Frequently Asked Security Questions

Topics

Antivirus Software Confidential Data Storage Data Backups DNS Security Enhancement Email Attachment Restrictions Email Virus Filtering Encryption Firewalls Identity Theft IRC Bots

Passwords Phishing Software Patch Updates Spam Filtering Basics Spam: Allow/Deny List Basics Spam: Sample Filter Settings Spyware Viruses Wireless

Anti-virus Software

What is it?
Anti-virus software protects email, instant messages, and other files by removing viruses and worms. It may also quarantine infected files to keep a virus from spreading on your computer and can repair infected files so you can use them without fear of damaging your computer or spreading a virus to others.

What risks are involved?
If your computer isn't fortified against the most recent viruses, you leave your system wide open for every bug, worm, and virus floating around the Internet. These debilitating bugs and viruses can cause your computer to malfunction. They may also make your computer vulnerable to identity thieves and hackers.

What can I do to protect myself?
Install anti-virus software on your computer and run daily updates. Sophos anti-virus is free to all UC Davis students, faculty and staff, and can be used on home and work computers. See the Software License Coordination web site to download Sophos.

How do I know if I have anti-virus software on my computer?
A computer with a properly installed anti-virus software will generally prompt you to update the program every once and a while. If your computer doesn't ask you to update virus definitions, you may not have virus software properly installed. Some of the most common antivirus packages include: Sophos, McAfee, and TrendMicro.

Back to top

---

Confidential Data Storage

What is it?
Confidential data is any information you don't want others to obtain without your permission, including (but not limited to) your social security number, home address, phone numbers of friends/family/colleagues/students, your drivers license or bank account numbers, a list of all your passwords, your home address or phone numbers, your employee ID number, digital images, word documents containing personal text, etc. Most people store confidential data of some kind on their computers within Word files, address books, or application settings.

What risks are involved?
If unauthorized persons gain access to the confidential information you are storing, they could alter the information or use it to commit identity theft.

What can I do to protect myself?

• Only store confidential information on your computer if it is absolutely necessary.
• Store confidential information on portable media, such as a CD, flashdrive, ZIP disk or floppy disk. Secure the portable media in a locked cabinet when it is not being used.
• Encrypt files containing confidential data. Encryption is available on some operating systems. Refer to your operating system help center for instructions.
• Physically secure your computer (laptop or desktop) to the desk where it sits. You can purchase a simple cable lock (similar to a bike lock) at any tech-supply store for around $30 that will deter and usually prevent theft.
• Set your computer to ask you for an account password at login. If someone else is sneaking onto your computer, this will prevent them from gaining access to your files. For instructions on setting passwords, refer to your operating system help center.
• Be sure to disable the "Guest" account, as use of this account is likely to be untraceable.

Back to top

---

Data Backups

What is it?
To back up your files, simply create a second copy of your important documents somewhere other than your computer's hard drive.

What risks are involved?
If you don't back up your data, you run the risk of losing it. Your files could disappear due to a virus, computer crash, accidental keystroke, theft, or external disaster.

What can I do to protect myself?

• Back up critical and essential files on a daily basis and non-critical files on a weekly or monthly basis. You can back up your data to a CD, to an online back up service (for a small monthly fee), flash drive, USB key, or to a server, if you can get access to one from your Internet Service Provider or commercial vendor. Some companies offer automatic backups when you purchase their programs.
• Keep all your critical files in one place so you can easily create a duplicate copy.
• Store your backup media (CDs, disks, backup server, etc.) in a safe and secure place away from your computer, in case of fire or theft.
• Periodically test the capability to restore from the backup media. It's of little value to have a backup that is unreadable. To ensure that your backup files are reliable, simply upload the files to your computer.
• Faculty/Staff: Check with your department's Technical Support Coordinator (TSC) to find out if he or she runs regular backups of departmental computers.

How do I choose an online backup service?
For help choosing an online backup service that’s right for you, review 10 Questions You Should Ask Before Using an Online Data Backup Service.

Back to top

---

DNS Security Enhancement

What is DNS?
DNS stands for Domain Name System. DNS servers are a critical part of the campus network infrastructure and the Internet because they allow information on the Internet to be available when you enter a URL in your Web browser. UC Davis disabled one capability of the DNS servers --recursive DNS - to help improve security.

What is recursive DNS?
One example of recursive DNS is when someone who subscribes to an ISP (e.g. Comcast) configures their computer to use the UC Davis DNS servers rather than their ISP DNS servers to access the Internet.

How do I know if I'm using the UC Davis DNS servers?
If your DNS configuration uses 169.237.250.250 or 169.237.1.250, you are using the UC Davis DNS servers.

Why are my DNS server settings blank?
Most ISPs provide DNS server information automatically, so you won't see anything in the DNS server settings even though your computer is properly configured. Check with your ISP to be sure.

What security risks are involved in recursive DNS?

