OIT INFORMATION

• About Us
• Customer Service
• Enterprise Services & Rates
• Policies, Standards & Procedures
• eGovernment
• Accessibility
• Security
• Project Management
• Architecture

Limit Attacks on Your Windows Home Computer

By Mike Pomerleau and Mark Kemmerle, OIT

Most computer users do not realize that the default configuration of a Windows PC is to operate as a “server” with the local hard drives like C: shared out to “everyone” who can connect to it over a network. Most of us now have our home computers connected to the Internet via a local Internet Service Provider (ISP). Many of us also use public access wireless networks when we travel with our laptops. It is also easier than we like to admit to allow our operating systems, applications, and antivirus software to become out of date. What is dangerous about the Microsoft Windows default settings – one in particular – is that they make it easier than it needs to be for hackers or malicious software downloads to compromise unprotected or unpatched computers. This article will give you instructions on how to change one setting on your home Windows desktop (or laptop) that will protect you against most software attacks. You still need to be alert to Internet threats, but making this simple change will help protect your home computer (and you) from the consequences of many Internet attacks.

Recently I witnessed the speed at which a PC on the Internet can be compromised. I was helping a relative with installing Windows XP with default security settings, patching at Service Pack 1, and an out-of-date antivirus package. We were attached to a home wireless network that connected to the Internet via the local cable ISP. Before we could finish the (very long) process of installing over a hundred security updates and upgrades over the Internet (Service Packs 2 and 3), the PC was already compromised. While browsing the Internet during the upgrades, we started seeing “pop up” messages telling us that the computer was infected and urging us to install the latest version of “Antivirus 2009,” which is the exact opposite of what it says it is. More accurately, it's “Virus 2009.” Our first sign of trouble was when we could no longer access the Microsoft Update site and our antivirus program would not run after we rebooted the computer.

Many of you have heard of or personally experienced a variation on this story. I have helped several relatives and co-workers recover computers that have been rendered unusable. The process unfortunately usually involves a total rebuild. PC security is especially important when we bring our state laptop home or when we're using our home computers to do state work over the Internet over an unsecured ISP network.

“So,” you ask “what's that one easy tip you promised that will help me protect my Windows computer?”

Answer: the single most effective thing you can do to limit the attacks on the Windows operating system is to disable “File and Printer Sharing for Microsoft Networks” by removing the check from one check box.

First, go to Network Properties by following these commands: [Start, Control Panel, Network Connections, Local Area Connection or Wireless Connection, and right mouse button: Properties]. At Properties, you'll see the “before” version of the following screen shot. It will have a check in the box next to “File and Print Sharing for Microsoft Networks.” All you do is uncheck the box and click “OK.” The “after version” of the Properties screen shot shows the box unchecked. You're done! And you've done a lot to limit the ways that malicious software can attack your home computer.

 

 

Article posted on: April 15, 2009
Comments on this article? Send us your feedback.

Maine.gov | DAFS Home | OIT Home | Site Policies