Desktop Security Standard
RIT has implemented a set of standard practices for all RIT owned desktop
machines (
Standards and Plain
English) which must be complied with by June 1,
2005. These are also good standard practices for desktops in general, so I highly recommend following these standards on
all personal desktop computers as well. Note: these standards are written primarily for Windows operating systems, so while some of
these suggestions are applicable to Macs, most do not apply to Linux. If you have questions regarding non-Windows machines,
feel free to ask me.
AntiVirus Software
Windows:
We have a site license for McAfee AntiVirus 8.0i for all RIT faculty, staff, and students.
If you don't currently have this installed on your machine, download the software and instructions from
here or speak to me.
Make sure your AntiVirus Software is set up to both automatically update and scan. To
set up scheduling, go to Start->Programs->Network Associates->Virus Scan Console. Right click on
AutoUpdate and select Properties. In the window that opens, click the Schedule button. In the
next popup window, on the Tasks tab, make sure the "enable" box is checked, then select the
schedule tab. Choose an interval of time, and a time of day for Virus Scan to update. Make sure
this is at a time when the computer will be on! Once this is done, click the Ok buttons, then return to the
Virus Scan Console, right click on Scan All Fixed Disks, and select Properties. On the right side, select the
Schedule button. Repeat the process of enabling the tasks,then choose an interval and time of day.
I recommend setting up your scheduling so that Virus Scan will scan your machine about an hour after
it has updated its virus definitions. Again, you want to make sure that this is set for a time
when the machine will be on, but additionally, it should be set for a time when you do not expect
to be using the computer heavily, since a full scan will slow the machine down considerable.
Mac
We also have a site license for Virex for both OS X and Mac Classic. Download
the software from
here or speak to me.
Again, you'll need to set up autoupdates for Virex. Find Virex in your Applications folder and open it. Click the
Properties button. In the new window that opens, make sure the boxes labelled "Automatically
check for virus definition updates", "Background Virus Detection" and "Active Virus Detection"
are all checked.
Software Updates
Windows:
Auto Update must be enabled on all RIT owned machines. To make sure your auto
update is enabled, go to Control Panel->System, select the Automatic Updates tab,
and make sure Automatic is selected.
Mac:
Software Update must be set to automatically check for updates. In the System
Panel, select Software Updates and set program to check at least once a week.
Buffer Overflow
Windows:
Buffer Overflow protection is built into McAfee VirusScan 8.0i.
Mac:
This isn't a concern for Mac systems.
Firewalls
Windows:
For RIT owned machines, we have a site license for
McAfee's Firewall, which may be obtained either by speaking to me, or from
here (download the stand alone version). You'll need to make sure it's set
to AutoUpdate. Once the firewall is installed, right click on the fire shield icon in the system tray
and select AutoUpdate Properties. Click the schedule button, check the "enable" box on the Tasks
tab, then select the Schedule tab and select a time interval and time of day, then click OK.
For personal machines, if you have Windows XP with Service Pack 2, you can use the built-in
Windows Firewall, accesible from the Control Panel using either the Windows Firewall or Security
Center applets. Even better is the free version of
Zone Alarm, which gives you more flexibility in configuring permissions.
Mac:
The firewall that is built in to OSX is pretty good. To make sure it's enabled, go to System Preferences->Sharing->Firewall. If
the button stays "Start", click it to start the Firewall. For more advanced users, read up on ipfw for fine
tuning. If you'd like to try a different firewall, try
BrickHouse
Anti-Spyware
Windows:
Mac:
There are no recommended anti-spyware programs available for Macs at this time
Questions? Problems? Drop me a line at
srw at cs.rit.edu