1. Cache poisoning: An attacker could redirect users attempting to reach one site, say a bank site, to a malicious site without their knowledge. For more information about this type of attack, see http://www.lurhq.com/dnscache.pdf.
2. Recursive DDoS attacks: An attacker can send streams of DNS queries to caching servers. As all of these servers answer the queries, the victim host is targeted with a massive distributed denial-of-service attack (DDoS). For more information, see http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf.
   

Back to top

---

Email Attachment Restrictions

What are email attachment restrictions?
To help prevent the spread of viruses, the campus prevents certain attachment types from entering the campus email system. If someone sends you an email message with a file attached and that file is one of the restricted file types, you will not receive the attachment, but you will still receive the email message.

How will I know if attachments are removed from email messages I send/receive?
Recipients will receive a message clearly stating that an attachment was removed, the name of the attachment, why the attachment was removed, and options for resending the attachment as an unrestricted file type. However, senders of restricted file types will not receive notification that the attachment was removed.

Is there a list of file types that are being restricted?
Yes. See Attachment Restrictions page.

What can I do if a file type I want to send is on the restricted file type list?
If you need to share a file type that is on the restricted list, consider renaming the file to an unrestricted file type or using Web-based file sharing (such as MySpace, the file sharing section of MyUCDavis) or removable media (e.g. CD, Zip).

Does this mean that all attachments I receive will be safe?
No. You should continue to use caution when opening email attachments. Do not open attachments you were not expecting or from senders you don't know. Attachment restrictions reduce but may not eliminate the number of virus-infected attachments that reach the campus.

Back to top

Email Virus Filtering

What kind of email virus protection does UC Davis offer email users?
The virus filtering software detects and deletes known viruses attached to all the incoming and outgoing email messages that are processed through the central campus email servers.

Who benefits from this email filtering service?
All those who send or receive email through the central campus email servers will benefit from this service.

Why is email virus filtering necessary?
Not only are viruses annoying, but they can corrupt essential data stored on your computer, thereby compromising the integrity of your computing system. Since 87% of viruses originate or transmit themselves via email, the campus considers email filtering an important part of computer security.

How does the virus filtering system work? What do I have to do?
As an email user, you don't have to do anything to benefit from this service. Here's how it works: When you send an email, it always travels through an email server where it is routed to the recipient (the person to whom you're sending it). The servers with this new filtering software will act as "checkpoints," searching all incoming and outgoing email messages for known viruses.

What happens if I send a virus-infected email message?
If a known virus is attached to your message, the software on the server will detect it and delete it, protecting the recipient of your message from receiving the virus. As the sender of the infected message, you will receive a short message notifying you of the virus attached to your outgoing message.

What should I do if I get a notification message that I sent a virus-infected email?

• Be aware that the message and any attachment in question will not have been sent to the intended recipient.
• While the virus infection will be removed from the email, the infected computer from which the email originated will continue to be infected until virus removal efforts are complete. Check for virus conditions on your computer by running anti-virus software.
• Since certain viruses are clever enough to forge sender names, you might not actually have a virus on your computer. Contact IT Express (754-HELP) or your department's TSC for advice.

How do I know if my email goes through the central campus servers where this virus-scanning occurs?
If you have been receiving email at an "@ucdavis.edu" address, you will automatically benefit from this filtering service. If you receive email at an address that contains the name of a department (such as "@dept.ucdavis.edu"), your email processes through a separate department server.

My email doesn't go through the central campus servers. How do I find out what kind of protection my department email server provides me?
Contact your department's Technology Support Coordinator. If you don't know who your TSC is, visit the TSC directory to find out.

What else can I do to keep my personal computer virus-free?
The email filtering system will catch viruses in your email, but it is up to you to make sure your computer is protected. The best way to do this is to:

• Configure your computer to seek virus definition updates from your anti-virus software vendor on a daily basis. For more advice, contact IT Express at (530)754-HELP.
• Not open any attachment to an email that has a suspicious subject line, file name, or message. Remember: some viruses can forge themselves to appear as if they are from someone you know; therefore, the "from" line alone cannot be trusted.

Back to top

---

Encryption Basics

What kinds of information should be encrypted?
Restricted information such as:

1. Identity information (Social Security numbers, California driver’s license or identification card numbers)
2. Financial account information (checking, savings and credit card account numbers)
3. Student record information (grades, financial aid information)
4. Medical record information (diagnoses, treatment information, identity information included in medical records)

Why should I protect restricted information?
Several federal and state laws say that you must.  Several UC and UC Davis policies say that you must.  Failing to protect restricted information can have serious consequences, including financial penalties for you, the campus and the University. 

What is encryption software and what does it do?
Whole disk encryption software – like Pointsec for PC – garbles information stored on computers so that it cannot be understood if accessed without using the password (or key) that you use to un-garble (or decrypt) the information.  If your computer is lost or stolen and you have encryption activated, information on the computer will not be readable by individuals who try to access it.

