WINDOWS CLIENT
- Verify checksum of Microsoft CD/DVD you are installing from. Here (http://msdn.microsoft.com/en-gb/subscriptions/downloads/default.aspx) you can find original MS checksum for all product.
- Ensure Windows Update is turned on, set to install recommended updates and configured to install updates daily at a time when the computer is likely to be on!!
- Install latest version Secunia Personal Software Inspector (PSI). PSI monitors your Windows applications, lets you know when applications are out of date, and provides download links to help remediate. PSI is free for non-commercial use (Configure it to show also vulnerable DLL unchecking Show only "Easy-to-Patch" programs in Settings tab).
- Consider keep auto-updated the major ATTACK VECTOR client apps used by malware agent:
- Adobe Flash Player
Installed version checking (http://www.adobe.com/software/flash/about/)
Flash_Player_10_ActiveX (Internet Explorer for Windows only)
(http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe)
Flash_Player_10_Plugin (All other Windows browsers)
(http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe)
>>End-user<<autoupdate settings management
(http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager05.html#118377)
>>Enterprise IT Admin<< autoupdate settings management
(http://kb2.adobe.com/cps/167/16701594.html)
- Adobe Acrobat & Reader
Installed version checking (Adobe Acrobat & Reader Menu –> Help –> About)
>>End-user<< autoupdate settings management
(http://help.adobe.com/en_US/Acrobat/9.0/Standard/WS58a04a822e3e50102bd615109794195ff-7fef.w.html)
>>Enterprise IT Admin<< autoupdate settings management
Updater changed in version 9.3.2 and 8.2.2 and later (http://kb2.adobe.com/cps/838/cpsid_83813.html)
AutoUpdate Settings management (http://kb2.adobe.com/cps/837/cpsid_83709.html)
- Java JRE
Important: Previous to JRE 6 Update 10, installing or updating to a newer Java version would add a new Java Runtime Environment (JRE) instead of replacing the existing version. Starting with JRE 6 Update 10, future Java updates will patch the current version by default instead of adding an additional version. This will prevent an accumulation of unused and potentially insecure older JRE versions.
Installed version checking (http://www.java.com/en/download/installed.jsp?detect=jre&try=1)
>>End-user<< autoupdate settings management
(http://www.java.com/en/download/help/java_update.xml)
>>Enterprise IT Admin<< AutoUpdate Settings management
Autoupdate policy settings ([HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy])
Deployment Configuration File and Properties
(http://download.oracle.com/javase/1.5.0/docs/guide/deployment/deployment-guide/properties.html)
Deployment - Java Control Panel – Update
(http://download.oracle.com/javase/1.5.0/docs/guide/deployment/deployment-guide/jcp.html#update)
