Sulair ACOMP HOME  |  SULAIR HOME  |  SU HOME

September 27, 2004

Issue No. 66

Table of Contents

Highlights and Features

Grokker at Stanford
CourseWork-Fall 2004
File-Sharing-Consequences
File-Sharing Myths
File-Sharing Resources
IT Open House October 28
Tech Help for Faculty
Essential SU Software
Desktop Computer Security
Security Self-Help Tool
Wireless Access-SU Visitors
SULAIR Home Page Update
SU Course Support Web Site copy

Library Resources

SULAIR Image Collections
SKIL Tutorial Enhanced
Scholars Workshops for Fall
Social Science Data
Literary Studies Database
New Lane Library Web Site
Firing Line TV Program
ArcGIS 9 Available
SSRC Past Events Online
BIOSIS Changes
HighWire Press-New Journals
EuroNews Web Site

Computing News

Accessible Web Pages
AFS Disk Quota Increased
Online Lecture Assessment
Teaching with Technology
Resources for SU Webmasters
ATS Program-New Projects
ATL Project Showcase
Spam Deletion Tool
ITSS Training Services
Training Registration
HelpSU Streamlined
New Webmail Is Here
Printing in Sweet Hall
Sweet Hall Consulting
Mac OS X Migration
PeopleSoft System Upgraded
Bookstore Computer Store
Courselets for SU Community
Sundial Calendar Changes
TeamSpace in Meyer Library
Meyer Classrooms
Meyer Tech Desk Update
Technology Help on Web

Stanford Desktop Computer Security Continues to Improve

About a year ago, in late July and throughout August of 2003, Stanford and the rest of the Internet-connected world were hit by a devastating series of computer viruses and "worms" that attacked the Microsoft Windows operating system. The bad memories -of wasted time and lost productivity, as PC after PC had to be cleaned or rebuilt -are still fresh for many.

The last issue of this newsletter (April 5, 2004, available at http://speaking.stanford.edu/ ) described several projects to address computer security weaknesses at Stanford, all under the aegis of Managed Host Security. The focus at present remains on Windows PCs, and two of those projects are now coming to maturity:

• A standalone utility for Windows 2000 and XP called Stanford Security Self-Help, which allows you very easily to apply (and "undo," if necessary) baseline security settings, is now available on the Essential Stanford Software (ESS) web site (http://ess.stanford.edu/). See "Security Self-Help Tool 2.1 for PCs Released" in this issue.

• A Windows operating system patch management service called BigFix that is now also available for download from ESS.

While the Self-Help tool was developed at Stanford, BigFix is a commercial product that is highly customizable to suit many different kinds of environments. The University has devoted significant resources to the architecture and deployment of the BigFix service for the campus community.

BigFix is funded centrally, and the BigFix client software is available to schools, departments, administrative units, and to anyone with a SUNet ID-all at no charge -just like Symantec AntiVirus.

The BigFix Enterprise Suite Patch Management Service
Maintaining the security of desktop and laptop computers in a very diverse, constantly changing, and largely unmanaged computing environment like we have at Stanford presents enormous challenges. Nearly everyone has learned over time about the importance of using good antivirus software and observing related safe practices, such as never opening suspicious e-mail attachments.

But just as important as antivirus software is operating system maintenance: when Microsoft releases critical security patches for Windows, it's very important that they be applied to all affected PCs. The large number of unpatched systems on campus last year was what made it possible for worms like Blaster to propagate themselves so efficiently.

The BigFix service involves the installation of a small software application on your PC-the "client" -which communicates with a centrally managed server. The server administrators, in close cooperation with local technical support staff, test all new security patches released by Microsoft, and then distribute them to PCs that have the BigFix software installed on them.

There's a great deal of information about this new service available on the Stanford web. Please see the BigFix home page:

http://patching.stanford.edu/

If you have questions about the service, be sure to look at the BigFix FAQ (Frequently Asked Questions). A link is provided on the home page.

What You Can Do
You may already be using Windows Automatic Updates, or regularly visiting the Windows Update web site, to keep your PC patched. Please install BigFix anyway, as a supplement, if you wish, to your existing practices. It's far more reliable than Automatic Updates, and provides significant extra assurance that your PC is always up-to-date.

Support staff in schools and departments who have begun deploying BigFix find that it makes their jobs much easier by enabling the preventive maintenance of computers with a speed and consistency that was impossible to achieve in the past.

BigFix project team members have visited all Stanford schools, as well as many other University organizations, in order to introduce the service and its benefits. If the team has not already contacted you, and you might be interested in using BigFix in your own area, please send email to big-fix-questions@lists.stanford.edu.

The project's goal is to involve as many as possible of the roughly 25,000 PCs attached to the campus network in the BigFix service. To accomplish such a worthy-if challenging -goal, the project needs your help. Please install the BigFix software on your own PCs, or those PCs you support, and help to get the word out that keeping Windows PCs patched (and so help to protect our open, academic network from viruses and hackers). Use BigFix.