Frequently Asked Security Questions

Topics

 

Anti-virus Software

What is it?
Anti-virus software protects email, instant messages, and other files by removing viruses and worms. It might also quarantine infected files, to keep a virus from spreading on your computer, and can repair infected files so you can use them without fear of damaging your computer or spreading a virus to others.

What risks are involved?
If your computer isn't fortified against the most recent viruses, you leave your system wide open for every bug, worm, and virus floating around the Internet. These debilitating bugs and viruses can cause your computer to malfunction. They might make your computer vulnerable to identity thieves and hackers.

What can I do to protect myself?
Install anti-virus software on your computer and run daily updates. The campus provides free anti-virus for staff and faculty work computers, and recommends free anti-virus software for student and home computers. See the Software License Coordination website.

How do I know if I have anti-virus software on my computer?
A computer with a properly installed anti-virus software will generally prompt you to update the program every once in a while. If your computer doesn't ask you to update virus definitions, you might not have properly installed virus software. Some common antivirus packages include Sophos, McAfee, and TrendMicro.

Back to top

 

Confidential Data Storage

What is it?
Confidential data is any information you don't want others to obtain without your permission, including (but not limited to) your Social Security number, home address, phone numbers of friends/family/colleagues/students, your driver's license or bank account numbers, a list of your passphrases, your home address or phone numbers, your employee ID number, digital images, word documents containing personal text, etc. Most people store confidential data of some kind on their computers within Word files, address books, or application settings.

What risks are involved?
If unauthorized persons gain access to the confidential information you are storing, they could alter the information or use it to commit identity theft.

What can I do to protect myself?

  • Only store confidential information on your computer if it is absolutely necessary.
  • Store confidential information on portable media, such as a CD or flashdrive. Secure the portable media in a locked cabinet when it is not being used.
  • Encrypt files containing confidential data. Encryption is available on some operating systems. Refer to your operating system help center for instructions.
  • Physically secure your computer (laptop or desktop) to the desk where it sits. For about $30, you can buy a simple cable lock (similar to a bike lock) at any tech-supply store that will deter and usually prevent theft.
  • Set your computer to ask you for an account passphrase at login. If someone is sneaking onto your computer, this tactic will prevent them from gaining access to your files. For instructions on setting passphrases, refer to your operating system help center.
  • Be sure to disable the "Guest" account, as use of this account is likely to be untraceable.

Back to top

 

Data Backups

What is it?
To back up your files, simply create a second copy of your important documents somewhere other than your computer's hard drive.

What risks are involved?
If you don't back up your data, you might lose it. Your files could disappear due to a virus, computer crash, accidental keystroke, theft, or external disaster.

What can I do to protect myself?

  • Back up critical and essential files on a daily basis and non-critical files on a weekly or monthly basis. You can back up your data to a CD, to an online backup service (for a small monthly fee), flash drive, USB key, or to a server, if you can get access to one from your Internet Service Provider or commercial vendor. Some companies offer automatic backups when you buy their programs.
  • Keep all your critical files in one place so you can easily create a duplicate copy.
  • Store your backup media (CDs, disks, backup server, etc.) in a safe, secure place away from your computer, in case of fire or theft.
  • Periodically test the capability to restore from the backup media. An unreadable backup is not worth much. To ensure that your backup files are reliable, simply upload the files to your computer.
  • Faculty/Staff: Check with your department's Technical Support Coordinator (TSC) to find out if he or she runs regular backups of departmental computers.

How do I choose an online backup service?
For help choosing one that’s right for you, review 10 Questions You Should Ask Before Using an Online Data Backup Service.

Back to top

 

DNS Security Enhancement

What is DNS?
DNS stands for Domain Name System. DNS servers are a critical part of the campus network infrastructure and the Internet because they allow information on the Internet to be available when you enter a URL in your Web browser. UC Davis disabled one capability of the DNS servers --recursive DNS--to help improve security.

What is recursive DNS?
One example of recursive DNS is when someone who subscribes to an ISP (e.g. Comcast) configures their computer to use the UC Davis DNS servers rather than their ISP DNS servers to access the Internet.

