SLAC Computer Security
Search SLAC

Malware Defense: Incomplete Without You

(Image - Computer Security Logo)So you received a notification that your anti-malware program found a security risk. The anti-malware program was able to quarantine or delete it—or maybe left it alone, said it was not accessible or didn’t know what to do ("undefined"). Next thing you know, your support person is interrupting your work to do a "full anti-malware scan" in something called "safe mode." This disruption can take anywhere from an hour to a few days, if security has to take your hard drive.

What’s going on?

Protecting SLAC information resources from malicious software (malware), including computer viruses, worms, Trojan horses, root kits, spyware, dishonest adware and more, is mission critical for the computer security group. Malware can be delivered to your computer during a variety of activities, such as opening email attachments and links, surfing the Web or installing unauthorized software.

SLAC provides anti-malware software—currently for Windows platforms only—that catches most attempts to infect your computer. When it encounters something, it displays a notification to you and sends an alert to Computer Security to trigger additional actions as necessary.

If your computer displays of a malware alert, jot down what you were doing just before the notification appeared. Contact your support person, who will assess the situation in coordination with Computer Security. In most cases, the anti-malware software neutralizes the threat and no further action is required. In some cases, Computer Security will send a follow-up email to have the system rescanned.

In more serious cases, the infected computer will be isolated on the network (no access to the Internet or other SLAC information resources). Support personnel will perform a full anti-malware scan on the isolated computer. If no other issues are found, it will be rebuilt before being put back into service. If additional issues surface, e.g., other malware, illegally licensed software or unauthorized peer-to-peer (P2P) software, the computer or hard drive may be taken for further investigation.

Computer Security is considering strategies to reduce the need for these actions—and the inconvenience and extra effort they cause—such as requiring a monthly scan on all computers. New malware might attack your computer before the anti-malware software is updated to detect the new threat. Monthly scans would improve detection of malware that may have previously gone undetected during that gap.

In the meantime, following these simple tips can help you avoid malware problems and potential work interruptions:

  • Be cautious when opening email attachments or embedded links. If you don’t need to open an item, don’t. Our email system catches much of the malware in email and attachments, but there will always be an inventive few that get through.
     
  • If you need to view an attachment from a known good source: Download it without opening it. (For example, right-click on an attachment in Outlook to save it to your hard drive.) The antivirus “autoprotection” should detect any viruses. If the document scans clean, go ahead and open it.
     
  • Take care when visiting websites. Look closely at the address (URL) to ensure that you are viewing the site you expected to visit. Don’t click on advertisements presented in pop-up windows or on the sides of the page you are viewing.

If you have any questions or concerns please contact Computer Security. For critical issues, call x4357 option 3; your issue will be directed appropriately.

Sec_rity is not complete without u!

Above article appeared in Aug. 4, 2008 SLAC Today.

Owner: SLAC Computer Security
Last Updated: 07/22/2010
Feedback: Please send to
Computer Security Feedback