Securing Windows

We recommend that all users observe these guidelines.


Disable File and Print Sharing:

File and Print Sharing allows other computers on the network to access shared resources on your computer. When this is disabled, other machines on the network will not see your computer in their browse list. Running this service is one of the major security holes in Windows. If you do not need it on, please turn it off. If you do need it on, please consider a hardware or software firewall to protect your machine.

To disable File and Print Sharing, navigate to

Start → Settings → Control Panel → Network and Sharing Center → Local Area Connections → Properties
Uncheck the box for File and Print Sharing.


Windows updates and patches:

Keep your Microsoft software up-to-date with current patches, upgrades and services packs from Microsoft Windows Update. Installing Windows Critical Update Notification is recommended. We strongly recommend that you set your machine up to receive automatic updates.

You can search on other product updates at Microsoft Downloads


Anti-Virus Software:

You are strongly encouraged to install and run a virus scanner on your machine. Duke OIT site-licensed software provides McAfee Virus Scan free to Duke students, staff and faculty. Symantec also provides an anti-virus product, Norton Antivirus, for purchase. See for pricing and details.

If you discover that your system is infected with a virus, remove the network cable immediately. On another system, you can check several online virus encyclopedias to assess the threat and discover steps/tools to resolve it. See:

McAfee or Symantec


Hardware Firewalls:

If your computer uses a broadband connection to the internet, such as ADSL or a Cable modem, you should consider a hardware firewall. Many routers with network address translation (NAT) are available for around $20.00 and small office, home office (SOHO) devices are driving these prices down even further.

These devices often include packet filters, proxy servers and application and protocol-specifiable gateways. Check out the firewall guide -

If you have any questions about these devices please contact the lab staff.


Windows Built-in Firewall:

Windows ships with a built-in firewall. It is a one-click firewall; enabling it with the default settings provides the maximum security.

Enable or configure the firewall by navigating to

Control Panel → Windows Firewall


Vulnerability Scanning Services

There are several sites that will scan and let you know what vulnerabilities exist on your machine. An excellent example is Steve Gibson's Shield's Up scanner. It is very informative to know what the hackers will see when they look at your machine. After you have completed all of the above suggestions, we suggest that you use a testing site to make sure that you did not miss anything.

Symantec also has a free online security and virus scanner. While it will detect vulnerabilities, it does not correct them.

Please see the CS Lab's Online Documentation page for additional information.