Help prevent virus infections on your computer

What you can do prevent virus

infections on your computer

A computer virus is program code which 'hides' in other files and can cause irreparable
damage to your computer. Computer viruses spread easily between computers when
people pass files to each other

Virus Checkers (software programs) provide protection against viruses, new and old.
However, virus writers are all too ingenious and for every block that the virus
protection developers put in place, virus writers are devising new code to create
nuisance.

This userguide provides you with information about the steps you can take to reduce
the likelihood of your computer getting infected with a virus.

You should also review the good practice information published on the IS Support site

This document will be reviewed every 6 months

Author: Information Security Manager

Version: 1.0
Date: 1st February 2010

Version 1.0 Page 1 of 8

Preventing Virus Infections on your Computer

Introduction
A computer virus is program code which 'hides' in other files and can either
cause irreparable damage to your computer or (more likely) steal passwords,
bank/credit card details, and email addresses. Computer viruses spread easily
between computers through shared files, from the internet and through
attachments in email messages.
Here at NTU we use anti-virus products that protect our environment by
dealing with known viruses. A virus signature is a program code which detects
and cleans infected files. Updates to virus signatures are deployed
automatically to PCs and scans are completed every week, this is why you may
notice your computer running a little more slowly on Wednesdays.
New viruses are continually being produced by virus writers. When this
happens, the suppliers of virus protection software have to understand how
each new virus spreads, and what it is trying to do, in order to develop, test
and send out new anti-virus updates to deal with it. Because of this, it is
necessary to update and deploy new virus signatures as soon as they are
released.
Viruses are often picked up by pen drives from home or public computers that
do not have up-to-date virus protection.
To protect the NTU environment, you should always ensure that your home
computer has the most up to date virus protection. A reputable anti-virus
program should install updates at least three to four times a week, and should
never be more than two days out of date.
In 2008, there were well over 1 million detectable computer viruses. While this
is a very high number, the effects of the different viruses are much the same.
Often old viruses are recycled with new names.

1.0 How to prevent viruses from infecting your computer.

There are many ways that a virus can infect your computer. In this userguide,
we have highlighted the most common, but this is not by any means a
definitive list.

The most sensible advise is

never open unsolicited email attachments, even if they appear to come

from friends or colleagues.
Always save the file attachment to disk - do not open it immediately -
and scan the file using your installed Virus checker.
Ensure that you are running the latest virus protection

Version 1.0 Page 2 of 8

Help prevent virus infections on your computer

2.1 Anti Virus Protection Software

You should always ensure that you have an anti-virus software installed and
enabled on your computer. This type of software can detect and block viruses
before they have a chance to cause any harm. A good anti-virus program can
scan for viruses on your hard drive or any program, files, or documents. If it
finds any viruses, it can remove the virus, quarantine it or delete the file safely
from your computer.

New viruses are continually being produced by virus writers. When this
happens, the suppliers of virus protection software have to understand how
each new virus spreads, and what it is trying to do, in order to develop, test
and send out new anti-virus updates to deal with it. Because of this, it is
necessary for them to update and deploy new virus signatures as soon as they
are released. To be affective, your anti virus protection software needs to be
updated regularly, preferably automatically.

Whilst the anti-virus that is installed on your NTU desktop or laptop is

managed by Information Systems, this doesn't mean that you will remain virus
free.

3.0 Sharing and Downloading Software or Files

If you download software, files or other media from the internet and the source
files are infected with hidden viruses, you will easily transfer them to the
computer you are using.

If you do this on your home computer which may not have the most upto date
virus protection, you could infect your home computer. If you then do work at
home, which you bring in to your office computer on a portable storage device
like a pen drive, you will transfer the virus to your office computer.

If you use or share portable storage devices with other users, the effect will be
the same.

Using your installed anti-virus software you should get into the habit of
scanning your portable storage device before copying files to or from it.

To do this, go to My Computer
right click on the drive icon
select the 'scan for viruses'.

When you save a file to your computer, either from an internet download or
from another computer, always run a scan on it to make sure it is virus free.
Not all viruses act immediately. Some may wait for a trigger such as shut
down or reboot. Anything that you put on your computer from another source
should be scanned for potential threats.

Version 1.0 Page 3 of 8

Help prevent virus infections on your computer

If you need to work on files between your home and office computers, store
them on your home directory and access them through the NTUanywhere
service. For more details about NTUanywhere visit the IS Support site
http://www.ntu.ac.uk/information_systems/services/off_campus/index.html

The standard NTUanywhere service means that you only need to log in once to
use your email or your home directory and you can upload and download files
safely.

