Ferocious Virus Infection and Hacking Activities in Student Residence

by Noel Laam

Security incidents such as virus infection or hacking of machines in the Student Residence (SR) have been a recurrent and serious problem faced by the Computing Services Centre (CSC) since the inception of the SR. Causes leading to the current situation are many, some of them are:

  1. Lack of security awareness such as the habit of using software from unknown source, or visit to unknown sites as tricked, tempted, or persuaded by the received Email
  2. Use of browsers without proper security settings
  3. Using unlicensed Windows operating systems
  4. Lack of anti-virus software (e.g. Norton, Mcafee etc.)

Only licensed Windows operating system will come with a valid key that authorizes the owners to download the security patches from the Windows Updates, and only with these patches being applied in time and together with a valid and up-to-date anti-virus software (anti-virus software of the latest version and its virus signature regularly being updated) being installed could students greatly reduce the risks of their machines being attacked ( e.g., machines being infected with virus, or being hijacked for attacking other machines or for sending spam mail). Lacking any one of these tools or measures renders the students' machines vulnerable to attacks. When attack strikes, these machines will infect or jeopardize other machines on the network, and the CSC, as the network administrator of the University, will have no choice but to immediately remove them from network by blocking their network connection.

In view of the seriousness of the consequence and the ferocity of these problems, we have decided the following:

  1. Starting from November 2004, Mcafee anti-virus software will be provided free of charge to all students in the SR, and they only need to download it from the machines in the SR terminal rooms.
  2. Starting from Semester A 2005, all students in the SR will be required to sign an agreement to use only valid licensed software on their computers before they will be granted network access.

Moreover, in order to educate our students to be considerate to other users on the network and thus to become responsible network users, their network connections will be blocked immediately when they commit a security offence. The blocked connections will only be released when the students have rectified the security problems with all required protection mechanisms installed. If they commit the same offences repeatedly, depending on the frequencies and the problem types, their machines will be blocked from connecting to the network indefinitely unless, on very exceptional cases, sufficient proof can be obtained from students that the problems will never happen again

It is hoped that these measures will be able to alleviate much of the existing problems so that our students and staff all can study, teach, or research under a safe and secure networking environment.