Safe Computing

 Recent Safe Computing Bulletins

You should always...

  • ... update your anti-virus/malware system every day
  • ... keep your subscription fully up-to-date if you are paying for a commercial anti-virus/malware system.
  • ... remember that whatever Anti-virus/malware system you use, it is not up to date unless it provides protection against current versions of malware and viruses.

The basic security threat...

  • ... you can trigger or allow a virus or malware infection into your computer even if you never open an email or attachment
Stay safe. Why not join our Safe Computing Mailing List now? Then we can tell you when you might need to take action in response to a malware threat.

Am I already in trouble?

If your machine is infected or compromised it will probably start behaving strangely - working very slowly, frequently restarting, launching unexpected web pages, or just not working at all - in such a case, the only answer may be to clear down and rebuild the system from scratch. With good 'Safe Computing' practices in place, you ought to be able to avoid this.

New Computers...

Before you connect a new computer to the Internet make sure that it's properly protected using the advice contained in this CERT TechTip article

Now watch this short video...

This short video '5 tips for staying safe on the web' from Google covers all the basic issues you need to be aware of, including password choice and security; updating software; avoiding suspicious websites; malicious remote scanning of your computer. So even if you don't want to read the rest of this page at the moment, why not watch it now!
 

Thanks to: Google security pages

What to do to be safe

We (in common with the UK Government) very strongly recommend that you to do the things mentioned below to ensure 'Safe Computing'.

If you follow our advice thoroughly, you will be safe - but doing just one or two of them isn't enough:

Do this now... Because...
This will insulate your computer from malicious access to and from the Internet. The built-in Windows firewall is not adequate for full protection as it only works against incoming threats.
This will trap malicious incoming email and web-borne and other dangers at the point of entry
This will keep your operating system in good shape and replace any system program modules that have been found to be vulnerable
Websites can inject malicious programs which slow your system and can intrude on your privacy and even steal passwords. Spyware checkers can monitor and prevent incursions
Microsoft's built in Web Browser and email client are integrated with the operating system - and browser and mail client vulnerabilities can bring bad consequences. You can use an alternative browser for most websites. Any Browser can introduce a vulnerability, so having more than one installed lets you make a choice of which to use in different circumstances.
A sensible precaution - but often neglected
  • Update all installed software to the latest version
 Any software you have installed may be vulnerable to attack - if you have any of these items, update to the latest version (Use [Help][About] to check the current version of any program) The free of charge Secunia Personal Software Inspector will be able to detect out of date third-party (non-Microsoft) software on your PC by checking versions installed locally against a database of vulnerabilities.
  • Avoid acting on malicious and 'Phishing' emails and safeguard your on-line identity. And beware of what you do on Social Networks
 Malicious emails can try and tempt you into opening a web page designed to steal your personal details or install software that will subvert or damage your machine. Try taking a test now to see whether you can recognise a 'phishy' email!

If you join Social Networking sites including those such as 'Facebook', 'MySpace', 'BeBo', 'Friends Reunited', 'Plaxo', 'Linked-In' and others, be very careful how much information you reveal about yourself. Malicious people can use this information to build up a profile of you to use as part of an attempt to steal your identity and use it to commit criminal acts in your name. (read Sophos's advice on this and see also advice from the UK Government's 'Get Safe Online' advisory site.)

Keep a weather eye on our 'Breaking News' section.

Join our Mailing List now so that we can tell you by email bulletin when to take action in response to a security issue. Our advice can help you to be safe.

People can 'see you' on the Internet

When your computer is attached to the Internet, it is always to some extent 'visible to the world'. If it wasn't, you wouldn't be able to use it to navigate the internet. When you receive an email or look at website or download a file, your computer is potentially exposed to the risk of picking up a computer malware/virus or an attempt by malicious people to subvert it.

Contrary to popular belief, you don't have to open an email or activate a file attached to an email to trigger an "infection". Just being online and working 'normally' is enough.

Modern 'Spyware' presents its own new and growing threat to your security.