You can use this service from any PC with Internet access. NTUanywhere is
therefore ideal for use from a public PC, for instance in a Cyber Caf, or a
mobile device such as an IPAC or Smart Phone.

Be extremely cautious of websites that asks you to install a 'plug-in'.

Various forms of malicious software can be hidden within plug-ins. These have
the potential to install a virus or Trojan to your machine which can steal your
information like username and passwords to other websites.

3.1 Attachments sent by email

You should not open attachments sent by email from people you do not know
and you should always be cautious even if you know who they are from. You
should also be especially suspicious of email messages that promise fantastic
offers. Get into the habit of copying attachments to your computer first,
rather than just opening them from the email message, this way you can scan
the file before opening it. Unfortunately, this check only helps, it doesn't
guarantee protection from virus infected files, but is a simple check which
could stop you opening something nasty.

If you receive a message from someone know to you, but the style, character
or content of the message is not of the type they would usually send, you
should be cautious. If the sender has said they have sent you a Word
document, but the attached file doesnt look like a Word attachment or had a
Word file extension, scan it before opening it.

Be cautious about opening files that have two file extensions e.g.
myfile.doc.exe and do not run .exe files sent to you as attachments without
checking them first.

3.2 Security Patch

A Security Patch is program code that fixes and closes vulnerabilities in

Microsoft software on PCs or servers. Some patches boost security and
reliability, and others increase performance or fix problems.
Microsoft release their patches on a monthly basis. The patches are evaluated
by IS staff who assess how important the patches are to the business. Once
this has been done, the deployment is tested and scheduled. In some cases,
the vulnerability that has been identified is so severe, that urgent and
Version 1.0 Page 4 of 8
Help prevent virus infections on your computer

immediate deployment is essential. For example, in August 2003 unpatched

computers in NTU allowed the "MS Blaster" virus to severely compromise the
network, making it almost unusable for several days. Information Systems
automatically install new updates to Windows and Office when they come
available, but this advice should be followed at home.
The update procedure takes place in two stages. During the day, your PC
downloads updates and stores them on the PC ready for installation. The next
time the PC is restarted, these updates are then installed. Normally these two
processes will take place in the background, although they will use extra
resources on your PC, sometimes causing reduced performance. However, you
will be alerted by the presence of a small golden "shield" icon in the System
Tray (next to the clock). Some updates will require the PC to be restarted
before they become active.
In order to minimise disruption to your work, we recommend that you close
your PC down at the end of the day. This will ensure that updates that have
been downloaded on that day will be installed first thing after you restart your
PC the next day. In the case of critical patches this will probably result in a
request for your PC to be restarted between 5 and 10 minutes later, but
having individual PCs taking a little longer to start up in the morning is
preferable to experiencing disruptions to key services business-wide.
The update procedure for PCs in Lecture Theatres and GPT Rooms is slightly
different. These machines are configured to download and install their updates
overnight, ensuring that each PC is fully patched and ready for use the next
morning, and that there is no interruption to lectures and presentations.

Whether your computer is a PC running Windows or a Mac, an updated system

can help fight off potentially harmful programs. Operating systems that are old
and not updated are more prone to infection.

Having your computer set to 'Automatically' install new patches helps protect
it, but also applications must also be updated such as Microsoft Office
regardless of the operating system, the auto-update should tell you when a
new update has been released, so you can install it.

3.3 Firewalls

Should I use a firewall? The answer is YES. While firewalls help prevent
intrusion from an outside source, firewalls also block some viruses from
spreading from computer to computer. Without a firewall, an infected
computer on a network could infect your computer, particular if your computer
is vulnerable because it doesnt have the latest patches. Using a computer
without a firewall is dangerous, so you should always have one installed and
running. As with anti-virus, Information Systems manage your firewall
centrally and so automatically prevent many threats.

Version 1.0 Page 5 of 8

Help prevent virus infections on your computer

4.0 Keep a copy of your important work

The final part of this advice is about your precious files the ones that you
have taken weeks writing, the whole of next years budget, your important
presentation at that conference or even that memo that you just wouldn't want
to type out again.

If your files get infected, and the virus cant be cleaned or removed, your file
could be permanently damaged and be unusable. If you suspect that you have
a virus, you should contact the Information Systems Service Desk for
assistance.

To ensure that you are not left in a crisis, do not keep the only version of an
important file on your pen drive and always keep a copy of your urgent and
important work on your networked home directory or departmental shared
areas, which is backed up by Information Systems every night.

