Published on June 2016 | Categories: Documents | Downloads: 80 | Comments: 0 | Views: 433
of 45
Download PDF   Embed   Report



Viruses and Spyware

What is a Virus?
• A virus can be defined as a computer program that

can reproduce by changing other programs to include a copy of itself.

• It is a parasite program, needing another program to


• For our purposes, that program is Microsoft Windows

How many viruses are out there?


Yale’s Network
• Our network is particularly vulnerable

Yale’s Network
• We are not a closed corporate network • We have a federated IT structure • We have STUDENTS

How is the Library protected?
Norton Antivirus updated daily Microsoft Security Patches

Norton Antivirus
• Constantly scans system files for

viruses. Does this in “real time”

• New virus definitions are delivered

when needed.

Norton Antivirus
• Norton is REACTIVE not PROACTIVE • This means that only known viruses can

be caught

There have been several times where something originates here at Yale or at another university before Norton finds it. • Norton cannot a stop virus in this case

Norton Antivirus
• Norton also does not necessarily

remove the virus from the machine.

• It will block access to it, but if a machine

is open to the exploit, there still is the chance it will be successfully executed

How can I tell if I have a problem with Norton?
• Normal Norton Shield

• Red cross through


• Yellow exclamation


Norton Antivirus
What do they mean? • Realtime protection not active
• Norton Antivirus

services not loaded

Both are not good

Norton Antivirus other problems
• Virus Definitions are not recent (several

weeks old)

• No shield at all • Not updating every day • Hands on

When Norton catches a virus
• A window pops up. What this window

says is very important

When Norton catches a virus

• This is good

When Norton catches a virus

This is bad

When Norton catches a virus
• So long as your computer says

“quarantine succeeded”, the virus has been caught. If it says anything else, contact W&WS immediately.

When Norton catches a virus
• Norton does not delete it

but“quarantines” it.

• Goes back to a time when viruses

infected legitimate documents

• Generally no longer the case. Viruses

are no longer worth keeping. If Norton catches it, they already know about it

Clearing the Quarantine
• As a result, as viruses are caught on

your computer they fill up the quarantine.

• This leads to annoying messages
• This is useless. You cannot fix a

asking you to try and “fix” the files

modern virus. We should just clear out the quarantine. This is how:

Clearing the Quarantine

Clearing the quarantine

Clearing the quarantine

Clearing the quarantine

Virus transmission
Most common methods: • Executed by someone clicking on an email attachment.
• Automatically through a network via

security holes/flaws

Virus transmission
How do we stop them? well…

Email Messages
• Email viruses are a fact of life, and there

is little that you can do at the computer end to stop them. (Do not filter at the computer!)

• Be suspicious of email attachments

from unknown sources.

Email Messages
• Do not set your email program to "auto-

run" attachments. We have ITS renaming files so that people have to go through several steps to open attachments. This reduces the likelihood of “accidentally “ clicking on an attachment.

Virus transmission
• Verify that attachments have been sent

by the author of the email. Newer viruses can send email messages that APPEAR to be from people you know.

Virus transmission

Speaking of which….

Email messages
• Email headers can be forged. • This means that the person in the “from”

address did NOT send the email virus.

• The virus simply picks and chooses two

random addresses from your computer and sends it

Email messages
• Just because a virus arrives with

someone’s name attached to it. This does not mean that they have a virus.

Forged header example

Virus transmission
• Viruses exploit security flaws within


• Almost all of these flaws are public

knowledge with an available fix

• Viruses exploit security flaws within


Virus transmission
Virus infections are preventable via patching

Case in point:

Virus transmission
• The Sasser worm exploits a hole in

Windows that was patched on April 13, 2004.

• The Sasser worm started making it’s rounds on April 30th. • People had 17 days to patch their machines.

Virus transmission
• As a result of patching all of our

machines, the Library did not have a single computer found with the Sasser Worm.

Software Update Services
• This is a result of Software Update


• This is an automated, centrally

managed service that allows automatic application of patches on Yale Library workstations

Software Update Services
• What you need to know

Software Update Services

• This globe indicates that the updates

have been automatically sent to your computer

Software Update Services
• Because Library users are

administrators on their machines, users can override this.

Software Update Services
• Tell your users to click YES when this

window appears

Software Update Services
Tasks for expert users
• Make sure computers are turned on


• If people are away, please make

sure their workstations are turned on regularly. Login is not necessary

Spyware: What is it?

• Spyware is deceptive software, which

promises you a feature or utility in return for secretly tracking your web surfing habits for advertising purposes.

Why Spyware is bad:
It is annoying It is network intensive Violates your privacy Violates Yale’s ‘privacy’ (can monitor ALL your network traffic) It is a possible security risk (redirects)

How do I tell if I have spyware?
5 Signs: Extra system tray icons Extra toolbars in Internet Explorer Redirected home page Popups ALL the time S L O W Computer

How do I remove spyware
Sometimes even the uninstallers are deceptive The best way: Spyware removal tools We use Spybot Search and Destroy

Sponsor Documents

Or use your account on DocShare.tips


Forgot your password?

Or register your new account on DocShare.tips


Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in