Hey, Virginia Tech! Don't be a Hacker's Dream!

Yes! You need to read this. Yes! You need to read this. Yes! You need to read this.

Think your computer is safe? Think again! Computer hackers are compromising Windows machines all over the world. Virginia Tech is not immune to these hackers or their attacks. In almost all cases, they are exploiting known security holes that you can close. Here are eight steps you can take to protect your computer.

 
8 Steps to secure a Windows computer:

  1. Use a firewall
  2. Use strong passwords
  3. Install security patches
  4. Share files correctly
  5. Use antivirus software
  6. Minimize network services
  7. Analyze your security
  8. Backup your files
 
Hundreds of Windows computers on the Virginia Tech campus running Vista, XP, or 2000 are compromised every year simply because they have Administrator accounts with no password! Or, the file sharing setup allows hackers to connect over the network and make changes to your computer system. If you put your computer on the network with open accounts or other security holes, it can be compromised within hours/minutes. Unlike corporations with tight firewalls, Virginia Tech's network is open to the entire Internet. This allows easy access to any network service, but also makes it easy for hackers to scan our network for vulnerable computers.

Hackers usually leave a "back-door" program in your computer which allows them to control your computer and attack other computers on the network. If this happens, you will lose your network connection until you "clean-up" your computer. This may mean removing a virus or completely wiping all data from the disk by reformatting and reinstalling Windows, plus any private software packages you own. This is a great waste of your time and the 4Help consultants can not help you reinstall any operating system. Remember, a malicious hacker can wipe out your important documents and e-mail.

One method used to get a "back-door" is a Music Sharing peer-to-peer program like KaZaa, BearShare, LimeWire or Morpheus. Virginia Tech suggests you not run these programs on your computer. See the file sharing section for more information. Other methods, like email attachments and AIM links, also allow "back-doors", DO NOT OPEN either until you know the content.

If you use a computer with a network connection, please take these simple steps described below to help secure it against hackers.

Top | Firewall | Passwords | Updates | File Shares | AntiVirus | Minimize | Analyze | Backup

Step 1) Use some type of Firewall to protect your computer.

What you need to know:

A firewall is a piece of software or hardware that creates a protective barrier between your computer and potentially harmful content on the Internet. It helps guard your computer against hackers and many computer viruses and worms. Virginia Tech suggests you install a firewall before connecting to the network.

What you need to do:

You MUST have administrator access to your computer to install either of these options.

Windows Vista includes the Internet Connection Firewall, which you can turn on:

  1. Automatically by right-clicking on the following link and selecting Save Target As...: Turn on my Vista firewall (http://www.software.ais.vt.edu/tools/turn-on-firewall.exe)
  2. or Manually by following these instructions:
    1. Click on the Start button.
    2. Select Control Panel then Windows Firewall. If you do not see the Windows Firewall icon, click on Classic View located on the left side of the window to see all Control Panel options.
    3. Inside the Windows Firewall window, on the left hand side click on Turn Windows Firewall on or off
    4. Select Properties.
    5. Click in the On (recommended) box.
    6. Click OK.
    Additional detailed instructions are at: http://www.microsoft.com/security/protect/windowsxp/firewall.asp

You MUST have administrator access to your computer to install either of these options.

Windows XP includes the Internet Connection Firewall, which you can turn on:

  1. Automatically by clicking (or SHIFT/click) on the following link: Turn on my XP firewall (http://www.software.ais.vt.edu/tools/turn-on-firewall.vbs)
  2. or Manually by following these instructions:
    1. Click on the Start button.
    2. Select Settings then Network Connections.
    3. Inside the Network Connections window, right-click on one network connection.
    4. Select Properties.
    5. Select the Advanced tab and check the box about protecting my computer.
    6. Click OK and return to step 3 until all connections are firewalled.
    Additional detailed instructions are at: http://www.microsoft.com/security/protect/windowsxp/firewall.asp

Windows 2000 does not include the Internet Connection Firewall, but you can kind of make a "firewall" using the IPSEC abilities of Windows. Virginia Tech has created such a firewall for you to install.

