| Recent vulnerabilities increase risks A recent vulnerability has once again increased the risk of using Microsoft’s Internet Explorer Web browser and Outlook e-mail program. Microsoft released a patch on Apr. 3 that will protect Windows users from this threat, so computers with automatic updates enabled should already have this update. If you use computers at home or on campus that do not have automatic updates enabled, you can check for updates by running either the Windows Update or Microsoft Update program found on the “Start” menu. The update service will prompt you to enable automatic updates if the current setting is manual. This particular threat involves malicious Web sites that attempt to exploit the way Windows handles animated cursor files with the “.ani” extension. Clicking on a link to one of these sites from Internet Explorer or Outlook could allow malicious code to be executed on your computer, compromising its security. While the patch will protect against this threat, there may be similar vulnerabilities not yet discovered. Accordingly, IT recommends the Mozilla Firefox browser as a safer alternative to Internet Explorer, and the Lotus Notes or Mozilla Thunderbird e-mail clients as safer alternatives to Microsoft Outlook. Most threats that use what is called a “buffer overflow” attack target vulnerabilities in Internet Explorer and Outlook. While similar vulnerabilities have been found and patched in Firefox and other non-Microsoft applications, such incidents have been fewer and farther between. The Office of Information Technology uses a system that can block off-campus threats that have been discovered, but there is sometimes a lag between the discovery of a new exploit and the date a patch or a scanning definition becomes available. Therefore, the best protection is a blended approach: enable automatic updates for your operating system and any application that accesses the Internet. Some applications do not offer automatic updates, but may at least have a “Check for Updates” option under one of the “Tools” or “Help” menus. Keep your virus definitions up to date as well. Symantec Antivirus, which will automatically receive updates, is licensed for all faculty, staff, and students. IT also recommends the free Microsoft Windows Defender application that adds protection against adware, spyware, and other malicious applications that are not technically viruses. In the residence halls IT uses a system called Cisco Clean Access to scan computers to make sure they are protected. Our staff have recently begun the process of deploying this system in locations used by faculty and staff as well. The software will not scan for anything other than the protection defined by our Network Security unit. If you do not have necessary updates, the system simply prompts you to download them. You will be notified when CCA is available in your department. For more information on protecting your computer from the latest threats, visit http://help.american.edu. IT posts security alerts on this site, and the “Getting Connected” section has links that describe the process for securing a Windows computer. If you have any questions about keeping your computer up-to-date, contact the Help Desk at 202-885-2550 or helpdesk@american.edu. |
