May 10, 2004

A primer in Windows
desktop security      

Alan Cattier is codirector of academic technologies in the Information Technology Division.

It’s 6 a.m., and I’m trying to access Emory’s homepage. It takes forever to load. I launch e-mail; login proceeds at a glacial pace. I click on a message, and nothing happens. What in the world is going on here?

Though these events may be all too familiar, they are not unique to Emory nor are they unique to these services. Emory’s campus network—like many campus networks that attempt to value academic freedom by allowing relatively unfettered access to and from the Internet—is under siege. And, rather than the situation getting better, it seems to be getting worse.

Here, I would like to provide an introduction to what is happening on the Internet and an explanation of three steps to better secure your desktop and, in the same gesture, help the University safeguard its network.

Since April 1, security-software provider Symantec has identified more than 80 new worms, viruses and Trojan horses. Most attack computers and networks by overtaking unprotected machines and saturating the network with a blizzard of computer traffic, bringing legitimate traffic like e-mail to a halt. Each of these cyber-nasties has a unique profile and accomplishes its dirty work using a different technique. As a result, there can be no single electronic panacea, as each manifestation of a worm, virus or Trojan horse requires a distinct “vaccine.”

To refresh our collective memory, a virus is a program that when downloaded and launched tries to replicate by attaching itself to other programs or files. A computer worm, like a virus, lives to replicate itself and affect others, but unlike a virus it does not need to attach itself to a program or file; it can spread on its own. Finally, computer Trojan horses, like their namesake from the Iliad, arrive rather innocently as free software (or an e-mail attachment) but open a back door that later can be used to compromise the security of a machine.

Two short years ago, it was fine to update your security definitions (which can identify worms, viruses and Trojan horses) on a monthly basis or, in rare cases, weekly. Then, to truly protect yourself, it became necessary to update virus definitions on a daily and sometimes hourly basis. And even this would not be enough; Windows users also had to keep up with the fast pace of security patches released by Microsoft and install them.

Why is this spate of electronic assaults happening? There is no clear reason for the timing, but the underlying intent for writing and releasing all this harmful code has multiple motives. Some culprits are relatively naïve students—hacking tricksters, if you will, out to showcase their programming chops. Others want to demonstrate security vulnerabilities in Microsoft’s software, while still others are out to damage individual corporations by targeting the malicious “payload” of a malignant program at a certain website. Finally, there is a warlike dimension to the activities currently besieging the Internet. Indeed, in an age when terrorism constantly takes on new forms, it is not beyond imagination to think current events presage a new form of warfare, and we are just witnessing practice rounds.

What can you do to protect yourself and your data in this hostile environment? First, talk to your local computer support provider to make sure you’re taking advantage of the University’s site license of Symantec’s Norton Antivirus and other recommended security measures.

Second, use Windows Update regularly. It is an application that checks with Microsoft for security patches. Better yet, configure your machine to automatically download updates from Microsoft; when they are downloaded, install them on your computer.
Finally, to get more information or if you do not have a local support provider, consult the Information Technology Division’s security website at

Here you’ll find everything from Norton Antivirus to a FAQ on how to properly configure Windows Update.

Desktop security is neither easy nor transparent—something we all want from our computing experience—but it is essential. If the lesson of the last month proves nothing else, it shows that a community on a network is only as secure as its least secure member. By that formula, no central mechanism alone offers absolute protection. It takes everyone’s help.