Additional Information:

The VTnet CD available at Software distribution on the Torgersen Hall bridge automatically performs this step for you.

To be safe, Step 1 (this step) should be completed BEFORE you connect to the network. For Windows Vista, XP, or 2000 you can use the VTnet CD.

For systems other that Windows Vista, XP, and 2000 here are some ways of getting a firewall in place however, Virginia Tech does not recommend any of these packages over any other packages and has little or no knowledge of the working of these packages. Please contact the manufacturer for more information.

Hardware Firewalls
Hardware firewalls are a good choice for versions of the Windows operating system prior to Windows XP. Some home-networking hardware, like wireless access points and broadband routers come with built-in hardware firewalls. These help protect most home networks. The Microsoft Broadband Networking Wireless Base Station (http://support.microsoft.com/msbbn) is one example of a wireless access point with a built-in hardware firewall and other home networking features.

Software Firewalls
Software firewalls are available from several vendors, including:

This article, Checklist: Install a Firewall, (http://www.microsoft.com/security/articles/firewall.asp) from the Microsoft Security Web site provides information about software firewalls made by other companies, as well as hardware firewalls and network routers. This information can help you select a firewall solution if you use an earlier version of Microsoft Windows, such as Windows NT, Windows Millennium Edition (Me), or Windows 98.

Top | Firewall | Passwords | Updates | File Shares | AntiVirus | Minimize | Analyze | Backup

Step 2) Use strong passwords on all computer accounts!

What you need to know:

Be sure that you have strong passwords for all user accounts created in Windows Vista, XP, and 2000 and for file shares in any Windows computer. Double-check this for the "Administrator" account or any account with administrator privileges. Note that all accounts made in Windows XP Home Edition start with administrator privilege and no password. These accounts must be modified to have a good password.

Good Passwords Can Be Created By

Passwords Should

What you need to do:

To change your 'Administrator' or other 'users' passwords:

  1. Open Control Panels from the Start menu (under Settings in Windows 2000).
  2. Double-click on Administrative Tools (If you do not see the Administrative Tools icon, click on Classic View located on the left side of the window to see all Control Panel options in Windows Vista/XP),
  3. Double-click Computer Management.
  4. Double-click the Local Users and Groups.
  5. Double-click Users.
  6. Right-click Administrator or user id.
  7. Select Set Password.
  8. Type the secure password you have selected in the text box labeled New password:.
  9. Type the same password in the text box labeled Confirm password:.
  10. Click the OK button.
  11. Remember this Password.

Additional Information:

Knowing the Administrator password is essential for fixing any problems that arise on your Windows Vista, XP, or 2000 computer, so don't forget it. It is better to write it down and hide the paper somewhere than to leave the password blank or put in a trivial password just to make it easy to remember.

Top | Firewall | Passwords | Updates | File Shares | AntiVirus | Minimize | Analyze | Backup

Step 3) Install High Priority security patches often.

What you need to know:

New security bugs are discovered all the time. So, the software installed on your computer is already out-of-date when you first get it (the manufacturer installs from a Windows release several weeks or months old) and becomes increasingly less secure over time as new bugs are discovered. Microsoft provides patches to fix these security bugs, but expects you to download and install these patches.

What you need to do:

When you first connect a computer to the network, login as "Administrator", or a user account with administrative privileges and immediately open Internet Explorer and connect to the Windows Update web site:

Additional Information:

The VTnet CD available at Software distribution on the Torgersen Hall bridge automatically performs this step for you.

In Windows 98 and later, there is a direct link to this Web site at the top of the Start menu.

  1. From the Windows Update site, click Express Get high-priority updates(Recommended).
  2. Your computer is then scanned to determine which High Priority Updates and Service Packs you need.
  3. Download those updates, install them and then restart your computer, if asked to restart. See this Microsoft site (http://www.microsoft.com/technet/community/columns/5min/5min-104.mspx) for more information on using Windows Update.

