University of Nebraska - Lincoln Communications and Information Technology

Personal computer security: avoiding viruses, spyware, and other attacks

Almost all of our computers at work are connected directly to the Internet and, with the proliferation of cable modems and DSL services, a large number of home computers are directly connected as well. Unbeknownst to you, it is very likely that several times a day other computers are trying to find out information about you or if your computer can be taken over.

Here are the preventive steps you should follow to avoid viruses, phishing or pharming for personal information, spyware, trojan horses, and other security attacks.

1. In Windows XP, set the Update feature to automatically download critical updates for you.

  1. Click on Start, then open the Control Panel.
  2. In the Control Panel window, double-click on System.
  3. In the System Properties dialog box, click on the Automatic Updates tab. Make sure the Automatic option is active.
  4. Close the Control Panel window.

In previous versions of Windows you will need to run the Update utility frequently. Updates usually come out Tuesday mornings.

2. Make sure your anti-virus software updates at least once-a-day. To check this in Sophos,

  1. Right-click on the Sophos shield icon Sophos program icon in the system tray.
  2. In the shortcut menu Left click on Open Sophos Anti-Virus.
  3. In the Sophos Anti-Virus window, click on “Configure Sophos Anti-Virus,” then click on “Update Options.”
  4. In the ‘Properties for Sophos AutoUpdate’ dialog box, click on the Schedule tab. The default setting for checking for updates is every 240 minutes. Change this as needed. If you change the number, click on OK to save the setting.
  5. Close the Sophos Anti-Virus window.

3. Avoid attacks through e-mail.

  1. Do NOT Open or Preview suspect messages, especially fraudulent e-cards or e-mails that appear to be from financial organizations.
    • Do NOT open e-mails or attachments with generic titles like “photos from a family member.”
    • Legitimate e-card notifications tell you who the card is from.
    • If you are concerned about your financial account, contact the organization using a telephone number or Web address you received directly from the institution, not in an e-mail note.
  2. Do NOT open or launch any e-mail attachments that you are not expecting.
  3. Limit spam e-mail with a spam filter. For Lotus Notes users, use spamJam (installation instructions; configuration instructions). For more information on avoiding spam, please see the CIT Information newsletter, Summer 2004 issue.

4. Scan ALL files on your computer at least once a month for virus infections and other security threats.

  1. Right-click on the Sophos shield icon Sophos program icon in the system tray.
  2. In the shortcut menu Left click on Open Sophos Anti-Virus.
  3. In the Sophos Anti-Virus window, click on “Scan my computer.” A progress dialog box is displayed and the Activity summary appears in the Sophos Anti-Virus window. For more information, please see the Sophos Help menu.
  4. Close the Sophos Anti-Virus window.

5. Install Windows Defender, a free program from Microsoft that helps protect your computer against security threats caused by spyware and other unwanted software. For information on other software options, do a Google search for “stopping spyware.”

6. Do NOT run services on your computer that you don’t absolutely need, for instance a web server.

7. Use a firewall to block unwanted access. The default Windows XP installation starts with the Microsoft Firewall being active. Your computer will need more protection — either by a hardware firewall or a different, stronger software firewall. The preferred method is to add protection with a network or Cable/DSL router firewall. For an explanation of firewall technology, please see below. For more information on firewall product options, please do a Google search for “personal computer firewall.”

8. Do NOT share Drive C: because viruses and network attacks can spread through the network by finding shared hard drives. To check your settings, open My Computer and right-click on the Drive C: icon. Choose Sharing and Security... from the shortcut menu. (NOTE: In Windows 2000 & XP, you should only see the “Share name:” of C$. This is shared for administrative purposes only and is not a user-to-user sharing of the hard drive. But for this to be safe you must use a good password, mix of alpha and numeric characters, for your Windows network start up or log on.)

~ ~ ~ ~ ~

Firewall Technology

Blocking unwanted access to a personal computer can be done using firewall technology. There are two types of firewalls, hardware and software.

Hardware firewalls are devices that are placed on the network between the outside and the inside. At the University of Nebraska there are efforts to determine the proper configuration and placement of firewalls in the institution. Presently, Communications and Information Technology staff are behind one of these devices. One cannot place one on a complex network such as the University's without considerable networking expertise.

Many vendors offer firewall devices for the home and small office that are relatively inexpensive and easy to configure. Additionally, if you use a DSL or cable service your access device (router or box) may serve as a firewall of sorts. Many such services provide you with one IP address but allow you to connect several machines to the device. The technology used is called Network Address Translator (NAT). You can tell if you are behind a NAT box by looking at the automatically assigned IP address on your computer. If the address begins with 192.168., then you are likely connected to a NAT device. You can purchase such devices that hook to your DSL router or cable box — they are called Cable/DSL routers.

Software firewalling is also quite common. Software firewalls are computer software programs that need to be installed on each machine. They can bock traffic, users and services just like physical firewalls. However, like their anti-virus software cousins, these programs need to be kept up-to-date in order to be effective.

For more information, please see the “Understanding Firewalls” article on the US-CERT website.

Return to Tips, Tricks, and Techniques index

Communications & Information Technology |  CIT Computing

Questions or Comments: contact CIT Computing Staff
CIT Computing does not provide personal support to parties outside of UNL.

Institute of Agriculture and Natural Resources  Institute of Agriculture and Natural Resources (IANR)
 University of Nebraska-Lincoln
 Last updated November 26, 2007