Will Pointsec for PC work on my computer?
At this time, Pointsec only works on computers running Windows XP, Windows 2000 and Windows Vista operating systems. 

What will I see after Pointsec for PC is installed on my computer?
Once installed, Pointsec for PC encryption software is virtually invisible except when you boot or power on your computer.  Whenever you boot your computer, you will need to enter your password. 

If I have Pointsec for PC installed, is my computer encrypted whenever I’m not using it?
No. Your information is encrypted only when your computer is off or hibernating, or when you have turned on your computer but not yet entered your Pointsec password.  To ensure your data is protected by encryption without shutting down completely, select Hibernate.

How do I know if Pointsec encryption is right for me?
If you must store restricted information on your computer for business purposes, you may need to use encryption.  To help you determine if encryption is the right solution for you, please contact your technical support staff for assistance.  If local technical support is not available, Desktop Enterprise Solutions (DES) is available on a re-charge basis.  Contact desktop@ucdavis.edu or (530) 757-8907.

If I have my technical support person install Pointsec on my computer, will they have access to data on my computer?
Your technical support person will have access to data on your computer only if they also have a valid Windows account on your system.

Will my technical support person know my password? 
No.  Normally, the user account name and password are both reset during the first login.

What should I do if I forget my Pointsec password?
Contact your technical support person or cybersecurity@ucdavis.edu (UC Davis faculty and staff only) to help you reset your password.

Can I get help on campus with Pointsec ME and/or Pointsec for Linux?
These items are available but not supported at this time.

What types of files can Pointsec ME encrypt?
Pointsec ME will encrypt almost any file type. If you have difficulty encrypting a file using Pointsec for ME, please contact cybersecurity@ucdavis.edu.

Do I have to purchase Pointsec through campus Software Licensing Coordination?
The UCOP agreement requires a minimum order of 25 licenses.  If you are ordering 25 licenses or more, you may purchase directly or via Software Licensing.  If you are ordering fewer than 25 licenses, you should purchase through campus Software Licensing Coordination (https://my.ucdavis.edu/software).   

Back to top

---

Firewalls

What is a firewall?
A firewall acts as a protective barrier between your computer and the internet, monitoring all incoming and/or outgoing traffic and allowing only the network traffic you permit. Firewalls come in the form of software, which nestles itself between your operating system and your network card. They also come in the form of hardware; for many home and small office users, it is a simple router device that sits between your computer's network jack and the wall connection. You can customize the level of protection the firewall gives you, setting it to filter information flow from specific domain names, addresses or types of network traffic.

How does a firewall work?
Hackers search the Internet in a way akin to dialing random phone numbers. They send out pings (calls) to random computers and wait for responses. Firewalls prevent your computer from responding to these random calls. If your computer doesn't respond, hackers won't know it's there.

What are the risks of not having a firewall?
If your computer, like most, is automatically set to enable file sharing or to keep network ports open while you are online, you could be susceptible to a variety of attacks. If you don't have a firewall, which will monitor ports to stop unwanted traffic from slipping through, you have to know how to manually close ports and disable file sharing in order to control risky traffic from coming in to your computer.

What do I need to know before installing a firewall?

• A firewall is not the single solution to computer problems. As with other computer security measures, malicious programs disguised as friendly ones can circumvent a firewall.
• Like any add-on to your computer, a firewall can interfere with other applications on your system.
• Firewalls may prevent campus vulnerability scanners from alerting you of a problem on your computer.
• Depending upon which department and network you belong to, there may be restrictions on the use of personal hardware firewalls/routers.
• If your computer comes with basic firewall capability or if you are thinking of installing a firewall, you should contact your tech-support person first.
• Faculty and staff should consult with their department's Technical Support Coordinator (TSC) before installing a firewall. Students can contact IT Express (754-HELP).

Does UC Davis use a firewall?
Campus departments may now purchase Netscreen firewall products through Corsa at a 35% discount. To receive this discount, purchases must reference the UC Davis blanket purchase order number. For additional information, visit the firewalls page.

Back to top

---

Identity Theft

What is identity theft?
Identity theft occurs when personal information is obtained by unauthorized individuals who then use that information to commit a crime such as fraud or theft.

Who is at risk for identity theft?
Everyone. Careful management of personal information, identification, and passwords can help minimize your risk.

What are the risks?
Victims of identity theft often have to spend time and money cleaning up their personal and financial records. In the meantime, they may be refused loans, housing or cars, or even get arrested for crimes they didn't commit.

What is the campus doing to protect my personal information?
No matter what your affiliation with the campus, your personal information resides on at least one campus computer system. The campus minimizes the number of systems on which personal information resides and mandates a high level of security on these systems. Individuals will be notified in the event that their information is obtained via a security breach.

How can I protect my personal information?

