|
|
Issue
37 - Sep 2003
|
You
Can Make a Difference in Virus Prevention
By
Raymond Poon
|
|
|
Quite a number
of University PCs were infected by the recent outbreaks of
the viruses/worms, viz. MS Blaster, W32/Welchia (or W32/Nachi)
and Sobig-F. The University not only acquires sufficient licenses
for the Windows, MS-Office, and McAfee anti-virus software
but also frequently promotes user awareness and provides timely
warnings on computer viruses. Yet it is surprised to see that
there are still machines, especially those not managed by
the Computing Services Centre (CSC), which are not installed
with the latest patches or updates for these licensed software.
Some were even found running without any anti-virus software
or any patch at all. As a result, those machines with well-known
vulnerabilities in the OS and application software were being
exploited to hack or spread viruses on other machines both
on campus and the Internet. In order to effectively stop these
damaging activities on our campus network, you are urged to
take the following actions on your office computers as well
as the remote ones if you have not already done so:
-
Install the
latest patches for the operating system (e.g., Microsoft
Windows) and all application software running under it.
Also regularly connect to their respective Update Web Sites
to check, download and apply all the available critical
patches on your machines. The latest patches not only make
your system run more reliably but also, more importantly,
rectify known vulnerabilities which are likely to be exploited
by viruses or hackers. Without these patches, even with
the anti-virus software installed, your machine may still
contract or repeatedly contract new or known viruses.
-
Install the
latest version of the anti-virus software with the latest
virus signature file. Thereafter you can keep the virus
signature file up-to-date automatically by taking advantage
of its auto-update function.
-
You should
be aware that the anti-virus software are most effective
on known viruses and less or even ineffective on unknown
ones. Most viruses/worms are spread through email, file
copying, Internet access, etc. Even with the latest software
patches and the most up-to-date virus signature file in
place, sometimes they may not be enough to protect you from
contracting new viruses/worms. Therefore, especially during
a virus outbreak, all the necessary preventive measures
must be taken and recovery procedures be planned prior to
using email, performing file copy, or accessing the Internet.
It is important not to open or to download any file or email
attachment from unknown or un-trusted sources. If you have
to open it, backup all your critical files or build a disk
image before doing so. Whenever possible, use only pure
text or text files for communication. Always disable all
automatic execution of scripts or applets whenever feasible.
-
Advanced users
may consider using Personal Firewall (PF) to provide another
layer of protection to their computers. The PF allows you
to block access from unknown users and, more importantly,
network connection requested by otherwise normal applications
but exhibiting strange behaviour such as: request to connect
to some unknown sites for no apparent reason. The latter
function of the PF prevents your application from infecting
or hacking other machines on the Internet even though your
machine has already contracted virus or been hacked. However,
care must be exercised not to block other legitimate housekeeping
jobs initiated by the CSC such as: forcing new software
patches or virus signature files to your machine.
|
|
|
|
|
|
|