Home | About Us | OIT Home | Search | How Are We Doing? | Virus Alerts | System and Network Status | How to Contact Us | Español

Operating System Information --> Windows Operating Systems --> Security --> Basic Windows Computer Security -->

Basic Windows Computer Security

This web page is a basic overview of the main security concerns that affect Windows systems and what you can do to safeguard your computer system.

Computer Viruses
Spyware
Adware
Malware/Grayware
Removal of Malicious Applications
Peer-to-Peer File-Sharing Programs and Spyware
Shared Folders
Password Security for Windows 2000/XP
Enabling the Windows XP Firewall

Computer Viruses

In the past few years there have been several computer viruses that have damaged Windows personal computers. While it is technically possible for Macintosh and Unix/Linux computers to be infected, the vast majority of viruses are designed to attack and infect Windows systems.

Fortunately, there are ways to protect computers running Windows. The best protection against viruses is updated anti-virus software. Once installed, anti-virus software will run in the background and protect your computer from a virus. It is very important to keep the anti-virus software updated with the latest virus definitions because new viruses are constantly appearing. At the University of Maryland (UMCP), anti-virus software that is programmed to update automatically can be downloaded for free by all members of UMCP from the Virus Notification Program's software download page (http://www.helpdesk.umd.edu/virus/software.shtml).

Anti-virus software is constantly updated by the vendor. Each update is not a new version but a patch. Patches must be manually installed by the user and are extremely important to help prevent virus attacks.

Even the most up-to-date anti-virus software may not protect your system from a brand new virus because the anti-virus software will not recognize the threat until the latest update is made available. This is where prevention and education comes into play.

In order to protect your computer's operating system, it is essential to run Windows Update regularly.
By itself, anti-virus software cannot protect your computer from brand new viruses. The best way to avoid falling victim to the newest viruses is to keep the operating system patches up to date. On Windows computers, this is easily done by running Windows Update. You can even configure it to run automatically on Windows 2000 or Windows XP.

E-mail is the most prominent means of virus transmission and many people are fooled into opening virus-infected e-mails because they are addressed from someone they know. This is because many viruses send out the e-mail to the addresses they find on the computer they infect; so, if someone you know gets a computer virus on their system, there's a good chance the virus will send an infected e-mail message to you. Some viruses are even designed to send subject lines comprised of actual text from a document on a person's computer.

In most virus-infected e-mails, the virus is an attachment contained in the e-mail. Since there is no foolproof way to tell if the attachment is a virus or not, you should be suspicious of any attachment that you were not expecting. In such cases, the safest course of action is to check with the supposed sender of the e-mail to make sure they really did send you an attachment. If they don't remember sending you an e-mail, then their machine may be infected; and, if you open the attachment, your computer may become infected as well.

Some viruses can exploit security holes within Microsoft e-mail reader programs like Outlook and Outlook Express. If you use Outlook and Outlook Express and receive such a virus, the simple act of reading or previewing the message can activate the virus. If you use either Outlook or Outlook Express to read your e-mail, please refer to our web document "Other Things You Can Do to Avoid Computer Viruses" for information on how to fix the security flaws.

Spyware

Spyware is software that is stealthfully installed on a user's computer and can compromise the privacy of that computer's information. It is as important to have anti-spyware/adware/malware protection as it is to have anti-virus protection for your computer. For updated information on Spyware definitions, examples, and more, please use http://en.wikipedia.org/wiki/Spyware.

Adware

Adware is advertising-supported software that displays ads while the software is running. Some may be cause for concern. For updated information on Adware definitions, examples and more, please see http://en.wikipedia.org/wiki/Adware.

Malware/Grayware

Malware, sometimes referred to as Grayware is a term used to express any number of software packages that are installed without the user's consent. Those include viruses, trojans, rootkits, keystroke loggers, and more. For further information on this topic, including examples of Malware, please see: http://en.wikipedia.org/wiki/Malware

Removal of Malicious Applications

The good news is there are programs available that can find and safely remove Spyware, Adware, and Malware. Popular but ineffective removal tools include Ad-Aware from Lavasoft, and Spybot - Search and Destroy, available from download.com, but there are more effective software packages for purchase such as PC Tools Spyware Doctor with Antivirus.

Peer-to-Peer File-Sharing Programs and Spyware

Peer-to-peer File-Sharing programs and Malware have become very popular in the past few years. Unfortunately, because they are so popular some viruses have been designed to spread via these programs. Once the virus infects the computer, it makes copies of itself in the file sharing folders, using the names of popular MP3 music files, games, or other popular software programs. The sure way to avoid these viruses is to not use peer-to-peer file-sharing programs. To download free music via Ruckus go to http://www.oit.umd.edu/PlayFair/ to find out more information.

