PC, laptop

The IT security team of the University of Vienna has compiled some useful tips for students and employees to make the daily use of PCs and laptops more secure.

 Direkter Link

Formular Gerät verloren

5 tips for those in a hurry

Increase your PC or laptop security by following these five simple tips:

  1. Always keep your operating system, browser, e-mail program and Office Suite up to date. If necessary, you can also enable automatic updates.
  2. Update your virus scanner regularly and check any notifications sent by the system regarding the virus scanner.
  3. Do not disable the firewall that came with your operating system.
  4. Make sure that you only install software from trustworthy websites.
  5. Lock your screen any time you leave your work place or leave your PC unattended to make sure that no unauthorised party can use your computer.

PC and laptop in daily use

  • Regularly update your operating system (Windows, macOS, iOS, Android, etc.) and the software you use, such as your browser, e-mail programme and office applications.
    Note for Windows users: There are no longer any updates for Windows 7, Windows 8 and Windows 8.1. Switch to an up-to-date operating system.

  • Pay attention to any notifications from your system's virus scanner. For Windows, this is the already included software Windows Defender, which also appears as Windows Security Center or Microsoft Defender Antivirus depending on the operating system version. In current macOS versions, the signature-based basic virus protection XProtect is also already integrated for the detection and removal of malware. However, this has no options for manual configuration or control, but works completely in the background and only appears via specific notifications.

  • Always be cautious when you are asked to activate macros or any active content after opening an Office document. Make sure that you know the sender and the content of documents you receive and that both are trustworthy. Be cautious in general when opening any programs, documents, images or links you receive.

  • Sometimes, you have to open Office documents with unknown content or from unknown people. For example, you can increase security by opening these documents using LibreOffice, a free of charge program. LibreOffice cannot run VBA macros in Microsoft Office documents, and, hence, cannot run any malware hidden in the documents.
  • Be sceptical. Crooks can refer to seals of approval or security declarations as well.
  • Back up your data regularly. Remember to disconnect the backup medium (flash drive or external hard disk) physically from your computer after the backup. This way, you can reliably protect your backup against malware. If necessary, you can also store your data on the online storage space of ZID: We back up the online storage space regularly.
  • Scan your whole system on a regular basis, particularly through so-called offline scans, if your system offers them. These scans are carried out by a second independent system on your computer. The malware detection rates improve as two scanning engines can detect more threats than just one engine.
  • Adjust your external storage media to your security requirements: If you lose a non-encrypted flash drive, the data stored on it are lost and any unauthorised person can access them.
  • Never connect a flash drive that you do not know to your computer. Scammers sometimes leave infected flash drives in public places. The infection spreads as soon as these devices are connected to a computer without second thought.
  • Choose secure passwords. For further information about secure passwords, please go to Tips regarding the password.
  • In the current operating system versions, user accounts are operated in a mode with restricted rights by default. On the one hand, this prevents accidental setting changes. On the other hand, it prevents malware from gaining full access to your computer. If multiple permissions are necessary, the system asks you to grant them. Only confirm such dialog windows, if the action was deliberate and if you are aware of the consequences. If you do not know the reasons for the request, cancel the task in the window.

Protecting your device against unauthorised access

  • Laptops, in particular, should be fully encrypted. This way, it is very difficult if not impossible for unauthorised persons to access the device, if you lose it. Keep the recovery key, which has been generated during the full-encryption process, in a safe place where you can retrieve it any time.
  • Lock your computer any time you leave your workplace unattended to prevent unauthorised access.
  • If possible, lock your office when leaving. 
  • Lock your computer away when you leave the office to prevent theft.
  • You can also secure your computer with a security lock (Kensington lock). Although these locks do not provide absolute protection against theft, they can make petty theft more difficult when you leave your device in an unattended office.

 

IT representatives and employees of the ZID can find more information on how to activate Microsoft BitLocker on the university Wiki (in German).

 

Retiring a device securely

  1. Secure all data on your old device.
  2. Check whether all data has been secured successfully.
  3. Remove all data from your old device.
  4. Remove any online accounts set up on the device (Apple ID, Google account, etc.).
  5. Reset the device storage.
  • For devices with full disk encryption: If the device storage on your device is protected by, e.g., Bitlocker on Windows or FileVault on MacOS, resetting the device to the default factory settings should suffice to protect any personal data that may still be on the device from unauthorised access.

    Optional: For increased protection, you can take the following additional steps.
     
  • For devices without full disk encryption: If the device storage on your device is not protected by full disk encryption, you have to completely overwrite the device storage to protect the device from unauthorised access.
     
  • Devices with a magnetic hard disk: For devices with a magnetic hard disk, we recommend using special software to completely overwrite the hard disk with random data, protecting them from unauthorised access. For this purpose, you can use an external boot medium.  
     
