Best Practices for Home Systems

Free File/Music Sharing (Limewire/Morpheus etc.) – Using free file sharing software (Peer to Peer – P2P) is not recommended on systems with sensitive information stored on them. In the last couple of years we have observed several compromised home systems that had file sharing software loaded on them. P2P file sharing software typically has little or no security to prevent system break-ins. These security holes can be used to gain access to any file on the systems storage drives (hard drives/zip drives etc.). One tactic used by hackers is to harvest files off a system and then trash the system when they are done forcing the user to completely re-setup their computer from scratch. More information on this tactic of remotely accessing shared files is available at CERT (http://www.cert.org/advisories/CA-2003-08.html Another issue is that the sharing of copyrighted material (music/mp3 files) is against Federal Copyright Law and exposes the owner of the system to severe penalties if they are caught including significant fines. Finding these P2P users is easy to do and will typically result in immediate action by the Recording Industry Association of America (RIAA – www.riaa.com). Remember that parent/legal guardian's can be made legally responsible for any criminal acts their children do while online.

Anti-Virus – It is recommended to always run the latest version of anti-virus software on computer systems no matter where they are located. If the system is connected to the Internet it is critical to make sure that antivirus software is loaded on the system and kept up-to-date. Failure to run antivirus software may result in file corruption/deletion and system compromises. The end result is that all files on the system are vulnerable and may be affected. ITS has a download page for software - Symantec (Norton) Antivirus at http://helpdesk.its.uiowa.edu/software/ for UI Faculty, Staff and Students.

Anti-Spyware – It is a good idea to run some form of Anti-Spyware software on computer systems along with Anti-Virus.  Anti-Spyware is designed to look at rogue processes installed on the system and used by individuals (other than the owner) to control the system.  These rogue processes can be used to generate spam messages, attack other systems, and/or collect data from the infected system and other systems on the network.  Many Anti-Virus programs do no detect all Spyware (rogue process) as these processes may be initiated by the owner of the system and are not rogue.  When Anti-Spyware software detects a process it typically will ask if you want to keep this process active. (example: if you have an web server running on the system you will not want to stop the web server process)

Firewalls - It is recommended to run some type of firewall software on any computer system connected to the Internet. Windows XP and Mac OS X have firewall software built-in and it is recommended to always allow this feature to be turned on. Windows XP Service Pack 2 (SP2) enhances the original firewall application and it is recommended to apply this update on all Windows XP systems. Please note that there are a few compatibility issues with SP2 that the user will need to be aware of prior the upgrade.

System Software Updates – Both Microsoft and Apple allow for free operating system updates to be downloaded and installed via the Internet. It is strongly recommended to install these updates to systems whenever they become available. Failure to apply these critical system updates may potentially result in the computer system being compromised and/or data corruption. The Windows Update menu is accessible via a shortcut on the Windows Start Menu. The Macintosh OS X Update menu is available via the System Preferences Menu using the check for Software Updates button.

System Passwords - It is strongly recommended to set up a user account for each user on the computer system (Windows XP/2000 and Mac OS X all versions). With every account you should also set up a password including the Windows Administrator account (Windows XP). Using blank (null) passwords for accounts makes your computer much more vulnerable to attacks. Make sure to also use some type of hard-to-guess password. Never use the account name or “password” for any account password.

Home Faculty/Staff Systems (Windows 2000 and XP and Mac OS X) – Most users set up their homes systems with one user login. This is not recommended on systems where sensitive information is maintained on the hard drive. With one user login all users have access to all files on the system. Also note that children and young adults may need a restricted access account to provide better security for the primary users on the system. Children and young adults seem to have minimal concern when installing freeware applications that can cause serious performance and security problems with the system. Setting up these users with limited/basic user account privileges is an good way to keep the system running at optimum performance. Setting up a user with restricted privileges will allow them to browse the Internet and use installed applications, save files and all other basic user operations. Setting up users with restricted account will also prevent them from installing most 3^rd party applications including spyware and spamware. This change will require an administrative account user to install software and updates if required.  Remember that the parent/legal guardian is considered responsible for any criminal acts their children do while online and off.