next up previous
Next: Web Up: Simon's Rock College Computer Previous: Spam Filtering

Subsections

Viruses and Security Updates

What exactly is a virus? What can it do to my computer?

The term virus is often used imprecisely to refer to not only viruses, but also Trojan horses (benign-looking programs which infect files on computers in order to do the real damage later) and worms (which propagate and infect other machines). In this document we will refer to all of these as viruses for simplification. The term virus is used to point out the analogy between biological viruses and computer viruses. Like biological viruses, the computer variant can be dangerous, especially if not caught and treated quickly. Some viruses may not do serious damage to your computer. They may display silly messages or change your screen saver. Most viruses, however, were not created with such good intentions, and can do serious damage to your computer. A virus may cause your computer to crash frequently, delete important files, and even infect your computer so that it can no longer boot. Viruses can be passed to other computers whenever files are shared. Worms are highly contagious and will infect other computers without human intervention. (For example, many worms will automatically send themselves as email attachments to everyone in your address book.)

What are some of the current high risk viruses?

Both Symantec and F-Prot maintain current lists of virus threats and descriptions. Please look there for current information.

Viruses and worms which have been a concern at Simon's Rock include:

  1. Sobig.F
  2. Welchia/Nachi
  3. Blaster/Lovsan
  4. Mimail
  5. Slammer
  6. Myparty
  7. Badtrans
  8. Goner
  9. Klez
  10. Nimda
  11. SirCam
  12. Snowhite

What can I do to reduce the risk of getting viruses?

Your Simon's Rock email account is scanned for viruses, so if you are using your Simon's Rock email, most infected attachments should be deleted before they get to you. However, no system is perfect and viruses can be spread in many ways, so you should still consider the following precautions.

The overwhelming majority of viruses are for Windows. If you are running Mac OS, Linux, or any other operating system, you are much less likely to get a virus. Additionally, if you are using Outlook Express, you are much more likely to get a virus than if you are not. Thus, one of the simplest ways to reduce the likelihood of getting a virus is not to use Outlook. The Office of Computer & Media Services will not support Outlook Express on any staff machines; we recommend Eudora, Netscape Mail, or the OS X Mail application instead.

Most viruses are spread through email, particularly through email attachments. While you can receive viruses in the text of an email message if it contains html, it is very unlikely. You can avoid the vast majority of viruses by never opening email attachments unless you are certain you know what they are. Attachments that end in .vbs or .exe are executable files that often (though not always) contain viruses. You should be especially cautious if you receive such files as attachments. When in doubt, either throw out the attachment without opening it (better safe than sorry) or run a virus scanner on the file or on your whole computer immediately after opening it.

One common form of virus is a Word macro virus. Macros are small programs that you can use write to automate some of the tasks you do repeatedly. They are very seldom actually used for legitimate purposes. Word macro viruses are viruses that take advantage of the fact that Word, in both Windows and Mac OS, will allow them to run certain commands on your computer without you knowing it. If you use Microsoft Word, you will want to make sure that you have macro virus protection enabled. Once virus protection is enabled, you will be warned before Word will open any files with macros. To turn on virus protection, open an existing file or blank document in Word. From the Tools menu, select Options... in Windows or Preferences... in MacOS, both of which are at the bottom of the list. Click on the General tab. Check the box that says Macro virus protection. Quit Microsoft Word and open it again. Check to make sure that Macro virus protection is still checked. (If it is not, you probably have a Macro virus and should scan your computer for viruses immediately.)

Because viruses are not only spread through email, you should also always be cautious when downloading files from Network Neighborhood or My Network Places, the web, and file sharing programs. If you have a shared folder on your computer that other users can write to, you can even get viruses without downloading anything yourself. Please check to make sure that you do not have any non-passworded writable shares on your computer. (If you are unsure how to do this, ask.)

You can reduce your risk of getting a virus by making sure that you have patched all known vulnerabilites. For Windows users, this includes running Windows update; for Mac users, this includes running Software Update. We recommend that this be done daily.

And finally, of course, we recommend that you have an antivirus program installed on your computer. The antivirus program should be set to download new virus definitions daily. Simon's Rock will provide antivirus software for all faculty, staff, and students.

How do I find out if I have a virus?

If your computer is acting strangely or if one of your friends has a virus, you should run a virus scanner. It is also a good idea to regularly scan your computer for viruses. Remember that because new viruses are invented all the time, a virus scanner is only as good as the virus definitions that it has. Make sure to update your virus definitions before scanning your computer. Simon's Rock has a license for F-Prot, a virus scanner for Windows.

How do I install and set up F-Prot for Windows?

F-Prot for Windows is available for all faculty, staff, and students on the CMS software website (http://cms.simons-rock.edu/software/). Download the file is fp-win_314a_m.exe, located in the windows directory on this site.

The following instructions have been tested in Windows XP Pro. Click on the downloaded fp-win_314a_m.exe. Click Setup, then Next, Yes, then Next four more times, then OK, then Finish. This concludes the installation of F-Prot. You may need to reboot your computer.

Now you will need to configure F-Prot so that it will automatically get virus definition updates and scan your computer. Open the newly-installed F-Prot application, and click on the Info tab on the left-hand side. Then click on the Updater button at the top-right and set Update type to Internet (on-line) (instead of Local network (LAN)). Click on the Settings... button and set the HTTP proxy to proxy.simons-rock.edu and the Port to 3128; then click OK. Click the Update... button to update immediately. Click the Close and Quit buttons when the update has completed.

Next, you need to configure the options F-Prot will use when it is run. Click on the Scan tab at the left. Then click on the Options... button on the right. Under the What to scan tab, select All files and check Compressed archives. Select the Action to take tab and select Disinfect, check Request Confirmation, and click OK. Finally, click the Settings tab on the left. Select Append to file from the Report section. Then click the Quit and Exit buttons to end this part of the setup.

