This FAQ is written for all current versions of Windows.
- Time is of the essence - When your machine connects to the network it is vulnerable unless you have a firewall on and passwords on your accounts. It also needs to be up to date with the latest patches and protective measures as soon as is practical. This means before you start checking email or surfing the internet. Automated attacks can happen very quickly, so protect your machine before it is too late!
- Consult - Make sure that you consult your local computer support for an appropriate configuration for that network connection beforeconnecting your machine to the network.
Each institution on the CUDN can have its own requirements for connecting to the network. You must follow the institution guidelines.
- Password protection- Your computer should have an account for each user. If these accounts are not protected by good passwords others can use them to gain access to the computer. This is possible without even being at the computer and if the remote user gains "Administrator" rights they can then do anything they want. You MUST password protect accounts with strong passwords before the computer is connected to a network. For advice on choosing a strong password see IS6: Changing/Choosing Your Passwords.
- Personal firewalls-
Current versions of Windows come with a firewall which should be enabled. There are other third-party products available eg various "security suites" which include a firewall which advanced users may prefer to use. Your firewall should be installed and enabled before connecting to the network. Note that all users on the Cambridge University Data Network should allow inbound ping - see the Home user guide to PC Security
- Update Windows - Current versions of Windows are updated by Microsoft on the second Tuesday of every month to fix vulnerabilities as they become known. You can use Windows Update in the Control Panel to check the status of your updates. When you first connect a system you should keep using Windows Update until there are no more critical or important updates available (this may require several reboots). For long term protection enable Automatic Updates, which will regularly check for updates and can be set to automatically download them for you. It is also important to realise that Windows versions go out-of-date eg Windows XP in April 2014. Such products are no longer supported and protected by Microsoft and so are vulnerable to problems fixed in more recent versions. Check the Windows product lifecycle page to see if your version of Windows has reached the end of its life.
- Protect yourself from viruses - VirusScan is available locally free of charge as the University of Cambridge has a site licence for it. You can download and install VirusScan from PC downloads. It is vital that you follow the configuration instructions available there to ensure that VirusScan is kept up-to-date with information about new viruses.
- Spyware & Other Malware- Unfortunatly VirusScan on its own is often not enough to protect your system, no one product can. This is especially true if you do not follow safe practices in your internet use.
If you have, for example, inadvertently clicked on a dodgy email link then you should use one of the good anti-malware specialist products to deal with the consequences. Examples are Malwarebytes and SpyBot Search and Destroy. There are also webscanners which can help in this area eg the Microsoft Safety Scanner http://www.microsoft.com/security/scanner/en-us/default.asp. These products are best used in addition to VirusScan not instead of, and beware in general of installing two anti-virus products (as distinct from anti-malware) on the same machine (which will probably render both useless).
- Update applications - Don't forget that your application programmes will also need maintaining. These days most companies carry out this function using downloads over the World-wide Web. It is very important that products are kept up to date as most have vulnerabilities. Some applications will automatically check for updateswhen you run them. If an application has this facility you should enable it: some especially vulnerable program like Adobe Shockwave or Flash Player ask you if you want to enable this facility when you install them (recommended). If you don't know the company's website you can try searching for it using http://www.google.com/.
- Be aware of what you are running - Some applications listen for requests coming into them from the network (e.g. Microsoft's IIS). This can make you particularly vulnerable, so if you don't need them turn them off or uninstall them. Some institutions may have rules which forbid running web servers on personal machines. Again check with your local computer support to find the best solution for your environment. In addition check that you aren't running File and Printer Sharing for Microsoft Networks if you don't want to share your computer. This can be found in Control Panel, Network Connections, Local Area Connection, Properties. If you do want to share things, use a strong password.
- Be wary of installing plug ins and additional software.
- Be wary of email attachments - Do not open attachments sent to you by unknown people, or even from friends if you are not expecting an attachment from them. If you get one from someone you know ask them if they really sent it before opening it. It could be that they have a virus infection and the virus sent itself to you using the person's email account. Try to keep strictly to such safe procedures for dealing with all email attachments, they are a very common source of computer virus infections. Both attachments can run programs on your computer that you would not want to run. Turn on the option to show known extensions so that you can see what type of file it really is - the icon can be a trick. Beware of clicking on links in emails where you cannot see the full url of where you are going to.
- Do not use torrent (P2P/file-sharing) software. Whatever claims are made about legitimate uses for torrent software the vast majority is used to copy, i.e. steal, music and films which are under copyright. It is also a common way for malware to be distributed.
- IRC/Chat.Another common method of infection is via IRC and chat rooms, particularly by sending urls which will re-direct you to web sites which are designed to infect systems with malware.
- Ask - If you are in the least uncertain, ask your local computer support or the Computing Service Help Desk for advice. Prevention is a lot better than cure! If you think your computer is infected or hacked disconnect it from the network immediately then ask for advice.
For easy reference, Microsoft's version-specific help pages are:- http://windows.microsoft.com/product/windows/
(You will need to specify your version of Windows from the dropdown menu).
Last updated: June 2014