How do I know if I'm using the UC Davis DNS servers?
If your DNS configuration uses 169.237.250.250 or 169.237.1.250, you are using the UC Davis DNS servers.

Why are my DNS server settings blank?
Most ISPs provide DNS server information automatically, so you won't see anything in the DNS server settings even though your computer is properly configured. Check with your ISP to be sure.

What security risks are involved in recursive DNS?

  1. Cache poisoning: An attacker could redirect users who are trying to reach one site, say a bank site, to a malicious site without their knowledge. For more information about this type of attack, see http://www.secureworks.com/research/articles/other_articles/dns-cache-poisoning/.
  2. Recursive DDoS attacks: An attacker can send streams of DNS queries to caching servers. As all of these servers answer the queries, the victim host is targeted with a massive distributed denial-of-service attack (DDoS). For more information, see http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf.

Back to top

 

Email Attachment Restrictions

What are email attachment restrictions?
To help prevent the spread of viruses, the campus prevents certain attachment types from entering the campus email system. If someone sends you an email message with a file attached and that file is one of the restricted file types, you will not receive the attachment. You will still receive the email message.

How will I know if attachments are removed from email messages I send/receive?
Recipients will receive a message clearly stating that an attachment was removed, the name of the attachment, why the attachment was removed, and options for resending the attachment as an unrestricted file type. However, senders of restricted file types will not receive notification that the attachment was removed.

Is there a list of restricted file types?
Yes. See Attachment Restrictions page.

What can I do if a file type I want to send is on the restricted list?
Consider renaming the file to an unrestricted file type. Or, use Web-based file-sharing, or removable media (e.g., a flash drive).

Does this mean that all attachments I receive will be safe?
No. Use caution when opening email attachments. Do not open attachments you were not expecting or from senders you don't know. Attachment restrictions reduce, but might not eliminate, the number of virus-infected attachments that reach the campus.

Back to top

 

Email Virus Filtering

What kind of email virus protection does UC Davis offer email users?
The virus filtering software detects and deletes known viruses attached to all the incoming and outgoing email messages processed through the central campus email servers.

Who benefits from this email filtering service?
Everyone who sends or receives email through the central campus email servers.

Why is email virus filtering necessary?
Not only are viruses annoying, they can corrupt essential data stored on your computer, thereby compromising the integrity of your computing system. Because 87 percent of viruses originate or transmit themselves via email, the campus considers email filtering an important part of computer security.

How does the virus filtering system work? What do I have to do?
As an email user, you don't have to do anything to benefit from this service. Here's how it works: When you send an email, it always travels through an email server, where it is routed to the recipient (the person to whom you're sending it). The servers with this filtering software will act as "checkpoints," searching all incoming and outgoing email messages for known viruses.

What happens if I send a virus-infected email message?
If a known virus is attached to your message, the software on the server will detect it and delete it, protecting the recipient of your message from receiving the virus. As the sender of the infected message, you will receive a short message notifying you of the virus attached to your outgoing message.

What should I do if I get a notification message that I sent a virus-infected email?

  • Be aware that the message and any attachment in question will not have been sent to the intended recipient.
  • While the virus infection will be removed from the email, the infected computer from which the email originated will continue to be infected until virus removal efforts are complete. Check for virus conditions on your computer by running anti-virus software.
  • Since certain viruses are clever enough to forge sender names, you might not actually have a virus on your computer. Contact the IT Express Computing Services Help Desk at 530 754-HELP (4357) or your department's TSC for advice.

How do I know if my email goes through the central campus servers where this virus-scanning occurs?
If you have been receiving email at an "@ucdavis.edu" address, you will automatically benefit from this filtering service. If you receive email at an address that contains the name of a department (such as "@dept.ucdavis.edu"), your email processes through a separate department server.

My email doesn't go through the central campus servers. How do I find out what kind of protection my department email server provides me?
Contact your department's Technology Support Coordinator. If you don't know who your TSC is, visit the TSC directory to find out.

What else can I do to keep my personal computer virus-free?
The email filtering system will catch viruses in your email, but it is up to you to make sure your computer is protected. The best way to do this:

  • Configure your computer to seek virus definition updates from your anti-virus software vendor on a daily basis. For more advice, contact the IT Express Computing Services Help Desk at 530 754-HELP (4357).
  • Do not open any attachment to an email that has a suspicious subject line, file name, or message. Remember: Some viruses can forge themselves to appear as if they are from someone you know; therefore, the "from" line alone cannot be trusted.

