Viruses, Worms, Trojan Horses Oh, my!
These terms refer to malicious programs that infect computers. Once infected, a computer can be commandeered by a hacker and made to do his or her bidding. A hacker may steal personal data and erase your hard drive. Or the hacker may use your hard drive to store pirated movie files or launch an attack on other computers using your infected PC.
Most commonly, desktop computers become infected by email attachments. Opening or executing the attachments results in infection. Filters on our servers detect and stop more than 99.9% of email viruses before they reached your PC. Hackers use other methods to corrupt your PC. A Web site may entice you to download a file supposedly containing a useful program. Or you may FTP a virus-infected file from a server. Executing this file infects your PC. For this reason, it is imperative to run virus-scanning software on your PC. Regularly scanning for infected files will detect and quarantine the common worms and Trojan horses that may reside on your computer.
These defensive measures are necessary but theyre not sufficient. You PC may be inviting hackers to load malicious files by exploit hidden security holes in your operating system and applications. Security patches are released monthly for Windows NT workstations. Microsofts FrontPage Web publishing software can turn your PC into a poorly secured Web server that lets hackers implant Trojan horse software in your computer.A firewall can block many kinds of attacks directed at a poorly secured PC but it cannot stop them all. Ultimately, PC security depends on personal vigilance. This is what you need to do:
- Install virus protection software on your PC.
- Scan your PC’s hard drives and floppies for viruses weekly. This generally takes 20 minutes or less. SOM IS can configure your PC to make this happen automatically.
- Make certain virus software definition files are updated at least once each week. SOM IS can configure your PC to make this happen automatically.
- Disable unnecessary ports and services on your PC. SOM IS can assist in identifying and closing them.
Ports and Services
Computers rely on services to send information between each other through ports. A "service" is a small program running in the background that recognizes and interprets information sent via standard protocols. For example, a Web service will recognize the HTTP protocol and allow Web traffic to pass from a Web server to a PC browser. Services listen to and speak to ports. A "port" is a software connector that works very much like your PC’s hardware printer or keyboard connector. It sends one type of information from one place to another. For example, Web traffic travels between computers through port 80.
Of the more than 65,000 ports that are available for use, fewer than 200 are used for legitimate purposes by most computers. Unused ports are appropriated by malicious software. Viruses install rogue services and then communicate with the hacker over these ports. A firewall can block access to unneeded ports from the Internet; however, it cannot block port traffic from inside the local area network. An infected computer on the LAN can spread malicious software to other PCs behind the firewall. To prevent this kind of exploitation, unnecessary ports and services on each PC must be individually be disabled. This will help protect the LAN and all PCs from internal threats that firewalls are powerless to control.
Virus Protection Software
UMB has a campus-wide software license agreement with Symantec Corp. UMB faculty, staff and students may obtain a copy of the Norton AntiVirus scanning software from the Software Licensing Office at HS/HSL for a $30 fee. Because virus infections are so common (one in every 300 e-mails is infected) and because a virus can be devastating to a computer and to the network hosting it, School of Medicine policy requires virus-scanning software to be installed, regularly updated and constantly active on every computer. Wise computer owners will also install virus protection software on notebook computers and on home computers that connect to the Internet. Under the campus agreement you may install the Norton AntiVirus scanning software and virus definition files on your home PC. For more information or to obtain a copy, call the Center for Information Technology Services' (CITS) Software Licensing Office at 6-8166, or visit the web site: http://www.umaryland.edu/cits/software/.
Virus scans can be initiated either locally by you, remotely by SOM IS or both. Local scanning allows you to check your PC whenever a new file is saved. Remote scanning allows SOM IS to automatically check your PC for known viruses at regular intervals.
Updating your Virus Protection Software
During installation this software can be set for remote or local management. Remote management allows SOM IS to automatically update the virus definition file on your PC every time you log on the SOM network. Local management makes you responsible for learning of virus definition file updates, downloading and installing them yourself. For those choosing local management, regularly check for updated Norton virus definition files at: http://www.symantec.com/avcenter/defs.download.html.
To view information about currently known viruses: http://securityresponse.symantec.com/avcenter/vinfodb.html/ or http://www.antivirus.com/vinfo/.
Occasionally, you may receive emails from others warning of a new virus. Some of these are genuine but many are hoaxes. If you receive an email of this type, please check on the Symantec website to see whether or not the virus is credible: http://www.symantec.com/avcenter/hoax.html.