CIS Home > Security > Desktop Security > Desktop Security Guidelines

Desktop Security Guidelines

The chief security risk to desktop operating systems such as Windows has been infection by computer viruses. Computer viruses can infect the operating system, executable programs, and "macro" programs embedded in documents. Macintosh computers cannot be infected by Windows-specific viruses, but can be affected by cross-platform macro viruses embedded in Microsoft Word or Excel documents. Install antivirus software to protect your system.

Both Windows and Mac OS offer peer-to-peer file sharing, which can also expose a computer to viruses or other threats. If you do not need to offer files to other WHOInet computers, it is best to disable file sharing. If you do need to share files, make sure to create user accounts and passwords for the people who need to access them -- and not to allow "guest" or "anonymous" accounts to read and write to your disk.

Most viruses today -- as well as many other threats -- try to enter your system via email, in the form of email attachments. These viruses may appear to be documents sent by someone you know -- or by someone you don't, who happened to have your address on their computer. Don't open suspicious email attachments, even if they seem to come from friends or colleagues.

Anonymous file-sharing services such as "Gnutella" and "KaZaA" provide an excellent breeding ground for viruses and Trojan-horse programs. Do not run any programs downloaded from these services. (Trojan horses are programs that appear to be useful or entertaining software, but actually install "back doors" into your system, allowing attackers easy access.)

Viruses and other attacks can cause you to lose data. Do regular backups so that you can recover data in case of a security incident, disk failure, or other problem. Common ways to back up your files include copying them via file-sharing to a coworker's computer, burning them to CD with a CD-R or CD-RW drive, or writing them to tape.

If you need to log into a Unix workstation or server from your desktop, please use the Secure Shell (SSH) protocol rather than Telnet. Telnet is not encrypted, and allows anyone between your system and the server to eavesdrop on your password and other traffic. A popular SSH client for Windows is TeraTerm SSH, a plug-in for the TeraTerm Pro terminal emulator. For Mac OS Classic, the best client is NiftyTelnet SSH. Mac OS X includes SSH client and server.