Computer Security and Maintenance Why isn’t this automatic? Charlie Smyth Manager of System Services, Crop Sciences csmyth@illinois.edu Lago Papallacta, Ecuador Presentation and additional materials on my website: www.cropsci.uiuc.edu/csmyth/techsupport.html What, me worry? Well, yes, you do need to worry -It’s your responsibility Virus Protection and Regular Updates Required • Campus IT policies require Virus protection, regular system and software updates, strong passwords, and avoidance of peer to peer software and malware including spyware (http://www.cio.illinois.edu/policies/index.html). • McAfee VirusScan license/software is available free and includes personally owned machines (download from CITES Webstore http://webstore.illinois.edu). • CITES has AV for Mac which is quite good (Sophos) for a small charge. • All operating systems have regular update services for bugs and security issues such as Microsoft Update, Apple Software Update, and Linux updaters such as Redhat Up2Date or yum (at least monthly and often automatic). • Major software packages now include update procedures as well, some of them “automatic” while most are “manual” And here’s what you are trying to avoid: • Cookies and Spyware • Trojans/Keyloggers, “Malware” in general • Phishing and other social engineering scams • Vulnerabilities from outdated software • Pop-up Windows and compromised web sites …. Warning: parts of this will be a live demo PHISHING Got this example today: -----Original Message----From: ad.uiuc.edu support [mailto:netid@ad.uiuc.edu] Sent: Tuesday, May 04, 2010 1:45 PM To: Anyuser, Firstname Middlename Subject: setting for your mailbox netid@ad.uiuc.edu are changed SMTP and POP3 servers for netid@ad.uiuc.edu mailbox are changed. Please carefully read the attached instructions before updating settings. http://groups.google.com/group/mailsv3/web/setup.zip Check your Update Settings • We recommend checking/updating virus “dat” files every 2 or 3 hours (change the default setting). • Watch for changes in engine (automatic), patches, and versions. Please do what Email announcements suggest. • Microsoft Update site checks daily (default is 3am) though has a standard 2nd Tuesday of the month update cycle and will include MS software such as Office. • Apple OS/X checks for updates daily, weekly, or monthly (preferences) and includes a variety of patches to both the operating system, Safari, ITunes, QuickTime, but not necessarily other software. MS Office has separate automation and Adobe is manual. Safer Web Surfing • Quit using Internet Explorer 6 or 7 – vulnerable • Use Internet Explorer 8 only on very trusted sites (UI etc.) and use with all the security features turned on. • IE 8 may now be the most secure out there • Google Chrome – a very interesting addition to the browser wars, Flash is an issue, may have serious vulnerabilities • Opera 9x (has a nice mobile app) • Always make sure you have the latest Adobe Flash player • Use Firefox 3.x with extensions: Adblock Plus with filterset, NoScript, McAfee Site Advisor, Web of Trust, GoogleCustomizer, and Location Bar • Use a non-admin account General Upgrade and Check • Move from Windows Update to Microsoft Update. Go to http://www.microsoft.com/updates • Run the link and make sure that Office products get updated There are several steps including a “Genuine Validation” tool procedure that you have to grind through to get this installed but it’s worth it. • Verify that Mac OS/X is updating, set to daily, and that virus software is functional and updating. • Update software packages regularly – this is a major source of virus/Trojan infection (see resources given below) Microsoft Windows Issues • All Windows platforms generate a preponderance of temp files that are not deleted. • Files are fragmented on various disk drive devices. • Windows Registry gets bloated and corrupted. • Solution: Use CCleaner at least monthly if not weekly Demo settings and use… http://www.ccleanerbeginnersguide.com/ This replaces “EmptyTempFiles” and then run a defragging program See “Degunking” steps below Additional Demos • McAfee VScan 8.7 settings • Spybot and Malwarebytes • MS Chkdsk and OS/X Disk Utility (Verify) • Device Drivers and software updates – Secunia PSI • Other Updaters (Adobe, Apple, Java, Logitech, Lenovo) • Advanced issues such as “degunking” by killing start up processes Check Anti-Virus Status OK! /Degunk 1. 2. 3. 4. 5. 6. 7. 8. Install/Run CCleaner Run Chkdsk (/F) Defrag Update to current AV levels if necessary Update OS as appropriate Install/Run MalwareBytes Install/Run Spybot Update/upgrade remaining software (use checklist/PSI) Hosed! Check Anti-Virus Status Hosed! 1. Get bootable Anti-Virus CD, boot computer from it and run AV software. Hope it cleans up any issues 2. Boot to safe mode and run MSConfig and turn off all startup items (MSconfig is a command line utility that lets you control startup) 3. Restart computer and install/run Malwarebytes followed by CCleaner and the defragmentation procedure 4. Run MSConfig again and activate all appropriate startup software; reboot 5. Install latest AV software with patches and updates; run complete scan 6. Perform remaining standard update steps (Previous Slide) Where to Go? • Microsoft Security Information • Firefox Extensions: PC Magazine Ziff-Davis media has lots of stuff • • • • Antivirus Websites: McAfee.com My web page: www.cropsci.illinois.edu/csmyth CITES Security: www.cites.illinois.edu/security Campus Network info: status.illinois.edu