Computing Resources

Antivirus Updates: Procedures and Rationale

Revised March 21, 2007 -- Comments are welcome and should be sent to fredrick@ucar.edu

Introduction and Motivation

During the fall of 2003, UCAR and ACD had been through several security incidents whereby a protected host within our security perimeter was responsible for an intrusion on other hosts (viruses, worms, and intruder activity). The costs incurred in responding to these incidents were significant, even though none of the incidents resulted in serious loss of data.

More recently, lapses in Windows security have been responsible for "botnets" of compromised PC's, used by criminal or malicious activity. For example, a botnet-compromised PC may be used to send phishing attacks for identity theft that are untraceable except to the compromised PC. In other cases, a botnet-compromised PC may be used to provide an intruder with access to hosts within our organization, resulting in a higher degree of intrusion.

Spyware, Intrusions, Viruses and worms could potentially incur a certain responsibility (even a legal responsibility) upon our institution should our equipment and our neglect be found to be the cause.

Desktop systems are only partially protected by the UCAR security perimeter and active directory. While the security perimeter offers protection against direct network attacks from the outside, it is not an effective technology when a virus, worm, or other malicious software has been downloaded onto a desktop computer. Such a download can be via an email, web browser, or other network client. Or it can be across our internal network from another infected desktop computer.

Provision of Antivirus software

The software we use in ACD includes Norton Antivirus 9+ for Mac OS X, and Symantec Antivirus Corporate Edition for Windows. The Corporate Edition antivirus software is server-based, and ACD maintains a server which provides virus definition updates to client machines.

Norton Antivirus CE v10.1+ for Windows and Norton Antivirus v9+ for Mac OS X is currently being offered by the ACD Systems staff, purchased by means of the CSC account.

If you are not sure whether you have Antivirus software or whether it is working properly, or if you need information/assistance in obtaining Antivirus software, please see your systems Administrator or email sysadmin@acd.ucar.edu.

Antivirus Updates

Norton Antivirus Corporate Edition (CE) automates the update process by means of a server. That server obtains virus definitions from Symantec, and then clients pull those updates at startup time.

Mac OS machines and some PC's may use a standalone version of Antivirus software. In this case, it is up to the user to configure the software to download updates on a regular schedule, or to manually download updates on a regular schedule. Sometimes a "subscription" to a manufacturer's update service must be purchased. If your subscription has run out, you should check with your Systems staff to have it renewed.

We suggest updating weekly or more often.

Windows and Mac OS X Operating System updates

The following links are "HOWTO" documents describing how to perform OS updates for Windows and the Mac OS X operating systems respectively:

• Windows updates
• Mac OS X updates

Recommendations

PC and Mac computers connected to the UCAR/ACD network should be used for work-related internet activities only in order to minimize the risk of malicious software being introduced into our environment.

"free" software may sometimes introduce a great deal of risk in the form of adware or spyware. Be certain that any adware involved in a free application is not a threat to your PC or our network before downloading and installing the application. Applications that also install spyware may result in a compromise of your PC for which it may have to be reformatted and reinstalled with a new operating system and base configuration.

Keep your applications updated -- any update for the purpose of security in any application should be performed immediately. In some cases, we can push those updates out using the Active Directory. For this reason, it's a good idea to keep your set of applications reduced to a manageable number.

Most malicious software comes via the web, email, or instant messaging. Be particularly careful not to click on pop-ups except to close them with the little "x" in title bar. Never respond to spam, and be particularly careful in following web links contained within email, even if the email seems to be legitimate.

Computers on home networks or networks outside of the UCAR security are particularly vulnerable to problems associated with viruses and worms. We recommend reading and following much of the advise in the CERT guide to Home Computer Security found at http://www.cert.org/homeusers/HomeComputerSecurity/

© 2008 UCAR | Privacy Policy | Terms of Use | Sponsored by NSF | Managed by UCAR
Postal Address: P.O. Box 3000, Boulder, CO 80307-3000 • Shipping Address: 1850 Table Mesa Drive, Boulder, CO 80305 • Contact