SIPA: School of International and Public Affairs at Columbia University

Skip Navigation

Global Links:

Home > Resources and Services > SIPA Computing > Cyber Security

Cyber Security at SIPA

Back to SIPA Computing

Disclaimer: The information contained on these pages are suggestions. Protecting your computer is your responsibility. SIPA Computing makes no guarantee of any of the information presented, nor is it responsible for any damage.

  1. Why Security is Necessary
  2. Problems for PC Users
  3. Symptoms of Malware
  4. Protecting Your System
  5. Is Your Computer Affected by Malware? What can You do?
  6. Using Wireless

Why Security Is Necessary

Whether you are a student, a faculty member, an administrator or a staff member at SIPA, much of your life revolves around your computer. You won't realize how much you're dependent on your computer until something happens. Many headaches can be avoided by understanding security threats, the problems they cause, how to protect your computer against them, and what to do if something goes wrong. The information below is designed to provide you with this information. However, remember that the actions you perform include routine maintenance, setting up security on your computer and cleaning your machine from any possible threats. If these steps are ignored, your computer can be easily compromised and then you have to deal with rebuilding your computer and possibly losing data. We have listed resources to help you with the process of maintaining a malware free and secured system.

Problems for PC Users

Viruses, worms, trojans, and spyware are programs that can create numerous problems for computer users. These malicious software programs or "malware" are becoming more and more able to infect even the most protected computer. Here we will seek to explain some of the problems associated with the different types of malware and how you as a SIPA computer user can avoid the problems associated with malware infection.

Virus

Put simply, a virus is a program that can replicate itself by making copies of itself and "infecting" a host computer. It is a program that attaches itself to a document or a program. It is deliberately created and seeks to cause problems for the infected computer. Viruses are generally transmitted via Email Attachments, Removable Media, Internet Downloads and file sharing programs. For more information on computer viruses, click here.

Worm

Similar to a virus, a computer worm is a program that can replicate itself. However, unlike a virus it is not necessary for the worm to exploit another program to make copies of itself. This makes a worm particularly troublesome, as it can exploit security holes in many internet programs and transmit itself over the Internet. A worm can cause the entire system to be re-setup, software reinstalled and losing data (Personal Documents). For more information on computer worms, click here.

Trojan

Similar to the classical trick by the Greeks, a Trojan is a malware program disguised as legitimate software. However, unlike viruses or worms, a Trojan cannot replicate itself and must rely on tricking the user into thinking that the program is a legitimate program. Like a worm, a Trojan can cause the entire system to be re-setup, software reinstalled and losing data (Personal Documents). For more information on computer Trojans, click here.

Spyware

Spyware is software that is intended to intercept information on your computer without your consent. Like Trojans, and unlike viruses and worms, spyware software can not replicate itself. When you see advertisements about making your computer run faster or you have won a prize, avoid the temptation to go for them. Spyware is also known to download Trojans to the computer without your consent. Spyware can make your computer become increasingly slow, unstable and get to the point where you must reinstall your operating system. For more information on spyware and examples of spyware programs, click here.

Adware

Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Just like spyware, adware is also known to download Trojans to the computer without your consent and can make your computer become increasingly slow, unstable and to the point where you must reinstall your operating system. For more information on Adware and examples of Adware programs, click here.

Phishing Scams

It is a scam where by an email is sent to a user under false pretenses, claiming to be a legitimate enterprise and asking the user to send private information. It is one of the ways of stealing the identity of the user. This affects you as a user. Be wary of free products. Read the fine print carefully. Read more here.

What can these malware programs do to my computer?

Malware programs can:

  • Erase or overwrite data;
  • Corrupt files in a subtle way;
  • Make your system sluggish, making it hard for you to work, or start some programs, or connect to the Internet;
  • Spread other malware;
  • Misdirects your browser;
  • Turn your computer into a "zombie" machine to send spam or launch an attack on other computers;
  • Covertly report data (e.g., credit card information, browsing habits, etc.) to other people;
  • Open a "backdoor" on your computer to let others gain access to your files.
  • "Hijack" your computer.

Back to Top
 

Symptoms of Malware

The sneaky nature of malware can make it difficult to know when you've been infected. Viruses, worms, trojans, and spyware can take many different forms and can lay dormant for a long time after you've been infected.

