Desktop Device Protection
Protect Your Home Computer's Operating System
The protection of all home computers that have access to the University of Western Ontario network is the responsibility of the individual accessing the network.
You must ensure that your home computer system:
- Does not provide any unauthorized access point into the University network;
- Does not spread any virus infection to the University network;
- Does not compromise the network or any data on the University network in any way.
Protecting the Device
As technologies advance, computers, phones, tablets, laptops etc. are becoming more and more common. All these devices are capable of storing and processing large amounts of information. Once a unprotected device is lost or stolen there is little that can be done to retrieve or protect the data stored locally.Listed here are some best practices to secure your device:
- Use a firewall, either hardware or software;
- Use updated antivirus software;
- Keep up-to-date with patches and updates;
- Protect against spyware;
- Have secure passwords;
- Use uwosecure-v2 wireless on-campus;
- Use Western ROAMS at home.
Detailed information on each of these items can be found on this site.
- Think Security
- Whenever using mobile data, always keep in mind the question:"What could happen if an unauthorized person gained control of this information?". Look for and try to use the most secure methods for handling data.
- Don't be a target
- Turn your system off when it is not in use. Your machine will be less of a target for break-in attempts, and less valuable as a 'robot' machine in a cracker's collection of compromised hosts.
- Get training; understand your equipment
- Read the instructions. New electronic devices have more features, which means that you will have more of a “learning curve” to be able to understand and use these items properly. Default settings are often the least secure for devices, and everyone who has the same device will have the same default settings. Read the manuals that come with your items and be sure you understand the settings and how to change the default settings, especially anything related to security.
- Don't knowingly expose yourself to security threats
- WTS strongly recommends you do not install Peer-to-Peer (P2P) file sharing software on your computers. Some Examples of P2P software are: LimeWire, Ares, Azureus, BearShare, BitTorrent, DC ++, eDonkey, E-mule, Gnutella, Kazaa, Morpheus, and WinMX. P2P technology can undermine network security and can leave computing devices open to threats ranging from violations of intellectual property laws (copyright), viruses, malware (malicious software) that is undetected by antivirus protection, password and data theft, to Denial of Service (DoS) attacks that flood the network with data and incapacitate computers. Many P2P programs install Trojans, backdoors and other privacy compromising software onto systems they are installed on. Besides the obvious copyright violations that can occur with audio/video sharing, you may be sharing personal information such as your e-mail password or bank account PIN number.
These recommendations help ensure a safe home computing environment and should be followed by all individuals who access the University network.
At a basic level, this means strong passwords, antivirus and antispyware software, consistent security updates, a firewalled router with Wi-Fi Protected Access (WPA2) enabled, encryption and backup.
Linux, Windows and Apple typically provide distributions that you can use without modification for most purposes; however, sometimes it's necessary to upgrade. The most effective way to mitigate a worm and its variants is to download security updates and patch all vulnerable systems.
Base installations of Operating Systems often have standard defaults that leave the system vulnerable. Find and use techniques to tighten the security of your system. Use and enable your firewall. Firewall Guide.
Disable File and Print sharing
Having file and print sharing enabled on your home computer makes your system vulnerable to intruders. Often your Internet Service Provider recommends disabling file & print sharing. http://support.microsoft.com/kb/199346
Use strong passwords
Having a strong password to access either your device, your email account or any other internet-based account helps mitigates the possibility of exposing sensitive data. Password guidelines
Secure your browser
Secure your home wireless network connection to prevent unauthorized use from outside.
Keep up to date with patches
Most vendors provide simple notification and update procedures. Even if you just bought brand new software or a brand new device, check for updates.
Windows Live Safety Center is a new, free service designed to help ensure the health of your PC. It checks for and removes viruses and spyware. It also improves your PC's performance by finding and removing unnecessary files. WTS recommends that you run the “Full Service Scan” provided by the Windows Live Safety Center service from Microsoft, found on this page: Microsoft Safety Scanner
Another security checking tool is the Microsoft Baseline Security Analyzer (MBSA). This tool can be downloaded for free from Microsoft and includes a graphical and command line interface that can perform security scans of your system. Microsoft Baseline Security Analyzer
A firewall can either be software based or hardware based.
A software based firewall is a complex but inexpensive program that filters information going both into and out of the computer. It will protect only the host on which the application is installed on and you can create inbound and outbound rules based on UDP and TCP ports. You can also create rules for a specific executable network access, regardless of the port number used.
A hardware firewall is a physical device that sits between your computer(s) and your network. It also filters the information going in and out of your computer. These are useful if there is more than one computer on your home network.
Use of a firewall is strongly recommended. It will effectively defend a computer from many of the most pervasive and dangerous network attacks. Used properly, it will keep out miscreants. However if the security measures are too restrictive, they deny access to legitimate users/ applications.
Currently there are numerous software and hardware firewall products on the market. Both are usually easy to deploy. You will need to follow the manufacturer's instructions for safe and secure configurations.
