Office of Information Security Newsletter
Were you Naughty or Nice this year in regards to Cyber and Computer Security? Information Security Office Holiday 7-step Regimen to being on the NICE list.
1. Use a modern operating system. Sorry, folks—Windows XP simply isn’t secure enough for ordinary people to use today. It was designed more than 10 years ago, and it lacks many of the core architectural changes that make later Windows versions more resistant to attacks. Address Space Layout Randomization and Data Execution Prevention are core features that block some classes of exploits completely. File and registry virtualization (a key part of the much-maligned and misunderstood User Account Control feature) prevents hostile programs from writing to system folders. Removable drive exploits, which have represented a very common vector for spreading malware recently, do not affect Windows 7.
2. Keep your OS up to date and backed up. Turn on Windows Update and make sure it’s running properly. That single step will protect you from virtually all widespread malware attacks these days. If you’re worried about a buggy update messing up your system (highly unlikely, but theoretically possible) make sure you have a full image backup on hand. Every version of Windows 7 allows you to perform a full image backup to an external hard drive; if you schedule that operation for the day before Patch Tuesday every month (or better yet, for every Monday), you’ll be able to recover from any kind of problem. Oh, and leave the Windows Firewall turned on unless you’ve replaced it with a third-party alternative.
3. Keep applications updated also. Adobe has greatly improved its updaters in the past year. If you’re prompted to update to a new version of Flash or Reader, do it. Microsoft Office updates are delivered automatically through Microsoft Update; make sure that those are being installed as well. Remove unwanted programs that could represent a security threat. Many new PCs come with Java installed automatically. If you don’t use it, remove it.
4. Be suspicious of any new software. Malware authors count on tricking you into installing software that claims to do one thing but actually takes over your system, stealing passwords or adding your system to a worldwide botnet. If you’re not sure a program is safe, don’t install it.
5. Set up standard (non-administrator) accounts for unsophisticated users. That category includes kids, parents, employees, and all of your non-geek friends and family members. With a standard account a user needs to talk to you (and convince you to enter the administrator’s password) before installing any new software. That conversation is an ideal opportunity to teach your family members and employees about the warning signs of potentially dangerous programs. (This is another good reason to upgrade from Windows XP, by the way, where running with a standard account is difficult because of badly written programs that require administrator rights; both Vista and Windows 7 do a better job of allowing those programs to run without compromising the integrity of the system.)
6. Use a modern browser. If you’re still using Windows XP and Internet Explorer 6, stop it. I think IE8 is a good alternative, especially when coupled with Protected Mode (a security feature in Windows Vista and Windows 7). There are several good reasons to prefer alternative browsers such as Firefox or Google Chrome to any version of Internet Explorer. For starters, both Mozilla and Google have generally been faster at releasing updates to security issues than Microsoft.”
7. Install an antivirus program and keep it up to date. There are plenty of effective programs in this category that can run with a minimum of resources and will block the overwhelming majority of threats. The Office of Information Security recommends the free Microsoft Security Essentials, which is available for download or as an optional update on systems where Windows does not detect an antivirus program. If you prefer an alternative program, paid or otherwise, make sure that the subscription does not lapse.
The HO-HO-HO Final word: Don’t be paranoid. Common sense and the good practices outlined above will offer excellent protection for any home and work PC and leave you free to work and play in comfort.