Back to top

 

Encryption Basics

What kinds of information should be encrypted?
Restricted information such as:

  1. Identity information (Social Security numbers, California Driver’s License or identification card numbers)
  2. Financial account information (checking, savings and credit card account numbers)
  3. Student record information (grades, financial aid information)
  4. Medical record information (diagnoses, treatment information, identity information included in medical records)

Why should I protect restricted information?
Several federal and state laws, and several UC and UC Davis policies, require you to. Failing to protect restricted information can have serious consequences, including financial penalties for you, the campus and the university. 

What is encryption software, and what does it do?
Whole-disk encryption software garbles information stored on computers so that it cannot be understood if it is accessed without using the passphrase (or key) that you use to un-garble (or decrypt) the information. If your computer is lost or stolen and you have encryption activated, people who try to access information on the computer won't be able to read it.

Back to top

 

Firewalls

What is a firewall?
A firewall acts as a protective barrier between your computer and the Internet, monitoring all incoming and/or outgoing traffic and allowing only the network traffic you permit. Firewalls come in the form of software, which nestles itself between your operating system and your network card. They also come in the form of hardware; for many home and small office users, it is a simple router device that sits between your computer's network jack and the wall connection. You can customize the level of protection the firewall gives you, setting it to filter information flow from specific domain names, addresses, or types of network traffic.

How does a firewall work?
Hackers search the Internet in a way akin to dialing random phone numbers. They send out pings (calls) to random computers and wait for responses. Firewalls prevent your computer from responding to these random calls. If your computer doesn't respond, hackers won't know it's there.

What are the risks of not having a firewall?
If your computer, like most, is automatically set to enable file-sharing or to keep network ports open while you are online, you could be susceptible to a variety of attacks. If you don't have a firewall, which will monitor ports to stop unwanted traffic from slipping through, you have to know how to manually close ports, and disable file-sharing, in order to control risky traffic from coming in to your computer.

What do I need to know before installing a firewall?

  • A firewall is not the single solution to computer problems. As with other computer security measures, malicious programs disguised as friendly ones can circumvent a firewall.
  • Like any add-on to your computer, a firewall can interfere with other applications on your system.
  • Firewalls might prevent campus vulnerability scanners from alerting you to a problem on your computer.
  • Depending upon which department and network you belong to, there may be restrictions on the use of personal hardware firewalls/routers.
  • If your computer comes with basic firewall capability, or if you are thinking of installing a firewall, you should contact your tech support person first.
  • Faculty and staff should consult with their department's Technical Support Coordinator (TSC) before installing a firewall. Students can contact the IT Express Computing Services Support Desk, 530-754-HELP (4357).

Does UC Davis have access to a discount on firewall products?
Campus departments may purchase Juniper firewall products through CDW-G at a discount. To receive this discount, purchases must be made via UCD Buy. For additional information, contact IT Professional Services .

Back to top

 

Identity Theft

What is identity theft?
Identity theft occurs when personal information is obtained by unauthorized individuals who then use that information to commit a crime such as fraud or theft.

Who is at risk for identity theft?
Everyone. Careful management of personal information, identification, and passphrases can help minimize your risk.

What are the risks?
Victims of identity theft often have to spend time and money cleaning up their personal and financial records. In the meantime, they may be refused loans, housing or cars, or even get arrested for crimes they didn't commit.

What is the campus doing to protect my personal information?
No matter what your affiliation with the campus, your personal information resides on at least one campus computer system. The campus minimizes the number of systems on which personal information resides, and mandates a high level of security on these systems. Individuals will be notified if their information is obtained via a security breach.

How can I protect my personal information?