Protect yourself

The good news is that you can protect yourself effectively against all or many of these threats, but it requires pro-active work on your part to make sure that your system stays secure.

Unfortunately, and as you will almost certainly have read in the press, there are malign people in the computing world who are continually trying to compromise and vandalise personal computers. Sometimes they succeed, and the result is likely to be a computer that doesn't work and which has to be reinstalled from scratch. In such a case, you may well lose all the work you had done on the computer - which would seriously affect your ability to study with the Open University. It might even adversely affect your business if you use your computer to help you run it.

Whilst we don't want to alarm you unnecessarily, here are some practical steps you can take now to safeguard your computer. Join our Email notification service now and we'll do our best to keep you up to date as we are notified of situations that arise.

Breaking News
We recommend that you keep a weather eye on our 'Breaking News' section here.

Join our Mailing List now so that we can tell you when to take action in response to a security issue. Our advice can help you to be safe.

1. Install a personal firewall >Top<

When properly installed and configured, a personal firewall will keep many potential Internet intruders at bay (though not all - you must also install and keep up-to-date an Anti-Malware system and keep your Operating System updated as described below).

A number of Personal Firewalls are very effective and easy to set up (even if you are not technically-minded). You may use a computer at home with a Broadband 'Router' with a built in firewall, but it may still be worth installing a software firewall on each machine you operate. If you have more than one machine, an infected system can locate and infect another system inside the firewalled area. Threats don't just come from the outside world, they could be on your own local home network too.

Firewalls can protect your system from incoming threats, but they may not detect the situation where yuor own computer becomes infected and starts transmitting outbound data that is malicious. A bi-directional firewall like Zone Alarm can detect and prevent this.

Windows Vista and Windows 7 has a rather better firewall environment than the older Windows XP, so if you are using the older version, it is probably worth installing a Third Party bi-directional firewall which provides more thorough protection. If you use a mobile computer which connects to the internet via hotspots or other methods, it's worth have some extra protection.

Free Firewall Links:   Here are some links to websites from which you can download a personal firewall for domestic use without having to pay anything.

2. Install an effective Anti-virus system >Top<

You will have heard a lot about computer viruses.

 The University maintains an Anti-virus advice and resources web page at:

However, your first and simplest priority is simply to install (and keep up to date) an effective anti-virus system. You don't have to understand a lot of technical detail. We have listed some useful anti-virus suppliers and options on our Resources Page.

The University's recommendations for staff and students are described on the http://antivirus.open.ac.uk/ website. You must install Anti-virus software, and, ensure that it is updated regularly.  New virus threats arrive at a rate of between 1 and 3 a week , sometimes more often, and each requires that you install an update. If you are not protected, you run a serious risk of being affected, and passing the virus onto others without realising it. The most recent virus threats are shown on our Bulletins page - there may well have been one or two announced today.

  • You must update your anti-virus system regularly - every day if you can as soon as you logon. If you pay for your anti-virus service, it won't work if the license has expired - make sure that your subscription is up-to-date.

  • Some viruses and worms attempt to disable your anti-virus system - make sure that the activity indicator in the taskbar shows that it is working properly.

Free Anti-virus systems

There are many suppliers of Anti-virus systems. You cannot assume that a free service will find and fix all the most recent viruses. Your supplier will explain how to keep it up to date. If you pay for a service like Norton Anti-Virus, you must remember to renew your subscription each year, otherwise it will stop protecting you when it runs out.

(Please note that we cannot offer any warranty that a third party supplier can offer the services you need -and we cannot take responsibility for or advise on any act or omission of a third party supplier)

Virus and Malware Removal

If your computer is affected by a virus/malware infection, it can be difficult to remove it. There are no hard and fast rules, but the site below gives some practical advice:

Virus Hoaxes

You might sometimes get a scary email message from a friend or member of your family warning you about a virus in circulation. In many cases this will be a hoax message or 'Urban Legend'. These usually circulate in a 'Chain Letter' format. They are designed to create fear and uncertainty and to waste your time.

