For Students | For Staff | Directory | About | Sitemap
Q. What is BigFix and what does it do?
A. BigFix Enterprise Suite is a commercial software package that allows central management of networked computers. BigFix allows Stanford to help keep computers on the Stanford network secure and up-to-date by providing a way to distribute important software updates. Specifically, PCs connected to the Stanford network and running the BigFix client software will be automatically updated by central Stanford servers with the latest operating system patches as well as updated to Symantec AntiVirus. BigFix can also be used to allow Stanford to collect information about your computer. BigFix is currently only available for computers running the following Windows operating systems: Windows Vista, Server 2003, XP, 2000, NT 4.0, ME (Millennium Edition), and 98 Second Edition. (Support for Mac OS X is coming soon, and support for certain Linux distributions may become available in the future.)
BigFix is provided as a campus-wide service through ITSS and is managed through central BigFix site administrators (all of whom are central ITSS staff and with long experience in systems administration) and local console operators for each part of the University that chooses to use BigFix. If you install the BigFix client, you will be asked to specify your group; residential students should select "ResComp" as their group for all personally owned computers. In conjunction with broader policies set by the BigFix site administrators, each group develops their own policies on how BigFix will be used within their area.
For more information on how ResComp uses BigFix, click here. For more information about BigFix and BigFix at Stanford in general, visit the ITSS BigFix FAQ. The BigFix client software can be downloaded at Essential Stanford Software.
Q. How does Residential Computing use BigFix (and the information it collects)?
In general, if you install the BigFix client on your computer, you will receive patches and other software updates through actions taken by the ResComp group console operators and the Stanford BigFix site administrators. With only two console operators for the ResComp group, potentially thousands of computers that could be using BigFix, and the challenge of trying to centrally manage thousands of personally owned computers, the ResComp group console operators usually do not deploy patches or updates directly. Instead, we simply use the service provided by the Stanford BigFix site administrators who review various patches and updates and after determining their importance and testing for possible problems, deploy them campus-wide as fit. Since the ResComp group console operators do not intervene on these actions, the patches and updates simply pass through to you, the end user.
BigFix also allows console operators and site administrators to determine whether a computer is infected with a virus or otherwise exploited. In this case, you may be notified via email and asked to take the necessary steps to clean your computer (your RCC will also be notified and will be able to help you). BigFix also allows console operators and site administrators to remove infections and other exploits remotely, but this will only be done in extraordinary circumstances, as in response to a major security outbreak, and only by the site administrators with the approval of the Stanford Information Security Office and ResComp.
BigFix is capable of allowing Stanford to collect and store a large number of properties about your computer, including what software applications you have installed (even if you are not running them at the time) and details about your hardware. However, Stanford's BigFix system is configured to collect only a subset of those properties (in addition to the ones considered essential to the basic functioning of the BigFix service at Stanford). In addition, the list of retrieved properties for the ResComp group has been reduced even further, so that only those properties essential to the basic functioning of the BigFix service at Stanford are included. The current list of retrieved properties for the ResComp group are highlighted in red here.
Changes to this list of retrieved properties are subject to the approval of the Office of Residential Computing, Chief Information Security Officer and, if necessary, the Office of General Counsel and the Internal Audit Department. If the list of retrieved properties for the ResComp group changes, you will be notified via email. To ensure that you receive these emails, you should make sure your in-room network registration information is up-to-date since notification will be done by matching up the list of ResComp BigFix users with the list of registered residential network users. To view/update your registration, visit the in-room network connection forms.
You may also be interested in subscribing to the campus-wide BigFix users list to be notified of any changes to the list of retrieved properties available (although not collected by a particular group) in general. You will be given the option of subscribing to this list during installation process. To subscribe to this list via email, send an email to majordomo@lists.stanford.edu with the following line in the body of the email:
subscribe bigfix-users
Q. Who has access to the information BigFix collects?
ITSS central staff members who are acting as BigFix site administrators have access to the properties for all computers running the BigFix client. Local console operators who manage a subset of computers, such as the computers on the residential network or in a specific academic department, only have access to the computers in their respective groups.
Anyone who has access to any of the information stored in the BigFix database is bound by strict University rules concerning the proper handling of confidential data. For more information see the BigFix FAQ from ITSS.
Q. Should I use BigFix?
A. BigFix can be a great tool for those people who do not want to worry about running Windows Update (even when it's configured to download and install updates automatically) or updating Symantec AntiVirus regularly. However, if you run any specialized software that might have problems with some operating system patches, or if you simply can and prefer to closely manage what's installed on your computer and keep it up-to-date yourself, BigFix might not be the answer for you.
If you do decide to use BigFix, we strongly suggest you familiarize yourself with the list of retrieved properties since running the BigFix client allows Stanford to collect and store information about your computer.
Either way, BigFix can be useful if it's the right fit for your computing needs, and we strongly encourage you to consider it as an option for helping to keep your computer (and the Stanford network) secure.
Q. If I use BigFix, do I need to worry about security on my computer?
A. Yes! While using BigFix will help make sure you have the most up-to-date operating system patches and Symantec Antivirus definitions, you should still make sure you follow good security practices, such as using good passwords and avoiding suspicious emails and the viruses they may carry. For more information on secure computing practices, visit our Practicing Safe Net Web site as well as the Secure Computing Web site from Information Security Services at ITSS.
Q. How many students run BigFix in the residences?
A. According to the results of the 2006-2007 residence surveys 11% of undergrads and 18% of grads used BigFix. For more survey results, click here.
Q. Where can I get more information?
A. Use the following links to get more information about BigFix, BigFix at Stanford, and computer security in general:
Anti-virus software
Security patches
Email
Good passwords
Spyware
Essential Stanford Software
Secure Computing
BigFix at Stanford
BigFix FAQ for Residential Students
List of general security resources
Symantec
Security news on the Web
Contact your RCC.