Step 6: Set Up Limited User Accounts
C.2 Antispyware Software
As described in Section 5.3.1, antispyware programs should be configured to improve their security. Step-by-step directions are provided here for configuring three free antispyware
programs: Ad-Aware 1.06, Microsoft Windows Defender (Beta), and Spybot - Search & Destroy 1.4.
C.2.1 Ad-Aware SE Personal 1.06
To help ensure that Ad-Aware SE Personal113 is configured properly, perform the steps listed below. Administrators and users should be aware that the free Personal edition does not perform regular scans, so the scans should be initiated manually on a regular basis, preferably daily.
1. Run Ad-Aware SE Personal.
2. Select the Configuration Window (the gear icon).
a. Click the General button.
i. Ensure that the Prompt to update outdated definitions option is enabled.
ii. Set the number of days to 1.
b. Click the Scanning button.
i. Check the Scan within archives option.
ii. Ensure that all of the options under Memory & Registry are selected.
3. Click Proceed to save the settings.
C.2.2 Microsoft Windows Defender (Beta)
To help ensure that Microsoft Windows Defender (Beta)114 is configured properly, perform the following steps:
1. Run Microsoft Windows Defender.
2. Click the Tools icon, then select Options.
3. Under Automatic scanning, ensure that Automatically scan my computer, Check for updated definitions before scanning, and Apply default actions to items detected during a scan are checked. Set the Scan frequency to an appropriate day of the week or to Daily to perform scans more often.
113 Ad-Aware SE Personal is available for free download at http://www.lavasoft.de/software/adaware/.
114 Microsoft Windows Defender (Beta) is available for free download at http://www.microsoft.com/athome/security/spyware/software/default.mspx.
4. Under Default actions, confirm that all three items are set to Definition recommended action.
5. Under Real-time protection options, confirm that Use real-time protection is enabled, and enable all of the security agents.
6. Under Advanced options, confirm that the Scan the contents of archived files and folders for potential threats and the Use heuristics to detect potentially harmful or unwanted behavior by software that hasn’t been analyzed for risks options are both checked.
7. Under Administrator options, confirm that the Use Windows Defender and the Allow users to use Windows Defender options are enabled.
8. Click Save to save the settings.
C.2.3 Spybot - Search & Destroy 1.4
To help ensure that Spybot - Search & Destroy 1.4115 is configured properly, perform the following steps:
1. Run Spybot – Search & Destroy.
2. From the Mode menu, select Advanced mode. When asked to confirm the mode, click Yes.
3. In the left pane, click Settings, then click on the Settings entry under it. Scroll through the settings in the right pane to find and confirm the following:
a. Under Main settings, ensure that the three Create backups options and the two Create system restore point options are checked.
b. Under Automation/Program start, ensure that Run check on program start, Fix all problems on program start, Rerun checks after fixing problems, Immunize on program start if program has been updated, and Don’t ask for fixing confirmation are enabled.
c. Under Automation/System start, ensure that Automatically run program at system startup is selected. Also, the Run check on program start and Fix all problems on program start options should be enabled.
d. Under Automation/Web update, ensure that Search the web for new versions at each program start and Download updated include files if available online options are enabled.
4. From the Mode menu, select Default mode.
115 Spybot – Search & Destroy is available for free download from http://www.spybot.info/en/index.html.
5. Click the Immunize button in the left pane.
a. In the Permanently running bad download blocker for Internet Explorer box, ensure that Enable permanent blocking of bad addresses in Internet Explorer is enabled.
b. In the dialog box below it, ensure that the box is set to Ask for blocking confirmation.
C.3 Personal Firewalls
As described in Section 5.5.3, personal firewalls should be configured to improve their security.
Step-by-step directions are provided here for configuring two free personal firewalls: Windows Firewall and ZoneAlarm.
C.3.1 Windows Firewall
To configure Windows Firewall, perform the following steps:116
1. Click the Start menu and choose Control Panel. Double-click Windows Firewall.
2. Ensure that the firewall is set to On.
3. Do not check Don't allow exceptions unless the computer will be used on insecure networks, such as wireless hotspots or hotel networks.
4. Click the Advanced tab. Verify that the check boxes are selected for each network interface.
5. Click the Settings button for Security Logging. Check the Log dropped packets and Log successful connections boxes. Click OK.
6. Click the Settings button for ICMP. Verify that none of the check boxes are selected, then click on OK.
7. Click on OK to save all the settings.
C.3.2 ZoneAlarm 6.1
To configure ZoneAlarm,117 perform the following steps:
1. Run ZoneAlarm.
2. Click on the Preferences tab in the upper right corner.
116 Additional guidance on configuring Windows Firewall is available from the Microsoft Web site. It contains several helpful articles and papers; pointers to these resources are listed at
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx.
117 A free version of ZoneAlarm can be downloaded from http://www.zonelabs.com/store/content/home.jsp.
a. Ensure that Check for product updates is set to Automatically.
b. In the General section, both the Load ZoneAlarm at startup and the Protect the ZoneAlarm client options should be enabled.
3. Click on the Firewall item at the left side of the window. Internet Zone Security should be set to High, and Trusted Zone Security should be set to at least Medium.
4. Click on the Program Control item at the left side of the window.
a. The Program Control should be set to Medium.
b. Set the Automatic Lock to On. This blocks network activity after a period of inactivity.
5. Click on the Anti-virus Monitoring item at the left side of the window. Ensure that Monitoring is set to On.
6. Click on the E-mail Protection item at the left side of the window. Ensure that Basic MailSafe Settings are set to On.