How to help keep your PC secure

Did you know that even if your PC has up-to-date patches, the latest anti-virus software and runs a local firewall, it can still be infected? When computers are used for personal rather than professional use the chance of infections and other security incidents rises – movies, games, music and other personal applications all have risks.

Here's some advice to help keep your PC secure. Although useful for all platforms, this advice is particularly targeted at Windows users.

• Configure to run without administrator privileges: There are a growing number of "zero-day exploits" – security weaknesses that are discovered before patches become available. With these exploits simply clicking a Web link while you have administrator privileges could automatically install malicious software on your machine. You are recommended to run without administrator privileges as this restricts the damage that malicious software can do. For information on running without administrator rights see: http://cern.ch/WinServices/Help/?kbid=010121.
• Be cautious of pop-ups: Some pop-ups may be configured so that even if you click "Cancel" or "No" or try to close the window a program could still be executed. On a Windows PC close the active window by pressing [Alt][F4].
• Do not install plug-ins: Installing a plug-in could also download any malicious software that the plug-in might contain. If a website requires a plug-in to view it, it is best to avoid using it.
• Ensure software downloads respect copyright and licensing: Not only for legal reasons but also because "free" versions of copyrighted software often contain Trojan horses, spyware or other malicious software that could infect a PC. Spyware is often included in "free" software and is used to trace your activity and possibly even the data you type, including passwords. For more information about spyware and how to avoid it, see http://cern.ch/WinServices/Help/?fdid=16.
• Do not expose your password: Never use a CERN password for private use and be cautious of attempts to "steal" your password. CERN's computing staff, including the computer security team, will never ask for your password, so be wary of e-mails, instant messages and chat that request your password, including via Web links. This trick is known as "phishing" (password fishing). If you think your password may have been exposed, follow this link to change it: http://cern.ch/security/passwords/.
• Trust CERN's security solutions: Some of the "free" security software advertised on the Internet can contain malicious software, particularly "free" software for Windows PCs. This form of "social engineering" hides malicious software inside a security package to make you think that you can trust it. Don't be tricked into installing it.

The above advice may help you avoid some of the more recent tricks used by attackers. In addition, continue to follow these standard recommendations to keep your computer secure:

• Do not click on Web links in unexpected e-mails, spam, instant messages and chat.
• Do not open unexpected attachments.
• Do not install additional software and plug-ins, even when the content seems to be an extension of legitimate software.
• Lock your screen each time you leave your office. From a Windows PC use [Control] [Alt] [Delete] and select "Lock Computer", or if you have a Windows keyboard, simply press [Windows][L].
• Keep yourself informed of CERN's computing rules (http://cern.ch/ComputingRules/) and security advice (http://cern.ch/security).

CERN has put in place a number of mechanisms to secure the site, but technical solutions cannot prevent all problems. When using a computer there are always risks, but the advice in this article can help to minimize them.