Essentials
This section provides all the software and instruction necessary to comply with the Desktop and Portable Computer Standard. Inexperienced/non-technical users may want to check out our Digital Self Defense 102 Workshop. The workshop provides information about and allows you to try setting up a firewall, downloading software patches, scanning for viruses, and removing spyware, all in a safe environment.
Note: For anti-virus, anti-spyware, and firewalls, you do not have to use the software on this page specifically, but you must have them active on your machine.
Before making any changes, end users supported by systems administrators should check with their support organization (FAST, COB, etc.) to find out their policies on making these changes.
Anti-Virus
Computer viruses, worms, and trojan horses are all types of malware that can infect a computer with various results. Depending on the type, malware can collect passwords or other private information on your computer and send them to another computer; it can add, delete, or modify existing files on your computer, and most importantly, it can replicate itself and spread to other computers through e-mail attachments, shared networks, and the World Wide Web.
A computer that is not equipped with up-to-date anti-virus software will become infected within minutes of connecting to the Internet.
McAfee Anti-Virus
RIT has licensed McAfee anti-virus software for use by faculty, staff, and students on both Institute computers and home computers.
- Download McAfee from the ITS Security & Virus Protection website.
As part of our DSD 102 Workshop, the Information Security Office also provides a handout on using McAfee and simulations that allow you to practice configuring the program in a safe environment.
Alternative Anti-Virus Products
You may use a different anti-virus product instead of McAfee, however it must have Buffer Overflow protection enabled. Never use more than one anti-virus product on the same computer.
Anti-virus products issued by major vendors (such as Symantec, Trend Micro, etc.) are acceptable, or you can try one of the free products listed below. Remember that technical support for free versions of software may not be available.
| Product | License | Company |
|---|---|---|
| Norton Anti-Virus | One year subscription paid | Symantec |
| Trend Micro Anti-Virus | One year subscription paid | Trend Micro |
| avast! Anti-Virus | Free for personal use | ALWIL Software |
| AVG Anti-Virus | Free for personal use | Grisoft |
Anti-Spyware
Spyware installs itself on a computer, usually without the user's knowledge or consent. Spyware is designed to do a number of things, including: collect personal information, install additional malware, or alter computer or web browser settings. A specific type of spyware known as "adware" can cause pop-up advertisements to appear on your computer (even if you are not connected to the Internet).
Dealing with spyware is different than dealing with viruses and other malware. By nature, spyware is very difficult to detect, and unlike anti-virus it is necessary to run multiple anti-spyware programs to ensure your computer is clean. Spyware is commonly bundled with free software on the Web (such as games, screensavers, etc.), so use common sense when downloading unfamiliar software online. Using limited account privileges can significantly reduce the ability of spyware to install itself on your machine.
The United States Computer Emergency Readiness Team (US-CERT) provides a guide for Recognizing and Avoiding Spyware.
You can also read Microsoft's Steps To Help Prevent Spyware for more information.
Spybot Search and Destroy
The license for Spybot Search and Destroy is free for use by faculty, staff, and students on both Institute-owned and home computers.
- Download Spybot Search and Destroy from the ITS Security & Virus Protection website (documentation included).
Additional Anti-Spyware Products
In addition to running Spybot, we recommend you use at least one additional anti-spyware product from the list below. Be wary of other free anti-spyware products on the Internet—many products advertised as anti-spyware may actually contain spyware themselves!
| Product | License | Company |
|---|---|---|
| SpywareBlaster | Free for personal and educational use | Javacool Software |
| Ad-Aware | Free for personal use | Lavasoft |
| Windows Defender | Free | Microsoft |
As part of our DSD 102 Workshop, the Information Security Office provides a handout on using Spybot and Windows Defender as well as simulations that allow you to practice configuring the programs in a safe environment.
At this time we do not recommend any anti-spyware products for Macintosh users.
Firewalls
A firewall is a piece of hardware or software that monitors and controls the incoming and outgoing traffic on your computer by managing ports. A properly configured firewall can be effective at preventing unauthorized connections to your computer. However, it will not prevent you from downloading malware or visiting malicious web pages.
RIT Computers
Users at RIT can request McAfee firewall software for use on all Institute-owned machines. However, it must be configured and managed by ITS. Visit the ITS Security and Virus Protection page to learn more about firewalls and request one for your machine.
Home and Personal Computers
The McAfee firewall is not licensed for use on home or personal computers, however there are several free alternatives available. You may also want to check with your Internet Service Provider to see if they provide a firewall or other security software for their customers.
Windows XP, Windows Vista, and Mac OS X all come with built-in firewalls, however the Windows XP firewall does not block outgoing traffic-meaning any malware on your computer will be able to communicate to third parties on the Internet.
Resnet provides instructions on how to configure these built-in firewalls.
RIT recommends the basic ZoneAlarm firewall for Windows users. It is available through Check Point Software Technologies and is free for personal use.
As part of our DSD 102 Workshop, the Information Security Office provides a handout on using firewalls and demonstrations that show you how to enable the Windows XP firewall and manage ZoneAlarm alerts.
Patching & Automatic Updating
Creating software is not a perfect science. In the millions of lines of code necessary to create an operating system or software application, it's very common to find vulnerabilities. Vulnerabilities are errors in software that can lead to exploits. An exploit is malicious code that takes advantage of a vulnerability and can allow a person access to the vulnerable machine. Due to the accessibility of information on the Internet, vulnerability exploits have become an extremely important security issue.
Operating Systems
Unfortunately, there is little you can do to protect yourself in the time between the discovery of an exploit and the release of a corresponding patch. The best solution is to use the automatic update feature, as required by the Desktop and Portable Computer Standard. Both Windows and Macintosh operating systems can be set to download updates automatically.
As part of our DSD 102 Workshop, the Information Security Office provides a handout on setting up limited accounts and automatic updates for Windows as well as simulations that allow you to practice configuring Windows in a safe environment.
- DSD 102 - Patching and Limited Accounts handout
- DSD 102 - Patching and Limited Accounts demos and simulations
Users of other operating systems such as Linux, Unix, etc., are also required to keep their operating systems up-to-date on patches.
Software Applications
It is important to keep all software on your computer updated, not just your operating system. Not every application has an automatic update feature, so remember to check for updates at least once a month. This can usually be done from within the program itself or through the vendor's website. The links below lead to updates for some of the more common applications, such as Microsoft Office, QuickTime, and Adobe Flash Player.
Passwords
Choosing a strong password and changing it regularly are two of the most important things you can to do protect yourself online. The Information Security Password Standard sets the requirements for your RIT Computer Account password. The following best practices are recommended for all passwords, not just those in use at RIT.
Choosing Strong Passwords
There are many resources available online to assist in constructing strong passwords. Read our How to Choose a Secure Password document to learn the basics of constructing a strong password.
Want to know how your password stacks up against the crackers' dictionary of commonly-used passwords? SecurityStats.com offers a Password Strength Meter that mathematically computes the strength of a password. Just remember to use a similar password, not one you are currently using or plan on using!
How Do I Change My Password?
Visit the ITS Password Change site to learn how to change your password for various RIT accounts as well as local Windows and Macintosh account passwords.
Managing Passwords
Using strong passwords and remembering them all can be difficult. If you're having trouble remembering all of your passwords, try out one of the password managing tools below.
| Product | License | Company |
|---|---|---|
| Password Safe | Free (open source) | KeePass |
| RoboForm | Free for up to 10 passwords | Siber Systems |
