Duke OIT - Vista Security

Microsoft has approached the issue of security in Windows Vista by providing layers of protection as opposed to relying on one particular security measure. The security model in Vista consists of the following components.

• User Account Control (UAC)
• Private Network Settings
• McAfee VirusScan
• Windows Defender
• Windows Firewall
• Windows Security Center (WSC)
• Malicious Software Removal Tool
• Internet Explorer 7 Defense Technologies

User Account Control (UAC)

The UAC protects users by providing administrator level access to systems processes on an as needed basis. It provides a means of separating standard user privileges and tasks from those requiring the user to have administrative rights. The UAC operates similar to a firewall in that the operating system prompts the user when the need arises for a process or task requires a level of access that is greater than the level of the current user. The UAC also provides the user with an opportunity to know what programs and processes are launching on their machine and allows the user to make a decision as to whether or not permission is granted to perform the task.

When the UAC is activated a dialog box appears stating:

Windows Needs Your Permission to Continue

You must click the Continue button to advance any further.

Private Network Settings

Network settings should be changed from Public to Private in order to prevent unauthorized access to your computer. To do so, follow the steps below.

1. Click Start
2. Control Panel
3. Network & Sharing Center
4. Click Customize
5. Click Private
6. Close
   

McAfee VirusScan

OIT recommends the use of McAfee VirusScan 8.5i on all Windows Vista machines. This software can be downloaded from the OIT Site License web page.

Windows Defender

Windows Defender is a program included in Windows Vista that helps protect computers against pop-ups, slow performance, and security threats resulting from spyware and other malware. It monitors the portions of the Windows Vista operating system that this unwanted software targets, and alerts the user to the activities of these malicious programs. The user is given an opportunity to either accept or reject the change that the software is attempting to make to the operating system. In the past without software such as Windows Defender installed the malicious programs went unchecked with full access to the operating system. In addition to Windows Defender, Microsoft strongly recommends that customers also deploy a full antivirus solution.

To access Windows Defender:

1. Click Start
2. Control Panel
3. Windows Defender 

It is a good rule of thumb to open Windows Defender about once a month, noting the date and time of the definition version is up to date.

If for some reason one finds the need to turn Windows Defender off, i.e. if you need to scan your machine for spyware you will need to disable the real time protection.

1. Click Start
2. Control Panel
3. Windows Defender
4. Uncheck the box beside Automatically Scan My Computer
5. Click Save

Remember to turn this option back to the on state after you have completed your task.

Windows Firewall

Personal firewalls serve as a critical line of defense against many types of malicious software. The firewall in Windows Vista is turned on by default to ensure protection as soon as the operating system is operational.  Windows Firewall now includes both inbound and outbound filtering, outbound filtering was unavailable in previous versions of Windows Firewall.

In order to verify the status of the firewall’s on or off state, it can be accessed by going to:

1. Click Start
2. Control Panel
3. Security Center or Windows Firewall
   

Windows Security Center (WSC)

To access the Windows Security Center go to:

1. Click Start
2. Control Panel
3. Security Center 

The security center constantly monitors and dispays the status of four important security categories:

• Firewall
• Automatic Updates
• Malware protection
• Other security settings

The Windows Security Center provides the user with a starting point for most security related processes. For example, the status of one’s anti-virus software can be viewed via the WSC.

Vista’s WSC also includes a new category called "Other security settings." It displays the status of Internet Explorer security settings and User Account Control (UAC). New as well is the category "Malware protection," which includes monitoring for antivirus and anti-spyware software.

The WSC monitors multiple vendor security solutions including anti-virus and anti-spyware and indicates whether these products are enabled and up to date.

Malicious Software Removal Tool

The Microsoft Windows Malicious Software Removal Tool is designed to help remove malware from infected computers. Updated monthly, a new version of the tool is released via Microsoft Update, Windows Update, and the Microsoft Download Center. This tool should not be used in lieu of a full featured anti-virus solution such as the OIT supported McAfee Virus Scan software, it should be used in addition to it.

Internet Explorer 7 Defense Technologies

Microsoft has built into IE 7 anti-phishing technologies as well as several other security measures turned on by default to protect users browsing the internet.

Recommended Settings for IE7

The settings for IE7 can be accessed by going to:

1. Click Start
2. Control Panel
3. Internet Options

Or from within IE7 by selecting:

1. Tools
2. Internet Options 

Changing Default Search Engine

The default search engine for IE7 is Live Search, in order to change the default search engine, the one used when one types a search string in the top right search bar of IE7, to another search provider such as Google do the following:

In the Search section of the Internet Options screen click Settings.

A dialog box appears, click the Find More Providers link and a web page will spawn containing all if not most of the most popular search engines.

Click Google or whichever service provider you prefer, a dialog box appears, click once in the box beside Make this my default search provider, which places a check in the box, and click the Add Provider button.

To verify the change the word Google will now appear ghosted out in the top right search bar’s location.

Automatically Detect Proxy Settings

Some Duke web pages require your browser’s proxy settings to be set to automatic in order to access them, the setting can be changed from within IE7 by going to:

1. Tools
2. Internet Options
3. Click on the Connections tab
4. Click the LAN Settings button 

A dialog box appears, click the box beside Automatically Detect Settings which should place a check in the box, Click OK, click OK again to close the control panel.

Limiting the Size of the Temporary Internet Cache Folder

Large internet cache folders can eventually cause operating system anomalies, so it is important to limit the size of this folder.  The setting can be changed from the IE7 settings window as instructed above.

In the Browser History section, click the Settings button.

In the Disk Space to Use section, enter the number 8.

Click OK to close the dialog box.