The Symantec Virus Hoaxes web page and the Hoaxbusters site contains some good examples. Searching on Google for some text copied from the body of the suspect email will quickly reveal whether an unnerving email about an apparently alarming virus threat is really a hoax.

3. Keep your Operating System and programs up to date >Top<

The 'Operating System' (OS) in your computer is what makes it work. Microsoft's 'Windows' is an 'Operating System'. (Here's a link to a useful article which describes what an OS does in more detail). No OS is perfect, and from time time vulnerabilities are found - which have to be patched with system updates. Some of them are very serious and if would provide a path into your computer for a malicious program.

Microsoft provides a System Update website. You can visit this now to check whether your computer's OS is up to date and free from known vulnerabilities. It is located at:

You should also look at these sites which contain additional tools and advice:

If you are an advanced user - or looking after a small business computer system you might also like to know about the Windows Security Analyser tool

When you visit the System Update website (using Internet Explorer), a small program will be installed which checks your computer against all the latest updates and patches for that system. It will work out what OS updates are missing and offer them to you. Some updates may be quite big and will take a long time to download - but it is better to do this now and get your computer updated properly, than to spend even more time later repairing the system if it becomes damaged.

We use this site to update our own computers and it is the procedure recommended by Microsoft. However if an update causes a problem for your computer, it's a matter to take up with Microsoft rather than us. Windows contains an excellent 'rollback' feature which allows you to undo system update changes through either the Control Panel 'Add Remove Programs' dialogue or [Start][Programs][Accessories][System Tools][System Restore].

You also need to make sure that your other software is up-to-date. If you use Microsoft software such as Microsoft Office (Word, Excel, Powerpoint), you can check that it is up to date and safe to use at:

This works in the same way as the OS Updates - special software on the website scans your computer's hard disk and proposes appropriate software updates. It doesn't cost anything beyond the cost of the connection phone call to the internet.

If you use other software like Real Player, Acrobat, QuickTime, Zone Alarm and others, you may want to visit the website operated by the software maker which will let you know about what updates are available. The free of charge Secunia Personal Software Inspector will be able to detect out of date third-party (non-Microsoft) software on your PC by checking versions installed locally against a database of vulnerabilities.

Join our Mailing List so that you can be told automatically when you need to take some action in response to a newly announced security issue on software you may be using. We will include details in our own bulletins for reference.

4. Backup important files >Top<

Your computer can go wrong - a Hard Disk may fail or 'crash'. You may delete a file or folder by accident.

To safeguard yourself, you can copy the files that you are working on to floppy disks, a ZIP or similar drive, a Pen drive or a CD (if you have one) from time to time. All versions of Microsoft Windows XP also contain a built-in backup program which will work through nominated folders on your hard disk and make copies to another medium. It's worth looking at this.

Windows XP Home doesn't have a Backup option installed by default - but you can get advice on how to do this from Microsoft's website.

You can find out more about the backup system on your own PC by using the command [Start][Help] and then searching for the word 'backup' in the index.

5. Email Security  >Top<

Phishing and malicious email
We all accept email as being a valid form of communication - but it's very easy for someone malicious to send an email pretending to be from someone you know - when it's not from them at all. A false or 'phishing' email may contain some kind of payload which can damage your machine or try and tempt you to reveal personal banking account details. Try taking a test now to see whether you can recognise a 'phishy' email!

Digital signatures
Much of the SPAM that's on the internet works like this. Although it's not used universally. you can obtain a 'digital Signature' for your email - you apply this to your email program, and from then on, emails from you are marked as valid - and your own colleagues and friends can then rely on them. This is done using a 'Digital Certificate'. One of our staff here has prepared a briefing page which explains how these work and how to set one up for yourself.

Finally - Being secure means being aware - and being proactive about security at all times. If you don't, there's a very real danger that a malign program from the internet will damage your work and your computer. Taking the precautions set out above will reduce the risk to a minimum, and ensure that your use of the computer is trouble-free. Join our Mailing List now so that you can be told automatically when you need to take some action in response to a newly announced security issue. If you want to alert others to these issues, you can also download our PDF 'Flyer' on Safe Computing

safecomputing.pdf