Tips for securing Windows XP/2000 Professional

This document offers tips for securing a default installation of Windows XP Professional as well as offer recommendations for users of Windows 2000 Professional. These tips include:

• If you use Windows 2000 Professional...
• Determining if Service Pack 2 is installed
• Running Windows Update
• Installing Penn-supported Antivirus Software
• Checking the Windows Security Center

You will need an administrator-level account to perform the tasks on this page.

If you use Windows 2000 Professional...

Windows XP Professional with Service Pack 2 includes many security enhancements and features which are not available for Windows 2000 Professional, including a built-in firewall and automatic update installation. Moreover, upgrading ensures continued security support and updates from Microsoft for the foreseeable future.

We therefore strongly encourage users of Windows 2000 Professional to upgrade to Windows XP Professional with Service Pack 2. If you do not know whether you are running Windows 2000 or Windows XP, please follow the steps in the Service Pack 2 section to determine your version of Windows.

If you would like to upgrade, a license for Windows XP Professional can be purchased from the Penn Office of Software Licensing for $63 per machine. Please visit Penn Biology Computing's Windows licensing page for information on departmental and personal purchases of Windows XP Professional.

Once you have purchased a license, you can choose to install it yourself using our installation media, or contact us to arrange a time to help you upgrade. Backup your important files before upgrading your operating system!

Determining if Service Pack 2 is installed

Service Pack 2 for Windows XP Professional contains many essential security enhancements.

If you do not have Service Pack 2, you must install it before registering to connect to the Biology network. Proceed with the instructions contained in this section to install Service Pack 2.

• Click on the Start menu, then click "Run"
• Type in "winver" without quotes, and click OK

• A window will appear with your Windows version information. Check that the top banner reads Windows XP Professional.
• Also check that on the second line below the top banner, on the right hand side it says "Service Pack 2". See the below picture for reference (the area has been highlighted to indicate where it would located):

• If you do not see "Windows XP Professional ", please see the above section for information about the benefits of upgrading to XP, as well as how you can purchase a license
• If you do see "Windows XP Professional ", but do not see "Service Pack 2", then please follow the directions outlined here and here before proceeding to the next section. If you have difficulty following or understanding the directions, please contact us to arrange a time to install Service Pack 2 on your machine

Running Windows Update

Visiting the Windows Update web site periodically is a good habit to get into. Windows Updates contain critical security fixes as well as bug-fixes and added features for the Windows operating system.

Although you will want to turn on Automatic Updates (more about that in the Automatic Updates section), you will want to check the Windows Update site to make sure that your Windows is currently up-to-date. It is also a necessary step, if you have not yet installed Service Pack 2.

• Open the Internet Explorer web browser (no other browser will work with the Windows Update website)
• Connect to the Windows Update site by entering http://windowsupdate.microsoft.com/ into the address field
• You may receive a certificate security warning dialog box; select Yes to this dialog box after reviewing it to make sure it comes from Microsoft. This step ensures updates are really coming from Microsoft and not some nasty third party
• Click on the button labeled: Express
• If you have not run Windows Update before, or it has been a while since you have run it, it will ask you to install the latest version Windows Update (actually the Windows Genuine Advantage Validation Tool). This tool will be used to validate your copy of Windows by checking that you are not using an unlicensed or pirated copy. Click on "Download and Install Now "

• If you had to install the Windows Update update, it will first say that the install was successful, click Continue, then it will scan for updates
• You will then be presented with a list of critical update packages which need to be installed. Click on the Install Updates button

• Wait until the updates have downloaded and installed. On a campus-, DSL-, or cable-based connection the download time will be relatively quick; however, on an analogue modem (56kbps) connection it may take a while
• When the installation is finished, it may prompt you to reboot your machine, do so at this point

• Repeat these steps again after a reboot, until there are no more critical updates left to install. This is a very important step on new computers and on machines which do not have Service Pack 2 installed
• The Windows Update website will indicate there are no more updates required by displaying the following message:

Installing Penn-supported Antivirus Software

Antivirus software is an essential part of a secure Windows computer. To this end, the University of Pennsylvania provides Symantec Antivirus free of charge to members of the Penn community.

New computers often come with antivirus software which expires three months after the computer is set up — uninstall this prepackaged software so that you can install the Penn-supported, three-year licensed antivirus utility!

You can obtain and install Symantec Antivirus either from the PennConnect CD or as a direct installer file download from Penn's Computing Support Products web page:

• You must remove any existing anti virus software before installing Symantec AntiVirus.
• To uninstall your previous antivirus client, click on Start, then Control Panel, then Add or Remove Programs. You will be presented with a list of installed programs. Pick your antivirus client from the list and click on Remove
• If you are installing the antivirus software from the PennConnect CD, place the CD in your drive. The setup application should start automatically. If it doesn't, navigate to your CD-Rom drive, and double-click on the PennConnect icon.
  • It is recommended that you install by clicking on the Start arrow in the PennConnect installer application. This will install all of the software on the PennConnect CD. However, if you prefer to only install Symantec Antivirus, then choose the Custom install, then select Master Installer, then, when prompted choose the Custom radio button and select Symantec Antivirus from the resulting list
• If you do not have a PennConnect CD, or if you would like to make sure that you have the latest version of Symantec Antivirus, visit: http://www.upenn.edu/computing/product/specs/sav.html and follow the directions for downloading and installing which are listed on this page

To run LiveUpdate within Symantec Antivirus to get your virus definitions up-to-date, do the following:

• Click on Start, All Programs, Symantec Client Security, then Symantec Antivirus
• Find the section titled Virus Definition File and ensure that a current date is listed underneath. If not, click on the LiveUpdate button

• You will see the following window:

• Click Next. Note that you must be connected to the internet for this step to work.
• Once the LiveUpdate process is complete, it will notify you that your definitions are up-to-date

• Click Finish to complete the process

To scan your computer for known viruses, adware, and spyware, do the following:

• Click on Start, All Programs, Symantec Client Security, then Symantec Antivirus
• Click on the "Full Scan" icon in the left hand pane
• Click on the "Scan" button

• Symantec will proceed to scan your machine for viruses, adware, and spyware, and will notify you of any threats and which action it has taken against them

Checking the Windows Security Center

The Windows Security Center — included with Service Pack 2 — will inform you if your computer is missing any one of three layers of security:

• Firewall, which helps keep intruders from hacking into your system from the outside
• Automatic Updates, to automatically manage downloading and installing critical updates for Windows
• Virus Protection, to help secure your system from viruses

To check that all of these layers are in place, navigate to the Security Center by following these steps:

• Click on Start, then Control Panel, then double-click on "Security Center"
• You should see the following window:

• If either Firewall or Automatic Updates are in the OFF state, click on the icon for them under "Manage security settings for:" to configure them. If Virus Protection is off or out of date, please visit the above section of this page for instructions on installing and updating antivirus
• To enable the Windows Firewall, make sure that the following options are selected:

• To enable Automatic Updates, make sure that the following options are selected: