Don't Be Insecure About Your Computer: How to Keep Your Computer Safe (Hypertext Student Newsletter)

\t\t\tThis story was originally published in the Spring 2005 edition of the Hypertext quarterly student newsletter. Go to http://scg.ucdavis.edu/hypertext/2004spring.pdf to view a downloadable PDF of the entire newsletter.

An onslaught of viruses and other security threats continues to damage countless computers on the UC Davis network. The campus continues its efforts to thwart viruses, worms, hackers, and spam; in fact, the latest edition of Norton AntiVirus software was recently made available as a free download to students via the MyUCDavis Web portal. However, it is ultimately up to you to safeguard your computer against the latest wave of malicious attacks. We've outlined some of the most common ways in which your computer can be compromised and what you can do to prevent this from happening to you.

EMAIL ATTACHMENTS
What's the problem? Nearly all of us have been receiving hordes of virus-laden email attachments lately. Although the campus email servers automatically filter any known viruses from your email, that doesn't account for new viruses yet unknown by the filter. Email viruses are especially frustrating because they often (inadvertently) come from people you know. Some infected
attachments could bring your whole system down by causing a harddrive crash; others are designed to gnaw their way into flaws in your operating system, thus opening a port for hackers to invade your system and inflict serious damage.

How do I minimize the risks?

  • Update your anti-virus software daily. It will prevent a majority of infected attachments from reaching your inbox.
  • Keep your computer updated with current security patches, since infected email attachments may attempt to exploit vulnerabilities. Windows users can do this by visiting windowsupdate.microsoft.com or by going to the Control Panel and setting up automatic updates. Mac OSX users can use the "Software Update" tool in the System Preferences to manually or automatically schedule updates.
  • Don't open attachments unless you are certain of the sender and the contents of the attachment.

WIRELESS
What's the problem? Wireless networks are sprouting up everywhere, including select areas on campus and nearly every coffee shop in Davis. But because wireless access points don't require a user to plug into a port, the networks are often more difficult to monitor and secure. If you're buying things online or logging on to Internet applications, it's a lot easier for someone to record your keystrokes and get a hold of your personal info, especially at some off-campus locations, where a username and password are not required.

How do I minimize the risks?
  • Restrict your online shopping to wired connections or to encrypted Web browser sessions (indicated by a padlock icon in the bottom corner of the window). Don't open programs that contain personal information when on a wireless network. In fact, don't keep your Social Security number, driver's license number or bank account numbers anywhere on your computer, period.
  • Use anti-virus software and be sure to update it frequently. You should also install the latest security patches on your operating system. Other computers sharing the wireless connection could be infected or compromised and may attempt to spread virus infections or hack into other computers.
  • Disable file sharing so that others can't help themselves to files on your computer.
  • Check out campus wireless resources at wireless.ucdavis.edu.

FILE SHARING
What's the problem? In addition to breaking copyright laws and putting yourself at risk for a lawsuit, swapping music, movies,
and games over a peer-to-peer network opens the door to identity theft. This is because spyware??'software that gathers personal information about you without your knowledge???allows hackers to access your personal fi les and programs. As if that's not enough to cause concern, you could be infecting your computer with shared files that contain viruses.

How do I minimize the risks?

  • Use anti-virus software and be sure to update it frequently. Also keep your computer updated with current security patches.
  • Use file sharing programs only from sources that you trust. Before downloading files, always scan them first with anti-virus software. Be wary of executable (.exe) files since they install immediately on your computer.
  • Keep yourself informed of copyright laws and policies. Check out the UC's copyright education Web site at www.universityofcalifornia.edu/copyright/.
INSTANT MESSAGING
What's the problem? Viruses can be very easily transmitted via instant messages containing files or links. IM programs, like all software, may also contain bugs and flaws that could damage your system. And because IMs are not encrypted, there is always the possibility that a third party is monitoring your messages.

What can I do about it?

  • If you receive a suspicious link???especially from strangers???or see one in a buddy's profile, don't click on it. Chances are it's infected.
  • Update IM software when the latest versions are released.
  • Do not share identifying information, such as credit card or social security numbers, over IM.
  • Reset your password often.
  • If you're programming-savvy, try using an open-source IM program such as gaim or Fire, which tend to have fewer security flaws.

SHOPPING ONLINE
What's the problem? If the site you're shopping on isn't secure, your credit card or identity information could be obtained by identity thieves. Illegitimate businesses could also sell your personal information to other businesses or spammers.

What can I do about it?

  • Look for the padlock icon in your browser's lower corner indicating the site is encrypted and that your personal information is protected as it moves between your browser and the site's Web server.
  • Look at the URL of the site. In "https://" the 's' means SECURE data transmission.
  • Read the site's privacy policy. Most legitimate businesses promise not to sell your personal info to other vendors. If you can't find the privacy policy consider this as a strong danger signal.
  • Don't buy if they don't offer you a way to print a receipt.
  • Consider how reputable the store is since you are trusting them to safeguard your name and credit card number.

Doing all these things will certainly lower your risk of an attack, but sometimes security mishaps are inevitable. Just in case your files are deleted, it is important to regularly back up important data to a CD or to MySpace (the file-sharing system on MyUCDavis), or to whatever file storage system works for you. You should report security incidents to abuse@ucdavis.edu. For more computer security information, visit security.ucdavis.edu. For computing help, call IT Express at 754-HELP or email them at ithelp@ucdavis.edu.