  • Order a copy of your credit report from each of the three major credit bureaus - EquifaxExperian, and TransUnion. Make sure it's accurate and includes only those activities you've authorized. California residents can order one free copy of their credit report from each bureau annually. For more information on how to obtain your free credit report, visit https://www.annualcreditreport.com/cra/index.jsp.
  • Place hard-to-guess passphrases on your credit card, bank, and phone accounts. Keep your passphrases and PIN numbers secret. Don't share your Kerberos passphrase!
  • Use a shredder when discarding documents containing personal identification.
  • Don't send personal information via email.
  • When shopping online, make sure the site is secure by looking for the padlock icon in the corner of the page that asks you to input your personal information.
  • Don't keep personal information stored on computers unless necessary and encrypted.
  • Ask about information security procedures in your workplace.

Back to top

 

IRC Bots

What are they?
IRC is short for Internet Relay Chat. IRC appears in software such as AOL Instant Messenger, Yahoo! Messenger, and ICQ.
A bot, or robot, is automated software set to perform certain functions. Many programs feature bots, which are not always malicious programs. An example of a peaceful IRC bot is a digital chat room moderator that boots and bans users who flood the channel with spam. Over the years, however, many malicious IRC bots have integrated themselves into popular programs, and are proving to be a growing security risk.

What risks are involved?
A malicious bot could record everything you type in your IM program. Should you mention sensitive information, such as credit card or bank account numbers, you are at risk for identity theft. Bots can also create "back doors" on your computer, giving hackers quick access to your system.

What can I do to protect myself?
Malicious bots tend to be both partnered with unofficial modifications to the IRC and integrated into spyware applications. To avoid these bots, never download an unofficial addition to a legitimate program, and be sure to:

  • Run an anti-spyware program weekly
  • Virus-scan all files weekly
  • Download and install the latest operating system patches
  • Enable Windows Firewall and/or buy a third-party firewall program

How do I know if I have an IRC bot on my computer?
You might not notice the presence of some bots. Others might slow your computer, or show symptoms similar to those of spyware and viruses.

Securityspace.com offers a free malicious IRC bot vulnerability test for registered users (registration is free) at http://www.securityspace.com/smysecure/catid.html?id=14841.

Back to top

 

Passphrases

Are passphrases really an important part of security? Yes, strong passphrases can prevent unauthorized people from accessing: the information you store on your computer; the applications you use that allow you access to others' information; and services you use online (e.g. banking and shopping).

What is a strong passphrase? Strong passphrases are difficult for other people, even people who know you well, to guess. Most of us choose passphrases that we can easily remember, which usually means a word, phrase or name we use in our daily lives. These are weak passphrases, because anyone who knows you could probably guess them.

How do I create a strong passphrase? To create a strong passphrase, use a mix of uppercase and lowercase letters, numbers and symbols. The strongest are 12 characters or longer. Avoid repeating characters (e.g., aaaaaaa) or using sequences (e.g., abcdefg).

How do I know if my passphrase is strong? To check the strength, go to http://computingaccounts.ucdavis.edu and select the Test passphrase strength option.

 