  • Devices with an SSD disk: For devices with an SSD disk, we recommend using the tools provided by the manufacturer and/or configuring the BIOS settings to safely remove all data from the device.

What to do in case of loss or theft?

If your laptop or PC from the University of Vienna gets lost or stolen, take immediate action:

  • Change the passwords of u:account and Wi-Fi along with all other accounts (e.g. e-mail services, Google, amazon, Dropbox) that were saved or used on the device. Also think of permanent logins in your browser. Passwords saved on this device should not be used again, not even for other accounts.

  • File a notice of loss/theft report to the police.

  • If you've lost the device in a building of the University of Vienna, contact the ZID Helpdesk or the nearest porter.

  • Contact the Fundservice der Stadt Wien (lost property office of Vienna) or the Fundbüros der ÖBB (lost property offices of the ÖBB). Property that got lost in the Wiener Linien will be handed in the Fundservice der Stadt Wien.

  • Delete data and return the device to its factory settings with remote wipe. We recommend testing the function in advance. Make sure to save your personal data regularly if you use this function.

  • Ask providers of the internet services you are using for hints. For example, Apple offers the possibility to scan the IP addresses that were used to access the Apple ID after the theft. This can help to find the suspect.

  • Report a loss via the form Verlustmeldung to the IT security team of the ZID. We might be able to find hints through analysing the log files.

  • Please make sure to let us know if your device has been found.

Security settings for advanced users

The tips listed below require advanced user skills as well as administrative access to the PC. They are aimed at employees of the ZID, IT representatives and users who manage their computers themselves, such as students.

  • Disable the Hide extensions for known file types function in Windows. This way, you will be able to see whether a potentially dangerous document with the name “iAmInnocent.txt.exe” is displayed as “iAmInnocent.txt”, preventing you from accidentally opening such files.
  • You can configure your operating system so that script files are not executed automatically when you double-click them (possibly by mistake), but that only their content is displayed. To do so, change the default programme or the default action for file extensions, such as JS (JavaScript), JSE, VBS (VisualBasic Script) or VBE.
  • Check whether Java Runtime Environment is installed on your computer and uninstall it. Deactivate or remove at least the Java extension in your browser, if you do not want to uninstall Java.
  • To reduce the risk of potential malware attacks, we recommend uninstalling Adobe Flash Framework as well.

Detecting PC infections quickly


ProcessExplorer, a program of the Sysinternals series, allows you to get a quick overview of possible software infections on a Windows computer.

The program serves as a tool for administrators to check all programs currently running on a computer. It is provided by Microsoft free of charge. Please note that this quick scan cannot reliably detect Rootkits and similar software.

  1. Download the latest version named procexp.exe on live.sysinternals.com. The 64bit version is already included in procexp.exe. Therefore, you do not need procexp64.exe.
  2. Start the programme procexp.exe and confirm the terms and conditions when you first open it.
  3. Select Show Details for All Processes in the file menu. The program will restart and display all details.
  4. Select Check VirusTotal.com under Options. A new column VirusTotal appears in the program surface. This is a virus scanning service provided by Google, which scans programs with over 50 different virus scanners and makes the results generally accessible.

The program calculates a hash value (similar to a fingerprint of the program) for all programs currently running on your computer and compares it to the hash values of VirusTotal. This comparison allows you to draw a conclusion as to whether a program is harmless or whether it is malware or a modified version of a known program.

By default, only the hash values (and not the programs) are transferred. Therefore, the scan can happen very quickly.

Interpreting the results

The result may look like this: 0/57. The value “57” stands for the number of virus scanners that have scanned the file, and “0” tells you that no scanner classified the file as suspicious.

If the first value is a low single-digit value (displayed in red) it is worth clicking the link in the column VirusTotal of the ProcessExplorer for further details. It is possibly a false positive of a single virus scanner. However, it might also be a new type of malware that only few providers can detect so far. The evaluation of the results depends on the context.

If the first value is a double-digit value it is probably a real infection. In this case, the ZID recommends checking your computer with a boot medium, such as Desinfec’t, or setting up your computer from scratch.

Tip: Click the column VirusTotal once to sort it and display the programs with results at the top or at the bottom of the list.


Optional

In a similar way, you can check any programs that start automatically when Windows starts up, possibly only run for a short time or have already been closed. These programs would not be visible in ProcessExplorer.

Use the program autoruns.exe, which you can download under live.sysinternals.com. It offers similar functions as ProcessExplorer.

 Note

By default, ProcessExplorer does not upload any local files to VirusTotal. Please note that confidential data might be transmitted to a web service when you change the standard settings in ProcessExplorer or when you manually upload files to VirusTotal. Please use this option with caution.