• Order a copy of your credit report from each of the three major credit bureaus - Equifax, Experian, and TransUnion. Make sure it's accurate and includes only those activities you've authorized. California residents can order one free copy of their credit report from each bureau annually. For more information on how to obtain your free credit report, visit the California Office of Privacy Protection.
• Place hard-to-guess passwords on your credit card, bank, and phone accounts. Keep your passwords and PIN numbers secret. Don't share your Kerberos password!
• Use a shredder when discarding documents containing personal identification.
• Don't send personal information via email.
• When shopping online, make sure the site is secure by looking for the padlock icon in the corner of the page that asks you to input your personal information.
• Don't keep personal information stored on computers unless necessary and encrypted.
• Ask about information security procedures in your workplace.

Back to top

---

IRC Bots

What are they?
IRC is short for Internet Relay Chat. IRC appears in software such as AOL Instant Messenger, Yahoo! Messenger, and ICQ.
A bot, or robot, is automated software set to perform certain functions. Many programs feature bots, which are not always malicious programs. An example of a peaceful IRC bot is a digital chat room moderator that boots and bans users who flood the channel with spam. Over the years, however, many malicious IRC bots have integrated themselves into popular programs and are proving to be a growing security risk.

What risks are involved?
A malicious bot could record everything you type in your IM program. Should you mention sensitive information such as credit card or bank account numbers, you are at risk for identity theft.  Bots can also create backdoors on your computer, giving hackers quick access to your system.

What can I do to protect myself?
Malicious bots tend to be both partnered with unofficial modifications to the IRC and integrated into spyware applications. To avoid these bots, never download an unofficial addition to a legitimate program and be sure to:

• Run an anti-spyware program on a weekly basis
• Virus scan all files on a weekly basis
• Download and install the latest operating system patches
• Enable Windows Firewall and/or purchase a third party firewall program

How do I know if I have an IRC bot on my computer?
You may not notice the presence of some bots. Others may slow your computer or show symptoms similar to those of spyware and viruses.
The CERT-In: Indian Computer Emergency Response Team site explains the functions of an IRC bot in detail and lists a technique to help Windows users locate IRC bots that may be running on their systems.
Securityspace.com offers a free malicious IRC bot vulnerability test for registered users (registration is free) at http://www.securityspace.com/smysecure/catid.html?id=14841.

Back to top

---

Passwords

Are passwords really an important part of security?
Yes, strong passwords can prevent unauthorized people from accessing the information you store on your computer, the applications you use that allow you access to others’ information and to services you use online (e.g. banking and shopping).

What is a strong password?
Strong passwords are those that would be difficult for others to guess – even those who know you well. Let’s face it, most of us choose passwords that we can easily remember, which usually means that we use a word, phrase or name we use in our daily lives. These are weak passwords because anyone who knows you could probably guess them.

How do I create a strong password?
To create a strong password, use a combination of uppercase and lowercase letters, numbers and symbols. The strongest passwords are 14 characters or longer. Avoid repeating characters or using sequences.

How do I know if a password is strong?
There are a number of password checkers available on the web, including Microsoft’s Password Checker: http://www.microsoft.com/protect/yourself/password/checker.mspx.

---

Phishing

1. What is "phishing?"
"Phishing" (pronounced "fishing") refers to a form of fraud that attempts to acquire sensitive information (usually your username, also called login or loginID, and password) for use by spammers and thieves. There are many variations, such as someone calling on the telephone and pretending to be from your bank and asking you to give them your account number, credit card number and/or your social security number, but the scam is usually perpetrated by email. The most obvious characteristic of a phishing message is that it instructs you to provide sensitive information either by replying to the message, or clicking on a link and entering the information on a Web page. Always remember that there is no legitimate reason for anyone to request a password or other sensitive data via email, and you should not respond to any such message.

2. But this one looks like it's from a campus IT Help office. Are you sure it's fake?
Yes, it's fake and you should delete it. UC Davis will never ask you to confirm or verify your computing account by providing your password via telephone or email. If you are ever in doubt, please call the IT Express Computing Services Help Desk at 530-754-HELP (4357) before you reply to or click on any link.

3. What is the harm in replying to a phishing scam?
When you provide your username and password to phishers, your account is compromised. Phishers can use your email account to send millions of spam messages from campus email servers. When Internet Service Providers (ISPs) such as Yahoo, Comcast and Hotmail detect large amounts of spam coming from campus email servers they reject mail from all UC Davis addresses. In much the same way that UC Davis prevents spam originating outside the campus from reaching your email inbox, Internet Service Providers prevent spam originating on campus from reaching their email account holders. This is such a serious problem that your account will be disabled when it is found to be compromised.

4. How do I know if a message is a phishing scam?
Here's how to recognize a phishing scam:

• The message instructs you to supply your account information, including your password. The instruction may ask you to reply by email, or to click on a link in the message and supply the information via the Web. This is never a legitimate request.
• The message may have a "From:" line that sounds (and sometimes is) legitimate, but the message itself is vague. It may refer to a "database crash" or "a problem" or even simply "maintenance." None of these generic issues require your account information. A legitimate message from IET will be very specific, and will never ask for your password.
• The message may contain some kind of threat for not supplying the information, such as having your account deleted.
• The message is often, but not always, poorly written, with spelling and grammatical errors. Legitimate messages aren't always perfect, but with careful reading, many scam messages become obvious.
• The message often uses a generic salutation rather than using your personal name.

