UNHCE Information Technology & Distance Education Blog: Safe computing Archives

Recently, an email was sent to users with unh.edu addresses, asking them to provide sensitive information to keep their accounts in good standing: DELETE the email and don't respond. This is a classic phishing scheme.

Phishing is the term for an attempt by "bad guys" to obtain your sensitive information, like usernames, passwords, etc. This is often done through email. For tips to avoid falling victim to such attacks, see this article from US-CERT.

When editing a document, it is important to understand that there is a difference between deleting, clearing, and cutting text. This tip explains the differences, and in the process explains how you can accomplish each task in Word.

Read the full tip: http://wordtips.VitalNews.com/T0005

This is IMPORTANT INFORMATION, and you will not have access to it if you are shut off from the Internet by UNH. For that reason, please print this out for future reference!

If UNH CIS detects unusual activity on your computer, they may shut you out of the network, in order to protect the other computers at UNH. When this happens, they only allow you access to a few sites, including theirs, Microsoft (for a Windows update), and McAfee for virus updates.

It is IMPORTANT to note that, while UNH uses McAfee for virus protection, UNHCE does NOT. We use Symantec/Nortons. The two antiviral packages conflict. Installing McAfee with a copy of Symantec/Nortons on your computer could render your computer useless. For that reason, it is important to use your copy of Symantec/Nortons to scan your hard drive, rather than use McAfee, as they recommend.

If you have been keeping up-to-date on Live Update, which is automated for most people, then your virus definitions may be fine. Double check with someone else in your office by looking at the date on your copy of Symantec/Nortons (Start\(all) programs\Symantec or Nortons, or use your Live Update or Nortons icon on your desktop.)

Compare the date on your version to someone who has completed a live update that day. If the dates are the same, your virus definitions are all set and can begin your scan. If not, you need to get a copy of Intelligent Updater, which can be downloaded from the Symantec site at: http://www.symantec.com/downloads/. That will need to be done on a computer which is connected to the Internet, burned onto a CD (it's too large for a floppy) and brought to your computer for installation. (The ITDE office can assist you with this step.)

Clicking on Intelligent Updater will start the update of your virus definitions. Once that is complete, you can do a scan of your hard drive.

Call the hot seat at:862-0351, if you need further assistance.

Phishing is a techniques which utilizes the Internet to obtain personal information about you. It can be used to redirect your funds, steal your identity, and more.

ALWAYS be careful when entering credit card, banking, or personal account information over the web. Never enter information from a link provided in an unsolicited email unless you verify the source. "Phishermen" are resourceful at setting up sites which appear to be legitimate, yet your information is redirected to the spammer who "phishes" out your data.

For an article about it's risks and how to avoid it, go to: http://www.unh.edu/signals/october2005/phishing.htm

CIS offerings for October & November include several FREE sessions in addition to their vendor-based training.

CIS has announced training in the following topics for October & November.

Vendor-based classes are being offered in:

* Access

* Adobe Acrobat

* Dreamweaver

* Excel

* Photoshop

* PowerPoint

Vendor-based classes are generally one or 2 days. The cost is typically $99 per day. They are held at the CIS training lab, 1 Leavitt Lane, at the UNH Durham campus.

In addition, FREE sessions are being offered, including:

* Several sessions of BlackBoard on a variety of topics

* Scanning Demo

* Internet 2

and

* Desktop Video Demo (Faculty only)

Sign up early for CIS classes. Not only are the most popular classes oversubscribed early; CIS cancels classes which are under-enrolled two weeks prior to the class date.

Some December offerings have also been posted.

To see current offerings and their descriptions, or sign up for a session, use their website at: http://training.unh.edu They keep adding to their offerings, so check back for updated information.

A good site with free information on viruses, prevention, protection & other safe computing tips is available at: http://antivirus.about.com/cs/test/index.htm?once=true&

GetNetWise is a free site which offers information on the following topics:

• Keeping Children Safe Online
• Stopping unwanted Email & spam
• Protecting your computer from hackers & viruses
• Keeping your personal info private

This month they also feature an article on spyware.

