Correct PC security setup
The ideal setup for each computer in our group is to partition the hard drive in two drives! One for the system with all applications and programs on it and one for the data, where zou store papers, measurement data and similar stuff. The data partition should regularly be backed up to the server or some external memory drive. When all the programs are installed on the system partition, we will image that part of the hard drive, burn it onto some DVDs and keep it somewhere safe, away from the computer. In case your computer gets infected by viruses or compromised, we can just put it back into its original healthy state by putting the image back on. That should just take a couple of minutes!
There should also be two accounts active on your computer:one administrator account, which should not be called "local_admin" or something similar because that would be to easy to crack. The second account on your computer should be a limited user account, which is the account you use mostly. This should make it harder for viruses to install malware on your computer because you are using a limited user account and do not have administrator rights to install software. There is actually a third account on every computer, the preinstalled systemadministrator account, which is always called "Administrator". There are ways of changing this name to something less obvious.
Everybody should install certain programs on his computer to reduce the risk of virus infections!! These programs are:
- Sandboxie (keeping internet data and e-mails away from vulnerable computer data)
- Secunia Personal Software Inspector (checks if all your installed software is up to date)
- Windows Security Essentials (or Norton Antivirus Software or any similar antivirus software)
Further on it is necessary that everbody does regular Windows XP updates using Microsoft Update to fix security leaks and possible backdoors.
I just want to remind everybody of our QED group policy regarding virus infections: If your PC gets infected, we will have to follow the procedure listed here after. It is a pretty time-consuming task, so I urge everybody to follow the above mentioned security rules!
- Save data and other important files on portable memory device
- Format the hard drive
- Install Windows XP
- Install Symantec Antivirus (new virus definition files can be obtained from the Symantec website, stored on a USB stick and then be transferred to the affected computer)
- Install Sandboxie and Secunia Personal Software Inspector
The above mentioned steps should be done with the computer
disconnected from the network!!
- Connect the computer to the network and therby to the internet
- Do a Windows XP update (this may involve a couple of restarts and running Windows Update again!)
- Put desired programs and applications on and update them
- Run Secunia Personal Software Inspector and fix all remaining software issues
- Do an image of the system partition (Norton Ghost 2003)
Security software and links
SandBoxie - Provides a virtual sandbox for web browsing.
Secunia Personal Software Inspector - Helps keeping all your programs up to date.
Norton Antivirus - Offers some sort of protection versus viruses and other malware.