What you can do prevent virus infections on your computer

(1)

Help prevent virus infections on your computer

Version 1.0 Page 1 of 8

What you can do prevent virus

infections on your computer

A computer virus is program code which 'hides' in other files and can cause irreparable damage to your computer. Computer viruses spread easily between computers when people pass files to each other

Virus Checkers (software programs) provide protection against viruses, new and old. However, virus writers are all too ingenious and for every block that the virus protection developers put in place, virus writers are devising new code to create nuisance.

This userguide provides you with information about the steps you can take to reduce the likelihood of your computer getting infected with a virus.

You should also review the good practice information published on the IS Support site This document will be reviewed every 6 months

Author: Information Security Manager Version: 1.0

(2)

Introduction

A computer virus is program code which 'hides' in other files and can either cause irreparable damage to your computer or (more likely) steal passwords, bank/credit card details, and email addresses. Computer viruses spread easily between computers through shared files, from the internet and through

attachments in email messages.

Here at NTU we use anti-virus products that protect our environment by

dealing with known viruses. A virus signature is a program code which detects and cleans infected files. Updates to virus signatures are deployed

automatically to PCs and scans are completed every week, this is why you may notice your computer running a little more slowly on Wednesdays.

New viruses are continually being produced by virus writers. When this happens, the suppliers of virus protection software have to understand how each new virus spreads, and what it is trying to do, in order to develop, test and send out new anti-virus updates to deal with it. Because of this, it is necessary to update and deploy new virus signatures as soon as they are released.

Viruses are often picked up by pen drives from home or public computers that do not have up-to-date virus protection.

To protect the NTU environment, you should always ensure that your home computer has the most up to date virus protection. A reputable anti-virus program should install updates at least three to four times a week, and should never be more than two days out of date.

In 2008, there were well over 1 million detectable computer viruses. While this is a very high number, the effects of the different viruses are much the same. Often old viruses are “recycled” with new names.

1.0 How to prevent viruses from infecting your computer.

There are many ways that a virus can infect your computer. In this userguide, we have highlighted the most common, but this is not by any means a

definitive list.

The most sensible advise is

• never open unsolicited email attachments, even if they appear to come from friends or colleagues.

• Always save the file attachment to disk - do not open it immediately - and scan the file using your installed Virus checker.

(3)

2.1 Anti Virus Protection Software

You should always ensure that you have an anti-virus software installed and enabled on your computer. This type of software can detect and block viruses before they have a chance to cause any harm. A good anti-virus program can scan for viruses on your hard drive or any program, files, or documents. If it finds any viruses, it can remove the virus, quarantine it or delete the file safely from your computer.

New viruses are continually being produced by virus writers. When this happens, the suppliers of virus protection software have to understand how each new virus spreads, and what it is trying to do, in order to develop, test and send out new anti-virus updates to deal with it. Because of this, it is

necessary for them to update and deploy new virus signatures as soon as they are released.To be affective, your anti virus protection software needs to be updated regularly, preferably automatically.

Whilst the anti-virus that is installed on your NTU desktop or laptop is

managed by Information Systems, this doesn't mean that you will remain virus free.

3.0 Sharing and Downloading Software or Files

If you download software, files or other media from the internet and the source files are infected with hidden viruses, you will easily transfer them to the

computer you are using.

If you do this on your home computer which may not have the most upto date virus protection, you could infect your home computer. If you then do work at home, which you bring in to your office computer on a portable storage device like a pen drive, you will transfer the virus to your office computer.

If you use or share portable storage devices with other users, the effect will be the same.

Using your installed anti-virus software you should get into the habit of scanning your portable storage device before copying files to or from it.

• To do this, go to My Computer • right click on the drive icon • select the 'scan for viruses'.

When you save a file to your computer, either from an internet download or from another computer, always run a scan on it to make sure it is virus free. Not all viruses act immediately. Some may wait for a trigger such as shut down or reboot. Anything that you put on your computer from another source should be scanned for potential threats.

(4)

Version 1.0 Page 4 of 8 If you need to work on files between your home and office computers, store them on your home directory and access them through the NTUanywhere service. For more details about NTUanywhere visit the IS Support site

http://www.ntu.ac.uk/information_systems/services/off_campus/index.html

The standard NTUanywhere service means that you only need to log in once to use your email or your home directory and you can upload and download files safely.

