Security - What You Need to Know

Information on Compromise in Computer Labs

Phishing Scams

Phishing scams involve fake email messages or web pages that mimic well-known, trusted websites.  These online fraud techniques are attempts to trick you, the user,  into revealing personal information, such as credit card numbers, bank account numbers, passwords and other information that can be used for identity theft. 
See examples of phishing schemes, how to detect online fraud and best practices to protect yourself .
Learn more about what students need to know about identity theft.

Spyware and Spam

Spyware refers to software that performs certain tasks on your computer, typically without your consent. This software runs the gamet from innocent but often annoying pop-up advertising windows to the more serious tracking of your online activities and the changing of your computer settings without your permission.
Learn more about spyware symptoms and how you can protect your computer.

It's a good idea to have two anti-spyware programs on your machine. Select any two of these:
Download Microsoft's AntiSpyware (beta)
Download Spybot Search and Destroy
Download Ad-Aware

Spam is defined as junk mail which is an electronic version of advertisements from people you don't know trying to sell you something you don't want. VCU blocks spam on the University mail servers in order to reduce the amount of junk mail that gets delivered to users' mailboxes. See the link below for what you can do to keep your computer and data safe.

Visiting Malicious Websites

Some websites may look legitimate but are actually being used by a remote attacker to download malware to your computer when you visit the website.   Avoid clicking on links contained in e-mail messages you receive unless you are sure the message is legitimate.  Be very careful when browsing the Internet.  If something doesn't look right, it probably isn't.
Steps you can take to identify and protect yourself  from fake website and malicious hyperlinks.

Chat rooms

Chat rooms are online gathering places. They use a protocol named Internet Relay Chat that allows real-time conversations. Chat rooms are used to meet friends, share interests and hobbies, buy and sell items, and study and complete homework projects.
Steps for using this form of communication safely.

Instant Messenger

Instant messaging (IM) is a form of online communication like e-mail. The main difference is that IM is instantaneous. Using an IM program, you and a friend can type messages to each other and see the messages almost immediately .  Unfortunately, viruses and other malware can infect your machine through IM and then spread very quickly by sending copies to everyone on your IM contact list.
Steps to help you avoid IM malware.

Facebooks, blogs, etc.

Facebooks is an online "social network" service that allows students to post personal information and pictures on a profile.   In spite of privacy statements, Facebook sites are free to use the information you provide in any manner they choose.  Your personal information could be forwarded to spammers and data mining sources.   Never use your e-mail password on sites like this since that could compromise access to your e-mail account.

A blog is a website where an individual or a group generates text, photographs, videos, audio files, and/or links, typically on a regular basis.   Be careful not to post sensitive information to blogs since you do not know who will be reading this information.

Basic Rules for Safe Computing

Here are some basic rules for keeping your computer and data safe:

1. Be absolutely sure you have antivirus installed and that the virus signature files are always up-to-date so that your machine is protected against the latest threats. VCU has a site license for Symantec Antivirus software that is available for VCU owned and personally owned computers for all current faculty, staff and students. You can download the Symantec Antivirus Managed Client from the VCU web site. This version will automatically download the virus signature files without any action on your part. It is strongly recommended that you use this managed antivirus program so that your computer has optimal protection against virus infections.
2. Until a centrally administered operating system patch management infrastructure is in place at VCU, it is very important for you to configure your PC to perform automatic updates to Windows. The Automatic Update service will help to ensure that the most critical security patches are installed as they become available. You should check with your local technical support to determine if there is another method for receiving critical updates automatically being used in your area such as via Software Update Service that is available for computers connected to a Windows-based server.
   
   The Microsoft Automatic Update Service is included in Windows 2000 and XP systems and will automatically download and install security patches to your system. Automatic Update is not available for Windows 98 or NT. Windows 95 is no longer supported by Microsoft.
   
   You can get more information about configuring and deploying Microsoft Automatic Updates at:
   How to Configure and Use Automatic Updates in Windows 2000
   How to Configure and Use Automatic Updates for Windows XP
   How to Configure and Use Automatic Updates in Windows Millenium Edition
   
   Operating system patches and updates frequently require that your computer be restarted before they are fully installed. If a restart is needed, Automatic Update will give you the option to restart immediately or to wait until a more convenient time. If you choose to wait, please be sure to restart as soon as possible.
   
