Technology Update - August 17, 2011
Table of Contents
This issue of the Tech Update is a special issue concerning computer security: virus protection, malware removal, identity security, and best practices for preventing infections on your computer. Learn more from the articles below.
Keep Your Computer Up-to-Date!
Aside from installing anti-virus software (see article below), the most important thing you can do to keep your computer secure, virus-free, and running smoothly is to keep your computer regularly updated. To do this, you’ll need to ensure that important software and security updates from Microsoft are installed and that plugins for applications such as Adobe Flash, Adobe Reader, and Java are up-to-date. Many of these updates are patches for recently-discovered security threats (holes in applications that hackers could exploit). Other updates can provide software enhancements and help keep your computer running smoothly.
To set up automatic updates for Windows, go to "Start" > "All Programs" > "Windows Update." The Web site or prompts that appear will guide you through the rest of the set-up process. For Macs, navigate to "Apple menu" > "System Preferences" > "Software Update."
If you're not sure if your application plugins are up to date, you can check your plugin versions at Qualys' BrowserCheck site by clicking the "Launch a quick scan now" link and/or the "Scan Now" button (this option's location differs depending on the browser you are using) to search for potential issues.
Anti-Virus Software, Firewalls, and You
Any computer with access to the Internet should have anti-virus software and a firewall installed. Without this software, your computer becomes an inviting target for hackers and is thus vulnerable to viral infection. Ensure that anti-virus software is installed and configured on your computer.
Anti-virus software that comes with the purchase of a computer might or might not be sufficient to protect your computer. To help you scan your computer and prevent/remove viruses, IRT offers Symantec Endpoint Protection free of cost to all students, faculty, and staff at Drexel. It can be downloaded via IRT's software server. Simply log in with your Drexel credentials and select your status and operating system. Symantec includes the option to install a firewall, but other good choices are Windows Firewall or Windows Defender, which are included on most Windows installations in "Start" > "Control Panel." Ensure that a firewall is installed and turned on at all times.
Most anti-virus software programs, including Symantec, allow you to set up automatic weekly scans of your computer as well as automatic updates for the software and virus definitions.
Other options for anti-virus software exist, including Norton, avast!, Microsoft Security Essentials, and AVG. Many of these options offer a free, personal version of the software. Check out this article on PC Magazine's Web site for reviews and ratings of 2011’s top anti-virus programs.
Viruses and phishing scams are a constant threat to users and their computers. Here are some tips to avoid phishing scams and keep your computer virus-free:
- Keep your anti-virus software updated and scan your computer regularly for viruses and malware. See the article above for how to turn on automatic updates and scans.
- NEVER give out passwords, login information, or other sensitive information. No legitimate organization, including Drexel University, will ever ask you to reveal it. Only you should know your sensitive information.
- Be wary of social engineering threats, which try to manipulate you into divulging confidential/sensitive information.
- Don't respond to spam, and delete it or move it to your Junk/Spam folder.
- Don't open email attachments from an unknown source.
- Don't download content from suspicious or untrustworthy sites or applications. This can include fly-by-night screensaver/wallpaper download sites, software/multimedia pirating or P2P sites, or sites with downloadable zip files.
- Copy and paste URLs into your navigation bar instead of clicking on them directly. You can also hover over linked text to see if the URL appears to be legitimate.
- Disable the "auto-run" feature on CD/DVD and flash drives to protect your computer from an auto-running virus.
If you have any questions about a suspected virus infection or a questionable email message, contact the IRT Help Desk at email@example.com or 215-895-2020.
Macs Get Viruses, Too
Despite their reputation for being virus-free, even Macs can get infected. In fact, this past May, a malware program masquerading as an anti-virus application ("Mac Defender") was unleashed, prompting Apple to release an update to combat the malware (more information provided by Apple here).
Installing anti-virus software on a Mac is highly recommended, even if infections are less common on a Mac than on a Windows computer. Drexel's software site offers Symantec Endpoint Protection for Macs at no cost to the Drexel community. Access it by logging into IRT's software server, selecting your status, and selecting the link for Mac software.
