Skip to content
Skip to navigation menu

 

Securing Non University Owned Windows Computers

Windows XP

There are two popular versions of Windows XP available:

  • Windows XP Home Edition - designed specifically for the home user, with the emphasis on ease of use.  Pre-installed as standard option on most 'home' systems.
  • Windows XP Professional - designed for business or high demand home users, contains all the features of Windows XP home, but includes additional features such as remote desktop, multiprocessor support, encrypted file system and restricted access to selected files or applications.  Frequently offered as an extra cost option on most 'home' systems.

The following advice, consistent with both version of Windows XP, is offered in an attempt to improve the security of Windows XP systems.

Windows Update

Regular Microsoft security updates (known as ‘patches’) are essential in protecting a Windows system.   

To check this feature is enabled:

  • Right Click the My Computer icon from the desktop (or start menu if this icon is not present on your desktop)
  • From the resulting shortcut menu, select Properties
  • From the resulting dialog box, click the ‘Automatic Updates’ tab

 

Windows Update

 

(the appearance of this dialog box may be slightly different on systems running Windows XP SP1)  

Select one of the following two options from the automatic updates dialog box..

  • Select the ‘Automatic’ option, to have patches automatically downloaded and automatically installed,

or, if automatic installation may prove inconvenient,

  • Select 'Download updates for me, but let me choose when to install them'

which will automatically download, but not install the patches.  With this option, installation is prompted via an installation 'bubble' or 'shield' (depending on Service Pack 1 or 2) in the system tray.  Please ensure minimum delay in installing patches.  Your system remains vulnerable until patches are installed.  

Please note: During Windows Update, you may be offered ‘Windows XP Service Pack 2 (SP2).  Information Services strongly recommends the installation of this important Windows update.  Windows XP SP2 will in future become a Microsoft pre-requisite, necessary for future security and application updates. 

Use a Firewall

A firewall is a product designed to act as a barrier between your computer and the internet in an attempt to protect your computer (and the data it contains) from unauthorised or unsolicited malicious attacks.  Firewalls are available as either a software program that runs on your computer, or as an additional hardware device.

A software firewall product, such as the built in Windows XP Service Pack 2 firewall or any number of dedicated software firewall products available, should be regarded as the absolute minimum protection for a Windows XP system.

A separate, dedicated hardware firewall product is regarded as offering superior protection to the software equivalent.  

Information Services recommend the use of a hardware firewall product for all broadband home users.  The exact type of hardware firewall product required will depend on your internet connection type (e.g. DSL or ADSL). 

Frequently, the hardware firewall will include multiple components - the firewall (to protect your system), a modem (which will replace the modem you currently use) and a router (allowing multiple systems to be connected to the single internet connection).  Increasingly popular are wireless hardware firewall routers, allowing secure wireless connections from multiple computers to a single broadband connection.

Your internet service provider or local computing retailer will be able to advise on the best hardware firewall for your system.

As an absolute minimum, ensure that the Windows XP Service pack 2 firewall is enabled

  • Click Start, (Settings), Control Panel
  • Double click the ‘Security Centre’ icon (Security Centre is a Windows XP SP2 feature, if you are not offered a Security Centre icon, you may not be running Windows XP SP2, and will need to perform a Windows Update to receive this important upgrade.)
  • Click the ‘Windows Firewall’ icon
  • Select ‘On (Recommended)’
  • Click OK

 

Windows Firewall Menu

 

Anti-Virus software

Cardiff University staff and students are now able to take advantage of our new Sophos licence. Each member of staff or student will be issued with one licence. The licence will last for one year and can be renewed at the end of the year provided you are still a member of staff or a student.

A valid Cardiff University Username and password is required to download the software from off campus

 

To install Sophos on a stand alone workstation download the file from https://antivirus.cf.ac.uk/SophosHome.exe.

  1. Uninstall all old antivirus software. This is very important.
  2. Reboot your computer
  3. Double click SophosHome.exe to install Sophos. This process may ask for confirmation in windows vista or windows 7. The installer is silent so please leave the computer a few mins before looking for a grey or blue shield in the task bar. The grey shield tells you that it is installing and a blue shield tells you that the process is complete. Once you have the blue shield then you can reboot.

