A-to-Z Index

Computing Homepage

Information Technology Help Desk

Mon -Thu: 8:00am -9:00 pm
Friday: 8:00am - 5:00pm
Saturday: Closed
Sunday: 3:00pm - 9:00pm

(when classes are in session)

Exceptions for the year


 

Update our computers regularly.

Defects are frequently found in almost all commercial and open-source computer software. Many of these so-called bugs are just a nuisance but some of them can result in the ability of third parties to run their code on our computers without our permission. This allows them to take control of our computers for their own purposes. Of particular importance, are defects in programs that interact with other computers over the network. A defect in this type of program can enable our computers to be compromised from a remote location. With 600 million of us connected together around the world, that presents a lot of opportunity for mischief...or worse.

Running a computer with such vulnerable software on a network is like leaving the doors of our homes and offices wide open for anyone to enter. The difference is opportunity. Because of our Internet connectivity, people can go through open computer doors from anywhere in the world in seconds almost undetected. Because this activity is almost continuous, a vulnerable computer will be found and compromised in short order.

 

 

 

Scans

 

 

 

Network Scans

 

 

People don't need to be experts to perform a sophisticated crime. One expert can write a program that gives anyone that downloads it the benefit of the expert's knowledge.

We see scans and probes looking for open doors in our networked computers almost every day. Tools exist that automatically scan large segments of a network and exploit any vulnerable systems that are found giving the user of the tool a cadre of compromised computers for later perusal and expansion. Worms, such as Code Red and Nimda, automate the scanning and exploit process to spread themselves. Most software is out-of-date and full of vulnerable defects on the installation CDs and even sometimes when downloaded from vendor web sites. Scanners and automated worms may find a vulnerable server almost as soon as it is connected to the network. A freshly installed Windows computer can be infected within minutes of it being connected to the network.

Defects in almost any type of software may result in a computer's compromise:

  • Defects in client software like web browsers and email readers may allow others to run code on our computer if we receive hostilely formatted email, scripts, or web pages. Such is the case with the Kak virus.
  • Defects in server software like web, ftp, and file sharing servers may result in allowing others to run code on our server by improperly handling maliciously created service requests.  Software doesn't have to service hundreds of people to qualify as a server. Microsoft peer file sharing on a Windows 95/98 box is a file server. The Personal Web Service started along with Front Page on a Windows 95/98 box is a web server. Napster, gnutella, and Scour are file servers.
  • Defects in core operating system software like Microsoft Windows and Unix may result in allowing unprivileged operators to execute hostile code as a privileged process thus compromising our computer.
  • Even defects in seemingly innocuous software like printer drivers and network games have bee known to have security implications.

We can prevent most of these issues from causing us problems by regularly updating our software.

 

All computer operators:

Defects in popular add-on programs are often discovered that are not covered by automatic update sites. If you run any of the following programs, you will need to visit the vendor's site to make sure you have the most recent, and secure, version:

  • Instant Messaging Programs (AOL IM, Yahoo Messenger, Trillian, etc.)
  • Media players (RealOne, RealPlayer, Winamp, etc.)
  • Document viewing programs (Adobe Reader, Shockwave, etc.)

Keeping track of all your installed software and needed updates is tedious, time consuming, and errorprone. If your Windows computer is managed by JMU IT (set up by IT Desktop Services and joined to the IT domain) many of these tedious tasks are taken care of for you. Currently, IT manages over 2000 campus Windows computers.

One company that makes a product that can help with the update task and that has had favorable reviews is Secunia. They offer a web based service you can visit with a browser that will check your computer for needed updates for a few dozen of the most popular programs. If you want, they will email you reminders on a periodic basis to rescan your computer. They also offer a more comprehensive program that can be downloaded and installed on home computers that can check for updates for thousands of programs. Installing this program on JMU owned computers violates the license terms. As always when using a web service that requires downloading software, the terms and conditions and privacy policies should be examined.

    * Click here for the web based service.
    * Click here to download the program for home computers.

Microsoft Windows Systems

Before connecting such a computer to any network, follow the StartSafe instructions for new Windows computers.

Recommendations for Windows Desktop Operators:

  • Follow StartSafe procedures to set up automatic updates.
  • Double-click the Symantec Anti-Virus gold shield icon in the lower left of your screen. A Symantec window will come up. Check the date of the Virus Definition File. If it is more than two weeks old, the Symantec Anti-Virus program is not updating itself correctly.
  • Upgrade or replace software which Microsoft doesn't or soon won't support with security patches. Of particular importance in this respect are: 
    • Internet Explorer versions prior to version 8 
    • Windows XP
    • Microsoft Office 2003
    • Macintosh OSX Snow Leopard (10.6)
  • Cygwin users must also check for defect updates in Unix programs packaged with Cygwin or installed separately. For example, OpenSSH.

