• Home
• About Us
• About
• People
• Faculty Scientific Interests
• Faculty Directory
• Graduate Student Directory
• Staff Directory
• Admissions
• Introduction
• Affirmative Action
• Undergraduate
• Introduction
• Concentrations
• Announcements
• Curriculum
• Honors
• Recent Honors Theses
• Advisors
• Psych Courses Offered
• Teaching
• Research
• Careers
• Graduate
• Introduction
• Financial Aid
• Training
• Curriculum
• Psych Courses Offered
• Teaching and Research
• Recent Dissertations
• Department
• Facilities
• Colloquia
• Forms/Lists/Downloads
• Class Downloads
• Documentation
• About
• Links
• Psychology Links
• Graduate Student's Pages
• Participate in Research
• Memory Laboratory
• Perception Laboratory
• Timing Lab Archive
• Primate Newsletter

Viruses, Spam, and the rest of the mess

Robert Moore, DCC Psychology

Once upon a time, there was spam. And viruses. Which seemed to exist as Worms and Trojans. And sometimes someone would hack their way into your computer and take it over. It was a simple world. This is no longer true. Once a computer has been compromised it can be remarkably difficult to clean. And spam and worms and trojans and zombies and adware (those annoying popups) and spyware (harvesting anything you type) and back-doors (including using your computer to share copyrighted material) are all comingled. It is a mess.

Why do people write this stuff and mess up our computers ?? In a class from our own Paul Asadorian I learned a one word answer: PROFIT . . . enough said.

This document tries to help users to configure and use their personal computers in a way that minimizes the chances they will be compromised. It is an attempt to integrate a number of published policies and best practices. You should also consult Computing and Information Services (CIS) Safe Computing FAQ wiki.

You must not connect a computer to the Brown network unless it meets certain configuration standards. This requirement applies to desktop or laptop computers, an ethernet or wireless connection, and all operating systems. The user's responsibility is spelled out in the Network Connection Policy. In general, talk with your department's DCC or System Administrator, or talk with the Help Desk (x3-HELP) for advice.

Good Idea #1: Know what processes should be running on your computer before trouble starts and make a list of them. This can really help when you do run into problems. In windows XP press Ctrl-Alt-Del then the Task List button and then then the Processes tab. You almost certainly will have more than twenty processes running. Probably many more. Do you know what ccEvtMgr.exe is ?? How about svchostt.exe ?? If you see an unfamiliar process, try looking it up on Google or in the Task List section at Answers That Work

Many (but not all) of these processes are services that start when you first boot the computer. Here is how to make a list you can save: Reboot the computer so you can examine the services running at boot time. Then go to Start and then Run and enter services.msc in the window. Then in the View Menu select "Add/Remove Columns..." and remove the Description column. Now click on the "Status" heading to collect the started processes together. Then in the Action menu select "Export List..." then select a location (e.g., Desktop) and a filename, choosing to save the table as a tab-delimited text file.

Good Idea #2: Defense in depth. Passwords/Anti-Virus/OS Updates/FireWall . . . Brown scans incoming mail at the periphery for known viruses and spam, removing infected attachments and (optionally) sidelining your spam and giving you a chance, once a day, to review it. But your part in the bigger picture is crucial:

• All accounts on your computer should have strong passwords. At least use Brown's recommendation of eight characters, mixed case, and at least one character should be a number or symbol. Especially any account that is an Administrator.
• Your day-to-day account should be a User account rather than an Administrator account.
• You should configure your computer to do automatic OS updates or be obsessive about doing it manually - put you and your computer on a maintenance schedule (see below.)
• Ensure that Symantec Ant-Virus is installed, up-to date, and Auto-Protect is enabled. The current version of Symantec antivirus here at Brown is "Managed" . . . As long as you are connected to the network on campus, your computer will check every hour to be sure it is up to date. This allows new antivirus signatures to be distributed very quickly. Configure a daily (or nightly) scan. And configure Automatic updates (in case the managed feature fails or your machine is off-campus.) Periodically check to see that the the virus signature is reasonably up to date and that the scan is really happening. Did it run to completion ?? How many files were scanned ??
• If you have Windows XP, turn on the firewall. Examine anything listed under the Exceptions tab. For example, you may see "Remote Desktop" checked as an allowed exception. Remove the check mark if you do not need to permit Remote Desktop. If necessary, get help in selecting permitted exceptions. Make a note of what are your acceptable exceptions. Go to a site like www.grc.com and run the Shields Up program. All your ports should be green, i.e., stealth. If they are not, talk to your DCC/SysAdmin/Help Desk.

Good Idea #3: Mind your email.

• eBay or Amazon or Microsoft or Citizen's Bank will never send you an attachment to download. Never.
• Wells Fargo or Mastercard will never send you a link to click on to verify your account information. Never. Think about this: your credit card company knows your credit card number. And the expiration date. And the three digit confirmation code. They really do. They will never ask you for it.
• Mail will come to you apparently from folks you know. The subject line may be chatty. Friendly. You are being socially engineered. Unless you expect an attachment from someone in particular do not ever open it. Manually cut and paste apparent URL's.Just because you are reading a link as www.brown.edu doesn't mean the link will take you there. It may in fact go to www.you-have-been-scammed.mo
• Do not ever accept the invitation to unsubscribe from some spam unless you think you should be on it. Otherwise you are just confirming your valid email address. I might unsubscribe from a newsletter from Intel; but not some spam offering me the drug-de-jour.

Good Idea #4: You will see pop-ups. Offering you diplomas. Asking you if you want to stop virus like activity. Even asking you if you want to block pop-ups !!! Use a pop-up blocker like the one available for free from Google. Windows XP SP2 also has a pop-up blocker. If you are allowing some pop-ups, or one gets through, it usually also appears on the bottom toolbar. Right click down there and Close it. Do not click on the pop-up. That X in the upper right corner often doesn't do what you expect.

Good idea #5: Try to understand SpyWare and AdWare. Type those words into Google and get a feel for what this is all about. The best tools are Ad-Aware Personal from LavaSoft USA (note the free license is not for use on a university-owned computer) and SpyBot by Patrick M. Kolla (the link is listed on Brown's software download server.) There is a substantial (but not complete) overlap between these programs. You should certainly have already installed and learned to use SpyBot before problems start. The same recommendation applies for Ad-Aware on your home computer. You may want to bookmark the Ad-Aware Personal and Spybot sites.

You can schedule SpyBot to run automatically at a time of your choosing.

The Microsoft product AntiSpyware (purchased from Giant) ended its life cycle at beta 1. It has been replaced by Microsoft Defender (now out of beta).Download the current version and begin to use it.

And finally, DO NOT just go off on the web looking for, and downloading, random solutions to some possible problem you think you might have acquired on your computer. Unless you really want to rebuild your computer from scratch.

Good idea #n+1: Cut out this little table and paste it on your computer:

• Day of week________________
• Get your favorite beverage.
• How recent is your backup ?
  If necessary, do something about it.
• Clean out temporary internet files:
  Start IE, go to Tools, Internet Options, and Delete Files
• Check exceptions to Windows Firewall
• Check for OS critical updates.
• Check Symantec antivirus Live update and Scan History.
• Check Windows Defender
• Update and Run SpyBot.
• On personally-owned computers, Update and Run Ad-Aware
• Press Ctrl-Alt-Del and look at the processes running.
  (lookup unfamiliar ones.)