034: How can I protect myself from computer viruses and other malware?
Computer viruses, trojans, worms, spyware, rootkits and other kinds of destructive software are generally referred to as "malware" -- malicious software that you do not want to have on your computer. There are many ways for your computer to be attacked and, likewise, several good ways to protect yourself. All must be used for best security:
1. Perform regular software updates. Keep your operating system and application software current. As attackers discover and exploit security flaws in software, vendors create and release updates, patches, and new versions of their programs in response. Many software companies offer automatic security updates and patches. Perhaps the most well-known is Microsoft, which has built an automatic updating component into Windows and other Microsoft programs. Depending on the version of Windows you are using, you may manually update the operating system by clicking these links and following the on-screen instructions:
Start > Windows Update or Start > All Programs > Windows Update
Mac OS X will offer to update itself, and its native applications, on a regular basis. To perform a manual update on a Mac, click the Apple logo at the upper-left of your screen, choose "App Store," and click the "Updates" icon at the top of the application.
Linux users have different update systems depending on the distribution used. Linux update managers will update all applications included within the official distribution.
Note that most third-party programs do not update automatically with the operating system, though many programs now notify you when new versions are available. To manually update programs like Adobe Flash, Adobe Reader, or Java, search their menus for an "Update Now" option of some kind. Because these products are so popular, they are often targeted by malware writers. However, any software that hasn't been recently updated is theoretically at risk. (And even recently updated software may be vulnerable -- just not as vulnerable as older software.)
2. Install antivirus software: Install, run, and regularly update your antivirus software. CCIT offers Symantec Endpoint (http://ccit.mines.edu/CCIT-Antivirus) antivirus software for Windows and Mac OS X. It is provided to the Mines community at no charge by CCIT. It may be installed on for school-owned or personally-owned computers, whether they reside on or off campus. Linux users may download and install the free and open source ClamAV antivirus, which is generally part of every Linux distribution, though it may not be installed by default.
3. Install antimalware software: Consider downloading and installing third-party "malware" or "malicious software" monitoring and removal tools. Such tools tend to target not viruses, but other kinds of malware attacks that antivirus programs miss. For Windows computers (by far the most popular target of malware writers), good choices for personal protection include software such as Malwarebytes Anti-Malware (http://www.malwarebytes.org) and Spybot Search and Destroy (http://www.safer-networking.org). Please note that these programs are not licensed by Mines and while they provide free versions for private, non-commercial use, their license terms may change without notice.
4. Use a firewall. Most operating systems now have a built-in, pre-configured firewall. If it is off by default, turn it on. In most cases, that is sufficient. Advanced users may wish to explore and customize their firewall settings.
5. Be aware of scams. Remain vigilant when reading email and surfing the web. If it sounds too good to be true, it probably is. If you are asked for personal information or passwords -- especially by someone you don't know personally -- be extremely wary. Do not respond to such "phishing" or "social engineering" attempts (as they are known) and hang up on callers seeking such information.
Similarly, you should be careful when downloading an emailed attachment unless you are expecting it, even when it seems to come from someone you know. Viruses and hackers can harvest information from address books or contact lists and use it to propagate malware or engage in phishing attempts. If you receive an unexpected attachment from a trusted source, consider calling the sender or sending them a new email (not a response to the original) to make sure they intended to send you the attachment.
CCIT checks incoming and outgoing email for viruses. But if you are unsure about an email you have received, have questions about security, or think you might have an infected computer please submit a support request to the Mines Help Center "Helpdesk" (http://helpdesk.mines.edu).