1. OIT Home
2. CIO Home
3. TELR Home
4. Account Management
5. System Status
6. Glossary
7. Help Desk

Categories

Account Info
Carmen
DialUp
Email
Listserv
Mac OS
Peoplesoft
UNITS
Virus Info
Windows OS
Web Browsers
Wireless
Other

Forms

Account Applications
Carmen Help
Feedback
Get Help
Listserv Application
Wireless Help

Links

Account Management
System Status Page
Coordinator Web Service
Mailing List Interface

 

Microsoft Windows XP Security Guide

Why do I need to worry about my computer's security? What additional steps do I need to take to secure my Windows XP system? Where do I get additional assistance? Additional References

Why do I need to worry about my computer's security?

In today's world of electronic messaging your computer will be exposed to viruses. What you don't know CAN harm not only your computer, but it can also send viruses to and potentially infect your friends' and associates' computers as well. If your computer is connected to the Internet, it's extremely important that you take measures to protect it. Whenever you are using a high-speed connection such as cable modem, DSL, or direct network connection (as is normally the case at OSU or in the residence hall rooms), your computer is connected to the Internet as long as it is turned on, not just when you're actively using it, making it a possible target for break-in. If you are using a dialup modem for your connection, your computer is only vulnerable when you have actually dialed in to your Internet Service Provider.

Whenever connected, it is possible for an intruder to access personal documents on your computer, steal your account and password information for other systems or steal any private information you have stored. Intruders can also use your computer to break into other computers, send out unsolicited mass e-mail, and spread viruses. Viruses, spyware and worms can cause your computer's performance to become slower, use up your disk space, and may allow personal information on your computer to be sent to people whom you do not know. The computer may become unstable, and may require frequent reboots.

The office of the CIO has created a web page with more details about various aspects of safeguarding your privacy and computer while online. It is available at safecomputing.osu.edu. A self-help article on Protecting Against Computer Virus Infection and Intrusion is available on the OIT Technology Support Center web site.

In addition, if your computer is connected to the campus network (OSUNet, ResNet, OSUWeb.net or HomeNet) and a virus or worm infection is detected, your computer may be blocked from Internet access until it is free of any infections. If your computer is connected at home via a dialup or cable/DSL connection, your Internet service provider may also disable your connection if they detect your computer is infected.

If your computer or account is blocked from internet access, contact your department network administrator (if on OSUNet), the ResNet Support Center at 2-HELP (if on ResNet), or 8-HELP (if on OSUWeb.net or HomeNet) for help in fixing the problem and getting your computer or account unblocked.

The following steps will help protect your computer from potential attacks.

Back to top

What additional steps do I need to take to secure my Windows XP system?

You will need to take the following steps after you install Windows XP (Note: if you are using an OSU departmental computer, be sure to check with your local computing support person for departmental standards and requirements) :

1. Verify That Windows XP Service Pack 2 Is Installed

   Windows XP Service Pack 2 (SP2) contains important security updates (many patches which would normally have to be downloaded and installed by Windows Update later), updates to the Windows Firewall, and the Windows Security Center, which allows you to adjust the security settings.
   
   Windows XP SP2 is available from a variety of places :
   
   
   • Online from Microsoft Corporation
   • Some Microsoft SP2 CDs may still be available on campus in the walk-in OIT Site License Software Distribution Area on the 5th floor of Baker Systems Engineering (1971 Neil Ave) and in residence halls for students living on campus.
   
   All new computers with Windows XP which have been purchased this year should already have SP2 installed. If you purchase a used computer with Windows XP on it, please verify that SP2 has been installed.
   
   Before you install Windows SP2 on a laptop, the laptop must be running on AC power. In general, before you install SP2 on any machine, you should read the information provided by Microsoft about Windows XP Service Pack 2. In particular, you should check out the section titled What to Know Before Downloading and Installing to verify that you are prepared to install SP2.
   
   After you install SP2, A small shield will appear in the active tray which is green if you have anti-virus protection, have configured Windows Updates to be downloaded automatically, and if you have activated the Windows Firewall (on by default). If any of these conditions are not met, the shield will be red, and on boot a pop-up box will appear which tells you which condition isn't being met.
   
   If you click on the shield, the Windows Security Center (SC) will appear. Through the SC you can configure the firewall and Windows Update settings.
   
   We advise the following changes to the default settings:
   
   
   1. Security Center -> Manage security settings for: Windows Firewall -> Exceptions ñ Uncheck Remote Assistance and any of the other items in the list which may be checked.
   2. Security Center -> Manage security settings for: Windows Firewall -> Advanced -> Security Logging (Settings) ñ Check the box marked Log dropped packets (also adjust the logfile name, and make sure the size is at least 256Mb).
   3. Security Center -> Manage security settings for: Windows Updates ñ It is highly recommended that you choose fully automatic updates, but if you wish to maintain control over the installation of updates, you can also choose Download updates for me, but let me choose when to install them. If you make this choice, you should remember to check the downloaded updates (Windows will pop-up a note to remind you upon booting) and install them on a regular basis.
   
