• Electronic Mail
• Printers, Copiers, Scanners and Faxes
• Securing Your Information
• Voice Mail
• Workstations

• Authorization & Access
• Instructional Technologies
• Office Productivity Tools
• Online Services
• Service Departments

Securing Your Information

The latest virus information from Symantec/Norton Anti-Virus

The latest Microsoft Security information and advisories

SXU Acceptable Use Policy

Use Windows Update to Keep Windows Current

You've heard the recent news reports about Viruses and Internet Worms. Perhaps you've even been unlucky enough to be a victim of one of these malicious programs. How do you keep yourself safe?

These programs seek to exploit weaknesses and vulnerabilities in Windows. By taking advantage of these security holes, the bad guys can break into your computer, copy or modify your files, destroy data, send nasty e-mail that people will think came from you or use your computer to break into other computers.

Each time a new security hole is discovered Microsoft will issue a patch to fix that particular weakness. You must download and install all of these patches to protect yourself and your PC.

A program called Windows Update has been included in Microsoft Windows since Windows 98 and in Microsoft Internet Explorer since version 4.0. Windows Update is an easy-to-use program that helps you make sure your PC stays updated with the latest patches and security updates from Microsoft.

You can start Windows Update by going to the Start menu, then Settings, then Windows Update. Or, in Internet Explorer pull down the Tools menu and select Windows Update.

Click on Scan for Updates and follow the directions. You should choose to install all of the Critical Updates.

Microsoft Does Not Distribute Software via E-mail

If you receive an e-mail that claims to contain software from Microsoft, do not run the attachment. The safest course of action is to delete the mail altogether.

It is important never to run software from unknown sources because malicious people often use "Trojan Horses" to deliver harmful software to unwary users. A Trojan Horse is a piece of software that appears to do something useful, but which actually performs hidden, usually damaging, action on the user's computer. Sometimes they try to increase the odds that you will run their malicious software by trying to trick you into believing it is from a trusted source such as Microsoft.

Microsoft states clearly on that they never directly distribute software by sending it as an e-mail attachment.

Expiration Warning E-mail Tries to Trick Recipient Into Opening Attachment

The MiMail virus continues to spread around the globe and Internet users are being tricked by a malicious program that claims recipients' e-mail accounts are about to expire. The e-mail message may appear to come from a local or well-known address and seeks to get the recipient to open an attached file.

Please note that Saint Xavier University IMail accounts do not have to be periodically renewed. Students receive an IMail account upon their first registration for a course and that same IMail account continues with them throughout their academic career. IMail accounts for faculty and staff remain in effect for as long as the individual remains associated with the institution.

Beyond that, two major lessons still apply. Do not open attachments unless you are certain of their source and contents, and have scanned them for viruses with up-to-date anti-virus software. And, remember that e-mail return addresses can be forged, so that a message may really be from a source other than what the return address indicates.

Citibank Warns of E-mail Scam

Citibank is warning customers to immediately delete a scam e-mail asking them to provide their user names and the first four digits of their bank cards. The e-mail, which appears to come from Citibank with the subject "Your Checking Account at Citibank," warns bank customers that their checking accounts could be blocked if they don't provide their user information.

This is the latest example of "phishing," or sending official-looking messages telling recipients that, for technical reasons, billing information and identity data such as Social Security numbers must be submitted for their accounts.

More information is available on Citibank's web site.

Nigerian Scams

We have received inquiries about e-mails that some people on campus have received. They are examples of an old scheme that goes back before e-mail to postal mail. Collectively, they are known as "The Nigerian Scam" or a "419 Scam."

Typically, you receive a message supposedly from Nigeria or some other foreign country. The sender claims to be a government minister, banker, businessman or deposed royalty. They offer you a share of a great sum of money in exchange for you paying them an advance fee. They take your money and you are left with an empty bank account.

It is a well known fraud scheme. You can read more about it at the following sites:

• From the University of Pennsylvania
• From the Snopes Reference Pages

Patriotic Good Intentions Result in Pop-Up Ads

A recent report from MS-NBC warned about downloading free software that would replace the generic arrow cursor on your Windows machine with a patriotic American flag "to show support for our troops." Along with the patriotic pointers the download also includes software that monitors your computer to gather information in order to provide pop-up advertising.

Forged E-mail

Many of the recent worms and viruses attempt to spread by sending infected e-mails. As they travel they collect e-mail addresses from people's address books and other files on people's hard drives. They use these addresses to disguise their point of origin and to make it more likely that the infected e-mail will be opened by the recipient. For the same reason they use random subject lines and subject lines lifted from text in documents found on people's hard drives.

E-mail is an insecure medium. It is trivially easy to forge a return address when sending an e-mail. So, you may receive a message that is apparently from someone within the SXU community that in reality was not sent by that person. Or, you may receive messages back about e-mail that you never sent.

