Safe Computing - Run Safe

Do you know how easy it is for your computer to be infected with a virus, worm or other malicious code? It may only take an instant or a mouse click to become infected, but it may take years to recover from the identity theft or loss of data that may result. Did you know that a freshly installed copy of Windows is vulnerable to such attacks just by being connected to the network? The steps given as part of the StartSafe program can help prevent a new machine from being infected before it is initially connected to the Clarkson network. The items given as part of this program, the RunSafe program, can help keep a computer that is already connected to the network running in a healthy state.


Refuse to Run Unknown Programs

You wouldn't get your flu shot from someone on the street, so why run programs on your computer that come from untrustworthy sites? Programs, screen savers, pictures and movies that show up in your email inbox or that are passed around using peer to peer (P2P) software are very suspect. When you don't know or trust the original author of a piece of software, or when you are not certain that the software is in its original form, it should not be run on your computer. Doing so risks exposing your computer and the rest of the Clarkson network to serious risks. So, don't forget if your flu shot didn't come from your doctor, don't take it. And, if your software didn't come from a reputable source, don't run it. Run Safe.

Email Attachments
If you receive an email with an attachment that you are not expecting, do NOT open it even if the person sending the email is known to you. If you are wondering if that person sent you an attachment, call them on the phone and ask them. Frequently, viruses will look through an infected computer's address book to gather email addresses. Then the virus will email itself to all of the email addresses that it finds in that address book. This email may look like it came from your friend, co-worker, roomate or supervisor.


Update Your Computer Regularly

Did you know that the Windows XP Service Pack 2, a patch for windows that was released in 2004, contained fixes for over 250 flaws in the Windows operating system! Major software vendors release patches like this every day! These security patches can prevent one of the more than 300 million Internet users from taking control of your computer. And they can prevent your computer from being used to launch similar attacks against other Internet users. To check your computer for update, just follow these simple steps:

  • Open Internet Explorer
  • Go to http://windowsupdate.microsoft.com
  • Click on the Express button and the website will begin examinging your computer to see if it requires patching.
  • If any updates are found, you will see a button labeled Download and Install Now. Click this button. A new window will open that says "The updates are being downloaded and installed."
  • When the process completes, you will see a message that says You have successfully updated your computer. At this point you can click on Close.

Nullify Unneeded Risks

Would you leave your car unlocked in a crime ridden neighborhood? Probably not. Why then, would you give the programs on your computer more access than they need? Sometimes software that is running on our computers will expose our personal information. We can reduce the risk of this happening by using the following steps:

  • Limit unnecessary network traffic by using a firewall. For more information on installing a firewall on your computer, see the StartSafe program.
  • Do not use public access computers or kiosks to read email, check bank statements or view other sensitive information.
  • Consider using an alternative browser for sites that do not explicitly require Internet Explorer. Some sites, like iNotes, your bank's website and others may require that they be viewed using Internet Explorer.
  • Configure your email client to display emails in plain text. This can help reduce the risk presented by viewing a malicious message
  • Perform day to day operations, particularly web browsing and email reading, using an unprivileged user account.
  • Disable un-needed Windows services.

Safeguard Your Identity and Password

Choosing a Strong Password
Our user ID and password are, in many cases, what identify us online. If an attacker is able to guess our password, then they become us. This means that they can move money around (or out of) our bank accounts, charge items to our credit cards or even worse, launch attacks against other computers. To prevent such misuse, we must choose secure passwords. There are three important elements to choosing a secure password:

  1. It can't be obvious
    Because a computer can guess thousands of passwords per second, our password must not be one that can be found in a dictionary (of any language). It is very easy for a computer to load a dictionary into memory and try to guess our password. Also, we don't want our passwords to be personally significant to us. This means we shouldn't use a pet or loved one's name, birthdate or social security number.
  2. It can't be short
    For the same reason that we should not use a dictionary word for our password, we must also not use a password that is too short. It's just too easy for a computer to guess. Anything less than eight characters long is too short. After all, you wouldn't use a combination lock that only had two numbers... Would you?
  3. It can't be made up of just a few characters
    A secure password should contain at least one of each of the following characters:
    • Uppercase letters (A-Z)
    • Lowercase letters (a-z)
    • Numbers (0-9)
    • Special characters (!@#$%^&*()_-+=)
You might be wondering how you're supposed to remember such a complex password. Here are a few tricks that you might find handy. First, try making up a sentence and using the first letter of each word as your password. For example:
  • I hope Dr. Jim blows something up in class today! (IhDJbsuict!)
  • Boy it's cold out today, -20! (Bicot-20!)
  • Will spring arrive before graduation?! (Ws@b4g?!)
If that technique doesn't work for you and you can't seem to remember your password, you may need to write it down and store it in a safe location. It is probably better to do this than to leave a weak password exposed to the Internet.

Assure Sufficient Resources for System Care

If your computer provides a service, then it will require regular maintenance. This means that if you run a webserver on your computer, you should take the time to regularly monitor its log files. If you use Windows file sharing, you should regularly monitor your file shares to ensure that there are no unauthorized files. Regardless of the platform that provides the service, Windows, Linux or MacOS X, the services will require regular monitoring and maintenance. Even if your computer doesn't run as a server, you still need to take the time to regularly update your operating system and anti-virus software.


Face Insecurity

Every other computer on the Internet has direct access to your computer. Even if you take every recommended precaution, you can't control what someone else may do on the Internet. Because of this, it is important to stay up-to-date with the following items:

  • Current threats and scams
  • Regularly backup your data
  • Do not ignore warning messages, particularly those coming from your anti-virus software

Everybody Needs to Do Their Part

Reckless use of just one networked computer can mean trouble for lots of computers on the Clarkson network. That's why it is important for you to be vigilant about your security ... and to encourage your neighbors, co-workers, roomates and students to do the same. RunSafe.


The RUNSAFE acronym was originally developed by the computing staff at James Madison University, who were kind enough to allow us to use the concept.