search the site
- What should I do to protect my computer against viruses and other attacks?
- What should I do to protect the sensitive or personal data stored on my computer?
- How can I report a computer security incident at NYU?
- How can I keep up to date with virus alerts and other security news?
- Where can I get antivirus software?
- What should I do if I think my computer has a virus?
- I've installed antivirus software, but my computer still got infected. How could that happen?
- Why am I getting virus-infected messages?
- Does NYU scan my e-mail for viruses?
- What does this "Virus Warning Message" I received mean?
- Why did I receive a virus warning message about e-mail I never sent?
- If I don't open a virus-infected attachment, can my computer still get infected?
- What can I do to make Google Desktop more secure?
- What can I do to make Microsoft Outlook more secure?
- I opened an e-mail attachment I wasn't expecting...does that mean that my computer is infected?
- My computer sent virus-infected e-mail to everyone in my address book! What should I do?
- If my antivirus software says a file I received via e-mail is clean, is it OK to open it?
- I'm receiving notices that I've sent a virus-infected message, but Symantec AntiVirus says my computer is not infectedWhat do I do?
- If the virus had sent itself automatically, wouldn't a record of this show up in my "sent mail" folder?
- Why did I get a "mail was not delivered" notice about a message I never sent, and what can I do about it?
- NEW! Can I use NYU Docs to store restricted data?
What should I do to protect my computer against viruses and other attacks?
Read and follow the instructions in the Getting Secure section.
What should I do to protect the sensitive or personal data stored on my computer?
Useful information about protecting sensitive data is available within the following:
- Connect Magazine: Information Technology at NYU article: Data Handling: With Ease Comes Responsibility, by Christopher Penido, Spring/Summer 2007.
- Data Security - Is IT secure? A guideline for reducing institutional risk associated with sensitive data breaches. This webpage includes the data classification table, a 1, 2, 3 step process for assessing and reviewing business workflows that produce or handle sensitive data, and tips on securing restricted data.
How can I report a computer security incident at NYU?
To report a security incident to NYU's ITS Technology Security Services group, send e-mail to firstname.lastname@example.org. Include a description of the incident, the IP address(es) of any computer(s) that were involved, the time of the incident and the time zone that you are in, and any associated log files. For information about reporting spam or harassing e-mail messages, see the Computer Security Contact Information page.
How can I keep up to date with virus alerts and other security news?
There are a variety of news sources for such security alerts. The ITS Technology Security Services group posts
virus and other security notifications to the Computer Security Alerts and News channels within
NYUHome (located on the Home tab) on a regular basis. You can also find this information on the ITS Computer Security Alerts and News sites.
If you are an IT support specialist for an NYU dept. or college, you can subscribe to the Security Sys Admin mailing list via the Security Sys Admin website. That mailing list contains the latest information on emerging security threats and vulnerabilities impacting NYU. In addition, there are a variety of non-NYU websites that offer this type of information (see the ITS Security website for details).
Where can I get antivirus and anti-spyware software?
ITS provides Symantec AntiVirus for both Windows and Mac OS X to all qualified NYU community members. ITS no longer provides a licensed version of Lavasoft Ad-Aware anti-spyware, but you can still download a free copy from the Lavasoft website. Windows Vista and Windows 7 already come built-in with a free and fully functional anti-spyware solution called Windows Defender. Windows XP and Windows Server 2003 clients may also download a free copy of Windows Defender from here.
Qualified community members can download Symantec antivirus package from the Ask ITS area of NYUHome (NetID and password login required). Once you have installed the software, be sure to update the virus definitions immediately.
What should I do if I think my computer has a virus?
To check your computer and clear it of a virus, follow the instructions at www.nyu.edu/its/security/virus/.
I installed antivirus software, but my computer still got infected. How could that happen?
Once you have installed antivirus software, it is vitally important that you keep your virus definitions up-to-date. Antivirus programs use these definitions to recognize new viruses and worms—without the definitions, your software can't catch and repair them. By the time that you have installed any type of antivirus software on your computer, the virus definitions are most likely already out of date, so be sure to check for updates immediately after installation, and on a daily basis after that (most programs can check for you automatically).
Why am I getting virus-infected messages? How'd they get my address?
