Web Security & Virus Protection are two big issues that puzzle all Internet Users.
On this page I will present some tricks and hints, that will help you avoid unwelcome
visits in your computer.
Many operating systems use a password mechanism to control access to computers.
Each user has a login and a password, and whenever he wished to enter a computer,
he needs to enter his password. When information is extremely sensitive, we might
simply not allow to access it through the network. It is always easier to break
through network security than to break into an isolated computer. Back to top
Sometimes we need to protect a certain file, so that it won't be available to all.
Some operating systems provide such protection, like in unix, a user can decide
who can view a file, and who can't, and who can Write to it, or execute it,
and one could always use a program to encrypt the File. When encrypting the file,
we save a scrambled version of it, and then only the ones that are allowed to read
the file can decrypt it. The simplest use of encryption needs a key. The encryption
program produces a new file, given the original file, and the key. Back to top
When we need to send a mail message or a file through the network, we need to be sure
that only the intended receiver will be able to read it. Because most network won't
guarantee that fact, the messages are usually encrypted. But the Encryption scheme
described before, is not suitable now. We need to use a key, but we cannot transmit
the key to the receiver, because the transmission isn't safe... So we need to know
in advance the key that is used, in order to deccrypt the message. Back to top
Another problem with networks, is that we are never sure who sent us a message.
It's very easy to write a message pretending to be someone else. A technique called
a Digital Signature was developed for that. The sender 'signs' his message, using
a key that only he knows. The receiver can then decrypt the signature, just like
a regular encrypted message. Again, we usually use a private/public key combination.
A signature can only be signed using a private key, and can be decrypted using
a public key. In that way, the receiver can be sure as to who sent the message.
To ensure authentication and privacy, we can use a digital signature and then
encrypt the message. The receiver will need to both decrypt the message using the
public key of the sender, and then to authenticate, he'll use his own private key. Back to top
A computer virus is a computer program, written by someone with mischievous
or malicious intent. It usually has two functions:
To reproduce itself so that it spreads
To do some sort of trick, which may vary, from displaying a silly message on
startup, to causing serious damage to your files and your computer. The trick
may not happen as soon as you acquire the virus, many viruses are written to be
activated on particular dates or after a particular length of time, so that
they have time to reproduce before they are noticed.
The word "virus" is also often used to describe other sorts of program
designed to cause damage, such as Trojan Horses and worms. The protective
measures needed, and the symptoms, are similar for all these different types of
hazard.
The commonest type of virus some years ago was the "boot sector virus",
which affected PCs but not Macintosh, and was acquired by starting up the
machine with an infected floppy disk in the drive. File-based viruses affected
both PCs and Macs and were triggered by executing an infected file, perhaps
downloaded from another system or imported on a floppy disk.
Macro viruses first appeared in about 1997 and can affect both PCs and Macs. They
attach themselves to Word and Excel documents and propagate very readily when
such files are passed around from machine to machine.
The latest type of virus is the e-mail virus, which propagates by attaching itself
to e-mail messages you send out or in some cases by sending e-mail messages to
addresses taken from your address book. You cannot acquire this sort of virus
simply by reading the e-mail message, the virus is triggered when you open, usually
by clicking on it, the attachment which arrives with the message. Back to top
New computer viruses continue to circulate and to present a real danger to individuals'
computer systems and files. It is vital that every user take steps to protect
themselves and their systems; if you fail to do this you are risking not only
your own work but that of your colleagues.
When you receive a virus
warning not coming from the Computing Service or from your local technical
support staff, always check it with them and leave them to circulate it if
appropriate. The result of hoax warnings is that many users are quite
unnecessarily worried some users, however, assume all warnings to be hoaxes
and are therefore not worried enough.
It is also worth noting that much more data loss is caused by human error
and computer breakdown than by viruses. Regular backups help to protect against
these hazards as well as helping with recovery from a virus infection.
Back to top
Ensure that you have up-to-date virus protection software on your system.
Don't accept and use unsolicited floppy disks or CDs.
Don't run programs or open Word / Excel documents whose origin you don't know.
Don't open any e-mail attachment you are not expecting to receive, even
if it appears to come from a friend. You cannot in general acquire a virus
just by reading the main text of a mail message.
If you are doubtful about a disk, file or attachment, but think it may contain
something you want, you can check it using your anti-virus software - this
is not however fullproof since the virus writers do their best to keep one
jump ahead of the anti-virus experts.
Some protection against macro viruses is offered by turning off macro execution.
If you never need to execute macros in Word or Excel, then you should keep
the SHIFT key down when opening a document. There is also an option in some
versions of Word to warn when a document contains macros, in most versions
you can find this on the Tools / Options page.
If in doubt about any of the above, consult your Computer Officer or
network administrator.
Maintain regular backups of all important material on your computer, in
case you ever need to recover from a major virus infection or any other
disaster.
Users of Departmental computer facilities normally assume that virus protection
is being provided by the administrators of the network. This protection can usually
be expected to detect most virus infections before they can do any damage. However,
the attack is always a little ahead of the defence, and you should still be careful
about files and mail attachments you receive, as advised above.
Some users of individual machines attached to the network, will find that their
anti-virus software is being automatically updated as required from the central
server whenever they log in. Where this is technically feasible it clearly has
great advantages, consult your Computer Officer or network administrator to see
whether this happens in your institution. The Computing Service can advise Computer
Officers on ways to automate this process.
Users who do not have this facility, including users of home computers, need
to take care of their own virus protection, and to keep it up to date.
Back to top
Hoax e-mail messages about viruses are extremely common. Messages which suggest
that just reading an e-mail message, rather than opening an attachment, can trash
your hard disk, your BIOS and your life are hoaxes, as are messages which say
"Please send this e-mail to as many people as possible". (Please don't!)
If you receive virus warning messages which don't come from a known expert,
the best response is to consult your Computer Officer if you have any doubts.
Back to top
There are thousands of viruses in circulation, each with its own mode of attack.
Many virus infections result only in inconvenience and loss of time, a virus infection
does not necessarily mean you are going to lose important files or damage your
computer.
If your computer begins to bleep without reason, to lock up, or to display
bizarre messages, or your Word documents become corrupt or contain text you
didn't type, these effects may be symptoms of a virus infection, although they
can also arise for a host of other reasons. On the other hand, some viruses
just spread themselves through your files with no outward sign. The only way
to discover whether you have a virus is to scan your system with an up-to-date
version of anti-virus software.
If you think you have been infected, run a virus scan on your system using the
most up-to-date virus software available. The virus protection software may be
able to remove the virus as well as detecting it. If not, then you need to consult
your Computer Officer who will have the latest information about how to get rid
of the particular virus concerned. If you think that you may have infected other
computers with a virus, by using your files or diskettes in them, you should give
details to the person responsible for the computer system. If possible you should
also try to work out where the virus might have come from and warn the person
responsible for that system.
Back to top