To access this site, go to: http://www.getnetwise.com/

From the US Computer Emergency Readiness Team:

Keeping Children Safe Online - Cyber Security Tip ST05-002

Children present unique security risks when they use a computer--not only do you have to keep them safe, you have to protect the data on your computer. By taking some simple steps, you can dramatically reduce the threats.

What unique risks are associated with children?

When a child is using your computer, normal safeguards and security practices may not be sufficient. Children present additional challenges because of their natural characteristics: innocence, curiosity, desire for independence, and fear of punishment. You need to consider these characteristics when determining how to protect your data and the child.

You may think that because the child is only playing a game, or researching a term paper, or typing a homework assignment, he or she can't cause any harm. But what if, when saving her paper, the child deletes a necessary program file? Or what if she unintentionally visits a malicious web page that infects your computer with a virus? These are just two possible scenarios. Mistakes happen, but the child may not realize what she's done or may not tell you what happened because she's afraid of getting punished.

Online predators present another significant threat, particularly to children. Because the nature of the internet is so anonymous, it is easy for people to misrepresent themselves and manipulate or trick other users (see Avoiding Social Engineering and Phishing Attacks for some examples). Adults often fall victim to these ploys, and children, who are usually much more open and trusting, are even easier targets. The threat is even greater if a child has access to email or instant messaging programs and/or visits chat rooms (see Using Instant Messaging and Chat Rooms Safely for more information).

What can you do?

• Be involved - Consider activities you can work on together, whether it be playing a game, researching a topic you had been talking about (e.g., family vacation spots, a particular hobby, a historical figure), or putting together a family newsletter. This will allow you to supervise your child's online activities while teaching her good computer habits.
• Keep your computer in an open area - If your computer is in a high-traffic area, you will be able to easily monitor the computer activity. Not only does this accessibility deter a child from doing something she knows she's not allowed to do, it also gives you the opportunity to intervene if you notice a behavior that could have negative consequences.
• Set rules and warn about dangers - Make sure your child knows the boundaries of what she is allowed to do on the computer. These boundaries should be appropriate for the child's age, knowledge, and maturity, but they may include rules about how long she is allowed to be on the computer, what sites she is allowed to visit, what software programs she can use, and what tasks or activities she is allowed to do. You should also talk to children about the dangers of the internet so that they recognize suspicious behavior or activity. The goal isn't to scare them, it's to make them more aware.
• Monitor computer activity - Be aware of what your child is doing on the computer, including which web sites she is visiting. If she is using email, instant messaging, or chat rooms, try to get a sense of who she is corresponding with and whether she actually knows them.
• Keep lines of communication open - Let your child know that she can approach you with any questions or concerns about behaviors or problems she may have encountered on the computer.
• Consider partitioning your computer into separate accounts - Most operating systems (including Windows XP, Mac OS X, and Linux) give you the option of creating a different user account for each user. If you're worried that your child may accidentally access, modify, and/or delete your files, you can give her a separate account and decrease the amount of access and number of privileges she has. If you don't have separate accounts, you need to be especially careful about your security settings. In addition to limiting functionality within your browser (see Evaluating Your Web Browser's Security Settings for more information), avoid letting your browser remember passwords and other personal information (see Browsing Safely: Understanding Active Content and Cookies). Also, it is always important to keep your virus definitions up to date (see Understanding Anti-Virus Software).
• Consider implementing parental controls - You may be able to set some parental controls within your browser. For example, Internet Explorer allows you to restrict or allow certain web sites to be viewed on your computer, and you can protect these settings with a password. To find those options, click Tools on your menu bar, select Internet Options..., choose the Content tab, and click the Enable... button under Content Advisor. There are other resources you can use to control and/or monitor your child's online activity. Some ISPs offer services designed to protect children online. Contact your ISP to see if any of these services are available. There are also special software programs you can install on your computer. Different programs offer different features and capabilities, so you can find one that best suits your needs. The following web sites offer lists of software, as well as other useful information about protecting children online:
  • GetNetWise - http://kids.getnetwise.org/ - Click Tools for Families to reach a page that allows you to search for software based on characteristics like what the tool does and what operating system you have on your computer.
  • Yahooligans! Parents' Guide - http://yahooligans.yahoo.com/parents/ - Click Blocking and Filtering under Related Websites on the left sidebar to reach a list of software.

