<<
Back to Windows Security
_____________
Bad
things happen to Windows 95 and 98 systems. Most of the problems
are caused by lack of security in these systems. There is
no file security whatsoever, nor is there any type of inherent
auditing in these systems. If you set up your system for multiple
users so that there is a password screen during boot-up, anybody
can click on Cancel to bypass the password! Additionally,
if there are multiple users, each having his/her own password,
any user can see all other users files.
However,
despite all the obstacles and limitations, you can still do
some important things to improve security in your Windows
95/98 system.
Ensure
that Your System Has Antivirus Protection
- If
your system has no antivirus protection, connect to
http://www.lbl.gov/download/
to download a copy of Norton AntiVirus.
- Keep
Norton AntiVirus up to date. This is especially important
because new viruses and worms come out all the time. Your
system may be configured to have automatic updates, but
just to be sure, update once a week. Just follow these 3
easy steps:
- Go
from Start to Programs to Norton AntiVirus to Norton
AntiVirus
- Click
on Live Update
- Click
on Next
Delete
Unprotected Shares
In
Windows terminology, a share is a mechanism that
allows a user to connect to file systems and printers on other
systems. An unprotected share is one that allows
anyone to connect to it. Many LBNL Windows desktop users have
unprotected shares, even though they do not really need sharing
at all. The result is a far greater likelihood that their
systems will be successfully attacked by hackers, worms, etc.
Unprotected shares are currently one of the major causes of
security-related incidents at LBNL
Join
your Workstation to a Windows NT/2000 Domain
Windows
NT/2000 domains are groups of systems that share a common
authentication database. Central domain security parameters
go a long way to protect every system within its domain. To
check whether your workstation is a member of a domain, do
the following:
- Go
from Start to Settings to Control Panel to Network
- Double-click
on Network
- Click
on Identification
If
you see LBNL as the workgroup, your system is
a member of the central LBNL domain, a good thing for your
systems security. If you see another entry, ask your
system administrator whether this entry represents a domain
name. (NOTE: there are other domains at the Lab besides LBNL,
so if you do not see LBNL as the entry here, your system could
still be a member of a domain.)
To
join your workstation to the central LBNL domain free of charge,
contact Curtis McDonald, ext. 5417, or send e-mail to cjmcdonald@lbl.gov
Run
ScanDisk Every Few Weeks
ScanDisk
is a built-in program that finds and repairs disk errors.
Running ScanDisk is good for security because some types of
malicious programs deliberately create disk errors. To run
ScanDisk:
Go
from Start to Programs to Accessories to System Tools to ScanDisk
Select the drive(s) you want to check (hopefully, you will
check C: as well as any other drive)
Click on Start
Run
the System File Checker Every Few Weeks
The
System File Checker (SFC), another built-in program, checks
all system files against the known good version of each. It
is very useful for security because hackers and malicious
programs generally make changes to systems. If SFC finds anything
wrong, you will need to have the original CD from which your
system was installed before SFC can automatically fix whatever
is damaged. To run SFC:
- Go
from Start to Run
- Enter
sfc
Check
Who Is Connected to Your System
You
should check what other systems are connected to your system
a few times a day. Network addresses at LBNL start with 128.3,
131.243, or 198.128. If you see an address such as 201.4.5.6
connected to your system, especially via port 139 (the Windows
share port), it could mean trouble. To check who is connected
to your system:
- Go
from Start to Programs to MS-DOS Prompt
- Enter
netstat -a -n
You
will need to inspect most closely the entries in the Foreign
Address column. This will show the IP address of any
connected system, followed by the port number on which the
connection is made. A colon will separate the IP address from
the port number.
Maintain
Physical Security
Physically
securing your computer helps prevent theft, inappropriate
use, malicious alteration of files, corruption of your system
itself, and use of your computer to attack other systems by
someone who has gained physical access.
(If
possible) place your PC in a physically secure location.
Enable the screen saver. (This is not as strong a security
measure as most of the others described here, but it can act
as a deterrent because it takes a while to figure out how
to circumvent the screen saver. Additionally, if someone reboots
your system to get around the screen saver, your mail connection
will be lost, protecting your e-mail from unauthorized access.)
To
enable the screen saver:
- Go
from Start to Settings to Control Panel
- Double
click on Display
- Click
on Screen Saver tab
- Set
a Wait Period as needed (e.g., 10 minutes)
- Click
on Password protected, then assign a difficult-to-guess
password
Hot
Fixes
Downloading and then installing hot fixes can also eliminate
some of the vulnerabilities in Windows 95, 98 and Me systems.
One of the most important hot fixes prevents attackers from
being able to enter only part of a share password to gain
access to a share. With unauthorized access to the share,
attackers can read your system's files, or, worse
yet, change or erase these files. There are several versions
of this hot fix:
If
Your Security Needs Are Even Higher
Consider
installing an add-on Windows 95/98 security program. Many
such programs (some are commercial, others are free) are available,
but in general they all do such things as protect against
unauthorized system boots, require entry of a password for
access to a system, and restrict file access and/or provide
audit data. The names of a few of these desktop security programs
are listed below:
Run Symantec
Antivirus on Your System
Be sure to run Symantec AntiVirus on your system, and to
keep its signatures updated every day. To check whether you
have Symantec AV, go to Programs. If Symantec AntiVirus is
one of the selections, your system is running this program.
Go here
to download Symantec AV. To update Symantec AV, go from Start
to Programs to Symantec AntiVirus Corporate Edition to Symantec
AntiVirus Corporate Edition to Live Update. Click on Live
Update and follow the instructions. You will now have the
latest updates to Symantec AntiVirus, which is the best all-around
defense against virus and worm infections.
Taking
a few minutes to take care of your computers security
helps prevent incidents, incidents that can result in unauthorized
data modification or data loss, disruption of your ability
to get your work done, and other undesirable outcomes.
|