4.0 Cleaning your computer of viruses

Completely removing a computer virus is delicate work. Despite all of these

precautions, your computer may still end up getting infected with a virus. If
this happens, dont panic and make the situation worse. Your actions will
depend largely on what type of virus your computer is infected with, and also
how you came to be aware of the infection. If you routinely share files with
your home computer, you should check that as soon as you can.

If you feel confident, you can use your installed anti virus program to scan for
viruses, alternatively contact the Information Systems Service Desk.

If other people use your computer, you should let them know that you have
had a virus reported to you so they can check their files and home computers

If the virus prevents you from doing anything, then the only thing you can do
is to shut your computer down and contact the Information Systems Service
Desk giving as much information as possible so we can take the right steps to
advise you further.

5.0 Top tips

You can contact Information Systems Service Desk about your computer on
campus using:

The Webform at https:\\www.ntu.ac.uk\issr

by Email to ITS Service Desk
by Phone on ext 8500

1. Always install security patches.

Version 1.0 Page 6 of 8

Help prevent virus infections on your computer

Microsoft & Apple regularly releases security patches and provided a number of
ways to install security patches, including Windows Update, Automatic Update,
and also manual ways of checking. You can subscribe to e-mail notifications of
new patches both from Microsoft and from Apple, however if your computer is
set to update automatically then this is not really necessary.

There are many applications installed on our machines which are deployed by
Information Systems, when these have patches required, IS automatically
install these for you, so you may not even know that they were patched.

2. Use anti-virus and update the virus definition daily.

Anti-virus programs protect you against most types of viruses - including both
executable and macro viruses. Your NTU computer will already have Anti-
virus installed, please do not disable it and let the program check all new files
downloaded to or copied to your system.

Anti-virus programs can clean most of the viruses if you update the virus
definition regularly or use auto update. This is critical for the software to catch
the latest viruses

3. Take care when a website asks you to install a 'plug-in'.

There are unfortunately some websites that have been high jacked by rogue
groups who try to steal information. If you try to access your online bank
account for example, this could cause you personal loss as your personal
account details could be extracted. If the information that was harvested
created a large loss of university data, this could damage the reputation of the
university, lead to severe fines by the Information Commissioners Office or
even imprisonment for senior management if we suffer a very large data loss.

Information Systems attempt to block known websites that have been

compromised in this way using Websense Content Filtering, but you should
always be vigilant and only install software from trusted website where the
software looks genuine, if you are in any doubt please contact Information
Systems Service Desk for help or advice.

4. Don't open email attachments unless you are sure it is safe.

If you get an unsolicited email message from someone you've never heard of
before, and that message includes an attachment, don't open the attachment!
The attached file could contain a virus that could infect your machine.

Virus files can only infect your computer when they're run, typically when you
click or double-click them in order to open/run the file. This means receiving a
virus-carrying email message in your inbox is safe - unless you open the
attachment.

Version 1.0 Page 7 of 8

Help prevent virus infections on your computer

You should never run any email attachments that have the following file
extensions: .EXE, .COM, .BAT, .VBS, or .PIF. Incoming email messages are
scanned for viruses when they arrive at the university in an attempt to trap
virus carrying messages along with spam emails.

5. Scan devices before copy / open any files from it.

If you are copying files from portable storage media like pen drives, portable
hard drive or even CD and floppy disks, make sure you scan the drive before
opening or copying any files from it. Try to avoid 'plug-and-go' and always
remember to scan first before opening any files, including any pen drives from
a student who may need your help.

6. Don't execute programs or files you find on the internet without

checking them.

Newsgroup postings often contain attachments of various types; executing a

program from an anonymous newsgroup poster or by visiting an unknown
website is not safe, check the downloaded files carefully before running them.

Chat rooms and messenger applications (such as Windows Live Messenger and
AOL messenger) are another big source of virus infection; some users like to
send pictures and other files back and forth, and it's relatively easy to infect a
file to be sent in this way.

Do not use peer-to-peer (P2P) programs (such as Kazaa, Bit torrent etc) for
downloading music, software, or other files. If you must download files from
the Internet, use trusted sources and reliable Web sites that actually check
their files for viruses before they post them for downloading. You should not
download files of this nature to university computers or to your home directory
or departmental shared areas.

Software should always be obtained from Information Systems, this means

that we can provide reliable software which is free from viruses and also
ensure that the University is using licensed software only.

7. Golden Rule - Back up your files

Always remember to back up your important work files to another safe place,
preferably your home directory or departmental shared area. This means that
your lifes work isnt wiped out by one virus attack.

Version 1.0 Page 8 of 8