You can use this service from any PC with Internet access. NTUanywhere is therefore ideal for use from a public PC, for instance in a Cyber Café, or a mobile device such as an IPAC or Smart Phone.

Be extremely cautious of websites that asks you to install a 'plug-in'. Various forms of malicious software can be hidden within plug-ins. These have the potential to install a virus or Trojan to your machine which can steal your information like username and passwords to other websites.

3.1 Attachments sent by email

You should not open attachments sent by email from people you do not know and you should always be cautious even if you know who they are from. You should also be especially suspicious of email messages that promise fantastic offers. Get into the habit of copying attachments to your computer first,

rather than just opening them from the email message, this way you can scan the file before opening it. Unfortunately, this check only helps, it doesn't guarantee protection from virus infected files, but is a simple check which could stop you opening something nasty.

If you receive a message from someone know to you, but the style, character or content of the message is not of the type they would usually send, you should be cautious. If the sender has said they have sent you a Word

document, but the attached file doesn’t look like a Word attachment or had a Word file extension, scan it before opening it.

Be cautious about opening files that have two file extensions e.g.

myfile.doc.exe and do not run .exe files sent to you as attachments without checking them first.

3.2 Security Patch

A Security Patch is program code that fixes and closes vulnerabilities in Microsoft software on PCs or servers. Some patches boost security and reliability, and others increase performance or fix problems.

Microsoft release their patches on a monthly basis. The patches are evaluated by IS staff who assess how important the patches are to the business. Once this has been done, the deployment is tested and scheduled. In some cases, the vulnerability that has been identified is so severe, that urgent and

(5)

immediate deployment is essential. For example, in August 2003 unpatched computers in NTU allowed the "MS Blaster" virus to severely compromise the network, making it almost unusable for several days. Information Systems automatically install new updates to Windows and Office when they come available, but this advice should be followed at home.

The update procedure takes place in two stages. During the day, your PC downloads updates and stores them on the PC ready for installation. The next time the PC is restarted, these updates are then installed. Normally these two processes will take place in the background, although they will use extra

resources on your PC, sometimes causing reduced performance. However, you will be alerted by the presence of a small golden "shield" icon in the System Tray (next to the clock). Some updates will require the PC to be restarted before they become active.

In order to minimise disruption to your work, we recommend that you close your PC down at the end of the day. This will ensure that updates that have been downloaded on that day will be installed first thing after you restart your PC the next day. In the case of critical patches this will probably result in a request for your PC to be restarted between 5 and 10 minutes later, but having individual PCs taking a little longer to start up in the morning is preferable to experiencing disruptions to key services business-wide.

The update procedure for PCs in Lecture Theatres and GPT Rooms is slightly different. These machines are configured to download and install their updates overnight, ensuring that each PC is fully patched and ready for use the next morning, and that there is no interruption to lectures and presentations.

Whether your computer is a PC running Windows or a Mac, an updated system can help fight off potentially harmful programs. Operating systems that are old and not updated are more prone to infection.

Having your computer set to 'Automatically' install new patches helps protect it, but also applications must also be updated such as Microsoft Office

regardless of the operating system, the auto-update should tell you when a new update has been released, so you can install it.

3.3 Firewalls

Should I use a firewall? The answer is YES. While firewalls help prevent intrusion from an outside source, firewalls also block some viruses from spreading from computer to computer. Without a firewall, an infected

computer on a network could infect your computer, particular if your computer is vulnerable because it doesn’t have the latest patches. Using a computer without a firewall is dangerous, so you should always have one installed and running. As with anti-virus, Information Systems manage your firewall centrally and so automatically prevent many threats.

(6)

4.0 Keep a copy of your important work

The final part of this advice is about your precious files… the ones that you have taken weeks writing, the whole of next years budget, your important presentation at that conference or even that memo that you just wouldn't want to type out again.

If your files get infected, and the virus can’t be cleaned or removed, your file could be permanently damaged and be unusable. If you suspect that you have a virus, you should contact the Information Systems Service Desk for

assistance.

To ensure that you are not left in a crisis, do not keep the only version of an important file on your pen drive and always keep a copy of your urgent and important work on your networked home directory or departmental shared areas, which is backed up by Information Systems every night.

