close

Вход

Забыли?

вход по аккаунту

?

Viruses and Spyware - Yale University Library

код для вставкиСкачать
Viruses and Spyware
What is a Virus?
• A virus can be defined as a computer program that
can reproduce by changing other programs to include
a copy of itself.
• It is a parasite program, needing another program to
survive.
• For our purposes, that program is Microsoft Windows
How many viruses are out there?
Many.
http://securityresponse.symantec.com/avcenter/vinfodb.html
Yale’s Network
• Our network is particularly vulnerable
Yale’s Network
• We are not a closed corporate network
• We have a federated IT structure
• We have STUDENTS
How is the Library protected?
Norton Antivirus updated daily
Microsoft Security Patches
Norton Antivirus
• Constantly scans system files for
viruses. Does this in “real time”
• New virus definitions are delivered
when needed.
Norton Antivirus
• Norton is REACTIVE not PROACTIVE
• This means that only known viruses can
be caught
There have been several times where
something originates here at Yale or at
another university before Norton finds
it.
• Norton cannot a stop virus in this case
•
Norton Antivirus
• Norton also does not necessarily
remove the virus from the machine.
• It will block access to it, but if a machine
is open to the exploit, there still is the
chance it will be successfully executed
How can I tell if I have a problem
with Norton?
• Normal Norton Shield
• Red cross through
Shield
• Yellow exclamation
point
Norton Antivirus
What do they mean?
• Realtime protection
not active
• Norton Antivirus
services not loaded
Both are not good
Norton Antivirus other problems
• Virus Definitions are not recent (several
weeks old)
• No shield at all
• Not updating every day
• Hands on
When Norton catches a virus
• A window pops up. What this window
says is very important
When Norton catches a virus
• This is good
When Norton catches a virus
This is bad
When Norton catches a virus
• So long as your computer says
“quarantine succeeded”, the virus has
been caught. If it says anything else,
contact W&WS immediately.
When Norton catches a virus
• Norton does not delete it
but“quarantines” it.
• Goes back to a time when viruses
infected legitimate documents
• Generally no longer the case. Viruses
are no longer worth keeping. If Norton
catches it, they already know about it
Clearing the Quarantine
• As a result, as viruses are caught on
your computer they fill up the
quarantine.
• This leads to annoying messages
asking you to try and “fix” the files
• This is useless. You cannot fix a
modern virus. We should just clear out
the quarantine. This is how:
Clearing the Quarantine
Clearing the quarantine
Clearing the quarantine
Clearing the quarantine
Virus transmission
Most common methods:
• Executed by someone clicking on an
email attachment.
• Automatically through a network via
security holes/flaws
Virus transmission
How do we stop them?
well…
Email Messages
• Email viruses are a fact of life, and there
is little that you can do at the computer
end to stop them. (Do not filter at the
computer!)
• Be suspicious of email attachments
from unknown sources.
Email Messages
• Do not set your email program to "auto-
run" attachments. We have ITS
renaming files so that people have to go
through several steps to open
attachments. This reduces the likelihood
of “accidentally “ clicking on an
attachment.
Virus transmission
• Verify that attachments have been sent
by the author of the email. Newer
viruses can send email messages that
APPEAR to be from people you know.
Virus transmission
Speaking of which….
Email messages
• Email headers can be forged.
• This means that the person in the “from”
address did NOT send the email virus.
• The virus simply picks and chooses two
random addresses from your computer
and sends it
Email messages
• Just because a virus arrives with
someone’s name attached to it. This
does not mean that they have a virus.
Forged header example
Virus transmission
• Viruses exploit security flaws within
Windows
• Almost all of these flaws are public
knowledge with an available fix
• Viruses exploit security flaws within
Windows
Virus transmission
Virus infections are preventable via patching
Case in point:
Virus transmission
• The Sasser worm exploits a hole in
Windows that was patched on April 13,
2004.
• The Sasser worm started making it’s
rounds on April 30th.
• People had 17 days to patch their
machines.
Virus transmission
• As a result of patching all of our
machines, the Library did not have a
single computer found with the Sasser
Worm.
Software Update Services
• This is a result of Software Update
Services.
• This is an automated, centrally
managed service that allows automatic
application of patches on Yale Library
workstations
Software Update Services
• What you need to know
Software Update Services
• This globe indicates that the updates
have been automatically sent to your
computer
Software Update Services
• Because Library users are
administrators on their machines, users
can override this.
Software Update Services
• Tell your users to click YES when this
window appears
Software Update Services
Tasks for expert users
• Make sure computers are turned on
frequently.
• If people are away, please make
sure their workstations are turned on
regularly. Login is not necessary
Spyware: What is it?
• Spyware is deceptive software, which
promises you a feature or utility in
return for secretly tracking your web
surfing habits for advertising purposes.
Spyware
Why Spyware is bad:
It is annoying
It is network intensive
Violates your privacy
Violates Yale’s �privacy’ (can monitor ALL your
network traffic)
It is a possible security risk (redirects)
How do I tell if I have spyware?
5 Signs:
Extra system tray icons
Extra toolbars in Internet Explorer
Redirected home page
Popups ALL the time
S L O W Computer
How do I remove spyware
Sometimes even the uninstallers are deceptive
The best way: Spyware removal tools
We use Spybot Search and Destroy
Документ
Категория
Презентации
Просмотров
1
Размер файла
358 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа