Frequently Asked Questions - Security & Policies
1) How do I protect myself from computer viruses?
- Install anti-virus software on your computer (Students - please click on this link for further information)
- Update your virus definitions regularly
- New virus definitions are released almost every day. By updating your virus definitions the risks of becoming infected is greatly reduced
- Use good judgment when opening strange or unexpected email attachments and/or files
- Never open an email attachment from someone you don’t know.
- It is a good practice to check with a known user if you receive an attachment from them that you were not expecting. (Don’t assume that it is legit!)
- The type of attachment can also be a tip that something is not right. If you get an email attachment that has two periods in it i.e. .txt.doc, .xls.exe, or any combination of file extensions, DO NOT OPEN IT!!! To find out the real name of an attachment, right click on it and choose “properties”. If the file has an .exe, .vbs, .com, .cmd, .pif or .lnk extension, do not open it UNLESS you were expecting it or it was sent by a known (trusted) user AND you have confirmed that they meant to send it to you.
- Backup your data
- The original file that has become infected and/or was destroyed can be restored if you have it backed up.
2) What should I know about securing my personal computer?
- The following computer security tips are recommended best practices:
- Use strong passwords. Choose passwords that are difficult or impossible to guess but easy to remember. Give different passwords to all accounts. See Choosing Good Passwords for additional help.
- Make regular backups of critical data. Backups should be made at least once each day. Larger organizations should perform a full backup weekly and an incremental backup every day. At least once a month the backup should be verified. (In other words restore something from the backup.)
- Use virus protection software. That means three things:
- having it on your computer in the first place
- checking daily for new virus signature updates
- actually scanning all the files in your computer periodically (once a week).
- Use a personal firewall as a gatekeeper between your computer and the Internet. Firewalls can be either hardware or software. In most instances for home use the software firewall should be sufficient. Firewalls are very important for computers that access the Internet via DSL and cable modem connections, but they are also valuable for those who still use dial-up.
- Do not keep computers online when not in use. Either shut them off or physically disconnect them from the Internet connection.
- Do not open email attachments from strangers, regardless of how enticing the subject line or attachment may seem. Be suspicious of an unexpected email attachment from someone you do know because it may have been sent without that person’s knowledge from an infected machine.
- Regularly download security patches from you software vendors. These include but are not limited to your OS (operating system) and office products.
- Do not use older OS’s such as Windows 95 or 98, there are a great many vulnerabilities in these operating systems and Microsoft does not support them anymore, which means you cannot get fixes and updates for them.
- Be wise about cookies. Some web sites require that your computer accept cookies before allowing access, but these little programs can reveal a great deal of information about you. Compromise is the key, disable cookies and only enable them when necessary to visit a web site you really need to see.
- If you use Windows and share files with other Windows users (remember this is against UVA-Wise policy and could result in denial of network privileges), be sure your computer’s permission settings require them to enter a username and password before gaining access. Without this safeguard practically anyone can tamper with your disk drive (with or without your knowledge).
3) How do I know if my computer has been compromised?
- If your computer and/or programs running on it are behaving unexpectedly or out of the ordinary.
- An indicator that your computer may be infected and/or is under attack is if the computer’s speed suddenly becomes very slow and sluggish. Your awareness of this performance change is important. It is recommended that you use antivirus software, keep the definitions up-to-date, and scan your computer frequently so that you may be advised of infections and attacks. (Please note that the best antivirus software will not catch 100% of all viruses/attacks. You may want to use more than one method of identifying malicious activity such as Spybot, Adaware, etc…A word of caution, don’t go overboard.)
- One way to identify suspicious behavior on your computer is to look for files and/or programs that you did not install.
- If a program runs or opens by itself (but it didn’t use to do so), you may be infected with a Trojan horse.
- If you think that your computer has been compromised get assistance immediately
- Faculty and Staff should get in contact with the Technical Assistance Center (TAC) in 110 Darden or at extension 4509.
- Students may either call TAC at extension 4509 or seek outside assistance. (If your computer is compromised and it is identified during a routine scan of the network you risk having your port disabled and a possible reconnection fee. See the Student Computing Handbook for more information.)
4) Can I connect my game system or play PC games on the College network?
The Office of information Technology does not explicitly prohibit the use of campus network resources for student gaming purposes; however we do not actively support (ie. fix problems) gaming across the network and/or the Internet. For network security, requested changes to our network system to support gaming will not be accommodated. In the future, if gaming causes a problem for other users on our network, UVa-Wise reserves the right to block this gaming traffic without notice.
5) What should I know about creating a good password?
- Literally thousands of computers are compromised each year due to weak or non-existent passwords. The following is a list of some of the things not to do:
- Write down a password on a sticky note or piece of paper and place it near your computer. (This includes the center drawer in your desk, the sliding shelf in your desk, the monitor, under the keyboard, etc.)
