Office of Information Technology ISU A-Z Calendar MyISU Search Indiana State University

What do I need to know about computer security?

Malicious software in the form of computer viruses, worms, and related software have been a continuing low-level threat to computer use and security for years. In the recent past, these threats have become more severe, persistent, and sophisticated. They now represent a constant and serious problem. It has escalated to the point that computer security must become your responsibility - not only because of the threat to your individual computer and data, but because unsecured and unprotected computers are a threat and a drain on the resources of our network, the Internet, and everyone else's system and data

  • Everyone should protect and preserve their data with frequent backups.
  • Everyone should have current anti-virus software installed and maintain regular updates of it.
  • Everyone should be cautious about opening email attachments or permitting unidentified software to run.

At ISU, the Office of Information Technology supports and installs McAfee for Windows and Virex for the Macintosh. Both are installed with software agents that automatically update virus definitions and engine versions.

Viruses are only one type of malicious or troublesome software that proliferates over the high speed access that is available to you at ISU. There are numerous other programs, many of which seem to be helpful or serve some useful purpose that pose serious problems. These web enhancements and freeware are often accompanied by independently installed software that runs unobserved to collect data from you and your computer and transmit it to a third party.

In many cases this hidden software is not intended to be malicious and can be considered as the price for the free software that you have downloaded. This software is often referred to as Adware, because it can create pop-up ads or ads within the software that you have installed. Other types are called spyware, because they run hidden in the background and collect and share information about the websites you visit, email addresses, and other personal data. These sorts of software are objectionable for a variety of reasons, most especially privacy, bandwidth, security, and local performance.

When software is installed that collects data from your computer, you have no control over what data is collected nor where it is sent. While most of us might not mind if advertisers collect our Zip Code, it might be considered more serious if they also wanted to know the websites you prefer, your telephone number, the hours that you work, credit card numbers, birth date, passwords, etc. Any data you enter while these programs are running can be collected. These programs can potentially transmit any of the data on your computer or from the areas of the network to which you have access. The distributor of the software has essentially the same rights to and control of your computer that you do.

Your access to the internet and our campus network is a shared resource. There is a physical limit to the amount of data that the network can carry. Programs that keep open data transfers between a local computer and a computer on or off campus degrade the overall performance of the entire network and your specific connection to it.

Because there is no local control over the software installed, frequently no way to remove it without complicated registry edits, no control over the data shared, and no information about what the software is doing, it represents a security threat to everyone on the network. Not only can such software collect data about your computer and your use of it, it can collect information about other users and computers on the network. It can serve as a point of access for a variety of intrusive actions against the network and other users. Compromised machines can be used to steal or vandalize local machine data and as a platform to attack other computers and networks, including those off-campus.

These programs reside in the background on your computer, consuming a significant proportion of the memory and cpu activity. Every active process on your computer consumes a certain amount of its resources. Adware, spyware, and other web enhancement software deplete the available resources and slow down your computer. This means that the normal software you have to use in the course of your work does not perform at its maximum efficiency. Often the software is poorly written, with no consideration given to compatibility or co-existence with other software, the operating system, or your particular computer hardware. This can lead to frequent crashes, lockups, and failures of your computer.

Here are a few sites that you can visit for more detailed information:

What is spyware?

http://www.zdnet.com/products/stories/
reviews/0,4161,2612053,00.html

http://www.cexx.org/adware.htm

http://grc.com/oo/news.htm

http://www.spychecker.com/

Additional information:

The Office of Information Technology Computing and Web Policies
http://www.indstate.edu/oit/official_docs/compolicy.html

Computer Security Programs
http://www.indstate.edu/oit/official_docs/computer_security_programs.html

Computer Security
http://ithelp.indstate.edu/network/security.html

Please report violations of ISU computing policies to the OIT Help Desk.

This page is maintained by IT-US@indstate.edu
Last modified: 19-Jul-05

Copyright © 2008 Indiana State University.