IT Services



Belt and braces: an approach to viruses and security


Contents



1. First the belt: a central layer of defence

The sending of email messages between computers has been happening since the early 1970s but as the use and popularity of the Internet has increased it has become a more hostile place. Nowadays most email users are all too familiar with junk mail and virus infected emails. University users will be relieved to hear that OUCS works hard to minimize exposure to junk mail and viruses in a number of ways.

First off, the moment an email comes into the University network it is scanned for viruses at the Oxford mail gateway, known as the Oxmails. This will minimize the number of virus infected emails that you will see in your email account as all messages that are identified as containing a virus are rejected. At the point of scanning the Oxmails are also able to apply heuristics to determine the likelihood of a given message actually being junk mail and will assign a junk mail score to each of your email messages. The higher this numerical score the more likely it is that the message is junk mail and the score can be used for filtering in Webmail or your mail client. The Oxmails also use Internet blacklists to identify mail from suspicious sources on the Internet.

A very small number of departments do not receive their email via the Oxmails and so virus and junk mail protection is dependent on the locally provided facility. Oxford IT Support staff may also want to run anti-virus products locally. For example many ITSS run the Sophos Enterprise Console to manage and monitor Sophos installations on their managed server and desktop systems.



2. And now some braces: a personal layer of defence

Of course many users on the University network access email accounts outside the University network and this can provide another route for a virus to infect your computer. Many university members regularly use third party provided email accounts such as Hotmail, Yahoo!, GMail etc. from their computer and once a virus infected email is opened, regardless of where it is stored, then your computer can be infected.

To provide further protection from viruses OUCS distributes and supports Sophos anti-virus software, and this software is available freely to all University members. Sophos runs on a variety of platforms and instructions on installing and using it are available for Windows, Mac OS X, and Linux machines.

To compund matters it's not just email that provides a way for your machine to be infected with a virus. It is becoming increasingly common for viruses to be propagated via USB drives, by visiting compromised web pages, by downloading files that have been crafted to take advantage of security vulnerabilities, and, of course, by simply using an unpatched system.

It is often said that users of non-Windows machines don't need to worry about viruses; this is foolhardy! As always with security a belt and braces approach works best, don't rely on obscurity, install Sophos and be safer.



3. Further complications: hoaxing and spying

As if it weren't worrying enough there are also many circulating virus hoaxes. And along with viruses and their hoaxes come the bedfellows of adware and spyware. Unlike viruses, adware and spyware don't generally try to cause damage to your machine but their intent ranges from simply being annoying to more serious snooping of private information such as passwords and personal data. For these reasons it is prudent to treat adware and spyware in the same way as viruses and to run software that checks for and removes adware and spyware. Almost inevitably there are some rogue adware-removal programs that actually install their own adware!



4. When compromise is a dirty word

We all rely on the University backbone network to provide a fast and robust way to access our email and the Internet. You'll be pleased to hear that Oxford has a team specifically concerned with ensuring the security of the backbone network, OxCERT . The OxCERT team is based within the Networks and Telecommunications Group at OUCS and a large part of their work concerns the identification and tracing of compromised or potentially-compromised systems to make sure that any malicious activity does not impact on the network as a whole.

Whilst this team doesn't have much day to day contact with end users they liaise extensively with IT staff around the University dealing with security incidents as they happen and promoting best security practice. OxCERT staff have collaborated with other security experts to compile some guidelines on what to do when dealing with compromised Unix/Linux machines and Windows machines. Oxford IT Support Staff may be interested in the OxCERT Security Bulletins and the OxCERT monthly reports all of which are also available via RSS through the OxITEMS newsfeed service.