Editor's note: This is the second article in a series in observance of NCSAM. See also “UD marks National Cyber Security Awareness Month."
11:56 a.m., Oct. 6, 2010----One of the key messages of National Cyber Security Awareness Month (NCSAM) is that viruses, worms, Trojans, spyware and other malware poses a major threat to our computers and information stored on our computers.
“Each year, the number of software security vulnerabilities discovered rises, and hacking tools available to exploit these vulnerabilities become more readily available and easier to use,” Scott Sweren, the University's information security officer, said. He added that hackers look for ways to “access your computer and copy, steal or alter data you have stored.”
According to Beth Miller, IT Client & Support Services (CS&S), fewer virus and malware problems have been reported at the University recently. “It's not because there are fewer threats out there; in fact, the number of security threats increases every year. But because so many faculty, students, and staff are following the directions to keep their computers virus- and malware-free, the University has seen fewer infected computers this year.”
The University has purchased a site license for McAfee VirusScan for Windows and Macintosh systems, provides directions for using MalwareBytes and Spyware Blaster to supplement VirusScan's protection, and scans incoming email for threats.
Miller added that the tools the University uses have been doing a good job, but that some things do get through. “For example, last week a lot of people received fake iTunes receipts and forged LinkedIn requests in their email. So long as you just deleted the messages, your computer and your information were safe. But if you clicked on one of the links, then you put yourself at risk,” she said.
She also said that IT-CS&S has seen more computers infected as a result of Scareware, “web browser pop-ups that claim your computer is infected and that you need to 'click here' to rid your computer of malware or a virus. Those pop-ups are always a scam. Whether you see a link in email or on the web, don't follow links with which you are not familiar.”
“It's great that the number of trouble tickets for infected computers has gone down,” Sweren said. “But everyone at the University must remain vigilant.”
He urged the University community to follow best practices like those outlined recently by the Multi-State Information Sharing and Analysis Center:
1. Don't click on pop-up ads that advertise antivirus or anti-spyware programs. If you are interested in a security product, contact the retailer directly through its home page, retail outlet or other legitimate contact methods.
2. Don't download software from unknown sources. Some free software applications may come bundled with other programs, including malware.
3. Use and regularly update firewalls, antivirus, and anti-spyware programs. Keep these programs updated regularly. Use the auto-update feature if available.
4. Patch operating systems, browsers, and other software programs. Keep your system and programs updated and patched so that your computer will not be exposed to known vulnerabilities and attacks.
5. Regularly scan and clean your computer. Scan your computer with your anti-spyware once a week.
6. Back up your critical files. In the event that your machine becomes infected, having backups of your important files will facilitate recovery.
(Adapted from “Detecting and avoiding fake antivirus software,” MS-ISAC Cyber Security Tips Newsletter, September, 2010.)
“The vast majority of our clients are following most of these steps,” said Miller. “But you have to be alert to new ways your computer can be attacked.”
For more information, visit the Viruses, spyware, and malware page at the University's NCSAM website.