Finally, configure the F-Prot Scheduler to update virus definitions and scan your files automatically. Remember, you are only protected against viruses if you are using current definitions and scanning frequently, perhaps daily. Additionally, you will want to choose a time to update definitions and scan your files when your computer will be on, but you will not be inconvenienced.

Go to Start, then Programs, then F-Prot Antivirus, and select Scheduler. By default, your hard drive will be scanned every week. Double-click on the line of text beginning Scan hard driv... to modify the time and frequency of scans. After making changes, click Save, and then repeat the procedure with the line beginning Run the Upd.... Click on the Close button when you are finished.

You may wish to copy shortcuts from the Start menu to the desktop. To do so, right-click on the Start button and select Open. Go to Programs, Fsi, F-Prot, Scan. While holding down the Control key, drag Floppy drives and Hard Drives to the desktop. (Make sure that you see the little + by the icon as you're dragging it. Rename the shortcuts on the desktop to something more descriptive, such as ``Scan a floppy disk for viruses''.

How do I run F-Prot for Windows manually?

Because F-Prot runs in the background all the time, you should not need to run it yourself frequently. However, if you suspect that your computer is infected with a virus, you should run F-Prot manually. You should also manually scan floppy disks. If you have created shortcuts on your desktop for scanning floppy drives and hard drives, you can simply double-click on them to start the appropriate scan.

If you do not have a shortcut or if you only want to scan particular files, you can start a scan by selecting Start, Programs, F-Prot Antivirus, and then OnDemand Scanner. Click the OnDemand Scanner button, select the files to scan, and then click Scan Now.

But I have a Mac. What do I do about antivirus software?

Because we have had significantly fewer problems with Macs, we do not have a site license for any antivirus software for the Macintosh. We do have several copies of Norton AntiVirus 7.0 available for use by staff members upon request. We do not provide copies of antivirus for student-owned machines. Students who feel they need virus protection beyond the precautions listed above should purchase antivirus software. Norton, Sophos and McAfee maintain antivirus software.

How do I run automatic updates for security fixes to my operating system?

In Windows Me/2000/XP?

To install updates manually, open Internet Explorer and go to http://windowsupdate.microsoft.com or select Windows Update from the Start menu. Click Scan for updates. Click Review and install Updates. Install all critical updates and relevant recommended updates. For screenshots, see http://www.jmu.edu/computing/security/info/update.shtml. (Note that you must have administrator privileges and that your computer will reboot after updates are installed.)

To run updates automatically and daily (which we strongly recommend), select the Automatic Updates tab from Start, Settings, Control Panel or Start, Settings, Control Panel, System, or Start, Control Panel, Performance and Maintenance, System. Make sure the Keep my computer up to date... checkbox is checked and select the Automatically download updates, and install them on the schedule that I specify option and Every day. Choose a time to run updates and click OK. For screenshots, see http://www.uic.edu/pharmacy/it/Tips/winupdat1.htm.

In Mac OS X?

Open System Preferences from the Dock or the Apple menu. Click on the Software Update icon in the bottom row. Check the Automatically check for updates when you have a network connection option. You may also choose to check manually by clicking the Check Now button. Updates may require a restart.

In Linux and BSD?

Debian packages can be updated with 'apt-get update && apt-get upgrade'. Red Hat packages can be updated with 'up2date'. Additionally, we encourage Linux and BSD users to subscribe to security announcement mailing lists, such as debian-security-announce, redhat-watch-list, freebsd-security-notifications, or security-announce (OpenBSD).

I got a virus. What should I do?

As soon as you discover the virus, you should notify someone in Computer & Media Services and run your antivirus software manually. If you are unable to remove the virus or have any questions about what to do, shut down your computer and leave it turned off until someone can help you remove the virus. Having a virus on your computer is just like having lice or any other contagious disease; the faster it can be cleaned up, the less likely it is to spread.

I thought I got rid of the virus, but I didn't.

If you are using Windows ME or XP and have System Restore enabled, your computer may be saving a copy of the virus that you think you removed. You may need to manually delete files stored in C:\_RESTORE\ARCHIVE.

To disable System Restore in Windows ME, right-click on My Computer and select Properties. Click on the Performance tab and select File System at the bottom. Click on the Troubleshooting tab and check the box that says Disable System Restore. Click OK twice to exit and restart your computer when prompted.

I got a warning about a virus. Is it real? Should I send it to everyone I know?

No, you shouldn't send it to everyone you know. Before forwarding along any virus announcement, you should seriously consider the validity of the message, as the overwhelming majority of such announcements, such as the one about jdbgmgr.exe, are hoaxes.

Real virus warnings do not use all capital letters. They do not try to scare you. They do not tell you to forward the message to everyone you know. They do not mention press releases from big companies that have nothing to do with virus announcements or antivirus software (i.e., Microsoft, AOL, IBM, Intel). They do not make references to other articles without citing them appropriately.

Real virus announcements do give official virus names and URLs (web pages) that you can go to for more information. They provide the date that the virus was identified and may include fixes. Most importantly, real virus announcements state clearly who is issuing the announcement.

You can find out if a virus is real or not by searching for the subject line or any of the text using a search engine, such as http://www.google.com. You can get lists of hoaxes at http://HoaxBusters.ciac.org, http://www.vmyths.com/, and http://vil.mcafee.com/hoax.asp. You can get a list of real viruses from http://www.symantec.com/avcenter/.


next up previous
Next: Web Up: Simon's Rock College Computer Previous: Spam Filtering
Computer & Media Services