Malware Defense: Incomplete Without You

(Image - Computer Security Logo) So you received a notification that your anti-malware program found a security risk. The anti-malware program was able to quarantine or delete it—or maybe left it alone, said it was not accessible or didn’t know what to do ("undefined"). Next thing you know, your support person is interrupting your work to do a "full anti-malware scan" in something called "safe mode." This disruption can take anywhere from an hour to a few days, if security has to take your hard drive.

What’s going on?

Protecting SLAC information resources from malicious software (malware), including computer viruses, worms, Trojan horses, root kits, spyware, dishonest adware and more, is mission critical for the computer security group. Malware can be delivered to your computer during a variety of activities, such as opening email attachments and links, surfing the Web or installing unauthorized software.

SLAC provides anti-malware software—currently for Windows platforms only—that catches most attempts to infect your computer. When it encounters something, it displays a notification to you and sends an alert to Computer Security to trigger additional actions as necessary.

If your computer displays of a malware alert, jot down what you were doing just before the notification appeared. Contact your support person, who will assess the situation in coordination with Computer Security. In most cases, the anti-malware software neutralizes the threat and no further action is required. In some cases, Computer Security will send a follow-up email to have the system rescanned.

In more serious cases, the infected computer will be isolated on the network (no access to the Internet or other SLAC information resources). Support personnel will perform a full anti-malware scan on the isolated computer. If no other issues are found, it will be rebuilt before being put back into service. If additional issues surface, e.g., other malware, illegally licensed software or unauthorized peer-to-peer (P2P) software, the computer or hard drive may be taken for further investigation.

Computer Security is considering strategies to reduce the need for these actions—and the inconvenience and extra effort they cause—such as requiring a monthly scan on all computers. New malware might attack your computer before the anti-malware software is updated to detect the new threat. Monthly scans would improve detection of malware that may have previously gone undetected during that gap.

In the meantime, following these simple tips can help you avoid malware problems and potential work interruptions:

Be cautious when opening email attachments or embedded links. If you don’t need to open an item, don’t. Our email system catches much of the malware in email and attachments, but there will always be an inventive few that get through.

If you need to view an attachment from a known good source: Download it without opening it. (For example, right-click on an attachment in Outlook to save it to your hard drive.) The antivirus “autoprotection” should detect any viruses. If the document scans clean, go ahead and open it.

Take care when visiting websites. Look closely at the address (URL) to ensure that you are viewing the site you expected to visit. Don’t click on advertisements presented in pop-up windows or on the sides of the page you are viewing.

If you have any questions or concerns please contact Computer Security. For critical issues, call x4357 option 3; your issue will be directed appropriately.

Security is not complete without you!

—Marilyn Cariola, SLAC Today, August 4, 2008

Handy Links

SLAC News Center

SLAC Today

SLAC News

Lab News

SLAC Links

Stanford

Around the Bay

Malware Defense: Incomplete Without You



Handy Links SLAC News Center News Center home page SLAC Today SLAC Today Subscribe Archives: Feb 2006-May 20, 2011 Archives: May 23, 2011 and later Submit Feedback or Story Ideas About SLAC Today SLAC News SSRL Headlines symmetry magazine TIP Archives Lab News Interactions Lightsources.org ILC NewsLine Int'l Science Grid This Week Fermilab Today Berkeley Lab News @brookhaven TODAY DOE Pulse CERN Courier DESY inForm US / LHC SLAC Links Emergency Safety Policy Repository Site Entry Form Site Maps M & O Review Computing Status & Calendar SLAC Colloquium SLACspeak SLACspace SLAC Logo Café Menu Flea Market Web E-mail Marguerite Shuttle Discount Commuter Passes Award Reporting Form SPIRES SciDoc Activity Groups Library Stanford Stanford University Stanford Report Stanford Events Life on Campus Around the Bay Bay Area Traffic Bay Area Weather Caltrain BART	Malware Defense: Incomplete Without You So you received a notification that your anti-malware program found a security risk. The anti-malware program was able to quarantine or delete it—or maybe left it alone, said it was not accessible or didn’t know what to do ("undefined"). Next thing you know, your support person is interrupting your work to do a "full anti-malware scan" in something called "safe mode." This disruption can take anywhere from an hour to a few days, if security has to take your hard drive. What’s going on? Protecting SLAC information resources from malicious software (malware), including computer viruses, worms, Trojan horses, root kits, spyware, dishonest adware and more, is mission critical for the computer security group. Malware can be delivered to your computer during a variety of activities, such as opening email attachments and links, surfing the Web or installing unauthorized software. SLAC provides anti-malware software—currently for Windows platforms only—that catches most attempts to infect your computer. When it encounters something, it displays a notification to you and sends an alert to Computer Security to trigger additional actions as necessary. If your computer displays of a malware alert, jot down what you were doing just before the notification appeared. Contact your support person, who will assess the situation in coordination with Computer Security. In most cases, the anti-malware software neutralizes the threat and no further action is required. In some cases, Computer Security will send a follow-up email to have the system rescanned. In more serious cases, the infected computer will be isolated on the network (no access to the Internet or other SLAC information resources). Support personnel will perform a full anti-malware scan on the isolated computer. If no other issues are found, it will be rebuilt before being put back into service. If additional issues surface, e.g., other malware, illegally licensed software or unauthorized peer-to-peer (P2P) software, the computer or hard drive may be taken for further investigation. Computer Security is considering strategies to reduce the need for these actions—and the inconvenience and extra effort they cause—such as requiring a monthly scan on all computers. New malware might attack your computer before the anti-malware software is updated to detect the new threat. Monthly scans would improve detection of malware that may have previously gone undetected during that gap. In the meantime, following these simple tips can help you avoid malware problems and potential work interruptions: Be cautious when opening email attachments or embedded links. If you don’t need to open an item, don’t. Our email system catches much of the malware in email and attachments, but there will always be an inventive few that get through. If you need to view an attachment from a known good source: Download it without opening it. (For example, right-click on an attachment in Outlook to save it to your hard drive.) The antivirus “autoprotection” should detect any viruses. If the document scans clean, go ahead and open it. Take care when visiting websites. Look closely at the address (URL) to ensure that you are viewing the site you expected to visit. Don’t click on advertisements presented in pop-up windows or on the sides of the page you are viewing. If you have any questions or concerns please contact Computer Security. For critical issues, call x4357 option 3; your issue will be directed appropriately. Security is not complete without you! —Marilyn Cariola, SLAC Today, August 4, 2008