|
Computer Security
A Shared Responsibility
Beth Ann Bergsmark
This August, Georgetown University, along with other universities across the nation, experienced perhaps the worst outbreak of computer viruses and worms in history. The effects were felt well into the start of the academic year. Even Mac and Linux users, whose computers were not susceptible to these viruses, were affected as UIS resources were diverted to fight the viruses. And it isn’t over. As the rate of new Blaster, Welchia, and W32Sobig infections declines, technology staff and computer users fear that the successors to these viruses and worms are just around the corner.
Today’s viruses and worms use more sophisticated code than their predecessors while exploiting the increase in desktop computing power, Internet usage, and e-commerce activities. Hackers also know that fast networks can help a worm travel throughout a large organization in seconds. A few Blaster or Welchia infected computers will infect hundreds of non-patched Windows 2000, NT and XP computers on a network within seconds.
Blaster, Welchia, and W32Sobig may be the worst viruses in history, but they won’t be for long. Virus writers will devise more deceptive code and unleash viruses that travel at greater speeds and do more harm. Early in September, a new virus, W32Swen, emerged that used crafty subject lines and text to disguise itself as a security patch e-mailed to computer users from Microsoft. (For the record, Microsoft does not send security patches to its customers through e-mail.)
The situation is not hopeless. Virus and worm infection is preventable 99% of the time. If your computer was infected, it wasn’t an odd twist of fate or a run of bad luck. You wouldn’t have caught Blaster or Welchia if your computer had the recent patch. You wouldn’t have caught W32SoBig if you hadn’t opened an infected attachment. All it takes to stay virus free is a good computer setup and a few simple actions.
But if it is so easy to stay secure, why do so many computers get infected?
The Blaster and Welchia impact illustrated that many computer users did not fully understand how to secure their systems or are not aware of the potential risks of ignoring computer security practices. While many faculty, staff, and students are realizing the importance of practicing good security, some are still computing at their own risk. On Sept 11, UIS sent a University-wide broadcast warning about a new Microsoft vulnerability and a new security update. At the time of this writing, 60% of faculty, staff, and students have updated their computers, while 40% have not.
Many people expect their computer to work and keep working without intervention when it comes out of the box. Unfortunately, this just isn’t the case. As the capabilities of desktop computers increase, the severity of computer security risks also increases, changing the importance of computer maintenance. What was once marginally safe can now be extremely dangerous unless you take the right precautions.
Know Whom You Are Sharing With
Several years ago, your chance of catching a virus was low if you didn’t often swap floppy disks among several different computers. Now floppy disks are seldom used as computer users share hundreds of files via e-mail attachments and file-sharing software. Today’s viruses are engineered to take advantage of this behavior. If you click on an attachment that you weren’t expecting or download software that isn’t from a reputable company, you will sooner or later catch a virus.
Safety Begins at Home and in the Office
Anti-virus software can do a lot for you, but not everything. Each time a virus is released, anti-virus software developers create a “definition” for that virus that allows the software to detect it and remove it. Anti-virus software that isn’t updated isn’t much use. A year ago, it may have been OK to update your virus definition once a week. Now, as new viruses emerge more frequently, UIS recommends that you update your virus definitions every day. Fortunately, you can easily set up your anti-virus software to search for and install updates automatically. Instructions are on the UIS Web site at http://uis.georgetown.edu/software/documentation/antivirus.
Your desktop computer from the nineties couldn’t be turned easily into a Web, peer-to peer, or networked file server. The new features that allow you to easily plug into new content services and media sharing programs can create security problems.
Software manufactures, Microsoft in particular, sell operating system and e-mail software that has security vulnerabilities. These are holes that a hacker can exploit to install and run their own virus programs. Throughout the life cycle of operating system, Web browser, and e-mail software, manufacturers identify problems and issue “updates” or “security patches” to mitigate or eliminate security holes.
Updates designated by Microsoft as “critical” are intended to fix security flaws. Apply these as soon as they are available. (Standard updates contain “fixes” for performance flaws and other features that you may or may not use.) . You can easily keep your Microsoft software updated by setting your computer to automatically download and install critical updates. Visit How To Protect Your Computer: Guidelines for Faculty and Staff or How To Protect Your Computer: Guidelines for Students for instructions.
Out On the Net
When you are surfing the net, you can run into treacherous waters. How many times have you run into a Web site that asks for an ID and password or prompts you to download software? Many users just enter their information or accept the software without realizing the computer security risks. Web sites, especially sites that offer “freeware” can contain viruses. Exercise extreme caution when choosing to download files from the Web. If you choose to sign up with a site that sends regular e-mail updates or requires a user name and password (such as the New York Times Web site), don’t use your NetID and NetID password or your Social Security number.
The truth is that there is no single defense against viruses and worms. The best protection begins with you, the computer user. Until everyone in the Georgetown University community actively engages in responsible computing practices, viruses and hackers will continue to disrupt our work and scholarship.
UIS is committed to working with our community to continue raising awareness and developing tactics to help combat new virus threats. In this edition of E-Notes we include guidelines that every computer user at Georgetown can follow to stay secure. If you would like more information or assistance, please contact your Help Desk. If you don’t protect yourself proactively, hackers, viruses, and worms will find you.
Beth Ann Bergsmark is director of Academic and Information Technology Services for UIS. |