All Windows computer users need to apply the High Priority Updates and Service Packs to their own computers often.

Scanning once is not enough: new security flaws are discovered often in Windows. Every year Microsoft releases 40-50 separate security updates for their various products! You should visit the Windows Update site at least monthly, and preferably weekly, to get the latest security patches. Outlook and Outlook Express are favorite targets of hackers and e-mail virus writers, be sure to visit the Windows Update site weekly.

Microsoft provides tools for automatic notification when new security fixes are issued. For Windows Vista/XP, you can turn on the built-in Automatic Updates client in the System Control Panel. These programs check the Windows update site automatically every time you "connect to the network" and prompts you to download new patches. If you leave your computer running continuously for long periods of time, you still need to manually check the Windows Update web site.

Top | Firewall | Passwords | Updates | File Shares | AntiVirus | Minimize | Analyze | Backup

Step 4a) Disable MUSIC file sharing, or setup correctly.

What you need to know:

Because there are academic applications for peer-to-peer (p2p) file-sharing applications such as KaZaa, BearShare, LimeWire and Morpheus, Virginia Tech does not ban them from its network. However, we recognize that most p2p activity consists of copying music and video files for personal enjoyment. If you participate in this kind of file-sharing activity, there are three things you should know:
  1. Music file-sharing consumes a disproportionate amount of network resources, which could lead to your connection being limited to a slower connection speed.
  2. Music and Video's are copyrighted. You must not violate copyright laws. Unsure whether a shared file is copyrighted or not? Assume that it is!.
  3. File-sharing may put your personal computer data at risk.

What you need to do:

Virginia Tech suggests that you not run these types of programs. If you feel you must do so, please at least Run the VTnet CD. The VTnet CD limits the uploading features of the following programs: Morpheus, Limewire, iMesh, Bearshare, BitTorrent, BitComet, and utorrent. If you are running another file-sharing program, please at least disable the uploading features. For more information see http://www.oit.duke.edu/helpdesk/filesharing/.

Step 4b) Disable Windows file sharing, or setup correctly.

What you need to know:

Be very careful with Windows file sharing. The default options for all versions of Windows are insecure and will let hackers into your computer unless they are disabled or fixed! Your best bet is to disable file sharing completely.

In order to use file sharing to access files from other computers, while preventing access from hackers, you must enable shares that require accounts and passwords. This is not the default setting on any Windows version and can take a considerable amount of work to set up. You also need to synchronize the account names and passwords on both the 'server' Windows computer and the 'client' Windows computer, which requires a lot of work and is very time-consuming. Most computer users should keep file sharing turned off.

Assuming that you do not need to share the files on your computer with other computer users, you should completely disable the sharing feature. You will still be able to connect to servers, but no one (including hackers) will be able to connect to your computer.

What you need to do:

To disable 'File and Printer Sharing' in Windows 98/ME:

  1. Right-click on the Network Neighborhood icon on your desktop.
  2. Select Properties from the pop-up menu.
  3. Click the File and Print Sharing button.
  4. If I want to be able to give others access to my files is checked, you have enabled file sharing. Uncheck it.
  5. If I want to be able to allow others to print to my printer(s) is checked, you have enabled print sharing. Uncheck it.
  6. Click OK.
  7. Insert your Windows CD if prompted.
  8. Click OK.
  9. Restart your computer.
  10. File and print sharing is now off.

To disable 'File and Printer Sharing' in Windows 2000/NT:

  1. Right-click on My Network Places on your desktop and select Properties.
  2. Right-click on Local Area Connection and select Properties.
  3. Under Components checked are used by this connection, look for File and Printer Sharing for Microsoft Networks. If it is not listed, you are not sharing. If it is in the list:
    1. Click in the check box next to File and Printer Sharing for Microsoft Networks to unselect it.
    2. Click OK.
    3. Note: File and Printer Sharing will not be enabled when you restart your computer. In order to re-enable it, you must go back and click in the check box next to File and Printer Sharing to select it.