This document can also be found at: http://www.us-cert.gov/cas/tips/ST05-002.html

Copyright 2005 Carnegie Mellon University

Terms of use: http://www.us-cert.gov/legal.html

Understanding Anti-Virus Software

Anti-virus software can identify and block many viruses before they can infect your computer. Once you install anti-virus software, it is important to keep it up to date.

What does anti-virus software do?

Although details may vary between packages, anti-virus software scans files or your computer's memory for certain patterns that may indicate an infection. The patterns it looks for are based on the signatures, or definitions, of known viruses. Virus authors are continually releasing new and updated viruses, so it is important that you have the latest definitions installed on your computer.

Once you have installed an anti-virus package, you should scan your entire computer periodically.

• Automatic scans - Depending what software you choose, you may be able to configure it to automatically scan specific files or directories and prompt you at set intervals to perform complete scans.


• Manual scans - It is also a good idea to manually scan files you receive from an outside source before opening them. This includes saving and scanning email attachments or web downloads rather than selecting the option to open them directly from the source and scanning floppy disks, CDs, or DVDs or viruses before opening any of the files

Each package has its own method of response when it locates a virus, and the response may differ according to whether the software locates the virus during an automatic or a manual scan. Sometimes the software will produce a dialog box alerting you that it has found a virus and asking whether you want it to "clean" the file (to remove the virus).

In other cases, the software may attempt to remove the virus without asking you first. When you select an anti-virus package, familiarize yourself with its features so you know what to expect.

There are many vendors who produce anti-virus software, and deciding which one to choose can be confusing. All anti-virus software performs the same function, so your decision may be driven by recommendations, particular features, availability, or price. See the references section for a link to a list of some anti-virus vendors.

Installing any anti-virus software, regardless of which package you choose, increases your level of protection. Be careful, though, of email messages claiming to include anti-virus software. Some recent viruses arrive as an email supposedly from your ISP's technical support department, containing an attachment that claims to be anti-virus software. However, the attachment itself is in fact a virus, so you could become infected by opening it.

This process may differ depending what product you choose, so find out what your anti-virus software requires. Many anti-virus packages include an option to automatically receive updated virus definitions. Because new information is added frequently, it is a good idea to take advantage of this option. Resist believing email chain letters that claim that a well-known anti-virus vendor has recently detected the "worst virus in history" that will destroy your computer's hard drive. These emails are usually hoaxes. You can confirm virus information through your anti-virus vendor or through resources offered by other anti-virus vendors. See the references section for a link to some of these resources.

While installing anti-virus software is one of the easiest and most effective ways to protect your computer, it has its limitations. Because it relies on signatures, anti-virus software can only detect viruses that have signatures installed on your computer, so it is important to keep these signatures up to date. You will still be susceptible to viruses that circulate before the anti-virus vendors add their signatures, so continue to take other safety precautions as well.

• CERT Coordination Center Computer Virus Resources - <http://www.cert.org/other_sources/viruses.html#VI>


• Anti-Virus Resources - <http://www.fedcirc.gov/incidentPrevention/antivirus.html>

Both the National Cyber Security Alliance and US-CERT have identified this topic as one of the top ten for home users.

Authors: Mindi McDowell, Allen Householder

Copyright 2004 Carnegie Mellon University.

As you have probably all noticed, our offices have recently been inundated by a number of email viruses. For this reason, it is extremely important that you keep your virus definitions current, to help catch the new variants of these viruses.

However, just having anti-virus software and keeping it up to date is not sufficient to prevent infection. You, the user, have a positive responsibility to not open any suspicious attachments, even if they are not detected as a virus or come from a familiar source. Most of the current viruses use the address book from the infected computer for both the To: and From: addresses in the email. That means that the email will appear to be coming from someone you know, and also that you may receive bounced messages, saying that you sent out a virus.

