Malware Defense: Incomplete Without You
So you received a notification that your anti-malware program found a security risk. The anti-malware program was able to quarantine or delete it—or maybe left it alone, said it was not accessible or didn’t know what to do ("undefined"). Next thing you know, your support person is interrupting your work to do a "full anti-malware scan" in something called "safe mode." This disruption can take anywhere from an hour to a few days, if security has to take your hard drive.
What’s going on?
Protecting SLAC information resources from malicious software (malware), including computer viruses, worms, Trojan horses, root kits, spyware, dishonest adware and more, is mission critical for the computer security group. Malware can be delivered to your computer during a variety of activities, such as opening email attachments and links, surfing the Web or installing unauthorized software.
SLAC provides anti-malware software—currently for Windows platforms only—that catches most attempts to infect your computer. When it encounters something, it displays a notification to you and sends an alert to Computer Security to trigger additional actions as necessary.
If your computer displays of a malware alert, jot down what you were doing just before the notification appeared. Contact your support person, who will assess the situation in coordination with Computer Security. In most cases, the anti-malware software neutralizes the threat and no further action is required. In some cases, Computer Security will send a follow-up email to have the system rescanned.
In more serious cases, the infected computer will be isolated on the network (no access to the Internet or other SLAC information resources). Support personnel will perform a full anti-malware scan on the isolated computer. If no other issues are found, it will be rebuilt before being put back into service. If additional issues surface, e.g., other malware, illegally licensed software or unauthorized peer-to-peer (P2P) software, the computer or hard drive may be taken for further investigation.
Computer Security is considering strategies to reduce the need for these actions—and the inconvenience and extra effort they cause—such as requiring a monthly scan on all computers. New malware might attack your computer before the anti-malware software is updated to detect the new threat. Monthly scans would improve detection of malware that may have previously gone undetected during that gap.
In the meantime, following these simple tips can help you avoid malware problems and potential work interruptions:
If you have any questions or concerns please contact Computer Security. For critical issues, call x4357 option 3; your issue will be directed appropriately.
Security is not complete without you!
Marilyn Cariola, SLAC Today, August 4, 2008