|10 August 2004|
Computing security can be compromised at SLAC via an infected user-managed machine that is either:
Security for home and other user-managed
computers are the responsibility of the individual user. Please ensure that all machines in the above two
categories are patched and rebooted before connecting to SLAC. If you do not do
this you may be responsible for serious disruption of SLAC's work.
Computers that are not up-to-date with
security requirements may have their SLAC network access and/or remote
access cut off with little or no notice.
Operating system and application patches need to be kept up-to-date. You need to set up automatic updates for critical patches from 'Windows Updates' for each Windows XP/2000 machine. Do not attempt a shortcut by not rebooting when instructed to do so--the result may be a non-functional system. You should also refer to the computer manufacturer's website, typically in the support download section, for device drivers that should be updated.
For Windows XP and Windows 2000 computers
Manually install all critical patches from 'Windows Update':
Go to http://windowsupdate.microsoft.com
Scan for updates, install any critical updates and service packs
that are listed.
'Windows Update' may have several updates needing to be installed. Follow the instructions until 'Windows Update' reports there are no more Critical Updates to be applied, rebooting as instructed.
Configure the computer to automate future 'Windows Update' patching:
Default configurations of Windows XP and Windows 2000 (must be at least Windows 2000 Service Pack 3) rely on the Windows Update mechanism to notify users of new critical patches, and to manage the download and installation of those patches. You will need to be logged in with system administrator privilege to configure and perform the updates. To be sure you've got it running:
You can confirm that your system is up to date by visiting
Install all critical patches from 'Office Update' (if you have Office installed):
Go to http://windowsupdate.microsoft.com, and select 'Office Update'
Scan for updates, install any critical updates and service packs that are listed.
Configure your anti-virus software for automatic updates
See Anti-virus FAQ
For Windows NT 4
You should move to Windows XP Professional as soon as possible, this is no longer supported by Microsoft.
Notes on 'Windows Update':
For systems that is not set to install updates automatically (where the user may want to manually control the update schedule):
'Windows Update' may have several updates needing to be installed. Follow the instructions until 'Windows Update' reports there are no more Critical Updates to be applied, rebooting as instructed. Common errors are stopping after the first update, or not rebooting when instructed.
They are vulnerable when the user who normally does the installation is not around (e.g., on vacation or ill). Consider disconnecting the machine from the network or shutting it down completely (a windows update should always be run immediately upon reconnection to the network). Failing that, have an alternate who will check the machine regularly to install critical updates.
If Windows Update is set to notify you but not install automatically, you will not see the notices if you are not logged in with administrative rights. Those who do this must then regularly log in to a separate account with administrative rights in order to do the update.
Info from Microsoft Security Bulletins.