While in the past, malware was mainly viruses spread by contaminated floppy disks, with the advent of the Internet, these programs became more advanced and exploited the transmission links among computers to their advantage. Nowadays, computers are primarily infected with malware by internet transmission.

Particular warning signs:

  • When you start your computer, or when your computer has been idle for many minutes, your Internet browser opens to display Web site advertisements;
  • When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements;
  • Your Web browser's home page unexpectedly changes;
  • Web pages are unexpectedly added to your Favorites folder;
  • New toolbars are unexpectedly added to your Web browser;
  • You cannot start a program;
  • When you click a link in a program, the link does not work;
  • Your Web browser suddenly closes or stops responding;
  • It takes a much longer time to start or to resume your computer;
  • Components of Windows or other programs no longer work.

Malware is often transferred through Internet pop-ups that mimic Windows warnings. While surfing the Internet, a window will pop up asking you a question or even "alerting" you of spyware on your machine with offers to eradicate the spyware. When in doubt, always click "no" or "do not install."

Additionally, just because something is signed does not necessarily mean it is not malicious. Make sure you fully trust the company that has signed the certificate. The "verification" mentioned in security warnings such as these only verify that the company is who it says it is, NOT that the program is virus-free. As a general rule, never click "yes" and run a program such as this unless it is from Microsoft, McAfee, Macromedia or another well-known company (see malware example below).

Back to Top
 

Protecting Your System

If you are setting up a new computer, do not connect it to the Internet without doing some of the steps below. You can download some of these programs at another computer and install them on your system to protect it.

  • BACK UP YOUR DATA regularly! This is the most important step in avoiding headaches. Keep a stack of CDs and back up your documents once every week or two. You don't necessarily have to copy your entire hard drive- you can make copies of your documents. Just make sure you have a copy of the software that came with your computer as well. You can also back up your data to a USB memory key daily so that you always have a copy of your important data.

  • Activate Firewall Protection: A firewall is software that blocks certain communications to protect your computer from outside attacks. If you have Windows XP, ensure you have Service Pack 2 installed and the firewall activated. For more information on how to do this, click here. If you're using Windows 98, Windows Millennium Edition (ME), or Windows 2000, there is no built-in Windows firewall and you must rely on the firewall application that comes with your anti-virus software. For more information on this and where to find vendors with firewall protection. Or download a free Firewall (www.zonelabs.com)

  • Configure Automatic updates and Install the latest Security Patches: Keep your computer updated with the latest security patches. If you use Windows XP, you should currently have Windows Service Pack 2. (found in control panel, Automatic Updates).

  • Remove Microsoft Client for Networks:Most users only need TCP/IP protocol to connect to the Internet. Microsoft Client allows other computers on the network to access your computer. (found in network connection properties)

  • Remove/Do not install File and Print Share: Install this option under Networking only if you need it. It provides a hacker easy access to your computer.
  • Download (and use!) Anti-virus Software and update definitions regularly : A good anti-virus software is the first step in combating malware. However, it is very important that you keep your virus definition files up to date. Schedule the program to check for updates daily when your computer will be turned on. Even the best anti-virus software is only as good as its ability to recognize the most recently developed malware. As a member of the Columbia community, you can download and install Symantec antivirus software for free at http://www.columbia.edu/acis/software/index.html.
  • Ensure Spyware/Malware Protection: Although no program is perfect, a good spyware protection program can keep your system relatively clean. Finding spyware protection can be tricky, as some spyware programs masquerade as programs that "clean" your system when in fact they install their own form of spyware. PestPatrol by Computer Associates is a legitimate spyware protection program available for free to the Columbia community here. Addtionally, free online spyware scanning programs can be found at (IE; Ewido, Spybot, Ad-Aware). Usually two programs are necessary for an adequate spyware scan, as no one program is comprehensive in its scope.

  • Regularly Scan Your Hard Drive with Anti-virus/Anti Mal-ware software: Once you have anti-virus software, it is important to regularly do a system scan of your entire hard drive for viruses. Again, ensure your virus definition files are up to date before the scan, and make sure you select all files to scan-not just the ones you download. Malware can often attach itself to innocuous-looking files.

