Viruses and Spyware

What is a Virus?
• A virus can be defined as a computer program that can
reproduce by changing other programs to include a copy of
itself.

• It is a parasite program, needing another program to

survive.

• For our purposes, that program is Microsoft Windows

 How many viruses are out there?

Many.

http://securityresponse.symantec.com/avcenter/vinfodb.html
Yale’s Network
• Our network is particularly vulnerable
Yale’s Network
• We are not a closed corporate network

• We have a federated IT structure

• We have STUDENTS
How is the Library protected?
Norton Antivirus updated daily

Microsoft Security Patches

Norton Antivirus
• Constantly scans system files for viruses.
Does this in “real time”
• New virus definitions are delivered when needed.
 Norton Antivirus
• Norton is REACTIVE not PROACTIVE

• This means that only known viruses can be caught

• There have been several times where something originates here at Yale or at
another university before Norton finds it.

• Norton cannot a stop virus in this case

Norton Antivirus
• Norton also does not necessarily remove the
virus from the machine.

• It will block access to it, but if a machine is open to the exploit,

there still is the chance it will be successfully executed
How can I tell if I have a problem
with Norton?
• Normal Norton Shield

• Red cross through Shield

• Yellow exclamation point

Norton Antivirus
What do they mean?
• Realtime protection not active

• Norton Antivirus services not loaded

Both are not good

 Norton Antivirus other problems
• Virus Definitions are not recent (several
weeks old)

• No shield at all

• Not updating every day

• Hands on
When Norton catches a virus
• A window pops up. What this window says
is very important
 When Norton catches a virus

• This is good
When Norton catches a virus

This is bad
When Norton catches a virus
• So long as your computer says “quarantine
succeeded”, the virus has been caught. If it
says anything else, contact W&WS
immediately.
When Norton catches a virus
• Norton does not delete it but“quarantines”
it.

• Goes back to a time when viruses infected

legitimate documents
• Generally no longer the case. Viruses are no longer worth
keeping. If Norton catches it, they already know about it
 Clearing the Quarantine
• As a result, as viruses are caught on your
computer they fill up the quarantine.

• This leads to annoying messages asking

you to try and “fix” the files
• This is useless. You cannot fix a modern virus. We
should just clear out the quarantine. This is how:
Clearing the Quarantine
Clearing the quarantine
Clearing the quarantine
Clearing the quarantine
Virus transmission
Most common methods:
• Executed by someone clicking on an email
attachment.
• Automatically through a network via
security holes/flaws
Virus transmission
How do we stop them?

well…
 Email Messages
• Email viruses are a fact of life, and there is
little that you can do at the computer end to
stop them. (Do not filter at the computer!)

• Be suspicious of email attachments from unknown sources.

Email Messages
• Do not set your email program to "auto-
run" attachments. We have ITS renaming
files so that people have to go through
several steps to open attachments. This
reduces the likelihood of “accidentally “
clicking on an attachment.
Virus transmission
• Verify that attachments have been sent by
the author of the email. Newer viruses can
send email messages that APPEAR to be
from people you know.
Virus transmission

Speaking of which….
Email messages
• Email headers can be forged.

• This means that the person in the “from” address did NOT send
the email virus.

• The virus simply picks and chooses two random addresses from
your computer and sends it
Email messages
• Just because a virus arrives with someone’s
name attached to it. This does not mean that
they have a virus.
Forged header example
Virus transmission
• Viruses exploit security flaws within
Windows
• Almost all of these flaws are public
knowledge with an available fix

• Viruses exploit security flaws within

Windows
 Virus transmission
Virus infections are preventable via patching

Case in point:
Virus transmission
• The Sasser worm exploits a hole in
Windows that was patched on April 13,
2004.

• The Sasser worm started making it’s

rounds on April 30th.

• People had 17 days to patch their

machines.
Virus transmission
• As a result of patching all of our
machines, the Library did not have a
single computer found with the Sasser
Worm.
 Software Update Services
• This is a result of Software Update
Services.

• This is an automated, centrally managed

service that allows automatic application of
patches on Yale Library workstations
Software Update Services
• What you need to know
 Software Update Services

• This globe indicates that the updates have been

automatically sent to your computer
 Software Update Services

• Because Library users are administrators on their

machines, users can override this.
Software Update Services
• Tell your users to click YES when this
window appears
 Software Update Services
Tasks for expert users

• Make sure computers are turned on frequently.

• If people are away, please make sure their workstations are turned on
regularly. Login is not necessary
 Spyware: What is it?

• Spyware is deceptive software, which promises you a feature or utility in return for
secretly tracking your web surfing habits for advertising purposes.
Spyware
Why Spyware is bad:

It is annoying
It is network intensive
Violates your privacy
Violates Yale’s ‘privacy’ (can monitor ALL your network traffic)

It is a possible security risk (redirects)

How do I tell if I have spyware?

5 Signs:
Extra system tray icons
Extra toolbars in Internet Explorer
Redirected home page
Popups ALL the time
S L O W Computer
How do I remove spyware
Sometimes even the uninstallers are deceptive

The best way: Spyware removal tools

We use Spybot Search and Destroy