Install security patches regularly



last revision January 20, 2005

Suggestions to secure your Windows PC:
  1. Use strong passwords
  2. Install security patches
  3. Share files correctly
  4. Use anti-virus software
  5. Protect against email viruses
  6. Install PCLeland
  7. Minimize open network services
  8. Run a security analyzer
  9. Do regular backups
  10. Apply special Windows XP fixes

Because new security bugs are being discovered on a regular basis in Windows, the software installed on your computer is already flawed when you first get it -- the manufacturer installs from a Windows release several weeks or months old. Your computer will become increasingly less secure over time as new bugs are discovered. Microsoft is reasonably responsive about making patches to fix these security bugs, but expects you to visit their internet site to download and install these patches.

When you first connect a Windows PC to the Stanford network, login as Administrator, or a user account with administrative privilege (Petroleum Engineering user accounts have administrative privilege on their own department supplied computers), and immediately open Internet Explorer and connect to the Windows Update web site at:

http://windowsupdate.microsoft.com

The importance of immediately applying all Microsoft security patches when you first put a computer on the network cannot be overstated.

At the Windows Update site, click on Product Updates or Scan for updates link (depending on your version of Windows). This page examines your system to determine which Critical Updates and Service Packs you need. Download those updates and then restart your computer. Be sure to get all updates for Internet Explorer in addition to those for the Windows operating system itself. Internet Explorer is tightly integrated with the operating system and bugs in Explorer are often exploited by hackers.

Sometimes, one set of updates must be installed, and the computer restarted, before another set can be installed. Therefore, when you are first installing updates, keep going back to the Windows Update web site after each restart until there are no more critical updates left. In the future, if you are regularly installing updates, you should be able to get all new ones at once.

All Windows PC users, including those who are part of a domain such as Petroleum Engineering, need to apply Windows Updates to their own computers.

If you use Microsoft Word, Excel, or PowerPoint from the Microsoft Office suite, version 2000 or later, you must also check the Office web site for critical updates to those programs. There are some security bugs in those programs that can be exploited by hackers, for instance, by getting you to open a Word or Excel document with special macros. Use Internet Explorer to open

http://office.microsoft.com/officeupdate/

and click on the Check for updates link near the top of the page. The first time you visit, it will first install the Office Update Installation Engine, which will examine your installation of Office and find all updates. Install them.

Visiting the Windows Update site once is not enough, because new security flaws are discovered frequently in Windows. You must check for new critical updates at least weekly, to avoid problems from the latest security bugs. If you use the Outlook or Outlook Express email programs, whose flaws are the target of email virus writers, it is even more important for you to check for new critical updates at least weekly.

For Windows 98, ME, 2000, XP, and later releases, Microsoft provides tools for automatic notification and installation of new security fixes, so you don't have to remember to constantly visit their Windows Update web site. Unfortunately, these tools are not available for the older Windows 95 or NT, so you need to remember to visit the Windows Update site weekly if using 95 or NT. Also, some larger packages of updates, such as service packs, require manual intervention to be installed and will not be automatically installed. So you still need to periodically check the Windows Update web site, even if you have turned on automatic updates.

Petroleum Engineering department supplied computers are pre-configured to automatically check for critical updates daily, and download and install them automatically.

If you have Windows 98 or later, you can manually configure automatic notification or downloads of critical updates. The exact procedure varies by Windows version and is documented in the Install Windows Critical Updates section of the Earth Sciences Security Prerequisites for Windows PCs web site.

Comments or Questions?