Even if you don't consider yourself a technical person,  there are some easy things you can do to protect yourself and others in your computing environment.  It's much easier to keep your system secure than to have to scramble to get things fixed! 

 

 


UM's Top Computing Security Tips

The IT Security Department recommends the following steps for safe desktop and laptop computing.  While most viruses and system vulnerabilities are associated with computers using Windows, these tips will benefit users of other systems as well.

If you have departmental IT staff, please check with them.  They may have different options available, or preferences that will assist you in minimizing your computing risks.

  1. Change Your Mindset.
    Why would Hackers pick me?  Most victims of computer crime do not think of themselves as an inviting target for an attack.  Problem is, the majority of those who prowl the Internet don't really care about your email messages or file content.  Prowlers do care about finding a platform from which to launch anonymous attacks against other computers, or about your credit card number and personal information.  Any computer connected to the Internet becomes worthwhile prey.

    Why should I care?  If your computer is broken into or infected with a virus, the steps to recovery can consume a few or many hours, depending on the nature and extent of the damage.  Some or all of your data can become corrupted or lost.  Unwanted aggravation and loss of valuable time is in store for you and others who are involved in performing the recovery steps. 
     

  2. Patch Frequently.
    Along with weak passwords and virus-spreading email attachments, unpatched computer systems constitute one of the greatest security threats on the Internet.  All major operating system vendors offer mechanisms that will allow you to regularly check for updates and apply them.  It is important to
    keep your system at "current patch level" to minimize your exposure.

  3. Use Antivirus Software & Keep It Current.  Keep Your System Protected Against Spyware.
    If you're a member of the student body or faculty/staff, UM makes it easy to do this by providing
    free Symantec Antivirus (SAV).   CA PestPatrol is also provided free of charge and detects/eliminates trojans, spyware, adware and hacker tools.  A CaneID login is required for on-campus and off-campus users to access these downloads. 

  4. Be Careful With Passwords.
    Make passwords strong.  Although strong passwords are enforced for CaneID logons, other systems may not require you to follow any password guidelines.  You should follow 
    CaneID's strong password guidelines whenever possible, even if the system or application you are using does not enforce strong password guidelines.

    Protect passwords from misuse.  Don't let anyone else know or use your password.  Don't write it down; or if you must, keep it in a locked area or in your wallet.  Don't post it on your computer or anywhere around your desk.  Don't include the name of the system or the associated login ID with the password.  Change your password periodically, even if it hasn't been compromised.  Don't type your password while anyone is watching.

  5. Remove Spyware.
    Spyware is software that is installed on your computer without your knowledge or is bundled with other software you download from the internet.  Spyware can:

  • Track what you are doing on your computer for marketing purposes

  • Reset the homepage and search pages on your browser

  • Create pop-up advertisements

  • Slow down your computer's Internet connection

  • Interfere with your computer's normal operations

Spyware removal programs are available free for download from the Internet.  Two popular ones are Ad-Aware and Spybot Search and Destroy.

top


Other Good Practices

If you have departmental IT staff, please check with them.  They may have different options available, or preferences that will assist you in minimizing your computing risks.

Guard against Identity Theft
Bad things happen to your good name when Phishers get a hold of your identity.  VISA provides great information concerning how Identity Theft

occurs, how you can minimize your risk, what to do if you are a victim, resolving credit problems, etc.  View VISA presentation (used with permission from VISA USA, Inc.)

Keep your original system software handy

If your computer is compromised or you fall prey to a nasty virus, it may be necessary to reformat the disk drive and reload the operating system and drivers.  Keeping your original system software in a safe and easily reachable place ensures that you won't have to waste valuable time searching for these items or downloading them from the Web.

Avoid Phishing Scams (Microsoft.com)
Phishing is the practice of sending millions of bogus emails that appear to come from popular Web sites or from your bank or credit card company.  The emails look so official that many people will respond to requests for their password, credit card information, and other personal information.  Microsoft recommends the below four steps to avoid Phishing Scams.  View the entire article from Microsoft.com.

  • Don't respond to e-mails requesting personal information.
  • Don't click on a link in an e-mail that you suspect might be fake.
  • Check a Web site's security certificate before you enter any personal information.
  • Routinely review your credit card and bank statements

Monitor your system's unused disk space regularly. 
If you see a large unexplained drop in available space, investigate the cause promptly.

Back up your locally stored data regularly and keep copies in another location.
How important is your data to you?  If it's important, it should be backed up. If it matters enough to get upset over losing, it's worth protecting, and backups are an essential part of data protection. Part of your preventive maintenance and system care should include regular, reliable data backups. No matter how well you treat your system, no matter how much care you take, you cannot guarantee that your data will be safe if it exists in only one place. The risks are much greater than most people realize.

Spam/Virus Spoofing
Email-distributed viruses that use spoofing, such as the Klez or Sobig virus, take a random name from somewhere on the infected person’s hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing a virus.  

If you receive an alert that you’re sending infected emails, first run a virus scan using McAfee [at UM, we use Symantec].  If you are uninfected, then you may want to reply to the infection alert with this information: 

“Your virus may have appeared to have been sent by me, but I have scanned my system and I am not infected. A number of email-distributed viruses fake, or spoof, the ‘From' address using a random address taken from the Outlook contacts list or from Web files stored on the hard drive.” 

But keep in mind that a virus alert message is quite often auto generated and sent via an anti-virus server and so replying to the original email may not elicit a response. 

Alternatively, if you receive an email-distributed virus, look at the Internet Headers information to see where the email actually originated from, before firing off a complaint or virus alert to the person you assume sent it.  View the complete article.

top


Keeping Your System at Current Patch Level


Microsoft Windows Operating Systems

Older versions of Windows (95, 98 and ME) are not supported by IT.  If you are running one of these older versions, it is strongly suggested that you upgrade to Windows XP if possible, preferably the Professional Version.  The most popular versions at UM are Windows 2000 and Windows XP which can be configured for automatic updates by following these steps:

  • Click on the Start button on the Task Bar

  • Click on Control Panel

  • Double-click on the System icon to get the System Properties box

  • Select the Automatic Updates tab

  • Click the check box for "Keep my computer up to date..."

  • In the Settings box, choose the options that suits you best

  • Click OK and close the System Properties box

  • Windows may require you to shut down & restart your system

Windows Operating Systems

MS Windows Updates website

 

Macintosh Operating Systems
Apple's computing security website

 

Sun Operating Systems
Sun's computing security website

 

Linux Operating Systems
Linux's computing security website

top