Phishing

  1. What is "phishing?" "Phishing" (pronounced "fishing") refers to a form of fraud that attempts to acquire sensitive information (usually your username, also called login or loginID, and passphrase/passphrase). There are many variations, but the most obvious characteristic of a phishing message is that it instructs you to provide sensitive information either by replying to the message, or by clicking on a link and entering the information on a web page. There is no legitimate reason for anyone to request a password/passphrase or other sensitive data via email, and you should never respond to any such message.
  2. What should I do if I think I might have responded to a phishing message? Call the IT Express Computing Services Help Desk at 530-754-HELP (4357) immediately if you think you have provided your passphrase or other personal information in response to a phishing scam.
  3. What if a message, which seems to come from someone at UC Davis, asks me to confirm my login ID and passphrase? UC Davis will never ask you to do this via email or telephone. Call IT Express at 530-754-HELP (4357) if you are unsure about the validity of an email from a campus address.
  4. How do I know if a message is a phishing scam? Phishing messages often:
    • Instruct you to supply your account information, including your password/passphrase, by email or by clicking on a link in the message and then entering the information via the web. This is never a legitimate request.
    • Have a "From:" line that sounds (and sometimes is) legitimate, but the message itself is vague.
    • Contain a threat if you do not supply the information, such as having your account deleted.
    • Have spelling and grammatical errors. Legitimate messages aren't always perfect, but with careful reading many scam messages become obvious.
    • Use a generic salutation rather than using your personal name.
  5. Print and post this Don't Let Phishers Play You flier to remind you what to look for.
  6. What can happen if I reply to a phishing scam? If you send them the information they request, they could use your email account to send millions of spam messages, open accounts under your name, or commit other fraud.
  7. How can I prevent my campus computing account from being compromised?
    • DO NOT respond to phishing scams in any way. It's that simple. Just don't answer. Don't click on links in the message. Delete the message immediately.
    • Be suspicious of messages requesting personal or account information.
    • Be suspicious of messages threatening to close or suspend your account if you don't respond with the information they want.
    • Check the authenticity of email messages by calling a company phone number known to be genuine.
    • See Cyber-Safety Basics for information about protecting yourself and your computer from other cyber-attacks.
    • See 10 Things Everybody Should Know about How the Email World Works for more tips about email.
    • Read even more about phishing at www.us-cert.gov/cas/tips/ST04-014.html.
  8. Why doesn't the campus just block phishing scams like we block spam? We employ multiple layers of the latest and best anti-spam, anti-virus, and anti-phishing technology available. Unfortunately, these systems cannot block all malicious email.
  9. I've never replied to a phishing scam, but have been getting spam emails from my own email address. How does this happen? These emails result from a very easy spammer technique called "spoofing." All spam has a spoofed (or forged) "From" address. Unfortunately, there is no way to prevent the use of someone else's "From" address in email. If you receive more than five spam messages from yourself per day, contact the IT Express Computing Services Help Desk at 530-754-HELP (4357).
  10. What happens to compromised accounts? When UC Davis identifies a compromised account, the account is locked immediately. If your account is locked, you must go to one of six passphrase reset locations in campus computer rooms, prove your identity, and change the passphrase. Click here for more information.

For Technical Support Coordinators, Managers and MSOs
Information and Educational Technology (IET) has developed resources to help you spread the word about phishing scams to faculty and staff in your departments. To access these resources and learn more about IET’s anti-phishing efforts, see http://security.ucdavis.edu/phishing.

Back to top

 

Software Patch Updates

What is it?
Patch updates "fix" flaws in your operating system, the basic program that runs your computer (e.g.Windows 8 or Macintosh OS X). Patches are released as needed by your operating system vendor (such as Microsoft or Apple), and should be installed as they become available.

What risks are involved?
Computers with unpatched operating systems are vulnerable to hackers and viruses.

What can I do to protect myself?

  • Windows users: Set your computer to download operating system updates on a regular basis. Look in your Control Panel and find System or Automatic Updates. You can also find Windows updates in the Tools menu in Internet Explorer, or by visiting Microsoft's Web site at http://windowsupdate.microsoft.com/.
  • Mac OS X users: Consult the "software update" pane in the System Preferences utility to manually or automatically schedule updates.

What is UC Davis doing to protect me?
UC Davis provides resources to assist you in protecting your computer.

Back to top

 

Spam Filtering Basics

What is spam?
Spam is unsolicited commercial email, or that junk mail that you get in your email inbox.

What is spam filtering?
Spam filtering helps reduce the amount of spam you receive in your email inbox. This can be done a number of ways.

Does UC Davis filter spam?
Yes, UC Davis uses techniques to identify and filter spam, and enables you to customize spam filtering for your campus email account.

How does the campus spam filtering service work?
UC Davis employs several different methods for identifying spam. These methods work together to assign scores to potential spam email messages. The scores assigned are based on lists of characteristics of known spam messages. 

Does every email message receive a spam score?
Most do, but not all. Messages scoring 4 or lower are more likely to be legitimate email messages.

Can spam filtering accidentally delete legitimate messages?
Spam filtering is not 100% accurate, so you might want to check your UCD spam folder for false positives. Through Geckomail or MyUCDavis, click UCD-spam from the list of folders on the left. Your UCD spam folder is not accessible from an email client (such as Outlook) unless you use IMAP.

Can I change the way the campus filters spam to my email account?
Yes, you can customize the way the campus filters spam to your email account by visiting http://email.ucdavis.edu/secure/spamfilter.php. You can change the point at which spam is filtered to your UCD spam folder and when it is automatically rejected.  You can also create allow and deny lists.

