• QUICK LINKS
  • answers.stanford.edu
  • apple.stanford.edu
  • computing.stanford.edu
  • courses.stanford.edu
  • datarates.stanford.edu
  • dell.stanford.edu
  • departmentphone.stanford.edu
  • email.stanford.edu
  • ess.stanford.edu
  • helpsu.stanford.edu
  • myitserviceshelp.stanford.edu
  • orderithelp.stanford.edu
  • software.stanford.edu
  • studentphone.stanford.edu
  • techtraining.stanford.edu
  • tools.stanford.edu
  • unixcomputing.stanford.edu
  • vpn.stanford.edu
  • web.stanford.edu
  • windows.stanford.edu
• SERVICES
  • IT Services Only
  • All Campus Providers
    → computing.stanford.edu
• GETTING HELP
  • Stanford Answers
  • HelpSU: IT Help Desk
  • Training
• PROJECTS
• ABOUT US
  • What We Do
  • Organization Chart
  • Jobs
  • Contact info
• INTERNAL
• SEARCH

  • Search IT Services:
     

• IT Services
• Essential Stanford Software
• Windows Software
• Security Self-Help Information
• Security Self-Help Tool Help

Security Self-Help Tool Help

Overview

The Security Self-Help Tool's Help button (or the Security Self-Help command in the Help menu) launches your default web browser and takes you to this page.

The Security Self-Help Tool is a simple, self-contained utility that performs a set of basic security checks appropriate to the kind of computer on which it is run. The tool is non-intrusive, and is provided as an educational aid in your efforts to keep your computer more secure.

The tool does not save information about test results on your computer. However, if you choose to use the tool's "Fix It" wizard to fix problems, the tool internally keeps information about the changes it makes. That allows the tool to undo the changes later if you choose. Again, this information is kept internally on your computer and is not sent to anyone.

Each time you run the program, it will search the Web for updated security information. As new threats are discovered or new technology develops, new tests and remediation functionality will be added to the Security Self-Help Tool, so it is a good idea to run the program periodically to make sure that your computer remains safe over time.

The main window

The main window has four buttons that perform the following functions:

• Run the Tests - runs the main collection of security tests.
• Secure Password Test - runs a test that tries to guess the password of the selected accounts on your computer.
• Help - opens your default browser to this web page.
• Exit - quits the program.
  

Run the tests

When you run the tests, the Security Self-Help Tests window opens and displays the test results.

Test results

A summary of the test results is displayed above the tabbed area.

Below the summary area, there are two text boxes. The first box shows the test results in detail. If you click one of the test items (not the checkbox, but the text itself), the text box at the bottom of the window will provide information about that test, including suggestions for how to fix the problem if a problem was found.

You can also get information about all of the tests in one place by clicking View Report on the toolbar. A page will open in your default browser, displaying detailed information about all the tests that were run.

Each test name is prefaced with an icon to indicate the result of the test. The following table describes the meaning of each icon. (You can also click Icon Legend in the toolbar.)

Icon	Description
	Passed.
	Item failed test.Not a serious problem and can be fixed by the Self-Help Tool.
	Item failed test. Not a serious problem but cannot be fixed by the Self-Help Tool.
	Item failed test. Serious problem and can be fixed by the Self-Help Tool.
	Item failed test. Serious problem but cannot be fixed by the Self-Help Tool.
	An error occurred during the test.

The tabs are used to select how the test results are displayed:

• All Fixable Problems - This is a list of problems found by the tool that also can be fixed by the tool. The checkboxes on the left determine which problems will be fixed when you click Fix All. By default, all the boxes are checked.
  
  
• All Problems - The Security Self-Help Tool cannot fix some of the problems it finds.This tab is the default and shows all the problems found, not just the ones the tool can fix. By default, all fixable problems are checked.
  
  
• All Tests -This tab lists all the tests that are run, including the ones your computer passed.