4.0 Cleaning your computer of viruses

Completely removing a computer virus is delicate work. Despite all of these precautions, your computer may still end up getting infected with a virus. If this happens, don’t panic and make the situation worse. Your actions will depend largely on what type of virus your computer is infected with, and also how you came to be aware of the infection. If you routinely share files with your home computer, you should check that as soon as you can.

If you feel confident, you can use your installed anti virus program to scan for viruses, alternatively contact the Information Systems Service Desk.

If other people use your computer, you should let them know that you have had a virus reported to you so they can check their files and home computers If the virus prevents you from doing anything, then the only thing you can do is to shut your computer down and contact the Information Systems Service Desk giving as much information as possible so we can take the right steps to advise you further.

5.0 Top tips

You can contact Information Systems Service Desk about your computer on campus using:

The Webform at https:\\www.ntu.ac.uk\issr by Email to ITS Service Desk

by Phone on ext 8500

(7)

Microsoft & Apple regularly releases security patches and provided a number of ways to install security patches, including Windows Update, Automatic Update, and also manual ways of checking. You can subscribe to e-mail notifications of new patches both from Microsoft and from Apple, however if your computer is set to update automatically then this is not really necessary.

There are many applications installed on our machines which are deployed by Information Systems, when these have patches required, IS automatically install these for you, so you may not even know that they were patched. 2. Use anti-virus and update the virus definition daily.

Anti-virus programs protect you against most types of viruses - including both executable and macro viruses. Your NTU computer will already have Anti-virus installed, please do not disable it and let the program check all new files downloaded to or copied to your system.

Anti-virus programs can clean most of the viruses if you update the virus definition regularly or use auto update. This is critical for the software to catch the latest viruses

3. Take care when a website asks you to install a 'plug-in'.

There are unfortunately some websites that have been high jacked by rogue groups who try to steal information. If you try to access your online bank account for example, this could cause you personal loss as your personal account details could be extracted. If the information that was harvested created a large loss of university data, this could damage the reputation of the university, lead to severe fines by the Information Commissioner’s Office or even imprisonment for senior management if we suffer a very large data loss. Information Systems attempt to block known websites that have been

compromised in this way using Websense Content Filtering, but you should always be vigilant and only install software from trusted website where the software looks genuine, if you are in any doubt please contact Information Systems Service Desk for help or advice.

4. Don't open email attachments unless you are sure it is safe.

If you get an unsolicited email message from someone you've never heard of before, and that message includes an attachment, don't open the attachment! The attached file could contain a virus that could infect your machine.

Virus files can only infect your computer when they're run, typically when you click or double-click them in order to open/run the file. This means receiving a virus-carrying email message in your inbox is safe - unless you open the

(8)

Version 1.0 Page 8 of 8 You should never run any email attachments that have the following file

extensions: .EXE, .COM, .BAT, .VBS, or .PIF. Incoming email messages are scanned for viruses when they arrive at the university in an attempt to trap virus carrying messages along with spam emails.

5. Scan devices before copy / open any files from it.

If you are copying files from portable storage media like pen drives, portable hard drive or even CD and floppy disks, make sure you scan the drive before opening or copying any files from it. Try to avoid 'plug-and-go' and always remember to scan first before opening any files, including any pen drives from a student who may need your help.

6. Don't execute programs or files you find on the internet without checking them.

Newsgroup postings often contain attachments of various types; executing a program from an anonymous newsgroup poster or by visiting an unknown website is not safe, check the downloaded files carefully before running them. Chat rooms and messenger applications (such as Windows Live Messenger and AOL messenger) are another big source of virus infection; some users like to send pictures and other files back and forth, and it's relatively easy to infect a file to be sent in this way.

Do not use peer-to-peer (P2P) programs (such as Kazaa, Bit torrent etc) for downloading music, software, or other files. If you must download files from the Internet, use trusted sources and reliable Web sites that actually check their files for viruses before they post them for downloading. You should not download files of this nature to university computers or to your home directory or departmental shared areas.

Software should always be obtained from Information Systems, this means that we can provide reliable software which is free from viruses and also ensure that the University is using licensed software only.

7. Golden Rule - Back up your files

Always remember to back up your important work files to another safe place, preferably your home directory or departmental shared area. This means that your life’s work isn’t wiped out by one virus attack.