   
   New Windows security updates, when available, are released on the second Tuesday of each month by Microsoft. For more information see the Microsoft Security site http://www.microsoft.com/security/.
   If you need to use WebCT, the Pop-up Blocker installed by SP2 into Internet Explorer needs to be modified to allow pop-ups from class.osu.edu. Detailed instructions for how to change this can be found here.
   
   If you use AOL Instant Messenger or any of the utilities included with it, the SP2 firewall will by default block this software. When it does, a box will pop up asking you if you wish to block or unblock this application from connecting to the internet. Choose unblock to allow AOL IM to use the internet. Your computer may act slowly until you have unblocked the AOL IM or other software which needs network connectivity.
   
   Note: Always read the text of any pop-up box which appears on your computer before clicking on an answer.
   
   Important: if you have installed Windows SP2 and followed the recommendations above, proceed directly to step #4 (Install And Configure Anti-virus Software). You should only continue with step #2 below if you are unwilling or unable to install Windows XP SP2 on your computer.
   
   

2. Configure The Windows Internet Connection Firewall (Without SP2)

   1. Go to Start -> Control Panel -> Network Connections and choose the network connection that corresponds to your Internet connection (this may depend upon your network card).
   2. Double-click on the icon that corresponds to your Internet connection, then choose the Properties button, and finally choose the Advanced tab.
   3. To enable the firewall for this connection, make sure that the box under Internet Connection Firewall is checked.
   
   For more information about the Internet Connection Firewall, reference the Microsoft web site:
   
   
   • Using the Internet Connection Firewall
   • Manually Configuring Windows Firewall In Windows XP Service Pack 2
   • 5-Minute Security Advisor ñ Simple Firewall Setup For Home Office Users
   
   

3. Configure Windows Update To Download Current And Future Updates

   To configure Windows Update go to Start -> Control Panel -> System and choose the Automatic Updates tab. In general, you should have your computer check for updates on a daily basis. You can choose to have them automatically installed for you, or you can have them downloaded for you to inspect before they are installed.
   
   For extra security, we recommend the use of the Microsoft Baseline Security Analyzer (MBSA) to install updates for Windows and other installed applications. For additional information, reference the MBSA web site
   
   

4. Install And Configure Anti-virus And Anti-spyware Software

   If your computer came with a "trial license" of anti-virus software, pay close attention to when the license will expire. At that time or before, you will need to either purchase a new license from the vendor, or install additional anti-virus protection. If your anti-virus software license expires, the software will stop downloading new DAT (virus data) files, and your anti-virus software will miss any new viruses or worms which are released on the Internet which will probably lead quickly to an infection.
   
   If you have decided to use anti-virus software that you have installed, or that came with your computer, you need to make sure that it is configured properly. Check the manual for your software on instructions how to make the following adjustments:
   
   
   1. The software should check for DAT file (virus update files) on a daily basis
   2. The software should search for viruses upon opening (or executing) a file
   3. The software should do a daily scan for viruses
   4. The software should check incoming e-mail. (For those using Eudora, the configuration information is provided on the OIT Technology Support Center web site).
   
   The Ohio State University has a site license for McAfee VirusScan. For Windows XP, you should download and install version 8 which can be found on the OSU Site License Software Downloads site. To download software from the site you will need your OSU Internet Username and password.
   
   Once you have downloaded the program to your computer, execute it by double-clicking and following the setup instructions.

We recommend that in addition to anti-virus software, you also download or purchase anti-spyware software and install it. Spybot is available on the OSU Site License Software Downloads site. An additional example is Ad-Aware, available from Lavasoft.

If you download free anti-spyware and anti-virus software from the Internet, be careful to investigate any software before you download and install it, as it is possible that some software which claims to be anti-spyware can actually be spyware or a virus in disguise.

Back to top

Where do I get additional assistance?

If you live in an OSU Residence hall, the ResNet Support Center can be reached by calling 2-HELP (292-4357), or sending e-mail to resnet@osu.edu, or referencing the ResNet website.

The OIT Technology Support Center maintains a knowledge base including information about current viruses on the TSC website. Assistance is also available by e-mail at 8help@osu.edu or by phone at 8-HELP (688-4357).


Back to top

Additional References

• Learn More About Windows XP Service Pack 2.
• Windows XP Baseline Security Checklists
• Microsoft Baseline Security Analyzer

General security information:

• Before You Connect a New Computer to the Internet
• OSU Safe Computing Site
• OSUNet Host Best Practices
  
  Back to top

Last Modified : 2005/05/18



Current Record: 2049

Create Date: 09-16-2004
Last Reviewed: 01-10-2008

---

Please give us your feedback!
Was this document helpful?	Yes No
Comments

---

Search For Keywords Search 8HELP Search the 8HELP Knowledge Base Search 8HELP, OIT and CIO Web Pages

---

Home

 

return to top