A version of Sophos with a long update cycle (6 hours) can be downloaded here . This version should only be used when the scanning of large drives is needed.


Important note: This software reports back to INSRV with statistical data. Information gathered does not report users or usernames, only computer name and local ip address. This data cannot be traced back to an individual user. This data helps us spot trends and helps with user education strategies

 

Back to top

 

Windows Vista/7

 

Windows Update

Regular Microsoft security updates (known as ‘patches’) are essential in protecting a Windows system.    To check this feature is enabled…

  • Click 'Start', 'Control Panel'
  • Double click the 'Windows Update' icon
  • From the left hand side of the resulting dialog box click 'Change Settings'
  • Ensure the  'Install updates automatically (recommended)' option is selected. 

 

Windows Update (Vista)

Select one of the following two options from the automatic updates dialog box..

  • Select the ‘'Install updates automatically (recommended)

option to have patches automatically downloaded and automatically installed, or, if automatic installation may prove inconvenient,

  • Select 'Download updates, but let me choose whether to install them'

which will automatically download the patches, then prompt to install them manually. 

Use a Firewall

A firewall is a product designed to act as a barrier between your computer and the internet in an attempt to protect your computer (and the data it contains) from unauthorised or unsolicited malicious attacks.  Firewalls are available as either a software program that runs on your computer, or as an additional hardware device.

A software firewall product, such as the built in Windows Vista firewall or any number of dedicated software firewall products available, should be regarded as the absolute minimum protection for a Windows Vista system.

A separate, dedicated hardware firewall product is regarded as offering superior protection to the software equivalent.  Information Services recommend the use of a hardware firewall product for all broadband home users.  The exact type of hardware firewall product required will depend on your internet connection type (e.g. DSL or ADSL).  Frequently, the hardware firewall will include multiple components - the firewall (to protect your system), a modem (which will replace the modem you currently use) and a router (allowing multiple systems to be connected to the single internet connection).  Increasingly popular are wireless hardware firewall routers, allowing secure wireless connections from multiple computers to a single broadband connection. Your internet service provider or local computing retailer will be able to advise on the best hardware firewall for your system.

As an absolute minimum, ensure Windows Vista firewall is enabled...

  • Click 'Start', 'Control Panel'
  • Double click the 'Windows Firewall' option
  • From the resulting dialog box, ensure the firewall is turned on

 

Windows Firewall Settings (Vista)

 Anti-Virus software

Cardiff University staff and students are now able to take advantage of our new Sophos licence. Each member of staff or student will be issued with one licence. The licence will last for one year and can be renewed at the end of the year provided you are still a member of staff or a student.

A valid Cardiff University Username and password is required to download the software from off campus

 

To install Sophos on a stand alone workstation download the file from https://antivirus.cf.ac.uk/SophosHome.exe.

  1. Uninstall all old antivirus software. This is very important.You may need to download the removal tool from your old antivirus software vendor’s website. (For example: If you had Kaspersky installed go to the Kaspersky website and download and run the Kaspersky removal tool. If you had Norton 360 visit the Norton website and download and run the Norton removal tool.
  2. Reboot your computer
  3. Double click SophosHome.exe to install Sophos. This process may ask for confirmation in windows vista or windows 7. The installer is silent so please leave the computer a few mins before looking for a grey or blue shield in the task bar. The grey shield tells you that it is installing and a blue shield tells you that the process is complete. Once you have the blue shield then you can reboot.

A version of Sophos with a long update cycle (6 hours) can be downloaded here . This version should only be used when the scanning of large drives is needed.


Important note: This software reports back to INSRV with statistical data. Information gathered does not report users or usernames, only computer name and local ip address. This data cannot be traced back to an individual user. This data helps us spot trends and helps with user education strategies

 

 

Back to top

Windows 95/98/ME/NT/2000

Securing the system

Regular Microsoft security updates (known as ‘patches’) are essential in protecting a Windows system. Windows 95/98/ME/NT systems are now un-supported by Microsoft and updated security patches are now unavailable.

All Windows 95/98/ME/NT/2000 systems are now extremely vulnerable to virus and/or hacker attack, cannot be adequately secured, and should be upgraded as a matter of some urgency.

 

Back to top