There are other ways to identify scam messages that require a little understanding of the mechanics of an email message. If you are in any doubt, contact the IT Express Computing Services Help Desk at 530-754-HELP (530-754-4357).

5. Why don't we just block these phishing scams at the campus boundary?
The smooth flow of email is critical to the business of the campus and the daily life of our community. IET continues to refine our detection and filtering of inbound email to prevent phishing messages from being delivered to the inboxes of our faculty, staff, and students. Filtering email at an institution such as UC Davis is very challenging because of the extremely diverse nature of our community's communications. Filtering out legitimate messages could have extremely serious consequences; therefore, we must err on the other side. We do employ multiple layers of the latest and best anti- spam, anti-virus, and anti-phishing technology available. Unfortunately, none of these systems are 100% effective at combating malicious email.

6. My email account is on a server managed by my department or college, but I still get a lot of spam. What should I do?
If your email account is located on a server that is not managed by IET, you should contact a member of the departmental or college technology support staff, who may be about to assist you with some anti-spam filters for your email account.

7. What is IET doing to keep Internet service providers, such as Yahoo or AT&T, from blocking our email?
IET is doing what it can. Unfortunately, due to the nature of the problem, there is no fast and easy resolution. The problem is that our email servers are repeatedly getting listed on various Internet Service Providers' (ISP) Real-Time Blocklists (RBLs). This causes their email servers to refuse connections from our servers. RBLs are used by organizations (including UC Davis) to combat the continuous flood of spam. Our email servers are being placed on ISP RBLs because UC Davis accounts are being used by spammers to send hundreds of spam messages to those ISPs. The root cause of the problem is that UC Davis students, staff, and faculty are responding to phishing messages with their loginID and password. Once the phishers have an account ID and password, they use it to send spam. Every round of phishing messages sent to campus addresses results in at least a few members of the community replying with their loginID and password. When IET detects the compromise, we disable the account. When our servers get listed on an RBL, we request removal.

We are currently researching and testing technical mitigation measures that include, but are not limited to, monitoring and scanning outgoing email to identify potential spam, rate-limiting outgoing email, and terminating access to Geckomail sooner than originally scheduled for students who have DavisMail accounts. However, none of these measures will be a panacea. Each one has pros and cons, and perhaps unforeseen consequences, so we cannot make any changes without a thorough quality assurance process and vetting the change with the campus community. A rash response could potentially cause much more harm than good.

8. I’ve never responded to any emails asking for my password— but in recent days I've repeatedly received spam emails from my own email address! I delete them immediately, but how does this happen?
These emails result from a very easy spammer technique called "spoofing" which is used by all spammers. The specific item of information that is being spoofed (forged, falsified) is the “From” address. All spam has a forged “From” address, and in many cases it's a real address. It’s the equivalent of writing someone else's return address on an envelope, and as easy. Just as there is no central authority that prevents you from writing whatever you like on envelopes you send through the U. S. Postal Service, there is no mechanism that prevents the use of someone else's “From” address in email.

In the vast majority of cases, receiving these kinds of messages does not necessarily indicate that either your account or your computer has been compromised. You shouldn’t be alarmed if you are receiving fewer than about five spam messages from yourself per day. If you are receiving more than about five spam messages from yourself per day, you should contact the IT Express Computing Services Help Desk at 530-754-HELP (4357) so they can do some additional research about your account.

9. I recently had my email account frozen because it was apparently used to send spam. I’m very concerned because I’ve had to get my account unfrozen and get a new password. I didn’t email my password to anyone, so how did this happen?
Some of these phishing scams involve sophisticated, but bogus, Web sites that imitate familiar official login screens to send account information to phishers. The way to avoid falling into this trap is to be wary of any suggestion that you should click on a link to enter sensitive information, and make sure that you don’t click on links in email. It’s important to remember that what you see in the message (usually highlighted or underlined) is just text that stands for the destination; substituting “click here” would work just as well. The real link is encoded in the format of the message.

If you have reason to believe that the message may be legitimate (policy change notifications for a company you deal with, for example), it is better to enter the company’s Web address by hand and go to their site to view whatever information they have to offer. If you don’t have an account with the company purporting to need your information, you can be sure that you are looking at a phishing attempt.

10. What happens to compromised accounts?
When UC Davis identifies a compromised account, the account is locked immediately, preventing all use of the account. The legitimate account owner must go to one of six password reset locations in campus computer rooms, prove his or her identity, and change the password. Click here for more information.

11. How can I prevent my account from being compromised?
DO NOT respond to phishing scams in any way. It's really that simple. Just don't answer. Delete the message immediately.