Many viruses and worms that are out today harvest addresses from multiple locations. E-mail address books and websites are two of the most frequent sources. If someone had your e-mail address in his or her address book and his or her machine was infected, it could have been obtained in that way. It could also have been harvested from a website. If a person with an infected computer viewed a web page where your address was listed, it could have been obtained in that manner.
There is also the possibility that someone you know inadvertently sent you a virus-infected message. However, there are also some tricky viruses that embedded trusted names in the From line of the messages they send to make it look like a legitimate message and to trick you into opening the infected attachments they carry. For example, viruses like these could use the name of a well-known company, addresses grabbed from your own address book, or the name of the company or school attached to your own e-mail server (e.g., an infected message sent to people at NYU could claim to be coming from NYU computer staff or an important administrator.)
If you receive ANY message that you aren't expecting that asks you to open an attached file (especially one that ends in .exe or .sit) or click on a link, you should be suspicious. Before you open any attachments or click on embedded links, you should either check with the person who sent it to make sure it's legitimate, or play it safe and simply delete it.
Does NYU scan my e-mail for viruses?
The answer to this is both yes and no. It depends on where you pick up your e-mail. Any mail coming in through the main University mail gateway is scanned for viruses. However, any mail coming in through a departmental mail server may not be. If your department runs its own e-mail server, you should check with your departmental technical contact.
What does this "Virus Warning Message" I received mean?
In order to combat the rising number of virus-infected messages coming into NYU, ITS has instituted virus scanning at its main mail gateways. When the scanner finds a virus in a message sent to or from you it will remove it. Since the message was not delivered in its entirety, the scanner sends a note to both the sender and recipient of the message (see sample below).
If you are listed as the recipient (as in the example above), there is nothing you need to do to follow up on this except for normal safe computing practices. Insure that your antivirus software has the most up to date configuration, is run on all newly modified files, and that you have run a full virus scan over all your disks since you last downloaded the most recent configurations files for your scanner.
If you are listed as the sender of the message, you should follow the instructions above to make sure that you get rid of the virus or worm.
Why did I receive a virus warning messages about e-mail I never sent?
There are a couple of ways that this can happen. First, there are viruses which send out mail automatically to addresses in your address book, or from websites in your cache. So, if your computer is infected, you wouldn't know that you had sent the messages.
The other possibility is that there are some viruses which forge the "From:" line of messages using the same random selection of e-mail address as above. In order to figure out where the messages are really coming from in these situations, we would need to see a copy of one of the messages or of the error message that you receive. With that, we can check our mail logs to trace back to the real source. If you check your computer with antivirus software and nothing turns up, let us know the next time you receive an error message and we'll follow up.
If I don't open a virus-infected attachment, can my computer still get infected?
It depends. If you do not have the feature enabled that allows you to view .html images in your e-mail, you might be safe. Most of the time you actually have to open the attachment or click on links in the e-mail in order to activate the virus. Never open or click on suspicious attachments and URLs and always maintain your antivirus and anti-spyware software up-to-date.
What can I do to make Google Desktop more secure?
Google has now discontinued support for Google Desktop, and ITS therefore recommends that you uninstall it. As is the case with nearly every computer program, if Google Desktop is not properly maintained and updated, it could potentially allow attackers to compromise your computer and/or access your local files. If you use a third-party desktop search program besides Google Desktop, ITS encourages you to review the program's supporting documentation to see what you can do to help secure the program and your data.
If you have questions about data security, contact ITS Technology Security Services at email@example.com.
What can I do to make Microsoft Outlook more secure?
Disable Windows Scripting Host
- Open the Control Panel -> Click START, SETTINGS and CONTROL PANEL
- Double-click the icon that reads ADD/REMOVE PROGRAMS
- Click the tab that reads WINDOWS SETUP
- In the components window, click ACCESSORIES
- Scroll to the bottom of the Accessories components window and make sure that WINDOWS SCRIPTING HOST is not checked. If it is, click the box to remove the check mark.
- Click OK twice and close Control Panel
Change the setting that opens the next unread e-mail as you move or delete a new e-mail
- Open Outlook
- On the toolbar, find TOOLS and click it.
- On the drop down menu, find OPTIONS and click it. It opens the OPTIONS dialog box on the PREFERENCES tab. Right where we want to be.
- Click the button that says E-MAIL OPTIONS...
