Carnegie Mellon University School of Computer Science

Security: Windows

Most security compromises on Windows OSes are due to the following, mostly preventable, causes:

  • Unpatched operating systems
  • Viruses
  • Weak passwords for users and applications
  • Open shares
  • Unpatched or poorly configured applications

For each of these causes, there are a few simple steps that you can take to make your PC more secure:

  • Use an anti-virus program & beware of attachments.
  • Set good, unique passwords for accounts and applications.
  • Don't have open shares on your PC.
  • Regularly patch operating system & application software.

Firewalls

At this time we cannot provide support for setting up personal firewall software on SCS supported PCs. While setting up such software on your PC is not discouraged, you should be aware that, unless you are careful, doing so may prevent things such as network backups and software updates from working.

If your PC has been hacked or infected with a virus

If your computer is registered for support with us, we can re-image it. 

The very first step is to remove your PC from the network until we can take care of it, so it is not used to launch attacks on other hosts. If you are using a wired connection please unplug the Ethernet cable. If you are using wireless either turn off wireless or power off the device.

You can submit a ticket, giving the name and location of the host, why you believe it has been broken into or infected, and any other information you might have to help us fix it.

Please include any information you may have as to when and how how the break-in or virus infection may have happened (open share, you ran an attachment, etc). 

If your computer is independently managed or a personal computer.

The very first step is to remove your PC from the network until we can take care of it, so it is not used to launch attacks on other hosts. If you are using a wired connection please unplug the Ethernet cable. If you are using wireless either turn off wireless or power off the device.

If your PC is not maintained by SCS Computing Facilities but is on the SCS network, please submit a ticket and let us know about the problem, including any information you may have about possible causes, when the break-in/infection happened, and what changes the intruder (in the case of a break-in) may have made to your PC.

Doing so will help us possibly identify other PCs that may have been hacked in a similar manner, and help us respond to any complaints about your PC misbehaving on the network. If your PC is infected with a virus, see the CMU Information Security Office's viruses, worms and break-ins page for some information on how to proceed.

In case of a break-in, the safest thing to do is to re-install/re-image your system.