You Can Make a Difference in Virus Prevention

by Raymond Poon

Quite a number of University PCs were infected by the recent outbreaks of the viruses/worms, viz. MS Blaster, W32/Welchia (or W32/Nachi) and Sobig-F. The University not only acquires sufficient licenses for the Windows, MS-Office, and McAfee anti-virus software but also frequently promotes user awareness and provides timely warnings on computer viruses. Yet it is surprised to see that there are still machines, especially those not managed by the Computing Services Centre (CSC), which are not installed with the latest patches or updates for these licensed software. Some were even found running without any anti-virus software or any patch at all. As a result, those machines with well-known vulnerabilities in the OS and application software were being exploited to hack or spread viruses on other machines both on campus and the Internet. In order to effectively stop these damaging activities on our campus network, you are urged to take the following actions on your office computers as well as the remote ones if you have not already done so:

  1. Install the latest patches for the operating system (e.g., Microsoft Windows) and all application software running under it. Also regularly connect to their respective Update Web Sites to check, download and apply all the available critical patches on your machines. The latest patches not only make your system run more reliably but also, more importantly, rectify known vulnerabilities which are likely to be exploited by viruses or hackers. Without these patches, even with the anti-virus software installed, your machine may still contract or repeatedly contract new or known viruses.
  2. Install the latest version of the anti-virus software with the latest virus signature file. Thereafter you can keep the virus signature file up-to-date automatically by taking advantage of its auto-update function.
  3. You should be aware that the anti-virus software are most effective on known viruses and less or even ineffective on unknown ones. Most viruses/worms are spread through email, file copying, Internet access, etc. Even with the latest software patches and the most up-to-date virus signature file in place, sometimes they may not be enough to protect you from contracting new viruses/worms. Therefore, especially during a virus outbreak, all the necessary preventive measures must be taken and recovery procedures be planned prior to using email, performing file copy, or accessing the Internet. It is important not to open or to download any file or email attachment from unknown or un-trusted sources. If you have to open it, backup all your critical files or build a disk image before doing so. Whenever possible, use only pure text or text files for communication. Always disable all automatic execution of scripts or applets whenever feasible.
  4. Advanced users may consider using Personal Firewall (PF) to provide another layer of protection to their computers. The PF allows you to block access from unknown users and, more importantly, network connection requested by otherwise normal applications but exhibiting strange behaviour such as: request to connect to some unknown sites for no apparent reason. The latter function of the PF prevents your application from infecting or hacking other machines on the Internet even though your machine has already contracted virus or been hacked. However, care must be exercised not to block other legitimate housekeeping jobs initiated by the CSC such as: forcing new software patches or virus signature files to your machine.