Monthly Archives: May 2016

Some tips for a safer Windows experience

Posted on by

Here are some simple tips to help you secure your Windows PC.

The checklist

  • Ensure that Windows Update is enabled and set to check for, and apply, updates daily.
  • Ensure that you have the campus AV solution (Symantec) installed. Other AV products are theoretically acceptable, but may well not be licensed for professional use (eg. AVG Free, etc).
  • Log on using a ‘normal’ user account – use a separate one for administrator access.
  • Avoid the ‘unholy trinity’ of often-exploited software – Java, Flash, and Adobe Reader – see below. Uninstall these from your PC.
  • Avoid Internet Explorer when possible – even Microsoft is moving past it!
  • Consider an update to Windows 10 if your software supports it; if not, try installing the Microsoft EMET toolkit – see below.
  • Accept that even if you do all of the above things will go wrong, and ensure you have suitable backups.

The Unholy Trinity

The “unholy trinity” are three commonly installed, and often exploited, bits of software. Removing these from your computer reduces the number of ways your machine can be exploited.
  • Java is often installed for no good reason, and even when it is needed the automatic update process is unsatisfactory, leaving older versions installed. If you don’t know that you need Java, remove it. If something important breaks then it’s easy to reinstall. Note that the commonly used ImageJ does not require a separate Java install – it has its own private copy.
  • Flash is possibly the most exploited software ever installed on a PC. For each of the last three months there have been urgent updated needed to address bugs which were being exploited in the wild. Not all of these were web-based either – exploits have been spread using Flash applets embedded in Word files. The only safe approach with Flash is not to install it. If there is a Flash site which you must use then Google Chrome with a suitable Flash blocking extension is a tolerable workaround, but not perfect.
  • Adobe Reader is not the only program which can read PDF files, but it is the most exploited one. Matters are made worse by the web browser plugin which is part of the default install, which allows PDFs embedded in web pages to open automatically. This has been used to spread malware in the past. Alternative PDF readers include FoxIt and SumatraPDF. If you must use Reader for certain documents (eg. encrypted files such as Inter-Library Loans) then don’t use it as your default PDF viewer and disable the web plugin. Also make sure that you are running the current version as the default installation on the PCs we buy is typically several versions out of date. 

Windows 10 and EMET

While Windows 7 is still getting security patches from Microsoft, it is an OS from 2009, and the state of the art in computer security has moved on since then. Windows 10 has many new features which help secure your PC, mitigating the effects of malware. Unless your software absolutely cannot work under Windows 10 then I suggest planning a migration sooner rather than later. Windows 10 seems quite happy on hardware which supports Windows 7.

If you are obliged to keep running Windows 7 (or 8) then you should strongly consider installing Microsoft EMET (Enhanced Mitigation Experience Toolkit) which adds extra security layers that have proven effective in blocking some types of malware. In the default install it toughens up Office and Internet Explorer with no additional work needed.

If you only have one or two bits of software which won’t work in Windows 10 you may want to consider running them in a virtual machine. The School has a membership in the VMWare Academic Program which provides free copies of VMWare products to staff and students for teaching and research.

Web browsers

Even Microsoft has moved away from Internet Explorer, with their new Edge browser in Windows 10, though it’s still under heavy development and not really ready for prime time. As Edge is not even available for earlier versions of Windows I suggest installing either Chrome or Firefox and using them as your main browser. Both support a range of extensions such as advert (e.g. Adblock or AdBlock Plus) and flash (e.g. Flashblock, Flashcontrol) blockers which can help protect you from malicious applets and compromised advert servers.

More info

It’s OK not to understand everything written above; what’s not OK is to do nothing. If you don’t know, ask someone who does, like one of the school computer support staff.

You can find more information about campus computer security on the Information Services Data Security site – though you should ignore the suggestion about installing Adobe Reader! For more general computer security information Krebs on Security is an excellent starting point.