The following tips and guidelines can help protect you from computer viruses, hacking and identity theft. Computers maintained by department staff are set up for automatic updates and anti-virus software. You must still use secure passwords, take precautions regarding email (suspicious email, phishing scams) and web browsing (spyware).
If you set up your own computer, it is your responsibility to
Secure your computer before you connect to the network.
Windows users should use XP service pack 2 (which installs the firewall by default). If you want to use any previous version of Windows, you must download and install all security patches before connecting to the network. Any computer or device connected to a university network is continuously subjected to attack. Insecure Windows computers can become infected in just a few seconds.
Note that if you do become infected, it usually means that you'll need to reformat your hard drive and reinstall the operating system and all applications from scratch. Life is much easier if you stay secure to begin with!
Login password is often the first line of defense against unauthorized access to your computer. Computers with no password, or an easy to guess password, can be quickly broken into. Choose a secure password for every account.
Use at least 8 characters
Mix upper and lower case letters
Include some punctuation and numbers
Change passwords periodically (recommended every six months)
Use words that can be found in the dictionary of a common language
Use names, such as that of a family member or of a pet
Use a date of birth or an ID number of any kind
Share your password with anyone
No matter which operating system (OS) you use, you need to keep it and major applications updated. Modern OSes and many applications can check automatically and tell you when an update is available. You should take advantage of this feature when possible, especially for MS Office and your web browser.
In the Settings menu, select Control Panels and then Automatic Updates. Select Automatic (recommended), and Every Day. Select an update time when the computer will be turned on and connected, but will be least likely to interrupt your work. Some automatic updates require that you restart your computer. The latest Windows updates are also available at http://windowsupdate.microsoft.com
In System Preferences, select the Software Updates panel. Set it to check Daily or Weekly. OS X will notify you when any updates are available. It won't install them automatically, though it can download them. You'll need to log in as the administrative user to install them. Some updates need to reboot your computer.
Windows Update will also automatically update Office. Mac OS X Office 2004 should be set to notify you about updates, since some of them are security related.
UW has site licenses for MacAfee virus scan software for both Windows and Macs (Virex). You can either download it from the UW servers, or come to Bagley 363 and check out a UWICK CD. Once it's installed, be sure to set it to automatically update the data files at least once per day.
If you think your computer has been infected, you can borrow a virus scanner. No scanner can catch every kind of break-in, though.
A simple rule of thumb: if you don't know the person sending you an email message or if you don't recognize someone's email address, be very careful about opening that email. Remember, thought, that a virus-infected machine can address email to you from someone you know. If you weren't expecting something, be careful as well.
While most viruses require you to open an email attachment to be infected, there are some that can infect your system simply by viewing the email. When in doubt, delete it.
Phishing is an Internet scam where fraudulent emails and websites are used to trick recipients into surrendering their personal or financial data for malicious purposes. Phishers often use well-trusted brand names of banks, online retailers, or credit card companies to fool recipients into believing that the email is genuine and from a legitimate source.
Never use links provided in an email message. Go to the web site directly by typing the address in your browser's Address/Location field and login from there. If you are not sure, call the company in which the suspected email came from.
Please visit the What is Phishing? section for more information about phishing, sample phishing email and how to protect yourself.
Spyware and other malicious programs potentially provide unintended users with your most private personal information. For example, accessing your bank account online banking with spyware on your computer could provide a malicious user with your all of your bank account information. Software solutions that can scan your computer for any spyware and remove the spyware for you are available. Visit the What is Spyware? section for more information about spyware and how to get anti-spyware tools.
Be sure to back up your data frequently. It's not a matter of if something will happen, but of when something will happen. Hard drives break, buggy software causes data corruption, break-ins may wipe the disk or cause more subtle harm. Set things up so that you don't have to remember to backup--for about $200 you can get an external hard drive and software that will backup every day automatically. Periodically write your data files to DVD or other permanent media. Multiple copies kept in multiple locations is your best defense against having to do all of that work over again.