Patching and maintaining your Windows OS

Introduction

The Internet is a dangerous place for un-patched machines. There are many worms and viruses that spread using security holes left open in your computer. The following gives information regarding some precautions you can make to reduce the chance of infection.

Regularly patch your computer

Microsoft operating systems are renowned for having many bugs. Some bugs can enable a malicious user or worm to install itself on your notebook over the network. Fortunately, Microsoft are aware of these flaws and will post regular fixes for it which may be freely downloaded from their website http://update.microsoft.com/.

The Windows Update software may be left to download new fixes automatically, although this may not be a good idea for users who travel around with their notebooks and have slow connections to the Internet. In such cases, you can subscribe to the Security Updates and Advisories lists at https://www.microsoft.com/en-us/msrc/technical-security-notifications. Upon receipt of the security message, it is advised that you follow the instructions at http://update.microsoft.com/ immediately.

Keep your Anti-Virus software up-to-date

Copies of Sophos Anti-Virus are free for University members and may be obtained from IT Services - see their page at https://www.infosec.ox.ac.uk/endpoint/faq.

Remove spyware

Some programs install themselves to monitor your activity on the internet for marketing purposes. There are many tools available that remove them, although spyware comes in may forms so you may wish to try a couple.

• SuperAntiSpyware: https://www.superantispyware.com/free-edition.html
• Malwarebytes: https://www.malwarebytes.com/mwb-download

Users have reported that the removal of spyware dramatically increases their computers performance and appear to be less prone to random crashes.

Do not run as an administrator

If you inadvertently download a file from an e-mail or from the web, if you're running as administrator, the malware can replace critical system files allowing the worm/virus to spread to other users or break your computer entirely. Some viruses are known to wipe your computer's hard disk, or even the computer's flash BIOS rendering the whole computer useless. The only recovery from this type of virus may be a new motherboard or an expensive trip to a computer engineer who has the equipment to re-flash your BIOS. When you're running your computer as a non-administrator, the operating system protects these files.

If you need to perform some activity as administrator, hold down CTRL while you right click the mouse over the icon and choose "Run as".

Ensure your administrator password is set to something non-trivial.

Having an empty administrator password or a trivial one, e.g. "password" is another way that certain types of worm may propagate. Set it to something that is not obvious and that you will remember.