Important Software Updates for Desktop Security
by Jay Stamps and Linda Pilkin
If you have not already done so, ITSS urges you to make the following software updates as soon as possible to improve your PC or Macintosh computer's security. The Symantec, Eudora, and Spy Sweeper software updates are available on the Essential Stanford Software (ESS) web site at:
See also Make Your Windows PC Invulnerable in this issue, which includes a Windows security top ten list.
Software Updates
- Symantec AntiVirus Corporate Edition version 8.1 for Windows, contains
a recently disclosed, serious vulnerability that if exploited could allow
a remote attacker to assume complete control of your PC. Please see:
http://securecomputing.stanford.edu/alerts/symantecav-05-feb.html
To upgrade to Symantec AntiVirus 9.0.3 (SAV) for Windows, please go to the ESS site, http://ess.stanford.edu/pc. It would be wise to remove your current installation of Symantec or Norton AntiVirus first, especially if it is a consumer edition. To remove software go to Start | Settings | Control Panel | Add or Remove Programs.
The brief period of time between your removing the old anti-virus software and installing the new poses no great danger, but if you wish you can disconnect your PC from the network after having downloaded the SAV 9.0.3 installer and before removing the older version.
- Norton AntiVirus for the Macintosh also contains this vulnerability, but Macintosh users merely need to run LiveUpdate in order to correct the problem. Virus definitions for the Macintosh from February 2, 2005 and later will disable the vulnerable component. Instructions for using LiveUpdate and running it on a schedule (as you should do) are here:
http://www.stanford.edu/dept/itss/ess/mac/docs/nav9/index.html#check
- Spy Sweeper 3.5, which is available on the ESS site, provides improved
sweep time and smarter shields to block browser hijacks. It also has a new
option to let you decide whether to include cookies in sweeps.
- All versions
of Eudora for Windows prior to 6.2.1, which is the version that is now
available on the ESS site, contain multiple serious vulnerabilities, the
details of which are as yet undisclosed. You should upgrade Eudora by visiting
the ESS site as soon as possible. For more information see:
http://www.eudora.com/security.html
- In February, Microsoft released a patch for a critical vulnerability in Microsoft Office XP for Windows, as well as a few other products. Details are here:
http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx
Help for those who need to update Office XP, as well as other commonly used versions of Office, but who don't have their original installation CD, may be found in the form of the Stanford Microsoft Office Patcher, available here:
http://www.stanford.edu/dept/itss/ess/pc/msoffice_patcher.html
If you use any version of Microsoft Office for Windows, it would be wise to check for the availability of updates or service packs by running the Office Patcher or visiting http://office.microsoft.com/en-us/officeupdate/default.aspx.
Updates and service packs for Microsoft products for the Macintosh are available at http://www.microsoft.com/mac/downloads.aspx.
For More Information and Assistance
If you run into problems, as always, contact your local support technician, submit a HelpSU request at http://helpsu.stanford.edu, or call 725-HELP.