When we determine that legitimate UC Davis account credentials are being used to send batches of email (usually from a connection in another country), we consider the account compromised and lock it to prevent further abuse. This will prevent you from using any authenticated resource on campus; this is what you risk if you reply to a phishing scam.

12. I’m using DavisMail and I just found a spam message in my Sent Mail folder that I didn’t send. What should I do?
This is actually how DavisMail (and Gmail) deals with any message that you send, if you are also a recipient. For example, if you send email from DavisMail to a list you’re subscribed to, you will see the message in your Sent Mail folder. It won’t appear in your Inbox until someone replies to it and makes it a “conversation” (the Google term for a "thread"). While it seems obvious that if a message addressed this way comes from outside the DavisMail system, it should be recognized and treated differently, the mail system doesn't take this into account.

13. I just got a delivery error (or a LOT of delivery errors!) for a message I didn’t send. How can this happen?
Since there isn’t anything to prevent the use of any address in an email “From” line, you should expect to receive something like this from time to time, simply because the volume of spam is so enormous. Occasionally, you may suddenly receive many (perhaps even hundreds) over a very short period. This is a result of a spammer using your return address on a large spam run and is usually referred to as "backscatter."

If you continue to receive an unmanageable number of non delivery reports and your email is delivered on the central campus email servers, you should contact the IT Express Computing Services Help Desk at 530-754-HELP (4357). They should be able to help you set up a few temporary filters in your email client to keep these out of your inbox. This should be just a temporary solution because usually you want to know if a message you have sent is not delivered. If your email is delivered on a local departmental server, you should contact your local email administrator first before contacting the IT Express Computing Help Desk.

14. When should I worry?
If you’ve replied to a phishing message, you should take action as soon as possible. Your account is very likely to be used to send spam, and you should change your password, IMMEDIATELY. If you aren’t sure, change your password and call the IT Express Computing Service Help Desk at 530-754-HELP (4357). Ask to have your account accesses checked for unusual activity.

15. What can I do to protect myself?

• Be suspicious of messages requesting personal or account information.
• Be suspicious of messages threatening to close or suspend your account if you don’t respond with the information that is requested.
• Do not click on links in email messages. The text you see as the link may not be where the link takes you. Instead, type the Web page address in your browser.
• Check the authenticity of email messages by calling a company phone number known to be genuine.
• See the Cyber-Safety Basics for information about protecting yourself and your computer from other cyber attacks.
• For more information on phishing, please see www.us-cert.gov/cas/tips/ST04-014.html.

16. What should I do if I have received or think I may have responded to a phishing message?
If you are ever in doubt about an email message, please call the IT Express Computing Services Help Desk at 530-754-HELP (4357) BEFORE responding. And if you think you have provided your password or other personal information in response to a phishing scam, contact them immediately.

TechNews articles about phishing

• Phishing disrupts email; IET fights back (01/06/09)
• To deter phishing, 'there's one thing all of you can do, that we can't' (12/10/08)
• New security notice can help you spot phishing scams (09/26/08)
• Stay alert for newest phishing scam (09/26/08)
• Latest 'UC Davis' phishing hoax plays off earlier scams (08/04/08)
• Another phishing scam targets UC Davis accounts (07/22/08)
• Campus blocks address linked to 'UC Davis Customer Care' email scam (07/02/08)
• New Phishing Scam Targeting UC Davis (05/15/08)
• New 'How Email World Works' list has phisher-foiling advice (04/18/08)
• New 'my@ucdavis.edu' phishing scam targets UC Davis email accounts (04/07/08)

For Technical Support Coordinators, Managers and MSOs
Information and Educational Technology (IET) has developed resources to help you spread the word about phishing scams to faculty and staff in your departments. To access these resources and learn more about IET’s anti-phishing efforts, see http://security.ucdavis.edu/phishing.

Back to top

---

Software Patch Updates

What is it?
Patches are updates that "fix" flaws in your operating system, the basic program that runs your computer (e.g.Windows 2000, Windows XP, Windows Vista or Macintosh OS X). Patches are released on an as-needed basis from your operating system vendor (such as Microsoft or Apple) and should be installed as they become available.

What risks are involved?
If your operating system goes unpatched, it leaves your computer vulnerable to hackers as well as viruses.

What can I do to protect myself?

• Windows users: Set your computer to download operating system updates on a regular basis. Look in your Control Panel and find System or Automatic Updates. You can also find Windows updates in the Tools menu in Internet Explorer, or by visiting Microsoft's Web site at http://windowsupdate.microsoft.com/.
• Mac OS X users: Consult the "software update" pane in the System Preferences utility to manually or automatically schedule updates.

What is UC Davis doing to protect me?
UC Davis provides resources to assist you in protecting your computer.

• The IT Express Help Desk will help you configure settings for automatic updates or help you with manual updates.
• Announcements are posted on TechNews and the Computer and Network Security Web site when new patches are released.
• Technical Support Coordinators (TSC) are available for faculty and staff in departments across campus.