Shared Folders

Sharing folders and files across the dorm network is a security risk. Certain viruses, if they are present on a computer connected to the network, will look for shared folders they are able to write to and infect them. A recent example of a virus that took advantage of shared folders in this manner was the Klez virus, which infected hundreds of student computers in the 2002 spring semester. This virus spread through the residence halls network quickly in part because of the numerous file and folder shares that were not password protected. If you need to share a folder with someone else over the network, it should be password-protected so that no unauthorized person or program can access those files. This precaution will also make it harder for hackers to gain access to your system through those shared folders.

Securing Shared Folders in Windows XP Professional

  1. Simple File Sharing must be disabled. Click Start->Control Panel. Double-click Folder Options. Click the tab View. Scroll to the bottom of the list of advanced settings and uncheck Use Simple File Sharing (Recommended). Click OK.
  2. Right-click on the shared folder and click Sharing and Security.
  3. Click Permissions.
  4. Remove the group Everyone to prevent unauthorized access. Click Everyone to highlight it. Then click Remove.
  5. Click Add... to pick which users can access the folder.
  6. In the Select Users or Groups window, click Object Types...
  7. Uncheck Built-in security principles and Groups. Click OK.
  8. Click Advanced...
  9. Click Find Now.
  10. Click to highlight the user(s) that should be allowed to access the folder. Once the user(s) are selected click OK.
  11. Now each user in the permissions list needs to be set with the correct type of access. Click on a user's login and uncheck the Allow box next to Full Control. Then choose whether the user should have Change and Read or just Read access.
  12. Click OK once the permissions have been set. Click OK again to exit the folder properties window.

Securing Shared Folders in Windows 2000 Professional

  1. Right-click on the shared folder and click Sharing...
  2. Click Permissions.
  3. Remove the group Everyone to prevent unauthorized access. Click Everyone to highlight it, then click Remove.
  4. Click Add...
  5. Click to highlight the user(s) that should be allowed to access the folder. Once the user(s) are selected click Add. Click OK.
  6. Now each user in the permissions list should be set with the correct type of access. Click on a user's login and uncheck the Allow box next to Full Control. Then choose whether the user should have Change and Read or just Read access.
  7. Click OK once the permissions have been set. Click OK again to exit the folder properties window.

Password Security for Windows 2000/XP

One of the security problems at the university is that many users who have Windows 2000 or Windows XP computers do not create secure passwords for their user account to protect their systems (note: Windows 95, 98, and ME let you set a password, but it can easily be bypassed). If you have simple or blank passwords for the user accounts on your computer, it is very easy for hackers to get into the computer. Once inside, a hacker can take over or destroy your system, or could use it to attack other computer systems while pretending to be you.

A real password should be created for every account. A password should be at least eight characters with a combination of letters and numbers. The longer and more complex a password is, the harder it is for a hacker to guess or to crack using a password-cracking program.

Setting a Password for Windows 2000

  1. Press Alt+Ctrl+Delete.
  2. Click Change Password...
  3. If the current password is blank leave Old Password: field empty, otherwise type the current password.
  4. Type a password of at least eight characters in the New Password: field then confirm.
  5. Click OK.
  6. Click Cancel to return to the desktop.
  7. To change the passwords for other accounts, open the Control Panel and double-click Users and Passwords.
  8. Click on the account name then click Set Password...
  9. Type a password of at least eight characters in the New Password: field then confirm.

Setting a Password for Windows XP/Vista

  1. Open the Control Panel.
  2. Click on User Accounts.
  3. Click on the desired user.
  4. Click the link Change my password.
  5. In the first field type the current password. In the second and third field type a new password of at least eight characters in length.
  6. Click Change Password.

Enabling the Windows XP Firewall

If you have Windows XP installed on your computer, another step that you can take to secure your computer is to enable the firewall component of Windows XP to protect your network connection. The firewall will prevent outsiders from accessing your system through commonly used network ports while still allowing you to use your regular Internet programs.

To learn how to enable the firewall in Windows XP, please refer to our web document "Enabling the Windows XP Firewall".

The Vista Firewall is enabled by default. It now monitors inbound as well as outbound traffic.

How do I:
How are we doing? Comments on this page?

This page is maintained by the Office of Information Technology
Questions and/or comments: Contact Us
Last modified: Thursday, 17-Apr-2008 16:40:43 EDT
© Friday, 04-Jul-2008 10:49:23 EDT University of Maryland

 Office of Information Technology
Office of Information Technology Help Desk Web Site University of Maryland Web Site Office of Information Technology Web Site