extremely complex and interdependent. All of the systems that make it work, from Windows running on your PC to the Internet protocols that connect servers, are under constant scrutiny from a variety of sources. Most of the time security problems are discovered by the "good guys," security professionals in academia, business, and government. The usual procedure is to report the problem to the company making the software, give them time to fix it, and then make an announcement after a patch is available. The alternative is to let the "bad guys" find the problem before anyone else knows it is there.

The problem is that once a bug has been identified and announced, writing a bit of code that exploits it is usually not difficult. Thus it is almost inevitable that someone will write a piece of "malware" (malicious software) and try to make it spread. It's just a matter of time--usually days.

Malware comes in two main varieties. Viruses are probably more familiar. These are malicious programs attached to email messages. Generally the user must open the attachment itself for the virus to run--yet SoBig.F infected about 150,000 computers. The second variety, worms, require no human intervention: an infected computer will repeatedly pick a random Internet address and try to infect the computer that owns it. This means the rate at which it can spread is limited only by the available bandwidth, the number of vulnerable machines, and how the worm is written. The SQL Slammer worm is estimated to have infected 90% of the vulnerable machines in the world in about ten minutes.

It is not clear how much harm recent malware authors intended to do. Some did nothing but try to infect other computers. Others tried to bring down "establishment" web sites such as those belonging to Microsoft or the White House. One patched the computer it infected, fixing the security hole that allowed it to take over the machine before other malware could do so!

However, even the "best" malware consumes bandwidth at an enormous rate as it attempts to spread. The SQL Slammer worm, for example, all but shut down the Internet in South Korea, as well as many ATMs, despite doing nothing but propagating itself. When SoBig.F hit campus, traffic on SSCC's email server almost tripled, and DoIT shut down their email server. Finally the malware must be removed from each machine it has infected--estimates of the cost to clean up after Blaster run in the tens of billions of dollars worldwide.

But it could be worse. Once malware has control of a computer, it could then give control to the malware's author. Malware that does so has thus far been much less widespread. There have been cases where private information such as user names, passwords, and credit card or bank account numbers have been stolen from the hard drives of infected computers. Some viruses install spyware used by mass marketers. Infected computers have been used to distribute spam, pirated movies and software, or pornography. Large numbers of infected computers have been harnessed to attack a variety of web sites, flooding them with so much traffic that they cannot respond to legitimate requests.

All of this makes it vital that every PC connected to a network be kept secure. This is reflected in the campus policy on networked computers. Every computer attached to a network must 1) keep its operating system up to date, and 2) run up to date antivirus software. Fortunately this is not difficult to do.

If your computer logs in to the PRIMO domain, we will take care of this for you automatically. Just make sure that you tell your computer to restart when you leave for the day, so that the patches can take effect and it will be all ready for you in the morning. But for your home PC, or any other PC that doesn't log in to PRIMO, follow the steps below.

Updating Windows

The ultimate defense is bug-free software that cannot be compromised. While we'll never reach that ideal, every patch you install should bring you closer. Recall that most malware depends on exploiting problems that have already been identified and fixed. Thus if you've installed the fix on your PC, you are safe from that exploit. Fortunately, having had to do this many, many times and having been much criticized in the process, Microsoft has made it quite easy to get patches that fix problems with Windows.

Start up Internet Explorer (surprisingly enough this won't work with other browsers) and go to windowsupdate.microsoft.com. You'll be automatically redirected to a Microsoft page with a name that's much harder to remember. The first time you go to this page, you will be asked to allow installation of a program that checks what updates you have and what you need. It’s safe to allow this. If you choose not to, you will not be able to use the automated Windows Update, and will have to locate and install updates yourself.

After this plug-in is installed, your web browser will show a slightly different page, with a place to click to Scan for updates.

Click on Scan for Updates, and it will identify what operating system you have, what updates are available, and what updates you already have installed. If there are any updates you need, that information will appear on the left. You will be encouraged to install critical updates first.

The critical updates are the ones that will prevent your computer from being infected. They deal with security issues or with problems in the operating system that will affect how your computer runs. Install all of these.

The Windows updates deal with a variety of less essential topics and issues. Some are language-specific, and may of no use to you. Some deal with adjunct programs that you may not have installed, such as the .NET framework or the Windows Media Player. You can decide whether or not you want to install each of these on an individual basis.

If your operating system is Windows 2000 or Windows XP, you will also see driver updates. These are not required, but they are worth installing. Microsoft is working with hardware manufacturers, and the drivers come from the manufacturers – Microsoft is just assisting with distribution. However you may see better results getting the drivers directly from the manufacturer.

Click Review and install updates, and you'll be given a list of critical updates to install. Click on another category and you'll be given the list of updates to install for that category.

It could happen that one or more of the available updates need to be installed separate from any other updates. That will be noted in the brief description. Otherwise you can install them all at the same time.

When you have removed any that you don’t want to install, click the Install Now button. Sometimes you will get a license agreement box:


You need to accept the agreement in order to install the updates.

Then the updates will begin to download and install:

When the installation is completed, you will be informed by a note in your web browser. You may also need to restart your PC:

You will have to restart for the updates to take effect. If it’s an update related to a security issue, it’s best to restart immediately. If not, it’s ok to wait until you are done working for the day.