Security and WiFi Connections
More and more places are becoming "hot spots" for free wireless (WiFi) connections. However, many of these public networks are unsecured and thus can pose security threats to your sensitive information. If you need to manage your online banking accounts or access other sensitive/confidential information, use a firewalled Ethernet or wireless connection with a firewalled router. Enjoy free, public networks for general browsing!
Think Twice Before You Click
Before clicking on a link in an email, you might think, "I know the sender. This link is safe." This isn't necessarily a bad assumption if you recognize the sender’s address, but the email might not actually have come from that address. One of the frequently-used tricks of botnet attackers is to "spoof," or fake, sender information to make a message look like it's coming from someone you know. Unless you can determine with some certainty that the link is trustworthy (based on the content or the signature of the message), then it’s best not to click on the link.
This is just one example of a situation in which you should refrain from clicking on emailed links. Here are a few additional tips to prevent hackers from compromising your computer through malicious links:
- Try not to click directly on emailed links. Instead, copy and paste the link into your browser’s address bar.
- Be very suspicious of attachments that you are not expecting, even if you recognize the sender.
- Never conduct business with financial institutions from emailed links. Because the consequences of a mistake can be serious, access the institution's home page and navigate to your destination from there.
- Be very suspicious of links in messages with vague content, misspelled words, or generic references to "webmail" or "helpdesk." These messages are almost always scams and should be discarded or moved to your Junk/Spam folder.
If you are ever unsure about the legitimacy of an email or emailed link, forward the message to the Help Desk (firstname.lastname@example.org) for advice.
Tip: Outlook disables unsafe features of email messages that have been moved to the Junk E-mail folder, so you might want to drag suspicious messages to Junk E-mail before opening them.
How to Deal with Pop-Ups
A common reaction to a pop-up window is to click the little "X" in the corner. However, pop-ups have gotten sneaky, and sometimes downright nasty. The most malicious ones "ask" you to download or even purchase fake anti-virus software (Antivirus XP 2010, for example) or scan your computer, but give you no option to cancel or close the window.
When dealing with these annoying and potentially damaging pop-ups, it is generally good practice to right-click the window in your taskbar and then left-click to close it, rather than clicking the window's "Cancel" or "X" button. If this method doesn't close the window, you can also press "Ctrl" + "Alt" + "Delete" (or right-click an empty spot on your task bar), select the "Task Manager," and then select the "Applications" tab to look for the window in the list. Right-click on the name of the window, and then left-click on "End Task." Once it disappears, you can close the Task Manager window.
To prevent future pop-ups, consider increasing your browser's filtration setting, if it has one. For example, in Internet Explorer, go to the "Tools" menu and ensure that the SmartScreen Filter is turned on. In Firefox, this option is located under "Tools" > "Options" > "Content" tab.
Another way to combat pop-ups is to install browser plugins such as Adblock and NoScript -- just be sure to allow pop-ups from www.drexel.edu and http://learning.dcollege.net.
Dangers of Downloading Screensavers and Wallpaper
Looking for a new screensaver or wallpaper for your computer? If so, beware! Since most screensavers and wallpapers must be downloaded, they are an ideal vehicle for computer infection. Additionally, these types of files are usually downloaded in a zipped folder, which can more readily house a virus than other types of files.
Furthermore, it is important to be wary of any screensaver or wallpaper Web sites you visit. Disreputable sites tend to be poorly-designed and full of ads or pop-ups. One reputable site you can try is called InterfaceLIFT, which features photographs and digital work produced by users around the world in a variety of screen resolutions.
Choosing and Using Malware Removal Tools
Sometimes, anti-virus programs alone aren't enough to protect users against malware. Malware refers to malicious files (or programs) that store and send out your personal information to various sites, eating up your computer's resources and causing it to slow down considerably. These files often "hitchhike" with other files you are downloading, or are installed on your computer automatically when you happen upon a malicious Web site. Once on your computer, malware can monitor your computer usage, log your keystrokes to steal sensitive information, or simply wreak havoc on your computer’s registry (the core files of the computer’s operating system).
To combat malware and help eradicate it from your computer, consider downloading and using free tools such as Malwarebytes, Ad-Aware, or Spybot - Search & Destroy. These applications can be used to scan your computer for malicious files and quarantine or remove them altogether. Another trustworthy source for downloading these and other tools is CNET's Downloads page.