I have my campus email redirected to a non-UC Davis email account. Will the campus filter my email before it is redirected?
No, email is redirected before it is filtered.

My email is redirected to a departmental account at UC Davis. Will the campus filter my email before it is redirected?
No. Not unless your department's system administrator or Technology Support Coordinator is using the campus scanning and tagging service. Nonetheless, consult your administrator, as they might have local filtering.

How will these measures affect class mailing lists or other address lists that go to UC recipients?
List owners who have configured their lists to filter spam should see less spam get through. People posting from off-campus might have difficulty if they're routing mail through blocked mail servers, but that would be just as true if they were trying to mail an individual on campus--the fact that the addressee is a mailing list rather than an individual is not a factor.

Does UC Davis provide specially tailored filtering rules that I can use with my email program, as an alternative to using the central campus spam filtering utility?
UC Davis not provide specific spam-filtering rules, but does provide instructions for setting up spam filtering on campus-supported email programs. You may access these instructions and learn more about spam filtering options by visiting the Campus Spam Filtering page.

What can I do if spam filtering set-up instructions are not available for my email program?
Most email programs let you set up filters. You should consult help resources for your program to see what anti-spam measures they offer.

If all messages with a high score are sent to a spam folder that is only accessible through MyUCDavis and Geckomail, how can I make sure that the spam filter is not sending legitimate email to this folder if I never use MyUCDavis or Geckomail?
The folder will be visible to any IMAP client; Geckomail is merely one example of an IET-supported IMAP client. If a user has an email program configured to connect to their server via IMAP, then no change in behavior will be required. Those who have configured their email program to POP can change that configuration to IMAP. For more information about POP and IMAP configurations, see The IT Express Knowledge Base article on POP and IMAP.

Back to top

 

Spam: Allow/Deny Lists

What are allow and deny lists?
Allow and deny lists let you further customize the campus spam filtering service. All email originating from addresses on an individual’s deny list is prevented from reaching that individual’s inbox. All email originating from addresses on the individual’s allow list is permitted to reach that individual’s inbox, even if it would otherwise have been marked as spam and filtered away from the inbox.

Why implement Allow/Deny Lists?
No single spam filtering measure filters 100% of spam. Allow and deny lists add an extra layer of protection against spam. Legitimate email messages from news lists, or subscriptions to professional online magazines or other publications, can be filtered as spam (a “false positive”). By placing the sender’s email address on their allow lists, recipients of these types of messages ensure that they will not be filtered as spam.

How do I create allow and deny lists?
Go to http://email.ucdavis.edu/secure/spamfilter.php.

Can I change allow and deny lists at any time?
Yes, and changes to accept and deny lists are effective immediately.

Can I add @ucdavis.edu addresses to my allow and deny lists? 
Yes.

Can I add a domain to an allow list?
Yes. If you receive email from a particular domain (@ucdavis.edu, for example) that you do not want the campus spam filters to scan (and possibly send to your UCD spam folder or delete), you can add it to your allow list. This will ensure that you get all email from that domain.

Can I add a domain to a deny list?
Yes. If you receive email from a particular domain (@ucdavis.edu, for example) that you always want the campus to send to your UCD spam folder, you can add it to your deny list. This will ensure that no email from that domain will reach your inbox.

Back to top

 

Sample Spam Settings*

 

 

Reject Spam**

 

 

Aggressive**

 

 

Cautious 

(Campus Defaults)

 

 

Deliver All Mail

 

Filter spam

Yes

Yes

Yes

No

To UCD-spam folder

None

5

5

None

Summary

No

Yes

Yes

No

Delete Spam

5

10

15

15

What you can expect if you choose these settings.

All spam scoring 5 or above will be rejected automatically. No email will be sent to your UCD-spam folder.

Most spam will be rejected automatically, but some will be stored in your UCD-spam folder.

Most spam will be either rejected or sent to your UCD-spam folder.

You will receive all spam scoring less than 15 that is sent to your email account.

 

Who might want to choose these settings?

Individuals who have previously used the campus spam filtering service and found that moderate-scoring spam could be rejected rather than stored in their UCD-spam folder.