To disable 'File and Printer Sharing' in Windows XP:

  1. Open Control Panels from the Start menu
  2. Double-Click Network Connections (under Network and Internet Connections in XP Category View).
  3. Right-click on Local Area Connection and select Properties.
    In the middle of the properties window, you will see the list of networking components used by this connection.
  4. If File and Printer Sharing for Microsoft Networks is listed, uncheck the item and click OK. This change goes into effect immediately.

To disable 'File and Printer Sharing' in Windows Vista:

  1. Open Control Panels from the Start menu
  2. Double-Click Network and Sharing Center (If you do not see the Network and Sharing Center icon, click on Classic View located on the left side of the window to see all Control Panel options.)
  3. Click on Manage network connections on the left hand side on the screen.
  4. Right-click on Local Area Connection and select Properties.
    In the middle of the properties window, you will see the list of networking components used by this connection.
  5. If File and Printer Sharing for Microsoft Networks is listed, uncheck the item and click OK. This change goes into effect immediately.
Skip to Step 5. If you have disabled file sharing.

Additional Information:

If you decide to leave the file and printer sharing feature active, you will need to be careful about how and what you share. Below are some things you should keep in mind before sharing files. Note: Instructions for setting up files sharing are not included in this discussion.

File sharing musts for Windows 95, 98, and ME

When sharing a directory in Windows 95, 98, or ME, you are offered a choice: allow others full control (including the ability to create or delete files) or read-only access. In either case, anyone can connect without a password in the default configuration! At a minimum, you must set a strong password. Even with a password, read-only access is more secure.

There were bugs in the original 95, 98, or ME distributions that allowed hackers to bypass password settings on file shares, so make sure that you have installed all Microsoft critical updates for your computer.

File sharing musts for Windows NT/2000

Windows NT and 2000 are configured to share your entire disk on the network to anyone who knows the password of an Administrator account on your computer. This includes any accounts which have been given administrator privileges. This type of sharing is "hidden" as an "administrative share". It does not show up in the network browser, but hackers can scan the network to find computers with administrative shares. If you have file sharing enabled, at least remove your Local Disk from sharing:

Removing Local Disk file sharing on Windows 2000/NT

  1. From the Desktop, Double-click on My Computer.
  2. Right-click on Local Disk(C:).
  3. Select Sharing and Security from the pop-up menu.
  4. The Local Disk(C:) Properties appears with the Sharing tab selected.
  5. Select Do not share this folder.
  6. Click OK.
  7. Close the Properties window.

If you share a directory on a Windows NT or 2000 computer so that it shows up in the network browser, be aware that folder is shared with complete write access to anyone on the network, without needing an account name or password. You must disable the "everyone" privileges (or completely disable the guest account) to close this security hole. Then you can allow specific accounts, with passwords, to access the share. Remember, you must set a strong password. Even with a password, read-only access is more secure.

File sharing musts for Windows XP Home

Windows XP Home implements the default "administrative shares" described above, which means passwords are not required. This leaves your computer completely open to hackers. The default Simple File Sharing mode of Windows XP Home may not be used on the Virginia Tech network, because it can not be protected against hackers. Do not enable any kind of file sharing on a Windows XP Home Edition computer on the Virginia Tech network. Disable the File and Printer Sharing for Microsoft Networks feature on any Windows XP Home Edition computer that is connected to the Virginia Tech network. Remember strong passwords must be set for all user accounts on any Windows XP Home computers before connecting to the Virginia Tech network.

File sharing musts for Windows XP Professional

You can share files from a Windows XP Professional Edition computer on the Virginia Tech network by switching to the Classic file sharing mode and then following the instructions for Windows 2000 file sharing.

Switching to 'Classic' on Windows XP Professional
  1. Click on the Start button and select the Control Panel.
  2. In the Control Panel window, double-click on Folder Options. If you do not see the Folder Options icon, click on Switch to Classic View located on the left side of the window to see all Control Panel options.
  3. Click the View tab.
  4. Uncheck Hide file extensions for known file types.
  5. Uncheck Use simple file sharing.
  6. Click Apply and then click OK.
  7. Close the Control Panel window.

