Best Practices
Your ResNet computer has been compromised…
What does “compromised” mean?
“Compromised” is a nice way of saying that someone or something has maliciously broken into your computer without your knowledge or permission. It means that you can't trust the integrity of any file (program, document, spreadsheet, image, etc.) on your computer. You can't find out what's been done to your computer files without an exact “before” copy to compare them with, and you probably won't ever know what's been done with your personal information, including your passwords, or where they've been sent.
Why should I care?
If your computer was involved in an Internet Denial-of-Service attack without your knowledge, it probably has robot ("bot") programs installed which intruders can activate at any time. ("Denial of Service" refers to bringing down a system or network by attacking it.) Attack programs are usually hidden inside other programs (a “trojan horse”) or in hidden directories, or are disguised with nondescript names. Their install often involves changes to your system that make them very difficult, or impossible to remove. These types of threats to the Internet must be eradicated before you can reconnect to the campus network.
Many "bots" include other programs such as keystroke loggers (everything you type into your keyboard is sent to a remote site, including passwords, account numbers, web sites, and messages), remote administration tools (for the intruder to login and steal files or launch attacks from your system), or FTP servers (to share copyright software, music, and movies from your machine, at your risk of liability instead of theirs). You could end up being a victim of identity theft, or you could be sued for copyright infringement.
New viruses and worms use multiple methods to spread, such as through e-mail, file sharing, web site links, or un-patched and unsecured computers. Anti-virus software may or may not be able to detect the presence of such a program, and may not be able to repair it. It depends on whether operating system programs have been altered.
If your computer wasn’t used in an attack, you may have the option of attempting to “clean up” your machine and resume operation of it. The Security Office often makes a distinction between a simple "virus infection" that may be repairable, and a "system compromise" which is probably not repairable. "Not repairable" means that the disk drive must be reformatted and the Operating System reinstalled from scratch in order to fix your machine. (The hardware is not damaged, just the software!) The ITS Help Desk can advise you…. call “4-HELP” (384-4357).
CHECKLIST FOR REFORMATTING AND REINSTALLING YOUR SYSTEM:
(“Starting over” with a fresh install of your computer)
-
Make portable copies (on a floppy disk, a CD, or a Zip disk) of your important personal files (e.g., anything you want to save). Do not make copies of any program (.exe) files, as they may be damaged or infected.
-
Gather the CD’s or disks that came with your computer. Note: If you do not have the original disks for your computer, you may be able to purchase a copy of your operating system at the IMU Book Store at a substantially reduced price.
- Gather the installation CD's or disks from the software programs (applications) that you have purchased for your computer. (You will need to reinstall them later, after the system is rebuilt.)
-
Rebuild your machine. You can
A.) Take your system unit and the CD’s that came with your computer to the ITS Help Desk (15 Lindquist Center South) to have them rebuild your machine. (They will install the operating system, security updates and patches, and Symantec Anti-Virus programs only. They will not install any other software programs you've purchased.)
B.) Do the rebuilding yourself. Format your system drive and re-install the operating system. Install Symantec Anti-Virus software, and run LiveUpdate to get all the latest virus signatures installed. (If you are not familiar with these tasks, it's recommended you take option A.)
-
Reconnect your computer to the network.
- Notify the IT Security Office that your machine is ready to be tested. You must fill out the form at http://cio.uiowa.edu/ITsecurity/incident/EnablePort-form.htm and have your machine scanned to make sure its repaired. If its clean, your network connection will be restored.
After your network is restored, you MUST follow these additional steps to STAY on the network without further compromises!!!
- Turn on the built-in firewall if you run Windows XP. Call the ITS Help Desk (4-HELP) to assist. If your system doesn't have a built in firewall, consider installing an add-on personal firewall program. The following programs are free for personal/home use:
-
Make sure all of the current security updates are installed for your system (see the web site for your system (www.windowsupdate.microsoft.com, www.info.apple.com, www.redhat.com, etc) .
-
Tighten up the security of your computer. See Microsoft's Protect your PC Site at http://www.microsoft.com/security/protect/ for detailed instructions for all supported versions of Windows.
- Re-install your personal applications from their original media (the CD’s or disks that you gathered before you rebuilt your computer).
-
Visit the ITS Software Download website to get copies of other FREE software that you can install. (Eudora, SecureCRT, WS FTP Pro, Host Explorer, etc.)