ETC@BMC

lmaksym September 28th, 2007

Safe Computing

Common Terms (based on information from McAfee Security Resources):

• Virus: A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.
• Worm: a program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer’s resources and possibly shutting the system down.
• Trojan Horse: A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
• Adware/Spyware: A legitimate (or semi-legitimate), non-replicating program designed to monitor the computer usage or browsing habits of a user. This might include anything from anonymous usage statistics to monitoring keystrokes, tracking internet history, uploading confidential information and the like. Can be in exchange for the right to use a program without paying for it (a take on the shareware concept). Not technically considered “virus” although these programs can be annoying and occasionally damaging. These are not addressed by traditional anti-virus software.

Solutions and prevention:

• Anti-virus software - McAfee is available to all members of the Bryn Mawr community from the Computer Services Software Download page.
• Ad-aware (http://www.lavasoftusa.com/support/download/) and Spybot Search and Destroy (http://www.safer-networking.org/en/mirrors/index.html) — these products remove and protect against Spyware and Adware and some Trojans and other similar predatory software. They find different things, so it is possible to use both.
• See this document for some ideas on how to be a “safe” user:
• Minimize public file sharing over ICQ and IM. Be cautious about downloads - recommend downloading from trusted sites only.
• Turn on the machine’s internal Firewall (in the network connection properties in Win XP and in System Preferences>Sharing on a Mac, also available for any Linux distro.)

Tips for Disinfection

• First remove any infected or suspicious computer from the network. Bring any necessary utilities to the computer via CD or disk.
• For common viruses, there are often specific utilities available from McAfee which are faster than a full virus scan and will target the problem more efficiently. These are especially good when needing to clean many computers in a short period of time.
• If Anti-Virus is unable to successfully clean a virus, look the virus up by name in the Virus Information Library (http://www.mcafeesecurity.com/us/security/vil.htm) - there will often be instructions for manual cleaning.
• If you are following instructions on cleaning a virus that involve altering the registry, make sure to back up the registry before doing anything.

Be Aware:

• Some software does not play well together. Software conflicts can sometimes look like viruses.
• Never install more than one anti-virus software at once. These packages frequently conflict with disastrous results.
• Do not install Ad-aware or Spybot on a machine running Norton Internet Security or McAfee’s Internet Security Suite - these products can conflict with the anti-adware/spyware components of the Internet security packages, causing severe problems.
• Uninstalling virus scanners or Internet security packages is not always as straightforward as it appears. Many major packages (especially Norton) leave things behind during uninstall (especially in Windows) which will cause problems when re-installing or installing another package. See the manufacturer’s Web site if you have problems while trying to remove or re-install one of these packages - most have detailed instructions or utilities for stripping out the last vestiges of the program.

Additional Resources:

• http://www.mcafeesecurity.com/us/security/resources/av_tips.htm
• http://www.mcafeesecurity.com/us/security/vil.htm
• http://www.mcafeesecurity.com/us/security/resources/home.htm
• http://www.staysafeonline.info/
• http://www.sarc.com/ — Symantec Antivirus Research Center.
• http://www.grisoft.com/us/us_index.php — offers AVG, a free-for-personal-use anti-virus product and additional info

Safe Internet Practices

Security: There’s no need to be completely paranoid about buying stuff online or entering information on the internet as long as you’re careful. When entering personal information-name, address, phone number, even e-mail-make sure you have secure connection. On most browsers, a tiny lock will appear in the lower right-hand corner (on IE on the Mac, it’s in the lower left corner; on Safari it’s in the upper right). If a lock does not appear, either don’t enter the information or notify the web site owner. Another common way to tell you have a secure connection is that you’ll see https:// instead of http://, but not all secure websites use this protocol. For bank logins and other very sensitive information, it’s a good idea to use a password that’s difficult to guess and to change it frequently.

You can also change your security settings in IE, but be careful as setting a really high security setting might prevent you from getting into legitimate sites, like Blackboard.

Cookies and cache: Not the kind you eat or money you spend. Many websites, secure and otherwise, set cookies on your computer to track your visit. This can be convenient-like when you go to Amazon and it shows you your recommendations and recent orders. It can also be a security risk or at least a real annoyance and slow down your work. All browsers allow you to clear the cache and cookies. On IE, choose Tools–>Internet Options. In the dialog box, click the “Delete Cookies” button and the “Delete Files” button under Temporary Internet Files. It’s a good idea to do this once in a while.

Popup blockers: These prevent those annoying popup windows, some of which can be suspicious, forcing you to click on downloads you don’t want or installing Adware. Popup blocking is built in to browsers like Mozilla, Firefox and Safari. For IE, you can download the Google toolbar which includes a popup blocker.

Adware: As stated above, this is software that continually tries to sell you stuff based on the sites you visit. You’ll know you have it, when you open a browser and continually have random windows pop up. It’s very annoying and it can cause problems. Use the software indicated above (it’s free) to get rid of these programs.

Safe e-mail practices: E-mail is always delivered in the clear, meaning that anyone can see it if they really want to. It’s possible to secure it, but requires obtaining a security certificate which most people don’t do for personal use. It’s not a good idea to send personal information through e-mail. If someone asks for sensitive information, like a social security number, don’t send it via e-mail. Hand-deliver it or send it in the mail or discuss it over the phone. It’s not even a good idea to send credit card information via e-mail. A good rule of thumb is if the information isn’t publicly available, don’t send it via e-mail.

E-mail is also the primary carrier of viruses. Bryn Mawr’s server-side scanning process usually catches most viruses, but virus creators are getting increasingly clever about circumventing scanning programs. If you don’t recognize the sender, then don’t open any attachments. And you should never set a mail client to automatically open all attachments. That’s just asking for trouble. Another problem is that spammers and others often masquerade as people you know. Check the headers if you see an attachment that looks like it’s from someone you know, but the attachment itself looks suspicious (e.g. it doesn’t have a recognizable extension). To check the headers, choose “View Full Headers” in many e-mail programs or in Webmail, click Display Headers in the message.

Instant Messaging: New viruses are being written to taken advantage of the relatively insecure nature of most IM programs. Never download anything through an IM program. If a friend wants to send you something, have them e-mail it where you have more control over the download.

Kazaa and other file-sharing software: Technically, it is not legal to use such programs to share copyrighted material, but we know that many students do use them. Be careful about the files you download through these programs. Many people are using them to install spyware, adware, and keylogging programs onto your computer.

• announce