  • Download Cautiously: Be careful when you open files downloaded from the internet. Many files, particularly bootleg software, may in fact be vehicles for malware. Additionally, shareware programs such as Kazaa and others can subtly install spyware on your computer. Be very careful when installing any new program on your computer. Make sure you trust the manufacturer.

    • Additionally, using a secure fire transfer protocol (SFTP) to transfer files, such as WINSCP3 or secure telnet for telnet services, such as SSH, will minimize malware eavesdropping or connection hijacking.

  • Use Passwords for each account on your account : Adding a password to logon to your computer gives you additional level of security. When you are away from your computer (even temporarily), activate "Password on the Screensaver." For instructions click here. Use strong passwords with numbers and characters and not easily found in a dictionary.

  • Inoculate Before Traveling: You should take steps to "inoculate" your laptop before taking it overseas. Malware is particularly frequent overseas. Make sure your virus definition files and security patches are up-to-date before you leave. Downloading a 134 megabyte Windows update over a slow connection from the field can be frustrating if not impossible.

  • Turn off "Auto Complete" and never use "Remember my Password": Many browsers automatically offer you the option of remembering yor password when you visit a site. Turn it off. In Internet Explorer, from the Tools Menu, choose Options and go to the Content tab, select "Autocomplete" and uncheck the boxes next to Forms, user name and password. You can also clear any saved password from here. Follow similar procedures for other browsers.

  • Get in the habit of locking your personal computer or turn on Screen Saver with Password: Press CTRL, ALT and DELETE keys simultaneously and choose lock computer. To unlock the computer, do the same, you will be prompted for your login password.

  • Disable Guest account in Windows 2000 or XP: From the Control Panel in Windows XP, choose Administrative Tools, Computer Management, Local Users and Groups. Identify the Guest account under Users, right click on it, choose Properties, and disable the account.

  • Setup Personal Spam filters to deal with Phishing Scams: For more information visit, http://www.columbia.edu/acis/security/users/phishing.html.

  • Shopping/Banking Online: Make sure that you are not provided important personal information on a non-secure Web site or over a Wireless Network unless you are sure it’s secured.

Back to Top
 

Is Your Computer Affected by Malware? What can You do?

If you have done all the steps listed above and still find that your computer has become sluggish, or some programs are not working properly, you have probably been hit by Spyware. There is no one program that will find all the problems for you and fix them. However, we have compiled a list of programs that will help you towards this end. We have listed some programs that are free and will scan yoru computer and help clean it. Most of these programs have a commercial version with additional functionality.

If you can connect to the Internet, you can do a fee online scan at one of these sites:

You can also get a free version of Avast! for personal use. Note: It can not co-exist with anothe anti-viirus program. It is a complete security suite.

To clean out temporary files downloaded by the browsers on your system that may contain Malware, use CCleaner program. http://www.ccleaner.com/.

Microsoft also offers a Spyware Video Tutorial at http://www.microsoft.com/athome/security/spyware/video1.mspx

Mac Users visit:
http://www.apple.com/support/security/

Back to Top
 

Wireless Users: Watch out!

Wireless connectivity provides more flexibility and portability. But these are in general open networks where you are an easy target for a hacker. Your data is no longer secure and confidential. In addition to all the threats discussed to the traditional network, concerns for wireless communications are device theft, denial of service, malicious hackers, malicious code, theft of service, and industrial and foreign espionage. Any one can easily eavesdrop on your system. Social Security numbers, credit card information, bank information, and other personal data can easily be stolen via wireless internet access.

Here are a few tips on how to protect yourself (in addition to those listed in Protecting the System).

  • Do you have a password on your system? If not, add a strong passowrd now.
  • Turn on the Firewall on your system.
  • Install the WPA2 update for Windows XP SP2.
  • Turn Off Wireless connection if you are not browsing the Internet.
  • Use a secure connection for File Transfer and Telnet.
  • At home, secure your router or access point. See http://www.extremetech.com/article2/0,1697,1152933,00.asp for tips on how to configure a secure router for Wi-fi.
  • Upgrade your router or access point to support WPA2.
  • Remember to physically secure your portable devices.
  • BACKUP your data.

Back to Top