Fix problems and undo fixes

Many of the problems uncovered by the Security Self-Help Tool can be fixed by the tool itself. The easiest way to fix them is to click the All Fixable Problems tab, make sure all the boxes are checked, and then click Fix All on the toolbar.

The problems are usually repaired within a few seconds. (You can re-run the tests to verify, if you want.) The display will be updated to show that the problems that were fixed are no longer problems.

For information about fixing problems that cannot be fixed by the Security Self-Help Tool, click a test name to read the help in the bottom pane. Suggestions on how to fix the problem are usually provided. (Click View Report to see the information for all the tests on a web page.)

In rare cases, you may discover later that a repair made by the tool is causing some problem that is worse for you, in your estimation, than the security it provides. If you need to undo a change you made using Fix All, you can return to the tool, re-run the tests, and then click Undo Fix to run the Undo Wizard.

Note: The Undo Wizard can only undo the fixes made by the Security Self-Help Tool.. For problems that the tool finds but cannot fix, you must fix them, and if necessary, unfix them, yourself.

To run the Undo Wizard:

1. Click Undo Fix to start the Undo Wizard.
   
   
2. At the Welcome page, click Next.
   
   
   
   
3. Check the boxes to select which of the problems (all or selected ones) that the tool previously fixed that you would now like to undo. Then, click Next.
   
   
   
   
4. Review the changes. If you are satisfied, click Finish to return the items to the values that were in place before the Security Self-Help Tool changed them.
   
   
   
   
5. If undoing the repair does not fix the problem you thought it was causing, you probably should re-apply the tool's repair.

View services

Clicking the View Services button in the toolbar displays all Windows services that are running on your computer and identifies those services that are unnecessary or high risk. You may want to disable these services for security reasons.

Click the name of an active high risk or unnecessary service to display information about that service. To disable the service, click the name of the service and then click Disable.

 

Diagnostic information

The View Report and View Log buttons provide access technical information that can be useful for troubleshooting purposes.One way to use the report and log file is to email a copy to your local technical support person.

View Report: Once you have run the security tests (perhaps after fixing any problems), you can request a full report of the final results by clicking View Report on the toolbar. This opens the report in a window of your default browser. You can then print or save it using the browser's facilities.

The report includes basic information about your computer, the problems found (along with suggestions on how to fix each problem), the tests the PC passed, and the full listing for all the tests.

View Log: If encounter a problem and need more information than is provided in the report, click View Log. This opens a log file in Notepad that shows all the activities that occurred on your computer while running the tests.

Secure password test

Choosing strong, hard-to-guess passwords for all of your computer accounts is extremely important. The Self-Help Tool is only concerned with the various user accounts on the computer on which it is run. It has nothing to say about other computer accounts you may have, such as your SUNet ID.

The Secure Password Test tries to determine the password set for each active (i.e., not disabled) account on the computer (or selected ones - your choice).

The Secure Password Test makes no attempt to decipher any user passwords on your computer, which are stored in an encrypted form. It simply tries to log in to one or more user accounts by working its way through a dictionary of common passwords. Password "guessing" is usually how hackers break in. Many people use very common passwords, often without realizing they are doing so. The test's guesses include common, insecure password formulas (e.g., using the username as the password).

You can choose whether you want the Secure Password Test to use the smaller dictionary of more than 1,000 common passwords (faster), or the larger one containing over 3,500 (more secure) common passwords.

The program downloads lists of common passwords from the Web each time that it runs, so as new common passwords are added, they automatically become available to the tool.

There is a counter at the bottom of the Password Test window that shows how the test is progressing. As soon as the test discovers a weak password, it displays a warning and continues on to the next account to be tested, if there is one.

If any of the user accounts on your computer have weak passwords, it is very important that you change them. It is critically important that you set strong passwords for all user accounts, especially for user accounts with Administrator privileges.

If this test finds a problem, it is imperative that you take action as soon as possible. For specific help with choosing and setting passwords, see Password Security Tips and Setting Your Computer's Password on the Secure Computing web site.