- Under MESSAGE HANDLING, the first line (After moving ...) needs to be modified.
- Click the down arrow and select RETURN TO THE INBOX.
- Next, remove the check from DISPLAY A NOTIFICATION MESSAGE WHEN NEW MAIL ARRIVES
- Click OK two times to return to Outlook.
Turn off Outlook's Preview Panel
- Open Outlook
- Find VIEW on the toolbar and click it.
- In the drop down menu, locate PREVIEW PANE and AUTO PREVIEW
- If either or both of these are engaged, the icon next to their label will be depressed. If depressed, click it to disengage. Do this for both PREVIEW and AUTO PREVIEW.
Make sure that your file associations are being displayed properly
- Click START / SETTINGS / FOLDER OPTIONS
- Click the VIEW tab
- Under FILES AND FOLDERS, locate HIDE FILE EXTENSIONS FOR KNOWN FILE TYPES.
- If there is a check mark in the box, remove it and click OK. If there is no check mark, click OK.
A PDF version of the detailed paper on securing Outlook that we used to
compile this list of recommendations is available for download at:
http://www.giac.org/practical/gsec/Dain_Mullins_GSEC.pdf (Adobe Acrobat Reader required).
I opened an e-mail attachment I wasn't expecting...does that mean that my computer is infected?
Possibly. You should immediately run antivirus software on your computer to find out. If your antivirus software does report an infection, contact your local IT support or the IT Service desk at 212-998-3333 or firstname.lastname@example.org.
My computer sent virus-infected e-mail to everyone in my address book! What should I do?
You should alert those in your address book (but not by e-mail or instant messenger from the same infected computer) that your computer has been compromised. Advise them to check their computer for any presence of a virus or worm.
If my antivirus software says a file I received via e-mail is clean, is it OK to open it?
It depends. If you were expecting to receive the attachment and you know the person, then yes. If you were not expecting the attachment and you don't know the sender, we would recommend that you do not open the file or click on any embedded links. If you were not expecting the file, but you know the sender, you should check with the person first, just to make sure that they actually did send it to you and to alert them that their computer may be infected.
I keep getting messages that I've sent a virus-infected message, but a Norton/Symantec AntiVirus scan says that my computer is not infectedWhat do I do?
This could be happening because you may have come across a brand new strain of virus or worm. There are cases where a worm or virus is released and it is so new that the antivirus software manufacturers have not yet had a chance to create a method to clean the renegade program. If you find yourself in this situation, you can actually send the information to the manufacturer and alert them that there is a new virus in the wild.
You might also get virus notification messages if your e-mail address has been inserted in the "From:" line of someone else's message. There are several viruses that send mail automatically, so you may not know about messages that were sent. In addition, some of those automailers send mail with forged "From:" lines, so the infected message may have come from a different computer entirely.
If you check the headers of the message, you can confirm whether or not the message was sent from your computer or whether it was forged and sent from someone else's computer. If you use the NYUHome webmail client, just click on the triangle at the upper right corner of the message to show the headers. If you are using another e-mail client, the instructions for displaying the headers are listed below organized by type of client.
If a virus had sent itself automatically, wouldn't a record of this show up in my "sent mail" folder?
This mail will probably not show up in your outbox, since the virus has its own mail handling procedures.
Why did I get a "mail was not delivered" notice about a message I never sent, and what can I do about it?
Many viruses and worms that are out today harvest addresses from multiple locations and send out mail forging addresses such as yours as the "return address" on the electronic envelope for their virus infected messages. E-mail address books and websites are two of the most frequent sources. If someone had your e-mail address in his or her address book and his or her computer was infected, it could have been obtained in that way. It could also have been harvested from a website. If a person with an infected computer viewed a web page where your address was listed, it could have been obtained in that manner.
As with any virus problem, first make sure its not coming from your system by installing an up to date antivirus program such as Symantec AntiVirus and having it update its virus signatures automatically. (in AntiVirus this feature is called LiveUpdate.) Then run a manual check of all the disks permanently mounted on your computer and then configure Symantec AntiVirus to check all new files automatically as well.
If this does not stop new messages from being sent (and thus stop you from getting errors within a day, forward one of the odd messages you received with full headers attached to email@example.com with a cover note describing everything your observed.
Can I use NYU Docs to store restricted data?
Page last reviewed: January 11, 2011