Top | Firewall | Passwords | Updates | File Shares | AntiVirus | Minimize | Analyze | Backup

Step 5a) Install antivirus software, update often.

What you need to know:

Virginia Tech runs virus scanners on its mail servers but this MAY NOT catch all E-mail viruses, so: Never open an attachment to an e-mail message unless you are expecting the attachment, or you know the sender and have verified that they really sent it. Even then, scan it first. Virginia Tech provides free of charge the Symantec Endpoint Protection program for use on all University owned computers and by currently enrolled students computers running Windows (and Macintosh (Symantec AntiVirus)). It is supplied on the VTnet CD and is available for download at the Virginia Tech AntiVirus Web site. You also need to turn on the LiveUpdate feature to automatically download new virus definitions from Symantec's web site.

What you need to do:

Install Symantec Endpoint Protection software from the Virginia Tech AntiVirus Site (http://www.antivirus.vt.edu/download)

Then configure the LiveUpdate feature in Symantec Endpoint Protection to automatically check for and download new virus definition files from Symantec's web site on a daily basis.

  1. Open Symantec Endpoint Protection
  2. Click 'Change settings' on left hand side of screen
  3. Click 'Configure Settings' for the Client Management
  4. Click the 'Scheduled Updates' tab.
  5. Check the box 'Enable automatic updates'.
  6. Select the frequency that works best for you. 4Help recommends you schedule LiveUpdate to run every 4 hours.
  7. Under 'Missed Event Options' check the box 'Keep trying fo (in hours)' and enter 1 in the hours box.
  8. Click the 'OK' button.
  9. Close Symantec Endpoint Protection

Step 5b) Install antispyware software, update often.

What you need to know:

Viruses are only half the problem. Today Spyware is contained in many programs that you download and install. These Spyware programs slow your computer down, cause POP-UPS to appear and are generally undesirable. It is best not to download any program you are unsure is safe.

What you need to do:

Install Windows Defender software from Windows Defender Site. Look for the Download Link on that web page. (http://www.microsoft.com/downloads/details.aspx?FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en)

After downloading and installing the software you will have some real-time protection against spyware. You may receive pop-ups from Windows Defender asking you to allow or block other programs from making changes to your computer. If you are unsure about a change, please choose block.

Additional Information:

The VTnet CD available at Software distribution on the Torgersen Hall bridge automatically performs this step for you.

E-mail viruses generally spread as attachments in E-mail messages. Some hackers exploit bugs in Windows and its e-mail programs to automatically install viruses on your computer. Many try to trick you into opening an attachment, which runs the virus and installs itself on your computer. E-mail viruses automatically send themselves to other e-mail addresses found in your address book. Many e-mail viruses also install "back-door" programs that allow hackers to control your computer.

Symantec Endpoint Protection can monitor file activity on your computer, so any attempt to create a new file is checked to make sure the new file does not contain any known computer viruses. You can configure this feature to at least monitor all file activity in the directories that you normally use for storing e-mail and downloading files from the Internet or you can monitor all file activity. However, many people find that monitoring all file activity makes their computer run slower.

You should also configure Symantec Endpoint Protection to perform a regular complete scan of all files on your computer, perhaps weekly, when you are not at the computer.

Please contact 4Help (http://4help.vt.edu/) if you need help installing or configuring Symantec Endpoint Protection.

