Protect your data: ISC shows you how

Though there’s nothing new about computer worms and viruses, Penn got an unpleasant wake-up call about a year ago. That’s when the Blaster and Welchia worms showed up on campus. “They spread from Windows to Windows all by themselves,” says Dave Millar, Penn’s information security officer. “The user didn’t even have to open an email or go to a web site.”

Starting this fall, ISC is rolling out a new security initiative—with four mandatory steps—to keep campus computers safer. (Go to http://www.upenn.edu/computing/security/ for complete information.)

To keep viruses at bay Millar suggests staying up to date with antivirus software. For worm protection, though, you’ll need to apply security patches. “Antivirus software alone is not enough,” says Millar. “It won’t prevent infection by a worm.” And once a worm has found its way into your system, cautions Millar, it can hijack your hard drive to store stolen software or steal your Internet access to send out Spam. The only way to be sure that a worm-infected computer is free of infection is to wipe it clean and rebuild the operating system.

Security patches plug holes in your operating system to prevent an infection from getting in. Fully patched systems are rarely, if ever, compromised by worms, says Millar, who recommends talking to your local support provider about your department’s approach to patch management.

Finally, make sure you have a strong password that’s hard to guess. “Worms carry with them password-guessing dictionaries,” says Millar, “with arcane words and names from literature.” A weak password, such as one based on your name, can be easily cracked.

Though it’s not yet mandatory, Millar also suggests talking to your support provider about activating your system’s firewall as an extra level of security.

If the threat of a hostile takeover isn’t enough to get your attention, how about a free iPod? Just go to http://www.upenn.edu/computing/security/ipod.html by September 12 and answer three questions for a chance to be entered in the prize drawing.

Originally published on September 9, 2004