Viruses and Spyware

What is a Virus?

• A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of itself.

• It is a parasite program, needing another program to survive.

• For our purposes, that program is Microsoft Windows

How many viruses are out there?

Many.

http://securityresponse.symantec.com/avcenter/vinfodb.html

Yale’s Network

• Our network is particularly vulnerable

Yale’s Network

• We are not a closed corporate network

• We have a federated IT structure

• We have STUDENTS

How is the Library protected?Norton Antivirus updated daily

Microsoft Security Patches

Norton Antivirus

• Constantly scans system files for viruses. Does this in “real time”

• New virus definitions are delivered when needed.

Norton Antivirus

• Norton is REACTIVE not PROACTIVE

• This means that only known viruses can be caught

• There have been several times where something originates here at Yale or at another university before Norton finds it.

• Norton cannot a stop virus in this case

Norton Antivirus

• Norton also does not necessarily remove the virus from the machine.

• It will block access to it, but if a machine is open to the exploit, there still is the chance it will be successfully executed

How can I tell if I have a problem with Norton?

• Normal Norton Shield

• Red cross through Shield

• Yellow exclamation point

Norton Antivirus

What do they mean?• Realtime protection not active

• Norton Antivirus services not loaded

Both are not good

Norton Antivirus other problems

• No shield at all

• Not updating every day

• Virus Definitions are not recent (several weeks old)

• Hands on

When Norton catches a virus• A window pops up. What this

window says is very important

When Norton catches a virus

• This is good

When Norton catches a virus

This is bad

When Norton catches a virus• So long as your computer says

“quarantine succeeded”, the virus has been caught. If it says anything else, contact W&WS immediately.

When Norton catches a virus• Norton does not delete it

but“quarantines” it.

• Goes back to a time when viruses infected legitimate documents

• Generally no longer the case. Viruses are no longer worth keeping. If Norton catches it, they already know about it

Clearing the Quarantine

• As a result, as viruses are caught on your computer they fill up the quarantine.

• This leads to annoying messages asking you to try and “fix” the files

• This is useless. You cannot fix a modern virus. We should just clear out the quarantine. This is how:

Clearing the Quarantine

Clearing the quarantine

Clearing the quarantine

Clearing the quarantine

Virus transmissionMost common methods:• Executed by someone clicking on

an email attachment.

• Automatically through a network via security holes/flaws

Virus transmission

How do we stop them?

well…

Email Messages• Email viruses are a fact of life, and

there is little that you can do at the computer end to stop them. (Do not filter at the computer!)

• Be suspicious of email attachments from unknown sources.

Email Messages

• Do not set your email program to "auto-run" attachments. We have ITS renaming files so that people have to go through several steps to open attachments. This reduces the likelihood of “accidentally “ clicking on an attachment.

Virus transmission

• Verify that attachments have been sent by the author of the email. Newer viruses can send email messages that APPEAR to be from people you know.

Virus transmission

Speaking of which….

Email messages

• Email headers can be forged.

• This means that the person in the “from” address did NOT send the email virus.

• The virus simply picks and chooses two random addresses from your computer and sends it

Email messages

• Just because a virus arrives with someone’s name attached to it. This does not mean that they have a virus.

Forged header example

Virus transmission

• Viruses exploit security flaws within Windows

• Almost all of these flaws are public knowledge with an available fix

• Viruses exploit security flaws within Windows

Virus transmission

Virus infections are preventable via patching

Case in point:

Virus transmission

• The Sasser worm exploits a hole in Windows that was patched on April 13, 2004.

• The Sasser worm started making it’s rounds on April 30th.

• People had 17 days to patch their machines.

Virus transmission

• As a result of patching all of our machines, the Library did not have a single computer found with the Sasser Worm.

Software Update Services• This is a result of Software

Update Services.

• This is an automated, centrally managed service that allows automatic application of patches on Yale Library workstations

Software Update Services

• What you need to know

Software Update Services

• This globe indicates that the updates have been automatically sent to your computer

Software Update Services

• Because Library users are administrators on their machines, users can override this.

Software Update Services

• Tell your users to click YES when this window appears

Software Update ServicesTasks for expert users

• Make sure computers are turned on frequently.

• If people are away, please make sure their workstations are turned on regularly. Login is not necessary

Spyware: What is it?

• Spyware is deceptive software, which promises you a feature or utility in return for secretly tracking your web surfing habits for advertising purposes.

Spyware

Why Spyware is bad:

It is a possible security risk (redirects)

It is network intensive

Violates your privacy

Violates Yale’s ‘privacy’ (can monitor ALL your network traffic)

It is annoying

How do I tell if I have spyware?5 Signs:

Extra system tray icons

Extra toolbars in Internet Explorer

Redirected home page

Popups ALL the time

S L O W Computer

How do I remove spyware

The best way: Spyware removal tools

We use Spybot Search and Destroy

Sometimes even the uninstallers are deceptive