Back to top

Spam Filtering Basics

What is spam?
Spam is unsolicited commercial email, or that junk mail that you get in your email inbox.

What is spam filtering?
Spam filtering helps reduce the amount of spam you receive in your email inbox.  There are a number of ways this can be done.

Does UC Davis filter spam?
Yes, UC Davis uses a number of techniques to identify and filter spam, and enables you to customize spam filtering for your campus email account.

How does the campus spam filtering service work?
UC Davis employs several different methods for identifying spam.  These methods work together to assign scores to potential spam email messages.  The scores assigned are based on lists of characteristics of known spam messages. 

Does every email message receive a spam score?
Most email messages will receive a spam score, but not all. Messages receiving a score of 4 or lower are more likely to be legitimate email messages.

Can spam filtering accidentally delete legitimate messages?
Spam filtering is not 100% accurate, so you may want to check your UCD-spam folder for false-positives. Through Geckomail or MyUCDavis, click UCD-spam from the list of folders on the left. Your UCD-spam folder is not accessible from email client like Outlook or Eudora unless you use IMAP.

Can I change the way the campus filters spam to my email account?
Yes, you can customize the way the campus filters spam to your email account by visiting http://email.ucdavis.edu/secure/spamfilter.php.  You can change the point at which spam is filtered to your UCD-spam folder and when it is automatically rejected.  You can also create allow and deny lists.

I have my campus email redirected to a non-UC Davis email account. Will the campus filter my email before it is redirected?
No, email is redirected before it is filtered.

My email is redirected to a departmental account at UC Davis. Will the campus filter my email before it is redirected?
No. Not unless your department's system administrator or Technology Support Coordinator is using the campus scanning and tagging service. Nonetheless, consult your administrator, as they may have local filtering.

How will these measures affect class mailing lists or other address lists that go to UC recipients?
List owners who have configured their lists to filter spam should see less spam get through. People posting from off-campus may have difficulty if they're routing mail through blocked mail servers, but that would be just as true if they were trying to mail an individual on campus--the fact that the addressee is a mailing list rather than an individual is not a factor.

Does UC Davis provide specially tailored filtering rules that I can use with my email program, as an alternative to using the central campus spam filtering utility?
UC Davis not provide specific spam filtering rules, but does provide instructions for setting up spam filtering on campus-supported email programs. You may access these instructions and learn more about spam filtering options by visiting the Campus Spam Filtering page.

What can I do if spam filtering set-up instructions are not available for my email program?
Most email programs allow you to set up filters. You should consult help resources for your program to see what anti-spam measures they offer.

If all messages with a high score are sent to a spam folder that is only accessible through MyUCDavis and Geckomail, how can I make sure that the spam filter is not sending legitimate email to this folder if I never use MyUCDavis or Geckomail?
The folder will be visible to any IMAP client; Geckomail is merely one example of an IET-supported IMAP client. If a user has an email program configured to connect to their server via IMAP, then no change in behavior will be required. Those who have configured their email program to POP can change that configuration to IMAP. For more information about POP and IMAP configurations, see The IT Express Knowledge Base article on POP and IMAP.

Back to top

Spam: Allow/Deny Lists

What are allow and deny lists?
Allow and deny lists enable you to further customize the campus spam filtering service. All email originating from addresses on an individual’s deny list is prevented from reaching that individual’s inbox. All email originating from addresses on the individual’s allow list is permitted to reach that individual’s inbox, even if it would otherwise have been marked as spam and filtered away from the inbox.

Why implement Allow/Deny Lists?
No single spam filtering measure filters 100% of spam. Allow and deny lists add an extra layer of protection against spam. Legitimate email messages from news lists or subscriptions to professional online magazines or other publications may be filtered as spam (a “false positive”). By placing the sender’s email address on their allow lists, recipients of these types of messages ensure that they will not be filtered as spam.

How do I create allow and deny lists?
Go to http://email.ucdavis.edu/secure/spamfilter.php.

Can I change allow and deny lists at any time?
Yes, and changes to accept and deny lists are effective immediately.

Can I add @ucdavis.edu addresses to my allow and deny lists? 
Yes, campus email addresses can be added to allow and deny lists.

Can I add a domain to an allow list?
Yes.  If you receive email from a particular domain (@ucdavis.edu, for example) that you do not want the campus spam filters to scan (and possibly send to your UCD-spam folder or delete), you can add it to your allow list.  This will ensure that you get all email from that domain.

Can I add a domain to a deny list?
Yes.  If you receive email from a particular domain (@ucdavis.edu, for example) that you always want the campus to send to your UCD-spam folder, you can add it to your deny list.  This will ensure that no email from that domain will reach your inbox.