What should you do? Read the message. Does it sound like a message that the "sender" would compose? Does the file name look strange? Are you expecting a file from that particular sender?

Most of the automated virus messages are general in nature and often contain misspellings and poor grammar. If there is any doubt, call the sender and ask if they send you the attachment. Err on the side of caution, as once you're infected, your computer starts sending out email to try to dupe other people in your address book.

Follow this link: http://ceinfo.unh.edu/cragin/common/documents/flashfls.htm to view a presentation that outlines options and considerations for backing up the data files on your computer. Though it is just an outline, it covers some valuable points. If you would like to schedule a time for a class for your group or office on backing up, please submit a request at the online assistance form (http://cecf1.unh.edu/itde/staff/itde_staff_home.cfm). The class takes about an hour and is followed by some one-on-one assistance.

Most viruses require the receiver to open a file attachment to become infected. Therefore, it is incumbent on the end user to not open any suspicious attachments. Many viruses will appear to come from people you know, so be wary of those as well.

UNHCE users have two lines of technological defense:
The University of New Hampshire scans all email messages and attachments as they pass through the UNH gateway. If a virus is detected in the attachment or the message, it is rejected and a notification is sent to the sender.
All UNHCE computers have Norton Anti-Virus software installed. This program scans incoming and outgoing email messages and attachments for viruses, based on the machines current virus definitions. It is important that the user keep the virus definitions up to date by performing a “Live Update,” at least weekly.

Users who send and receive email on their home computers should purchase an Anti-Virus program and subscribe to the updated virus definitions.

Because each user’s files are stored on their individual computer, backing up the files is the user’s responsibility. If the hard drive fails due to a hardware failure, virus, etc. (and hard drives will fail!) the ITDE team will be able to reinstall the operating system and programs. However, we will ask you for your most recent copy of the “data” files from your computer. These include any documents, spreadsheets, and databases you’ve created, email messages, bookmarks, favorites, etc.

So, how often should you back up your files? That’s entirely up to you. Remember that we can only restore your files to the point of your last backup, so if that was a year ago, you’ve lost a year’s worth of data.

What should you back up? At a minimum, you should backup your email folder (c:\eudora) to preserve all of your messages, attachments, and nicknames; all of your documents (this is easiest if they are all in one folder like “My Documents” or “My Files”; and your Netscape bookmarks or Internet Explorer Favorites. If you use other software, and store files you create in other folders, you should back them up as well.

Many of the new computers are being purchased without tape drives due to the cost (~$250.) However, most have Zip drives and “burnable” CDs which can be used to back up files. Alternatively, offices can purchase a portable hard drive that could be used to back up all computers at a particular location (see Purchasing Equipment below for details on our recommendation.)

It is also generally recommended that a copy of the backed up data be kept off-site to insure against a general catastrophe.

If you aren’t sure how to back up your files, ask some one else in your office, or contact the ITDE office for assistance.

Reducing email SPAM – help from UNH CIS.

In recent weeks you may have noticed that some of your email has additional headers in it that refer to X-MailScanner: Found to be clean and X-MailScanner-SpamCheck. These new headers are the result of CIS implementing virus scanning and SPAM checking on all email that is passing through the cisunix system. A large portion of our email passes through this system as well. The benefit of the new virus scanning program is automatic – should a virus be detected in incoming mail, you will receive a notice telling you what the virus was and what measure was taken to prevent the virus from making it to your computer.

In order to take advantage of the SPAM checking portion of the implementation, SpamAssassin, you will need to set up a filter in Eudora. Members of the ITDE team have implemented this filter at varying levels of sensitivity with consistent success. CIS has posted a detailed "howdoi" for setting up this filter located at the following URL: http://pubpages.unh.edu/notes/eudora_filter_howdoi.html
Although the document states that the instructions are for Eudora 5.2 and Windows XP, they work fine with Eudora 4.2 and other Windows OS versions. Additionally, if you have questions or problems while trying to set up the filter, please contact the ITDE office and *NOT* the CIS contact listed at the end of the document.