POP-UP problems? Only use the following if you are having problems:
Two other free scanning tool called: Ad-aware (http://www.lavasoftusa.com/software/adaware) and Spybot (http://www.safer-networking.org/en/home/index.html) can help in finding and removing many pop-up advertisement components that some packages install on your computer. These programs scan your computers memory, registry and hard drives for known spyware and scumware components. Then, they let you remove these components without harming your computer. Ad-aware is not compatible with Windows 95. With new spyware being released often, you need to be sure these programs stay updated. For more information about Ad-aware, please visit http://www.lavasoftusa.com

NOTE: We have found these spyware scanner programs run better if you first use Add/Remove Programs from the Control Panels to remove the program that installed the spyware and then run spyware scanner. After running these spyware scanners, some programs may not run because their advertisement component has been removed. This usually only affects peer-to-peer(music), media, or file sharing programs and does not happen if you remove those programs first. Ad-aware and Spybot do not affect any Virginia Tech supported software (i.e. Internet Explorer, Microsoft Office, Symantec Endpoint Protection, etc).

Top | Firewall | Passwords | Updates | File Shares | AntiVirus | Minimize | Analyze | Backup

Step 6) Minimize unnecessary network services.

What you need to know:

Don't run any unnecessary network services on your computer. Every additional service you run is another possible security hole for a hacker to find.

What you need to do:

To disable this Messenger service on Windows 2000 or XP, follow these steps:

In Windows 95/98, use the Add/Remove programs Control Panel to see if WinPopUp is installed; if so, remove it.

Windows 2000 and XP users should also disable the built-in Remote Registry Service. This service can allow hackers to modify your registry remotely.

To disable this Remote Registry Service on Windows 2000 or XP, follow these steps:

Additional Information:

Problems with file sharing have been described above; the best solution is to simply disable file sharing.

Microsoft's Internet Information Services (IIS) program, implements an FTP and Web server on Windows NT, 2000, or XP, is a prime target for hackers. There have been numerous bugs in IIS that have been exploited by hackers and allowed them to take control of many computers on campus. IIS is built-in to the Server editions of Windows NT and 2000, and can be easily installed on the workstation editions of NT, 2000, and XP. Rather than setting up your own potentially insecure FTP or Web server, why not utilize the secure and professionally managed services on Virginia Tech's filebox (http://filebox.vt.edu)?

Please make sure you understand the security implications of any network service before enabling it, and use accounts with strong passwords to secure it. Request help from our consultants using 4Help. (http://4help.vt.edu/)

Windows XP users should disable the Universal Plug and Play service. It is designed to allow your computer to automatically connect to network-enabled appliances. Currently, there are no practical uses for this technology, but severe security flaws have already been discovered. Use the UnPlug and Pray (http://grc.com/unpnp/unpnp.htm) utility from Gibson Research to disable Universal Plug and Play. Gibson's web site has additional information about why this is necessary.

Windows 2000 and XP users should disable the built-in Messenger service, and Windows 95 and 98 users should refrain from installing the equivalent WinPopUP program (or remove it if already installed). The Messenger service is not the same thing as the MSN Messenger chat program. Instead, it is intended to allow server managers to send messages to all PCs on the network, such as 'server going down.' Messages sent to this service appear as a pop-up box on top of your screen. No passwords are needed to send messages! Spammers are using this service to pop up advertisements on random computers. It is possible that some enterprising hacker will find a way to use this method to compromise your computer.

Top | Firewall | Passwords | Updates | File Shares | AntiVirus | Minimize | Analyze | Backup

Step 7) Analyze your security.

What you need to know:

You can run a network scan of your Windows computer to find out if any services are visible over the network, and therefore provide potential attack points for a hacker. Gibson Research Corporation provides a free testing service called ShieldsUp!.

What you need to do:

Scan your computer for security holes, start at https://grc.com/x/ne.dll?bh0bkyd2, read the intro and click on the Proceed button. On the new web page displayed, under the ShieldsUP!! Services menu select Common Ports. This launches a network probe of your computer and displays which service ports are accepting connections. Stealth is the best you can get, Closed is good, and you can use this information to close down any open services you do not want running.

Additional Information:

Be careful about implementing all of Gibson's recommendations for closing ports. Some of his recommendations could conflict with needed settings for any internal network. For example, he recommends removing NetBIOS over TCP/IP, which will prevent outside hackers from probing for insecure file shares. However, this will also make any computer that is part of a Windows NT domain completely unusable (users will not even be able to login)! This is not a problem here at Virginia Tech, because students are not joined to a NT domain by Virginia Tech. For stand-alone computers, disabling NetBIOS over TCP/IP can prevent you from accessing any campus file servers.

Microsoft released a Baseline Security Analyzer tool (http://www.microsoft.com/technet/security/tools/mbsahome.mspx) to examine Windows Vista, XP or 2000 computers for security problems. It checks to make sure that you have correctly installed all Windows security fixes. This tool examines many of your computer configurations, such as file sharing, guest accounts, non-existent account passwords, network services that are active, etc. It indicates which settings are potential security holes. Microsoft also offers an explanation of the scanned areas and how to fix any problems. Run this after you have taken all the steps listed above to secure your computer.

Top | Firewall | Passwords | Updates | File Shares | AntiVirus | Minimize | Analyze | Backup

Step 8) Backup your important files often.

What you need to know:

Every possible method of attack has not been discussed. Even if you follow all of these recommendations, it is still possible that your computer could be compromised by a hacker. In 'a worst case scenario', a hacker's programs will corrupt or erase your computer files. Or your hard drive could simply fail, causing the loss of all your data.

What you need to do:

Make backups of your computer data!

Additional Information:

You would be in serious trouble if the only copy of your latest paper, thesis, or e-mail was among those lost files. The solution: a backup! A computer backup involves placing a duplicate copy of your data onto a secondary medium, such as floppy disks, a recordable CD/DVD, an external hard drive, or even an online server or Web site. Then when your hard drive fails or you accidentally delete a file, you can rely on the backup to recover any files. The most important elements to backup are documents like essays, thesis and e-mail. You might also consider backing up your operating system, software and settings since reinstalling them can be a lengthy process. An essential part of any computer security procedure is to make regular backups of your essential files.

Probably the easiest back-up solution is a CD or DVD writer. These are CD-ROM/DVD-ROM drives that allows the creation or burning of computer information to either CD or DVD. They use blank CDs/DVDs that are either CD-Recordable (or CD-R/DVD-R) or CD-Rewriteable (CD-RW/DVD-RW). The CD-R/DVD-R means the disk can only be burned once, and can't be erased, while CD-RW/DVD-RW can be recorded and erased and re-recorded. They are reusable up to 1000 times.

Most CD-R/DVD-R and CD-RW/DVD-RW drives come with software that will do data backups as well as audio CD creation. This software is capable of backing up both the entire computer system as well as single files. For most people simply copying your important directories of files every few days would provide substantial protection. However, only you can determine how critical your data is and how often you should back it up. Be sure to use at least two sets of backup disks, rotate them, so you are always overwriting the oldest copy and still have the newest one in case your copying fails.

DVD writers have two different formats DVD-R/DVD-RW (minus format) and DVD+R/DVD+RW (plus format). Most new DVD writers will do both formats and either format is OK. Do be careful to buy the correct disks for your type of writer.

Another, newer option to backing up your computer data would be to buy an external hard drive. These are made as small as 3X6 inches weighing 7 oz. for complete portability or 6X9 inches weighing 3+ lbs. for the desktop. These external hard drives come with software to do complete backups of your computers and cost as little as $200.

If you do not own a CD-R/DVD-R, CD-RW/DVD-RW or external hard drive you can still backup your data using a Zip drive or even a floppy. If you do not need to backup on a very frequent basis, you probably don't need any special backup software, and can instead use your file manager (Windows Explorer) to copy files to a removable medium. (i.e., drag and drop your files to a floppy or zip disk.)

For further information about what files you should consider backing up, please see the following information from our antivirus web site: What is a Backup? (http://antivirus.vt.edu/info/backup/)

Top | Firewall | Passwords | Updates | File Shares | AntiVirus | Minimize | Analyze | Backup

Sources:
http://www.microsoft.com/
http://pangea.stanford.edu/
http://www.oit.duke.edu/
http://grc.com/

You can get additional background information on security topics from Virginia Tech's Security (http://www.security.vt.edu) web page.