Mines Cybersecurity Tips

A computer virus is a type of malicious software (also known as “malware”) designed to infiltrate a computer with hostile intent.

Viruses, worms, Trojan horses, spyware, adware, and other malware can do a great deal of damage to your computer. While these terms might be used interchangeably, there are distinct differences in how each works.

All can cause damage, can be very difficult to neutralize (without erasing your hard drive and starting over), and can result in total destruction and loss of programs and data. A rampant, quickly propagating, and destructive piece of malware may easily require hundreds of hours of specialized technician time to eradicate from the campus.

Mines recommends using Microsoft’s Defender ATP product, a next-generation anti-malware product originally created for Windows [version 8+]. However, through various partnerships, this product looks to continue building its cross-platform capabilities across OSX, Linux, iOS, and Android devices.

For the macOS and Linux populations where, perhaps, installing Microsoft’s Defender ATP is not a viable option right now, there are other options. Please reference these third-party links for other anti-malware packages:

• For macOS: https://www.av-test.org/en/antivirus/home-macos/
  https://www.pcmag.com/roundup/355173/the-best-mac-antivirus-protection
• For Linux: https://www.makeuseof.com/tag/free-linux-antivirus-programs/
• For iOS devices: https://www.techradar.com/best/best-iphone-antivirus-app
• For android devices: https://www.androidauthority.com/best-antivirus-android-apps-269696/

Additional programs may be needed to eradicate other forms of malware such as “adware” (software designed to deliver unwanted advertising to your computer) or “spyware” (software that tracks your computing activities in various ways). Free, third-party anti-malware programs like Ad-Aware, Malwarebytes, and Spybot Search & Destroy are available to individuals for their personal use (these companies are not associated with, or licensed by, the Colorado School of Mines).

A firewall is software designed to block unauthorized access to your computer while permitting authorized communications. A firewall, in effect, regulates which computers and applications may “converse” with your computer. Most operating systems come with built-in firewalls that provide good protection against intrusions without restricting typical network access needs.

Mines also maintains a firewall between the campus network and the wider Internet. However, malicious traffic can and does sometimes get through. In addition, there may be malicioius traffic that originates on the Mines network itself. Make sure your operating system’s firewall is on and active for an extra measure of protection.

Software undergoes continual change to provide new features and to correct known problems, including security problems. These changes many times also introduce new problems or expose existing problems which can be exploited by unscrupulous computer experts. As these problems are detected and patched, vendors issue software updates which correct them. This situation occurs with every piece of software running on your computer so, when a vendor issues an update, apply it!

Windows, Mac OS X, and Linux all have built-in ways to update the operating system and programs that come with the operating system. Use them. But third-party programs must also be updated. Don’t forget to check for newer versions of such popular programs as Adobe Flash, Adobe Reader, Firefox, Google Chrome, Safari, iTunes, and Java, among others. And remember that you may also have to manually update your antivirus and anti-malware programs, too.

Ever get an apparently authentic email from your bank, credit-card issuer, or even Mines asking for personal information, account numbers, PINs, or passwords? If you did, you were the target of a “phishing” attack. Phishing refers to the online imitation of a legitimate company’s logos and look in spoofed, illegitimate email messages and web sites — all designed to take money from you fraudulently.

Phishing emails and websites are created with the intent of fooling unsuspecting users into divulging personal information. A typical “phish” email will appear to come from a legitimate business or financial institution, informing the recipient that some type of problem has affected their account and directing them to follow a provided web link to clear up the problem. The link does not lead to a legitimate site, however, but to a server (usually in another country) on which an imitation web site has been set up. The unsuspecting customer is then prompted to enter confidential personal information at this imitation site. The scammers collect this information for use in identify theft. Then, the unsuspecting customer is usually redirected to the legitimate web site to obscure the fact that they just gave away important personal data to crooks.

Phishing sites can also include malicious elements that are intended to take advantage of web browser vulnerabilities. Even if you don’t enter personal information on the spoofed web site page, you could be putting your computer’s security in danger simply by clicking on the link in the fraudulent message that leads to that page.

The best way to protect yourself from phishing scams is to not click on a link in an unsolicited or suspicious message you receive.