Know what and to who your home system is talking to and why. Be prudent in your choices, and know how to fix/ use your firewall so that you can correct any errors if you made the rules too tight or too loose.
Introduction to Spyware and Adware
A spyware program is one that usually installs itself without user consent or with consent obtained in a misleading manner. Spyware monitors user activity and reports this information, confidential or not, back to its controller.
An adware program is similar to spyware, but its purpose is to force the display of advertisements on the infected computer. However, these definitions are loose as certain adware may go further by having spyware abilities and spyware may also display ads.
Symptoms of spware/ adware
- Pop-up ads are appearing constantly.
- Your brower's homepage changed unexpectly and cannot be undone.
- New toolbars that you did not install appear in your browser and keep on reappearing even after uninstalling them.
- Your computer may run significantly slower than what you are used to (so sluggish that the system produces errors and eventually crashes).
Spyware and adware can infect a computer in many ways. They are often bundled with supposedly free software. Certain reputable freeware libraries have spyware/adware-free policies but this is not always the case.
They can also infiltrate computers via a rigged website where the only mistake of the user is having visited the site. This usually occurs when the browser executes an embedded ActiveX controller that secretly installs the spyware/adware. This technique is referred to as drive-by downloading.
At times, when a user visits a website they may suddenly receive a browser prompt requesting permission to install a piece of software that is needed to view the website. Many of these are actually attempts to introduce spyware into the system of the user. Users should always read the agreements before accepting the request.
Many spyware and adware programs are hard to detect and even harder to remove without dedicated antispyware software. Spyware uses a variety of techniques to elude detection and removal:
- Process injection is when a piece of adware/spyware injects its code into a running program which allows it to bypass security restrictions, evade detection, make changes and self-regenerate even if its files are removed.
- Watchdog processes monitor for any changes to the files of the spyware. If the spyware/adware is terminated or has its files deleted or altered, the watchdog will restore and restart the spyware/adware.
- File lock is a method used legitmately to prevent potential errors when multiple programs try to access the same resources or critical files. This feature can be abused by spyware/adware to block its own removal.
- Automatic update allows spyware/adware to change constantly to avoid detection.
Protection and Prevention
If you suspect that you have a spyware infection, launch Task Manager and mark down any suspicious processes you see. Perform a Google search on them. You will quickly find information on whether they are legitimate programs or not.
Install an antispyware program and run regular spyware scans with up-to-date signatures. Select an antispyware scanner carefully as some are not effective at all, or could possibly be spyware/ adware posing as legitimate antispyware software. Research products online before installing.
Read the license agreement prior to installing any software, especially free programs. Pay attention to sections related to "Sponsor Program", "Third Party Agreements", or collection of anonymous user statistics.
Keep your system up to date with the latest software patches. This prevents spyware from using security exploits to install itself.
Keep your antivirus program up to date with the latest virus definitions and run scans regularly. Some spyware are packaged with viruses, worms and trojans. Some are viruses themselves. The line separating malware grows grayer as technology advances.
Ensure that the firewall that comes with your operating system is running, or install a reputable firewall.
Configure your browser and firewall to either block ActiveX components or to ask for your permission before running them.
Spyware detection and removal tools:
- Trend Micro Titanium Internet Security
- Malwarebytes Anti-Malware utilizes a powerful technology to detect and remove all traces of malware including worms, trojans, rootkits, rogues, dialers, spyware, and more.
- Microsoft Security Essentials offers real-time protection. Currently free, eligible for users with vaild copies of Windows.
- Microsoft Safety Scanner
- Windows Defender is included with Windows
- Spybot Search & Destroy offers versions to support a variety of hand-held/mobile devices. Easy to use user interface and has an extensive spyware database.
Keep the patches up to date! Most vendors provide simple notification and update procedures.
Check for patches for brand new software and equipment. New items often have undiscovered software issues, until they are released to the public. Even if you just bought brand new software or a brand new device, check for updates.
Operating System Updates
MacOS notifies you when updates are available. You have the option to always update automatically.
Linux uses Software Updater which is usually located in System Settings -> Software Management -> Software Updates.
Microsoft Windows Update service will scan a computer and provide the user with a selection of updates tailored just for their environment. You can find this service by clicking the Start button and searching for Windows Update.
NOTE: It is recommended that you upgrade to a current operating system to be able to take advantage of current services and current security patches.
For MacOS X, the following software updaters are available:
For Linux, we recommend yum and/or apt-get.
For Windows, we recommend using SUMo (Software Update Monitor) in conjunction with DUMo (Driver Update Monitor). Both products can be found at http://www.kcsoftwares.com/?download.
Other Useful Links:
To ensure that you do not run the risk of unauthorized individuals gaining access to sensitive University information on your home computer, do not download Western confidential or proprietary information onto your home computer. Ask yourself “Is it really necessary that I carry a copy of this sensitive information?”. If the answer is no, then do not copy the information. If it is mandatory that you have access to sensitive information, some basic steps need to be taken to ensure that the information is maintained with the highest integrity.
Published on and maintained in Cascade.