Individuals who have previously used the campus spam filtering service and found that moderate-scoring spam could be rejected rather than stored in their UCD-spam folder

Most of the campus community will find that these settings provide the greatest level of accuracy with the least amount of spam delivered.

Individuals who want to receive all email that is directed to their email account, regardless of whether it is spam.

 

Other considerations

Set up allow lists to exempt certain email addresses or domains. Set up deny lists if you repeatedly receive spam scoring less than 5 from a particular address or domain.

Set up allow/deny lists to further customize your email filter.

Set up allow/deny lists to further customize your email filter.

Set up spam filtering using your email program’s junk mail or spam control features.

*You may want to make incremental changes to these settings until you find your desired combination. Messages receiving a score of 4 or lower may be legitimate email messages, so please use caution when filtering or deleting messages with very low scores.
** Please be aware that the more aggressively you filter spam, the more likely you are to receive false positives.

 

Spyware

What is it?
Spyware is software that gathers information about your web-surfing habits for marketing purposes. Spyware "piggybacks" on programs you choose to download. Tucked away in the fine print of user agreements for many "free" downloads and services is a stipulation that the company will use spyware to monitor your web habits for business research purposes.

What risks are involved?
Spyware takes up memory and space on your computer. It can slow your machine, transmit information without your knowledge, and lead to general computer malfunction. You may choose to keep certain spyware programs on your computer in exchange for the free services that accompany them, but you should be aware of how that might affect your computer.

What can I do to protect myself?

  • Closely read user agreements for free programs before clicking, "I accept." Watch for allusions to spyware and adware in user agreements.
  • Regularly scan your computer with an anti-spyware program.

Back to top

 

Viruses

What are they?
Malicious small programs that easily replicate themselves, infect your computer, and often spread to others' computers via email attachments or network traffic.

What risks are involved?
Virus programs can delete files, format disks, attack other computers, or slow your system. They can also create "back doors" that allow hackers to run programs on your computer or gain access to your files.

How do I know if I have a computer virus?
A computer infected with a virus might suddenly act in unexpected ways. For example, it might take longer to access files or to start up programs, or it might lock up often. You might also notice uncommon sounds being played from your speakers, a variety of images popping up on the screen, or problems starting your computer. All are signs that your computer could be infected with a virus.

What can I do to protect myself?

  • Install anti-virus software on your computer and run daily updates. Find free software for faculty and staff work computers, and recommendations for free anti-virus for student and home computers, on the Software website.
  • Install "patches" at your operating system's website to keep your computer fortified against possible attack.
  • Do not open email attachments with suspicious subject lines, file names, or messages. Some viruses can appear to come from someone you know--therefore, the "from" line alone cannot be trusted.
  • Viruses can come to you in links sent via Instant Messaging, email attachments, infected disks, freeware, shareware, or file-sharing.

What is UC Davis doing to protect me?
Virus filtering software checks every incoming and outgoing @ucdavis.edu email message for viruses. Widely recognized viruses will automatically be filtered out of your incoming email. New viruses can sneak through until the filter is trained to recognize them, which usually takes no more than 24 hours.

Back to top

 

Wireless

What is it?
Wireless networks let you get online from almost anywhere people congregate, including UC Davis.

What risks are involved?
Because wireless access points don't require a user to plug into a port, the networks are often more difficult to monitor and secure. Many off-campus wireless areas won't require you to sign in with a username and passphrase. If the network is not secure, and you're using it to buy things online or log on to Internet applications, it's not difficult for someone to record your keystrokes and steal your identity.

What can I do to protect myself?

  • When on campus, use moobilenetx. See http://wireless.ucdavis.edu/ for more information.
  • Restrict your online shopping to wired connections or secure wireless connections.
  • Don't open programs that contain identifying information while you're on a wireless network. In fact, don't keep your Social Security number, driver's license number, or bank account numbers anywhere on your computer, period.
  • Keep your computer secure: Apply operating system patches when they are released by the software manufacturer, and keep your anti-virus program up to date. Other computers sharing the wireless connection could be infected or compromised, and might attempt to spread viruses or hack into other computers attached to the wireless network.
  • Disable file-sharing so that other people can't help themselves to files on your computer. For instructions, refer to your operating system help center.

Back to top