Back to top

---

Sample Spam Settings*

	Reject Spam**	Aggressive**	Cautious (Campus Defaults)	Deliver All Mail
Filter spam	Yes	Yes	Yes	No
To UCD-spam folder	None	5	5	None
Summary	No	Yes	Yes	No
Delete Spam	5	10	15	15
What you can expect if you choose these settings.	All spam scoring 5 or above will be rejected automatically. No email will be sent to your UCD-spam folder.	Most spam will be rejected automatically, but some will be stored in your UCD-spam folder.	Most spam will be either rejected or sent to your UCD-spam folder.	You will receive all spam scoring less than15 that is sent to your email account.
Who might want to choose these settings?	Individuals who have previously used the campus spam filtering service and found that moderate-scoring spam could be rejected rather than stored in their UCD-spam folder.	Individuals who have previously used the campus spam filtering service and found that moderate-scoring spam could be rejected rather than stored in their UCD-spam folder	Most of the campus community will find that these settings provide the greatest level of accuracy with the least amount of spam delivered.	Individuals who want to receive all email that is directed to their email account, regardless of whether it is spam.
Other considerations	Set up allow lists to exempt certain email addresses or domains. Set up deny lists if you repeatedly receive spam scoring less than 5 from a particular address or domain.	Set up allow/deny lists to further customize your email filter.	Set up allow/deny lists to further customize your email filter.	Set up spam filtering using your email program’s junk mail or spam control features.

*You may want to make incremental changes to these settings until you find your desired combination. Messages receiving a score of 4 or lower may be legitimate email messages, so please use caution when filtering or deleting messages with very low scores.
** Please be aware that the more aggressively you filter spam, the more likely you are to receive false positives.

---

Spyware

What is it?
Spyware is software that gathers information about your Web-surfing habits for marketing purposes. Spyware "piggybacks" on programs you choose to download. Tucked away in the fine print of user agreements for many "free" downloads and services is a stipulation that the company will use spyware to monitor your web habits for business research purposes.

What risks are involved?
Spyware takes up memory and space on your computer. It can slow down your machine, transmit information without your knowledge, and lead to general computer malfunction. You may choose to keep certain spyware programs on your computer in exchange for the free services that accompany them, but you should be aware of how that might affect your computer.

What can I do to protect myself?

• Closely read user agreements for free programs before clicking, "I accept." Watch for allusions to spyware and adware in user agreements.
• Regularly scan your computer with an anti-spyware program.

Back to top

---

Viruses

What are they?
Malicious small programs that easily replicate themselves, infect your computer, and often spread to others' computers via email attachments or network traffic.

What risks are involved?
Virus programs can delete files, format disks, attack other computers or slow your system. They can also create "back doors" that allow hackers to run programs on your computer or to gain access to your files.

How do I know if I have a computer virus?
A computer infected with a virus may suddenly act in unexpected ways. For example, it may take longer to access files or to start up programs, or it may lock up often. You may also notice uncommon sounds being played from your speakers, a variety of images popping up on the screen, or problems starting your computer. These are all signs that your computer could be infected with a virus.

What can I do to protect myself?

• Install anti-virus software on your computer and run daily updates. Sophos Anti-virus is available to all UC Davis students, faculty and staff for free on the Software Web site.
• Install "patches" at your operating system's Web site to keep your computer fortified against possible attack.
• Mac users: http://www.apple.com/support.
• Windows users: http://v4.windowsupdate.microsoft.com/en/default.asp.
• Do not open email attachments with suspicious subject lines, file names, or messages. Some viruses can forge themselves to appear as if they are from someone you know, therefore, the "from" line alone cannot be trusted.
• Be aware that viruses may come to you in links sent via Instant Messaging, email attachments, infected disks, freeware, shareware, or file-sharing.

What is UC Davis doing to protect me?
Virus filtering software checks every incoming and outgoing @ucdavis.edu email message for viruses. Widely-recognized viruses will automatically be filtered out of your incoming email. New viruses may still sneak through until the filter is trained to recognize them, which usually takes no more than 24 hours.

Back to top

---

Wireless

What is it?
The freedom to browse the Internet while sitting at your favorite cafe or relaxing on the UC Davis quad. Wireless networks are sprouting up everywhere, including UC Davis.

What risks are involved?
Because wireless access points don't require a user to plug into a port, the networks are often more difficult to monitor and secure. Many off-campus wireless areas won't require you to sign in with a username and password. If you're buying things online or logging on to Internet applications, it's a lot easier for someone to record your keystrokes and steal your identity.

What can I do to protect myself?

• When on campus, use MoobilnetX. See http://wireless.ucdavis.edu/ for more info.
• Restrict your online shopping to wired connections.
• Don't open programs that contain identifying information while you're on a wireless network. In fact, don't keep your social security number, driver's license number, or bank account numbers anywhere on your computer, period.
• Keep your computer secure by applying operating system corrective patches when they are released by the software manufacturer and keeping your anti-virus program up to date. Other computers participating in the wireless connection could be infected or compromised and may attempt to spread virus infections or attempt to hack into peer computers attached to the wireless network.
• Disable file sharing so that others can't help themselves to files on your computer. For instructions, refer to your operating system help center.

Back to top