dtaylor26 wrote:1) How often is the OS on ward computers patched for security? I'm guessing it's not very often, probably on the order of when new updates to the Desktop are made. It seems to me there are lots of hooks and mods made to the OS in order for MLS to run- I realized this when I tried to create additional OS administrator accounts last fall. Do these modifications impact regular Windows security updates, or in other words, once our clerks aren't limited to dialup, I'm nervous about these machines having I.P. addresses w/o OS patches, and I'm equally nervous about applying patches if they're going to mess up the OS (how's that for a run-on sentance?).
All Church computers connected to the Internet are required to have Desktop 5.5 installed. Desktop 5.5 controls OS updates, so you shouldn't have to worry about this. From the Desktop 5.5 instructions:
Now that Local Unit Computer Desktop Version 5.5 is installed, Windows security patches, new virus definitions, and other updates can be received from the administration office through the data transmission process in MLS. Updates will be made available as needed, but it is important to use the Send/Receive Changes feature weekly and apply all updates promptly to make sure the computer is always protected as fully as possible. (Updates may increase transmission times.)
Also, the Church-supplied firewall will hide actual machine IP addresses from the Internet, so your risks of a wide variety of attacks will be tremendously reduced.
As for your issues with creating additional OS administrator accounts: It is true that Desktop 5.5 sets many aspects of the computer's security policy. But you should be able (and are required by policy) to create at least one additional Windows administrator account on each computer. If you are having problems with that, post your questions on this forum and we'll try to help, or call Clerk Support.
dtaylor26 wrote:2) As we move into the I.P. realm, what are the considerations/recommendations for spyware and anti-virus usage? Will this be incorporated into Desktop, or will that be up to the STS? If the STS doesn't do this, and an infection takes place, how much trouble will the STS be in? Even if the STS does this, and an infection takes place, how much trouble will the STS be in? With both the local unit and the Church?
The Desktop 5.5 includes Symantec anti-virus software. It's more than a recommendation -- it's required by policy. The Desktop 5.5 instructions give what I consider to be conflicting instructions regarding virus definition updates:
• Settings for computer security, antivirus software, and so on, are managed from the administration office during MLS transmissions. For this reason, no changes should ever be made to the Symantec products installed on the computer except for updating the virus definitions as they are received from the administration office.
• Because virus definitions can become outdated despite the best of efforts, the Member Services Support Group asks that you update the Symantec AntiVirus software manually once a quarter to ensure effective virus protection.
I have not noticed any updated anti-virus definitions being downloaded through Desktop 5.5, even though the above instructions say they will be. And if updates were being downloaded regularly, why would we have to update them manually? In any case, the only updates that happen (for machines in my stake) are when I do the manual updates. So I do those at least once a quarter, and sometimes more often.
We're typically not in the business of talking about "how much trouble" someone will be in for certain actions (or inactions). But it is certainly advisable (by that gentle word I mean "required") to follow the official instructions I posted above. If you do that, I think you can be confident that you have done your part, and if some virus slips through Symantec, the solution mandated by the Church, I don't see why you should be blamed.
dtaylor26 wrote:3) Let's say, for the sake of argument, that the information being sent between the clerk's workstation and the router is eavesdropped on (imagine a creative group of youth with an affinity for technology). The workstation isn't compromised, just the connection between the workstation and the router (harder with a wired setup, but possible). If this eavesdropping is detected, what procedures does one follow? Does each member have to be sent a 'Check your credit history' letter because their information may have been compromised?
I don't know of any policy on this. It's a serious question, and a good one, but I would seek guidance from Clerk Support if that were to happen. In the meantime, our best course of action is to use our very best efforts to keep the risk of eavesdropping as low as possible by following security practices that are in accordance with industry standards and Church policy.
), some questions arose that I present here.