Because some updates must be installed separately, finishing this process once does not mean you're done. As soon as your computer reboots, go back to windowsupdate.microsoft.com and have it scan your computer again. It will tell you when there are no more critical updates to install at this time.

Microsoft normally releases updates on the second Tuesday of every month, if needed. Of course if there is an urgent problem they will release a patch as soon as possible. So plan to update your computer every month, but if you hear of any new virus or worm threats, take a moment to check if there is an associated patch.

Software updates

Windows is not the only program out there with bugs in it. Most software is not completely perfect and foolproof when it is released. Because of this, there are often updates and patches for specific programs, just as there are for the Windows operating system. Bugs in other software rarely pose the security risk that a bug in Windows can, but they can cause problems for you.

For the most part, you should look for software updates, patches, and fixes on the web site of the program developer. For example, check for WordPerfect Office updates at www.corel.com. Most often, they will be in a section called “downloads”, “support”, or “updates.” Some more recently developed software can check for updates for you, particularly if you always have internet access, and will tell you when there is an update available. Each update should have installation instructions. There is no standard way to install or update a software package.

Updating Antivirus Software

A second line of defense against malware is antivirus software: programs that detect and can usually eliminate malware. Good antivirus programs protect your computer in two ways. The first and possibly more familiar, is that it can scan your computer, searching your memory and hard drive for known malware. The second is that it will run in the background and attempt to block malware when it first attacks. This "real time protection" will usually prevent malware from ever installing itself on your computer.

DoIT has purchased a license for Norton Antivirus that allows UW faculty, staff and students to install it on their machines for free (see https://techstore.doit.wisc.edu/nav/nav_login.asp). SSCC recommends you install Norton Antivirus (and this article will give detailed directions for keeping it up to date), but you are free to use any antivirus software you wish.

However, any antivirus software can only locate or block malware if it knows about it. When new malware is detected, the makers of antivirus software immediately go to work figuring out how to have their program defend against it. They will then make new "virus definition files" available, telling their program about the new malware.

But this does no good if the new virus definition files are not installed on your computer. Good antivirus software makes this very easy. Each program is different, but it should be fairly obvious how to update your virus definition files.

Updating Norton Antivirus

Assuming you installed it, Norton should already be running in the background, providing real time protection. If so, there will be a small yellow icon in the lower right of your screen:

Start Norton Antivirus by double-clicking on this icon. If you don't see it, contact the Help Desk. Once the Norton window opens, click on the LiveUpdate button.

Norton Window

You'll be asked how to connect to the LiveUpdate server. Assuming you have an internet connection just click Next.

Norton will then check to see if any components need updating, including the virus definition files.

If there are any updates, Norton will obtain and install them automatically. Just click Finish when it's done.

Setting Norton to Update Automatically

You also have the option of having Norton download the latest virus definition files automatically, and this is highly recommended. In the main Norton window click File, Schedule Updates. You'll see the following:

Check Enable scheduled automatic updates and then click the Schedule button.

Norton normally releases updates on Thursdays, but will release virus files as soon as possible when needed. So for the best protection you may want to update daily, but weekly will suffice. Choose a time of day when your computer is likely to be on, but Norton will do updates later if it misses one.

Connecting to the Internet through a Router

Home PC's with broadband connections to the internet (cable or DSL) are more vulnerable to worms in that they are connected to the internet continuously. But you can easily provide a third layer of protection by connecting through a router. This is not necessary (or possible) if you are using dial-up.

The original purpose of a router was to allow more than one PC to share a single internet connection and IP address, but it has turned out to be a useful device even if you only have one PC. When a PC behind a router requests something from a server, say, a web page or an email message, the router takes the request and sends it out as if it came from the router itself. But the router keeps track of which PC made a request of which server so when it gets the reply it can route the reply to that PC.

What happens if a "reply" comes that no PC requested? It is simply discarded, and that's why a router protects PCs fairly well against worms. The router will not route the worm's infection attempts to a PC because it knows that no PC requested them.

Most routers also include a firewall. A firewall blocks illegitimate attempts to connect to your PC from the Internet, providing even greater protection. If you're buying a router make sure it has a firewall, but almost all of them do.

Simple, cheap, routers are available from places like CompUSA or Best Buy. LinkSys is a particularly good brand. Many routers include wireless capabilities, but these are typically more expensive. Installation is easy and should be well-documented. Usually it's just a matter of plugging your cable or DSL modem into one side and your computer into the other and then turning all three on. Everything should happen automatically from there.

Getting Help

SSCC staff are eager to make sure your computer is secure--especially if it is connected to the building network. If you are bringing a computer into the building (laptop or desktop) please contact the Help Desk to set up a time for us to both configure it for the network and to make sure it is secure.

If you believe your computer is infected, please contact us at once. Just one caveat--almost all email viruses forge the From: field in the messages they send. So if someone tells you they got a virus that said it was from you, it almost certainly came from someone else. On the other hand, what we'd really like to do is help you prevent your computer from being infected. If for whatever reason you have difficulty taking the steps described in this article, please don't let that stop you. We'll be happy to help.

Last Revised: 6/16/2004