- Use a word found in the dictionary. That includes foreign dictionaries.
- Use a word from a dictionary followed by a couple of numbers.
- Use the names of spouses, children, friends, enemies, relatives, pets, or other common items.
- Use dates such as anniversaries, birthdays, christenings, etc.
- Share you password with someone (anyone) else
- Use the same password for more than one account, and for an extended period of time.
- Use the default password provided by the vendor.
- Why would this be a problem?
- Passwords are one of the first lines of defense in the protection of computer systems. Most computer users don’t recognize the importance of using strong passwords, especially when they can be very complicated and hard to remember. In fact, the more complicated and hard to remember the password is the better the protection. One of the first things that a hacker will attempt to do against a system is to run a program that will attempt to guess the correct password. These programs can be very simple or very sophisticated. Most of the programs begin with the simple things like words from a dictionary and not just English dictionaries; they usually include dictionaries from several different languages. For information on how to create a good, strong password see Choosing a Good Password.
- Understanding human weaknesses and/or failings makes a hackers job that much easier. One of our major weaknesses is the reluctance to remember several long and/or difficult passwords. Hence the likelihood that the same password will be use for several accounts is very high. It is also very likely that the password will be used for a long period of time, allowing the hacker a greater length of time to access the system. Any password can be cracked given enough time; therefore passwords should be changed at least every 60 days.
6) How do I know if I am on a “secure” Web page?
- There are a couple of things you can look for to ensure that you are on a “secure” web page.
- Look for a closed padlock symbol in the lower right corner of the Internet Explorer 4.0 or greater window or in the lower left corner of the Netscape 4.0 or greater window.
- If there is an s on the end of the “http” (making it https) in the address line. Such as https://ibank.amsouth.com/
Never give personal information on a Web site that you cannot verify is secure and even then proceed with caution. Identity theft is rampant and we don’t want you to be the next victim. Protect yourself and what you have worked to achieve.
7) What campus policies, procedures and/or guidelines should I be aware of?
- Most of our existing policies, procedures and/or guidelines can be found on this web site under the Computing Policies and Guidelines section and under the Secure Computing section.
- Be aware that work is ongoing to create and update our policies, procedures and guidelines and the most up-to-date information can be found on our web pages.
8) What constitutes harassing or inappropriate e-mail, and what can I do about it?
- Examples of inappropriate e-mail include but are not limited to, SPAM, pyramid schemes, mass-mailings, marketing one or more products or services, and chain letters. Harassing e-mail messages include messages that offend, intimidate or threaten an individual or group.
- These should be reported immediately to firstname.lastname@example.org.
9) How do spammers get my name and how can I protect myself?
Free services. Many Web sites carry paid advertising as a way to generate revenue. But many web-based services also require that you register, by supplying your name and e-mail address, before you can use their “free” services. Selling the information they collect is part of their business plan. And guess who buys that information? (The correct answer is “spammers”).
Newsgroups. Think twice before posting to a newsgroup. Spammers often release information-gathering programs called “bots” to collect the names and e-mail addresses of people who post to specific newsgroups. Bots can get this information from both recent and old posts. And, since many newsgroups are special-interest communities, spammers can learn what you’re interested in—which makes you a better target for spam.
How to protect yourself:
Never reply to a spammer. Replying to spam—no matter how good the offer sounds—will guarantee that you get more spam, because you’ve shown yourself as susceptible. Also ignore any offer to “click here to be removed from our list.” All your request does is tell the spammer the message arrived and that a live person is reading the mail at that address. Any response increases your value to list-sellers.
Use filters. Every e-mail program has some sort of built-in filtering system. Check your client’s online help section for info on setting up filters. Filters aren’t perfect, though, because you have to enter the spammer’s e-mail address, and the addresses change often and are commonly disguised. Another good use for filters: blocking messages from one person who keeps sending you unwanted (but not spam) messages.
How to complain
Be sure to include the expanded header when you forward a message. The expanded header identifies every computer that handled the message before it arrived at your in-box. We need this information to determine the origin of the message. Every e-mail client has its own way to expand headers; click the online help section to learn more.
In Eudora, for example, select the message by double-clicking on it in the inbox, then click on the button that says “blah blah blah” to expand the header.
10) How can I automatically delete/clear private data when exiting Mozilla Firefox?
To automatically clear private data in Mozilla Firefox:
1. Open Firefox.
2. Select Tools from the toolbar.
3. Select Options from the pull-down menu.
4. Select the Privacy Tab.
5. Click on the checkbox, to put a check mark, under Private Data section: “Always clear my private data when I close Firefox”.
6. Click on the Settings… box.
7. Make sure that all of the checkboxes are selected with checks.
8. Click OK.
9. Click OK.
10. Every time you close Firefox you will prompted to “Clear Private Data Now”.