Computer Security Checklist
Computer Security Checklist
(this is a very rough outline that's much longer than necessary)
- If an attack/infection is suspected: Save all work immediately. Jot down anything odd that happened, or any step that you took that preceded the attack/infection, and that may have been risky (installing a program, receiving an instant message, facebook message/post/app, etc).
- Shut down the computer and unplug the ethernet cable.
- Take the computer to the Helpdesk (provide any details and notes).
- Bring along any hard drives or flash drives / usb sticks, as well as iPods and other music players and cameras that you plugged in to your computer around the time of infection.
- The helpdesk may be able to quickly analyze the computer WHILE IT IS DISCONNECTED FROM THE NETWORK, and determine if an infection/attack indeed happened.
- If it was determined that the computer is infected/was attacked, backup all your irreplaceable files from that computer (the Helpdesk can help you do this WHILE THE COMPUTER IS DISCONNECTED FROM THE NETWORK). After the backup is complete, the helpdesk may, with your permission, make a full copy of your drive - NOT FOR BACKUP PURPOSES, but for analysis at a later time.
- Change your College password, and any other password that you typed/used around the time of the suspected attack/infection (Banner passwords, personal passwords, etc). If you typed a credit card number, watch your credit card statement for odd transactions.
- The only way to be certain that a virus is cleaned, is to ERASE THE COMPUTER. So the prudent, moral, safe thing to do is to fully wipe and erase ALL FILES ON THE DRIVE. This involves deleting every single program, document and file, including personal and work files on the computer without chances for recovery. It is importaint to erase EVERYTHING, ALL PARTITIONS, and erase the MASTER BOOT RECORD. After that, reinstall the operating system (either from a known good image, or from the disk that came with your computer). The Helpdesk can help with this, as well as with restoring some standard software.
- After the computer has had its system and standard software reinstalled it's important to:
- Ensure that an antivirus program is installed, activated, up-to-date, and has a working subscription (if required). Don't install more than one antivirus program.
- Update the operating system ASAP. (http://update.microsoft.com or http://www.apple.com/softwareupdate/ or http://www.howtogeek.com/howto/ubuntu/configure-how-often-ubuntu-checks-for-automatic-updates/). For Windows computers, when visiting update.microsoft.com, make sure you choose "microsoft update", as this updates ALL MICROSOFT SOFTWARE (including things like Microsoft Office, Sliverlight, etc)
- Ensure that a firewall is turned on. Most modern operating systems come with a firewall. Some antivirus suites also come with a firewall. Turn on one but not both, if you happen to have two firewalls.
- Reinstall applications/programs one by one, and update each one after installing it. Always remember to:
- Turn on automatic updates on the software as your installing it (if the software provides an update or auto update feature)
- Some of the steps below may be done much quicker by using Secunia Software Inspector (an automated tool that can help you identify and update out-of-date, vulnerable applications). There's also an online version.
- Update your web browsers (Firefox, Opera, etc)
- Update Adobe applications: Acrobat Reader, Flash, Shockwave, AIR, any Adobe Suites (Photoshop, etc).
- Update Java, RealPlayer, Apple's software (http://www.apple.com/softwareupdate/ or http://support.apple.com/kb/HT2685?viewlocale=en_US)
- Update any other special software (SPSS etc)
- Update instant messenger programs (AIM, MSN, Yahoo, Pidgin, mIRC)
- Do not install file sharing applications (including BitTorrent, P2P applications such as Limewire, eMule).
- Ensure that your music, videos, movies, games and software come from legitimate sources. If these are obtained through questionable sources, they may come bundled with the virus/trojan/malware.
- In general, install as little software as possible. Stay away (be wary) of toolbars, plugins, addons, extensions (for the browser or for the operating system). The more software/plugins/toolbars you install, you create more sources of potential intrusion, you leave open holes in your firewall, and you add more software that someone (you!) needs to update and upgrade!
- If your operating system has an "autorun" feature that automatically opens CDs, flash drives or downloaded files, turn this feature off. Turn off autorun in Windows: http://www.pcdoctor-guide.com/wordpress/?page_id=1546 Turn off Safari's feature that automatically opens downloaded files: http://browsers.about.com/od/safar1/ht/safarisafefiles.htm
- If your operating system has a feature that automatically moves the mouse cursor to a dialog box, disable it. Windows: http://malektips.com/xpwmo0011.html
- If you computer was infected, check your Favorites and Bookmarks for odd links - viruses and other malicious software can add (or replace your bookmarks with) links to more malicious software.
- Do not open unsolicited attachments (via E-mail, chat/instant message, social network/facebook). Period.
- Do not open suspicious e-mails (if you REALLY want to open a message and you're not sure if it's legit, drag it to your junk mail folder FIRST, then examine it. Or ask the Helpdesk to show you how to look at the headers of the message).
- Do not click on unsolicited links (via E-mail, chat/instant message, social network/facebook). If you really need to follow a link and you're not 100% certain that it's legit, carefully examine the address (www.micr0s0ft.com does NOT equal www.microsoft.com - the first address has zeroes, not o's). Search google for the suspicious address, see what google or other people say.
- Check the Helpdesk alerts page (http://go.middlebury.edu/helpdesk?alerts).
- When entering a web address, check your typing - if instead of google.com you type goggl.com - you may be taken to a web site that can infect your computer.
Where did I catch the virus?
Most likely facebook, myspace, twitter or through an ad (web-based advertisement). Here is how often myspace, twitter and facebook end-up serving viruses:
The viruses often use old versions of Internet Explorer, Firefox, Flash, Shockwave, Java or Adobe Acrobat Reader to install themselves on your computer. Simply visiting a site is sufficient to cause an infection and once you've visited an infected web page, there's nothing you can do to prevent the infection.
What is LIS doing to improve the situation?
- LIS has deployed a new antivirus solution, Sophos. Note: We no longer recommend installation of additional anti-malware products (such as Malwarebytes, Ad-Aware, Spybot, et. al.) as they compete with Sophos and cause computer performance issues.
- Symantec AntiVirus has been retired.
- The LIS Helpdesk is looking at automatically/periodically patching Flash, Shockwave, Adobe Reader and Java. These applications/plugins are often exploited to deliver viruses. LIS is also looking at immunizing usb flash drives and other external storage with a tool such as the Panda USB Vaccine: http://research.pandasecurity.com/panda-usb-and-autorun-vaccine.
- We are considering partnering with other universities to see if we can all help each other through the battle with malware. For example, Carnegie-Mellon has developed a website that can check if your computer is vulnerable, and can help you vaccinate your computer: https://www.cmu.edu/iso/patch-check/
- We are looking at well-established security companies that can help us find vulnerabilities in our computers. One example is Secunia: http://secunia.com/vulnerability_scanning/online/
- We are implementing steps during computer distribution, and computer re-imaging/reinstallation, that can help eliminate dormant viruses and threats (google: fixmbr and bootrec /fixboot and bootrec /fixmbr )
Further Computer Security Topics
- Securely erase a hard drive (ATA, SATA, SSD). NIST recommended.
Sources for Further Information