Please make sure to check the folder you send the messages to, as some messages may be marked as spam, that shouldn't be. If that is the case, you can modify the filter per the instructions, or contact the ITDE team for additional information.

Networks worldwide are becoming increasingly clogged by e-mail pitches for pornography, money-making schemes, medicines and a multitude of other products. This unsolicited bulk advertising e-mail is known as Spam. Junk e-mail is currently estimated to be nearly 40% of all e-mail traffic on the Internet and some experts believe the reality is even higher. The associated cost to corporations and employers is astronomical. If an employee uses 10 minutes a day to filter through, delete, and otherwise try to address the junk, at year's end they will have used a full work week in dealing with Spam. This doesn't even address the costs of the technological resources that are used and abused during the process.

Not all of that junk clogging up our mailboxes is really Spam. An innocent visit to a legitimate business on the Internet can result in your address being shared with a number of businesses that pool or sell their e-mail address contact lists. If you are making a purchase on-line, carefully examine the screens and be sure to uncheck any boxes that refer to being added to any kind of list or advertising. Do not participate in giveaways or surveys that they may be offering. Should you end up getting multiple e-mails from a legitimate business (such as Sears.com) this may be the reason. In this case, answering the link to be removed from the e-mail list will most likely work, but, you must exercise caution and use good judgment. If there is any doubt in your mind, do not respond to the e-mail.

True Spam is very difficult to fight. The persons responsible have become very efficient at circumventing tools meant to keep them in check. Many states are enacting laws to combat unsolicited e-mail and software firms are working diligently to create programs that can identify rapidly changing Spam techniques. UNH Cooperative Extension subscribes to some of the best anti-spam tools available and we will continue to evaluate new tools as they become available. Unfortunately, until these new systems are perfected, their implementation simply runs too much risk of blocking legitimate e-mail. The biggest offenders for allowing these bulk e-mailers to exist are the huge ISPs like Excite.com. Since they make their money by advertising, there are many conflicting interests involved. They certainly aren't going to implement anything that will cut into profits unless they are forced. Hopefully, some of the new legislation that is being passed will curb their appetite for profit.

In the meantime, one thing that you can do is to set up a filter in Eudora to help you automatically weed some of the junk mail from your Inbox. The tip of the month in this newsletter will give you some basic instructions for implementing Eudora filters.

As we approach the Holiday Season, we also inevitably see an increase in the spread of computer viruses and hoaxes. Please don't forward any warning messages to anyone. If you think the warning message (hoax) you receive might be real, check it out first at: (http://www.ceinfo.unh.edu/cragin/Admin/nonsecure/ITDE.htm#IT_Six) to see if this is a known hoax. If you still thing it is a legitimate message, please contact the Computer Help Line (862-0351) for follow-up.

You should update your virus software at least twice a week. When you double click on the LiveUpdate shortcut, a dialog box will appear that asks you how you want to connect to the LiveUpdate server. The default setting should be "Internet". If not, click on the arrow to the right and choose "Internet". Click "next". It will find any new updates and install them on your hard drive. If no new updates are available, it will tell you no update is necessary. The more often you update the faster the process will be. When done, click on "finish". Your computer now has the most up to date virus protection.

Windows XP and 2000 computers use the Corporate Client Edition of Norton Anti-virus. With this edition, there will not be a shortcut for LiveUpdate. You should open Norton Anti-Virus (through Start > Programs, or double-click the Shield icon in the system tray in the lower right corner of the desktop, and then click on the LiveUpdate button.

Even though Norton Anti-Virus is running on your computer, you should still practice "safe-computing." Don't open attachments from unknown senders, don't open any attachments that can run a program (e.g., files ending with .exe, .bat, .pif), and always be suspicious of unsolicited e-mail. Many viruses resend themselves from the computers of infected people, so don't think that an attachment is safe, just because you know the sender.

In addition to e-mail, viruses can spread through shared folders on your computer. Any shared folder should be password-protected (for full access or "depends on password" access) or read-only. If you think you might have insecure shared folders on your system, please submit a request to the on-line Computer Support Request form at http://cecf1.unh.edu/itde/staff/itde_staff_home.cfm .