• Library/IT Home
• Site Search
• Site Index
• Library Catalogue
• My Library Record
• A-Z Online Resources
• E-journal gateway
• Doing Research
• Using our Libraries
• IT Support
  • Network Accounts
  • Athens
  • Email
  • Mobile devices
  • Home Folders
  • Computing Labs
  • Video conferencing
  • Printing and Photocopying
  • Connect your PC
  • Stay Safe Online
  • Guide to buying I.T.
  • A-Z Software
  • Off campus access
  • At Risk periods
• Dissertation Support
• Teaching Support
• Help and Training
• NHS Highland
• About Info Services
• Contact Us

• Print Friendly Pages
• Text Only Site
• University Home
• Back

How to Protect Your Computer, your data and yourself online

Computer viruses and other malicious software ("Malware") are a serious problem and you must protect yourself against them. This page gives a short explanation about different types of attack and advises on protection for you and your PC.

Intro to malware
Viruses
Spyware
Trust no-one! Be aware..
Protect yourself online
Useful links
Encrypting your data

Malware

Information Services have deployed Counterspy across campus to protect university PCs from malware. Read more about malware and Counterspy. Malware, a generic term for spyware & adware, can be installed without the user being aware of it. Just by visiting a compromised website, opening an email or installing a screensaver, it is possible for the malware author to exploit vulnerabilities in the PC's operating system to enable remote access or software installation.

The most benign forms of malware may just allow the installation of advertisement software which displays pop-ups when the user is browsing the Internet. A few programs use this as a method of generating revenue and may actually mention it in the license agreement.

However, malware can also allow the installation of Trojans, viruses, file sharing servers and keyloggers onto the user's PC. Once the PC has been compromised, it can then be used as a base to launch attacks against the University network and other PCs

Another use of a compromised PC is to use it as a fileserver to allow the storage and sharing of copyrighted and illegal material. These filesharing applications consume a vast amount of network bandwidth, which degrades performance and has an impact on all users.

Malware can be used for Identity theft by the installation of keyloggers which record every key press and mouse action. This allows for username & passwords, bank details, HR data etc to be captured and relayed to a remote hacker. This information can then be used to transfer funds from bank accounts or used to obtain credit fraudulently. The discovery of any installed keyloggers would require that the user change all their own passwords and also any systems passwords that s/he has used.

The malware will cause the PC to slow down and may cause the PC to crash frequently resulting in reduced productivity and perhaps lost work. This instability usually results in numerous support calls which take time to resolve. This places a great strain on support resources and causes a great deal of inconvenience to the user and may require that the PC be rebuilt.

Viruses

Most users are familiar with computer viruses, a piece of software which spreads itself from one file to another and from one machine to another.

Viruses are often spread by email, usually within attachments, but sometimes in the body of the message itself. Other forms of "transport" include web pages, directly over the network, through infected documents (particularly MS Office documents) and discs. In other words, all computers are at risk, particularly if connected to a network, but even if they are not.

You may not notice immediately that your system has been infected. Many viruses stay "dormant" for long periods, or spread themselves to other files/users etc. for weeks or months, before discharging their "payload"

Virus hoaxes
Virus hoaxes are false warnings, circulated via email, about a virus (which may be real or invented). The recipient is exhorted to pass the warning on to as many people as he/she can. If many users heed the message, they create a "mail storm", as sort of humanly transmitted computer virus which no software can stop! An excellent site for information about hoaxes and myths is http://www.vmyths.com.

How to spot a hoax
It is easy to fall for such pranks, but fortunately, it's also easy to spot them:

• Treat any dire email warnings about viruses with suspicion, unless they are from your IT support people (Information Services in Stirling or a departmental technician).
• Most hoaxes are written in particular style. Learn to recognise it! THEY OFTEN CONTAIN PASSAGES WRITTEN IN CAPITAL LETTERS. They often make outlandish claims ("The virus will format the hard disc of everybody on your email address book") and often use name dropping to lend weight to their claims ("Microsoft, AOL and NASA have stated that this is the fastest spreading virus so far and there is no known cure for it").
• If in doubt, use one of the following sites to search for the virus by keyword:
  • http://www.sophos.com/security/hoaxes/
  • http://www.symantec.com/enterprise/security_response/threatexplorer/risks/hoaxes.jsp
  • http://vil.nai.com/vil/hoaxes.aspx

If you are still unsure about a particular message, forward it to the Information Centre. Whatever you do, do not forward the message to your colleagues!

Protecting your PC - antivirus software and Windows updates
All PCs/laptops connecting to the university network must be running adequate anti virus software.

Staff
If you are not sure whether your desktop PC is running Symantec, please follow these instructions to check:

• Look at the bottom right hand corner of your PC desktop (in the system tray) for a yellow shield icon like this:
  
• Double click the shield. You will see the screen below.
• The virus definition file lists the most recent update to your software. If you are unsure that this is the most recent update, you can ring the Information Centre on x7250 to check.
  If you cannot find Norton on your PC you must call the Information Centre to have a technician check your PC

Staff with laptops
If you are connecting a laptop to the university network, you must ensure that your laptop running an up-to-date anti-virus solution. Please check before connecting your laptop to the network. If you do not have Symantec AV, and the laptop is university owned, you can call the Information Centre and have IS staff install the software. If the laptop is your own property, then it is your responsibility to ensure that it is protected. The Symantec software can be downloaded from the university portal under the link to CampusNet Installer. Select the full version of the installer which includes Symantec. You can install Symantec without installing the CampusNet software if desired although you will need the CampusNet software if you are going to want to bring the laptop onto campus to connect to the network. DO NOT CONNECT YOUR LAPTOP TO THE UNIVERSITY NETWORK UNTIL YOU HAVE PROTECTED IT BY INSTALLING SYMANTEC ANTI VIRUS.

