Securing Your Windows PC

Malicious software or "malware" is now a profitable business and today's computers face a wide variety of threats. This article will help you secure your Windows PC against some of the most common threats we're seeing in the summer of 2010. Unfortunately, the threat environment is constantly changing and other steps will no doubt be necessary in the future.

Computers in the Sewell Social Science Building that connect to the SSCC's Windows Domain (PRIMO) are kept secure by SSCC staff. You do not need to update them. However, you should reboot your office PC regularly so the patches we install can be applied. You are responsible for securing your laptop and/or home PC, but SSCC staff will be happy to assist you if you run into problems.

Computers running Mac OS are currently less vulnerable, primarily because it is more profitiable to find ways to compromise Windows PCs. Mac owners should still run anti-virus software and keep it and their operating system up-to-date, and take other basic precautions.

Avoid Threats on the Web

Some of the most common threats today involve placing malicious code in a Flash file or other media displayed by a browser plugin. The file can be placed on a web site controlled by the hacker, or in a web advertisement to be run on completely legitimate web sites. When the file is viewed, the malicious code takes advantage of flaws in the player to infect the computer.

Update Plugins

Many of these flaws have been fixed, but you need to download and install the latest version of the plugin to be protected. You can check whether you have the latest versions of your plugins by visting Mozilla's Plugin Check. This works for all the major web browsers, not just Firefox. If you need to update some of your plugins it will direct you to the appropriate web site.

Consider Blocking Flash

Flash is the most frequent vector for plugin-based attacks, and unfortunately it's not unusual for there to be malicious Flash files on the web exploiting flaws that have not yet been corrected. If you use Mozilla Firefox, you can greatly reduce your exposure to such attacks by installing an Add-on called FlashBlock. It replaces all Flash objects with a "Play" button and only shows the Flash if you click the button. Some people find it makes browsing the web more pleasant as well as more secure.

To install FlashBlock, click Tools, Add-ons, Get Add-ons and then search for FlashBlock.

Avoid Dubious Web Sites and Downloads

Hackers often set up web sites offering pirated movies, pornography or other inducements. The real purpose is to infect the computers of visitors. Sometimes you get what you pay for.

Be even more cautious about downloading and installing free programs you find on the web. There are many legitimate and useful free programs available on the web (R comes to mind), but there are others that act as "trojan horses" to install malware. Searching the web for reviews of any programs you're considering installing is a wise precaution.

Update Windows

Malware continues to take advantage of flaws in Windows itself. Thus it's still vital that you keep Windows up-to-date. Windows mostly updates itself now, but you should verify that it is doing so successfully. It's also important to reboot your computer on a regular basis (ideally at the end of each day) so that patches can be applied. Even computers the SSCC secures need to be rebooted so the patches we install can take effect.

To check that Windows is being updated, go to windowsupdate.microsoft.com and run the Express update. It should not find any "High Priority" updates to install (they should have been installed for you automatically). It should also say Automatic Updates: Turned ON.

Windows 7 is significantly more secure than Windows XP. If your computer can run Windows 7, consider upgrading. You can purchase Windows 7 from the WISC catalog.

Install Symantec Endpoint Protection

Anti-virus software is not as effective as it once was, but it is still an important part of keeping your PC secure. The University has purchased a site license for Symantec Endpoint Protection so it is free for all UW faculty, staff and students to install on their computers. You can download it from the UW CIO's Security web site.

Scan Your PC

There are many free programs for detecting malware on your PC (plus a few that pretend they will and then actually install malware). Which is best changes rapidly because malware authors find ways to avoid the most popular detection programs.

Right now we suggest using Malwarebytes to scan your PC. It is free and easy to install and use.

Last Revised: 6/8/2010