   Also be aware that in most cases it is best to shut down your computer when it won't be used for several hours such as at night unless some automatic process like a back-up or scheduled software update must run in your absence.
3. Use strong, hard-to-guess passwords on all your accounts, and don't use the same password for multiple systems or applications. See Use Strong Passwords for further information.
4. Install a personal firewall on your computer. A firewall will help stop intruders from the Internet from breaking into your computer. VCU has site licensed Symantec Client Security for all current faculty, staff and students to install on VCU owned and personally owned computers. This program, which will be available for download from the VCU downloads website during the summer of 2004, includes integrated managed antivirus, personal firewall and intrusion detection system. With this program installed on your computer, you will have an enhanced level of protection from intrusions and attacks aimed at your machine.
5. Be suspicious about email and email attachments, and do not open an attachment that comes in an email message unless you have asked somebody to send it to you. The VCU email system blocks attachments that could contain viruses or other malicious threats, but you still need to be careful in your handling of email. Malicious worms have been known to use other methods besides email attachments to deliver payloads of infection and propagation. It is possible for an email message to contain a link that will redirect your web browser to a site where the worm's components are downloaded to your computer. Never click on a link that appears suspicious.
6. Be sure you back up your important data. Get in the habit of always making back up copies of your term papers and other important data to ensure that you have these files if your computer fails. You can use CD-RWs (Compact Discs to which you can write or burn data using a CD-RW drive) or USB flash drives to make backups of your files.

Use Strong Passwords

Using strong passwords is one of the most important actions you can take to protect your computer and data. Here are some recommendations to follow.

How to Avoid Viruses and Other Malware

The best way to avoid viruses and other malware is to be sure you have an antivirus program installed on your computer and always keep the virus signature files up-to-date so that your computer can fend off the latest attacks.

VCU has a site license for Symantec Antivirus software that is available for VCU owned and personally owned computers for all current faculty, staff and students. You can download the Symantec Antivirus Managed Client from the VCU web site. This version will automatically download the virus signature files without any action on your part. It is strongly recommended that you use this managed antivirus program so that your computer has optimal protection against virus infections.

How to Handle Dangerous Email

Be suspicious about email and email attachments, and do not open an attachment that comes in an email message unless you have asked somebody to send it to you. The VCU email system blocks attachments that could contain viruses or other malicious threats, but you still need to be careful in your handling of email. Malicious worms have been known to use other methods besides email attachments to deliver payloads of infection and propagation. It is possible for an email message to contain a link that will redirect your web browser to a site where the worm's components are downloaded to your computer. Never click on a link that appears suspicious.

Copyright Violations

A series of court rulings has made it clear that it is against the law to upload and download copyrighted works such as music and movies without permission. The courts have ruled that Peer-to-Peer (P2P) and other unauthorized uploading and downloading of sound recordings, pictures, software or written text inherently amount to copyright infringement and therefore constitute a crime. The punishment for this crime can be very stiff.

Here are some examples of copyright violations:

• Someone emails you a copy of a copyrighted song and you then email copies to all of your friends
• You make an MP3 copy of a song from a CD that expressly permits you to do so, but then you put your MP3 copy on the Internet via a file sharing network and now millions of people can download it.
• You join a file sharing network and download unauthorized copies of all the copyrighted music you want for free from other network members.
• You share copyrighted music using an instant messaging service.
• You use your CD burner to make CD copies of music you have downloaded and distribute these CDs to your friends.

Here are a few tips from record labels on how to enjoy music while respecting rights of others in the digital world.

• It is okay to download music from sites authorized by the owners of the copyrighted music whether or not the site charges for the music.
• It is never okay to download unauthorized music from pirate sites or peer-to-peer systems. Examples of peer-to-peer systems that make unauthorized music available for download include Kazaa, Grokster, Gnutella, WinMX, LimeWire, Bearshare, Aimster and Morpheus.
• It is acceptable to copy music onto an analog cassette, special audio CD-Rs, minidisk and digital tapes (because royalties have been paid on them) but not for commercial purposes
• Transferring a copy of your music CD onto your computer hard drive or your portable music player is okay as long as the copy is made from an authorized original CD that you legitimately own and the copy is just for your personal use. It is illegal to give away the copy or lend it to others for copying.

P2P - Spread of Malware

Users of Peer-to-Peer (P2P) systems are prime targets and/or launching points for malicious hacker attacks simply because these networks require downloading and sharing of electronic files or programs.  Spyware, adware programs and other malware are frequently bundled into P2P file-sharing software and attached to the files that are shared. These programs infect your computer, collect personal information for marketers and provide access to your computer by malicious hackers. Besides being a legal problem, P2P can be very dangerous for the health of your computer and should be avoided completely.