Students' computers
If you wish to connect your computer to the network either at the residences or on campus, please follow the instructions given on our web site. All laptops/PCs connecting to our network must be protected either by your own up to date antivirus software or you will have to install Symantec.

Windows Updates
It is very important to make sure that you keep your PC updated. Hackers are constantly seeking to exploit bugs and loopholes in software such as the Windows Operating System. Microsoft release updates just about every day in order to plug any suspected holes. Windows Updates are run automatically on staff desktop PCs on campus. Owners of laptops are advised to make sure that your laptop is regulary updated. You can set your laptop to check for Windows updates every time you are connected to the internet. Go to Settings > Control Panel >Automatic Updates and make sure you have selected 'Automatic'. You can then choose whether you want the updates to be downloaded as soon as they are available, or have windows notify you when new updates are available and allow you to decide when you want to download them. In addition you can go to the Windows Update website and check for new updates. Get Safe Online provides more information about Windows updates.

Spyware

Spyware is a type of malicious software that installs itself on your computer without your informed consent and uses your computer to generate a profit for the software makers. Some Spyware tracks your use of the computer and reports it to the author for marketing purposes or worse (hence the name). Other packages use your computer to access web sites with adverts, call premium call numbers or any number of other nefarious activities. Most people become aware of the existence of Spyware only when their PC has slowed down to a crawl, but it is in fact a very common problem.

Spyware protection for staff desktop PCs
Information Services have deployed Counterspy across campus to protect university PCs from malware. Read more.

Preventing Spyware on your own PC/laptop
There are many anti-Spyware packages, some free, others not. Many are good, but none is perfect. We recommend you install at least one of the following free packages, or a commercial alternative:

Windows Defender (http://www.microsoft.com)

a-squared Free (http://www.emsisoft.com/en/software/free/)
Adaware Personal SE (http://www.download.com )
Spybot Search and Destroy (http://www.download.com)

In addition, consider downloading Spyware Blaster (from http://www.download.com), which offers 'passive inoculation' against many forms of spyware.

Run a traditional anti-spyware package to scan and remove Spyware from your computer. Then, if you wish, run Spyware Blaster to offer your PC more protection from further infection.

Run the programs regularly to scan and protect your PC. Always remember to update them before scanning the PC (commercial versions of some packages update themselves automatically, but manual updating is easy enough to do)

Read more about Spyware on the Get Safe online website.

Trust No-one - be aware of potential threats

Every day, many new viruses are released onto the internet. The only way to cope with the threat is by using up-to-date security software. However, such software is not perfect, and must be used appropriately to be effective:

• treat email from unknown sources with suspicion. If you do not know the sender do not open the message.
• Do not automatically trust incoming email. Ask yourself if the message looks like something that sender is likely to send to you. Many email-based viruses arrive in messages (from colleagues or acquaintances) which state "You've got to look at this" or the like. If you're uncertain about the message, pick up the phone or reply to the message and ask the sender for confirmation. If the message looks suspicious (unknown sender, strange subject), do not open it!
  TIP: In Outlook, you can 'peek' into messages in your inbox without opening them by choosing View, AutoPreview.
• Save email attachments, then open them. Do not open them directly from within the email! This gives your anti virus package a better chance to detect any viruses and remove/block them.
• Make sure your anti-virus software is active and current. The package we use on campus is Symantec Anti Virus (version 10), also known as Norton AV. Staff and students of the university can borrow the software from the Lending Services desk in the Library to install on their home computer or logon to the portal and follow the link to CampusNet installer.
• Ensure your PC is protected by a firewall. This is enabled on University PCs by default. Windows XP has one built into the system which you can activate via the 'Firewall' control panel. If you are using an older version of Windows you will need to obtain a third party firewall.

Protecting yourself online

As well as protecting your computer when you're online, it is important to be careful with your personal information when you are online. The website Get Safe Online has a section on protecting yourself online which is well worth reading. It includes information on safe online banking, shopping, using online auctions. It also has a section on safe use of social networking websites such as Facebook and Bebo. Sophos also provide a guide to setting your privacy settings in Facebook. The website 'Don't believe the type' has lots of advice on using chat rooms, instant messaging, social networking websites safely.

Useful Links

Get Safe Online government website which has sections on protecting your PC, protecting yourself,
Don't believe the type : covers chat rooms, giving out personal information, instant messaging etc
Staying safe online: part of the directgov website for young people. Covers internet use, social networking sites, chat room safety, identity theft
About.com's 'Safety 101': how to protect your PC and behave responsibly on the web

Author: Oron Joffe

page last modified 16 November, 2009