• Install and Update Antivirus Software
• Delete Unprotected Shares
• Join Your Workstation to a Win 2000/NT Domain
• Run ScanDisk
• Run the System File Checker
• Check Who's Connected to Your System
• Maintain Physical Security
• Protect Your Shares with Hot Fixes
• If Your Security Needs Are Even Higher ..
• Run Symantec Antivirus on Your System

<< Back to Windows Security

_____________

Bad things happen to Windows 95 and 98 systems. Most of the problems are caused by lack of security in these systems. There is no file security whatsoever, nor is there any type of inherent auditing in these systems. If you set up your system for multiple users so that there is a password screen during boot-up, anybody can click on Cancel to bypass the password! Additionally, if there are multiple users, each having his/her own password, any user can see all other users’ files.

However, despite all the obstacles and limitations, you can still do some important things to improve security in your Windows 95/98 system.

Ensure that Your System Has Antivirus Protection

• If your system has no antivirus protection, connect to
  
  http://www.lbl.gov/download/
  
  to download a copy of Norton AntiVirus.
  
  
• Keep Norton AntiVirus up to date. This is especially important because new viruses and worms come out all the time. Your system may be configured to have automatic updates, but just to be sure, update once a week. Just follow these 3 easy steps:
  
  
  • Go from Start to Programs to Norton AntiVirus to Norton AntiVirus
  • Click on Live Update
  • Click on Next
    

Delete Unprotected Shares

In Windows terminology, a “share” is a mechanism that allows a user to connect to file systems and printers on other systems. An “unprotected share” is one that allows anyone to connect to it. Many LBNL Windows desktop users have unprotected shares, even though they do not really need sharing at all. The result is a far greater likelihood that their systems will be successfully attacked by hackers, worms, etc. Unprotected shares are currently one of the major causes of security-related incidents at LBNL

• For steps to delete unprotected shares, visit: http://www.lbl.gov/ITSD/Security/systems/windows.html#share
  

Join your Workstation to a Windows NT/2000 Domain

Windows NT/2000 domains are groups of systems that share a common authentication database. Central domain security parameters go a long way to protect every system within its domain. To check whether your workstation is a member of a domain, do the following:

• Go from Start to Settings to Control Panel to Network
• Double-click on Network
• Click on Identification
  

If you see “LBNL” as the workgroup, your system is a member of the central LBNL domain, a good thing for your system’s security. If you see another entry, ask your system administrator whether this entry represents a domain name. (NOTE: there are other domains at the Lab besides “LBNL,” so if you do not see LBNL as the entry here, your system could still be a member of a domain.)

To join your workstation to the central LBNL domain free of charge, contact Curtis McDonald, ext. 5417, or send e-mail to cjmcdonald@lbl.gov

Run ScanDisk Every Few Weeks

ScanDisk is a built-in program that finds and repairs disk errors. Running ScanDisk is good for security because some types of malicious programs deliberately create disk errors. To run ScanDisk:

Go from Start to Programs to Accessories to System Tools to ScanDisk
Select the drive(s) you want to check (hopefully, you will check C: as well as any other drive)
Click on Start

Run the System File Checker Every Few Weeks

The System File Checker (SFC), another built-in program, checks all system files against the known good version of each. It is very useful for security because hackers and malicious programs generally make changes to systems. If SFC finds anything wrong, you will need to have the original CD from which your system was installed before SFC can automatically fix whatever is damaged. To run SFC:

• Go from Start to Run
• Enter sfc
  

Check Who Is Connected to Your System

You should check what other systems are connected to your system a few times a day. Network addresses at LBNL start with 128.3, 131.243, or 198.128. If you see an address such as 201.4.5.6 connected to your system, especially via port 139 (the Windows share port), it could mean trouble. To check who is connected to your system:

• Go from Start to Programs to MS-DOS Prompt
• Enter netstat -a -n
  

You will need to inspect most closely the entries in the “Foreign Address” column. This will show the IP address of any connected system, followed by the port number on which the connection is made. A colon will separate the IP address from the port number.

Maintain Physical Security

Physically securing your computer helps prevent theft, inappropriate use, malicious alteration of files, corruption of your system itself, and use of your computer to attack other systems by someone who has gained physical access.

(If possible) place your PC in a physically secure location.
Enable the screen saver. (This is not as strong a security measure as most of the others described here, but it can act as a deterrent because it takes a while to figure out how to circumvent the screen saver. Additionally, if someone reboots your system to get around the screen saver, your mail connection will be lost, protecting your e-mail from unauthorized access.)

To enable the screen saver:

• Go from Start to Settings to Control Panel
• Double click on Display
• Click on Screen Saver tab
• Set a Wait Period as needed (e.g., 10 minutes)
• Click on Password protected, then assign a difficult-to-guess password

Hot Fixes

Downloading and then installing hot fixes can also eliminate some of the vulnerabilities in Windows 95, 98 and Me systems. One of the most important hot fixes prevents attackers from being able to enter only part of a share password to gain access to a share. With unauthorized access to the share, attackers can read your system's files, or, worse
yet, change or erase these files. There are several versions of this hot fix:

• Microsoft Windows 95
• Microsoft Windows 98 and 98 Second Edition
• Microsoft Windows Me

If Your Security Needs Are Even Higher…

Consider installing an add-on Windows 95/98 security program. Many such programs (some are commercial, others are free) are available, but in general they all do such things as protect against unauthorized system boots, require entry of a password for access to a system, and restrict file access and/or provide audit data. The names of a few of these desktop security programs are listed below:

• Bootlocker (http://www.bootlocker.com)
• Carraig (http://www.carraig.co.uk)
• CenturionSoft (http://www.centurionsoft.com/)
• DataLynx (http://www.dli-security.com)
• DCA Programming (http://www.computerguard.org)
• Folder Guard (http://www.winability.com)
• Fool Proof (http://www.smartstuff.com)
• Secure Desktop (http://www.visualautomation.com)
• Winshell (http://www.e-softworld.co.uk)
  

Run Symantec Antivirus on Your System

Be sure to run Symantec AntiVirus on your system, and to keep its signatures updated every day. To check whether you have Symantec AV, go to Programs. If Symantec AntiVirus is one of the selections, your system is running this program. Go here to download Symantec AV. To update Symantec AV, go from Start to Programs to Symantec AntiVirus Corporate Edition to Symantec AntiVirus Corporate Edition to Live Update. Click on Live Update and follow the instructions. You will now have the latest updates to Symantec AntiVirus, which is the best all-around defense against virus and worm infections.

Taking a few minutes to take care of your computer’s security helps prevent incidents, incidents that can result in unauthorized data modification or data loss, disruption of your ability to get your work done, and other undesirable outcomes.