There is little that can be done about this other than to protect yourself by keeping anti-virus software up to date and to install the latest Microsoft security patches for Windows, Office, Outlook, Internet Explorer, etc. As long as someone out in the world with an infected or vulnerable PC has you in their address book or other document, your name may sooner or later be used to forge an address.

Beware of Attachments

Often, viruses are delivered to computers via e-mail as either zipped or executable attachments. They infect the system when they are unzipped or run. So, quite simply, you do not want to unzip or run attachments unless you know exactly what they are and where they came from.

Viruses may be contained in attachments with file names that end with .exe, .vbs, .bat, .pif, .scr, and other extensions. They try to lure you into opening such malicious attachments. So, users are cautioned not to open any attachments they aren't expecting, particularly from strangers. As mentioned elsewhere on this page, however, it is easy for a virus writer to make it look like an e-mail message is from someone you know. A virus writer can also easily rename the file to mask the extension so, for example, a .vbs file can appear as a .jpg file in the e-mail.

Notice that the attachment has an icon that represents a Visual Basic script, not an icon for a web page.

The virus writer may use other techniques to try to trick you into opening the attachment such as giving it an intriguing title like "I Love You," "I'm Sorry," or "Important Warning."

As good security practice, users should always exercise caution when receiving e-mail with attachments. Disable auto-opening or previewing of e-mail attachments in your mail program. Do not open attachments from an untrusted origins or those that appear suspicious in any way. Do not open any attachment unless you are expecting it. If you are not certain contact the sender to confirm its origin.

Keep Anti-Virus Software Up To Date

It is critical that every computer user have anti-virus software installed and operational. But, you must also keep it up to date!

Since new viruses and variations of existing viruses are popping up all the time the anti-virus product that you bought and installed two years ago, one year ago, or even six months ago will not protect you unless you download and install the regular updates provided by your vendor.

This should be done at least weekly.

Anti-virus software vendors make virus updates available on their web sites as new viruses are discovered. Users of McAfee Virus Scan should check http://www.mcafee.com and users of Norton AntiVirus should look for the latest downloads at http://www.symantec.com.

But, Norton AntiVirus subscribers will find it particularly easy to install updates using the software's "Live Update" button. Click the button to connect to the Symantec site and the software will download and install all appropriate updates.

Remember, anti-virus software is not an option, it's a necessity!

Social Engineering

As applied to information security the term social engineering refers to tricks, cons, and scams used by outsiders to acquire the information they need (e.g., usernames and passwords) to gain unauthorized access to a system. It's the low-tech side of hacking that uses psychology rather than software to accomplish a system intrusion.

The con artists who use social engineering to break in to systems often appeal to our trusting nature and tendency to want to be helpful. So, when the sincere sounding stranger phones to say he is working on a problem with the system and just needs your password to see if he has fixed the trouble you may be caught off guard. When you see that message in your inbox with the attachment titled "I Love You" or "I'm Sorry" your first reaction may be to open it rather than to be suspicious about who is sending you an attachment or to run it through a virus scanner.

Another problem with social engineering is that the victims of such attacks are often embarrassed. So, attacks often go unreported even though spreading the news may help reduce the effectiveness of the attack and prevent someone else from becoming a victim.

Recently, attackers using social engineering techniques have attempted to use the public's concern about viruses and other malicious software to spread more viruses and malicious software. For example, such attackers will send e-mail with an attachment or link that claims to be a tool to remove a virus infection or a patch for a security vulnerability. In fact, the attachment or link is itself malicious software.

So, what can be done? Security experts recommend training and awareness. If someone asks for a password or any other kind of sensitive information, proceed with caution. Ask for verification. Ask for identification. Ask for authorization. Report suspicious activity.

The Weakest Link

A recent article from CNet says it can take less than a minute for hackers to crack most passwords, since so many users share the same habits when it comes to choosing them: Picking them from Webster's dictionary and using personal information such as family members' or pets' names are just a few examples. Studies show that badly-chosen passwords can significantly reduce the amount of time it takes for hackers with up-to-date programs to guess them.

You can read the full article at http://news.com.com/2009-1001-916719.html
(Opens in separate browser window.)

Spam

The term "spam" is used to refer to unsolicited junk e-mail. Don't reply to it!

• Read more about spam

False Positives

Many people try to combat spam by using an e-mail program that allows messages to be filtered based on content. However, filter rules that are too aggressive may lead to false positives, that is, legitimate e-mail messages may be filtered out and discarded.

Worm, Virus, or Trojan Horse?

A "worm" is a program that makes copies of itself over some kind of network connection. A "trojan horse" is a program that claims to do something useful but also has a hidden, malicious purpose as well. A "virus" is a fragment of program code that attaches itself to some legitimate executable program.

Although computer scientists find classification of malicious software into categories such as these quite useful, most computer users are only interested in getting rid of such infections, not dissecting them to find out how they work. So, although computer professionals might find it very imprecise, in common usage people tend to use the term "virus" to refer to any malicious software that infects their systems and hinders their ability to do their work.