Recommendations for Windows Server Operators:

Servers need to have more timely patches as they run software that is accessible to anyone on the Internet. Patches should be installed as they become available.
  • NEVER bring up a server until all patches and configuration changes have been completed. Unpatched servers have been found and compromised in minutes by automated worms and scripts. Install the software while the machine is disconnected from the network, make sure all servers are shut down, connect to the network and download the patches, disconnect from the network, and apply patches.
  • Subscribe to Microsoft's Security Bulletin Mailing List and apply patches as soon after they are announced and can be tested as possible. 
  • Cygwin users must also check for defect updates in Unix programs packaged with Cygwin or installed separately. For example, OpenSSH.
  • If you install non-Microsoft software, subscribe to vendor security bulletins or check their web site regularly for updates.

 

Linux and other Unix Systems

These systems often have server programs running after even a default desktop installation.

  • NEVER bring up a server on the network until all listening services have been stopped. Unpatched servers have been found and compromised in minutes by automated worms and scripts. Install the software while the machine is disconnected from the network, make sure all services started in the inetd.conf file, /etc/rc* files, or your vendor's equivalent have been disabled and stopped, connect to the network and download the patches, disconnect from the network, and apply patches.
  • Subscribe to vendor security bulletins and apply patches as soon after they are available as possible. Click here for a list of various vendor security sites and notification services.

 

MacIntosh OSX

MacIntosh OSX is based on unix. Many unix related defects also affect MacIntosh OSX.

 

Other Systems

  • Review computer security Hot Topics page at least monthly for announcements of software defects or other issues that may affect you.
  • Keep anti-virus software up to date.
  • If available, check your vendor's security site monthly for critical security updates.

Some vendors offer automated email notifications of new security issues. System administrators should take advantage of such services:

 

 

Product Security Information
Adobe mailing list, web site
AOL Instant Messenger mailing list, web site
Apple mailing list, web site (requires scripting to access)
BEA Systems mailing list, web site
Caldera/OpenLinux mailing list , web site 
Cisco mailing list, web site
Citrix mailing list, web site
Compaq mailing list, web site
Cygwin mailing list, web site, Products that may be affected
Debian Linux mailing list, web site
Eudora mailing list, web site
Firefox mailing list, web site
FreeBSD mailing list, web site
Hewlett Packard mailing list, web site
IBM AIX mailing list, web site
Java ( see Sun below )  
KDE (linux desktop) mailing list, web site
Kerberos mailing list, web site
Macromedia mailing list, web site
Mandrake Linux mailing list, web site
Microsoft products mailing list, web site
MIT Kerberos mailing list, web site
Mozilla mailing list, web site
NetBSD mailing list, web site
Netscape mailing list, web site
Novell mailing list, web site
OpenBSD mailing list, web site
Opera mailing list, web site
Oracle mailing list, web site
Putty mailing list, web site
RealNetworks mailing list, web site
RedHat Linux mailing list, web site
Research In Motion Blackberry mailing list, web site
Samba mailing list, web site
SCO/UnixWare mailing list, web site
SGI mailing list, web site
Skype mailling list, web site
Slackware Linux mailing list, web site
Sun products including Java mailing list, web site
SuSE Linux mailing list, web site
Symantec (makers of Norton AV and firewall) mailing list, web site
Trustix mailing list, web site
VMWare mailing list, web site and here
WFTPD, WFTPD Pro mailing list, web site
Xerox mailing list, web site

The aforementioned sites include updates for the respective vendors' operating systems and software applications. If you're running software not written or distributed by those vendors, you'll need to visit the applicable software vendors' sites for the packages you're running. You'll need to do this on a regular basis. You can also monitor other vendor specific sites where notices are posted of serious security defects and the need for new patches. 

Antivirus tools are designed to detect code patterns or behavior known to be associated with hostile code. People seem to constantly create new hostile code so, like a flu vaccine, antiviral tools must also be updated in order to recognize the new code. If you have installed the campus provided Symantec anti-virus software or had it installed for you on your office computer by Desktop Services, it will automatically and continuously update itself once it is installed. Otherwise, you will need to update the software yourself.