Duke makes the McAfee anti-virus program available at no cost to students, faculty, and staff. McAfee (and more information on current viruses)
can be found at http://www.oit.duke.edu/virus/. Please ensure that your installation is configured
to automatically update it's antivirus files, so that it will be able to detect the latest viruses.
Spyware or adware can be installed by viruses, and are also included in many applications such as peer-to-peer filesharing software. Spyware is often installed by the user, but without the user's consent or full understanding, either
via automatic downloads or deceptive pop-up ads. They generally report users' internet activities to marketing groups or other interested parties.
Applications such as Ad-Aware, a free utility from Lavasoft (www.lavasoft.com) or Spybot S&E (www.safer-networking.org) do good jobs of detecting and removing most spyware-related files. However, to properly remove all detected spyware files, you may need to uninstall them manually or run multiple spyware removers.
Trojan programs can also be installed by viruses. Trojans are malicious programs that are contained inside apparently benign programs and
purposely do something the user does not expect.
McAfee's antivirus application detects trojan programs. Duke makes the McAfee anti-virus program available at no cost to students, faculty, and
staff. McAfee (and more information on current viruses) can be found at http://www.oit.duke.edu/virus/. Please ensure that your installation is configured
to automatically update it's antivirus files, so that it will be able to detect the latest trojans.
Worms can infect a computer without any action on the part of the user, by taking advantage of a vulnerability in an application or the
operating system of the computer.
To avoid being taken advantage of by a worm, make sure that your operating system and all applications have all patches and updates installed. For
more information on configuring updates for Windows machines, please see www.security.duke.edu/securepc.html.
For information on using yum to update Linux machines, please see http://linux.duke.edu/projects/yum/.
Spam is a common term for unsolicited commercial email.
One method of dealing with spam is to simply delete it. Your mail client may have filters you can configure to automatically delete email with
specific words in it. You can forward spam, with the full message headers, to postmaster@duke.edu, but if you do not include the full headers,
OIT will not be able to follow up on it. Headers are required because most spam contains forged return addresses; headers show the entire path
the email has followed. For more information on stopping spam, try this offsite resource: www.stopspam.org/.
Threatening or harassing email is a rare occurrence at Duke, but one that is taken very seriously. If you are receiving threatening or
harassing email, please contact the Duke Police Department (575-6561 or use their link for reporting
harassment). Duke's harassment policy is located here: http://www.duke.edu/web/equity/har_har_pol_overview.htm.
Social engineering is a term used to describe tricking people into ignoring or breaking security procedures. Social engineers often rely
on people's natural desire to help, or may appeal to vanity or authority, or use old-fashioned eavesdropping to obtain security information. Classic incidents of social engineering include impersonating an IT staff member and asking for
a user's password over the phone (always verify such callers' identity & position somehow, perhaps by calling them back or calling the supervisor of the department they claim to be from).
As our culture becomes more dependent on information and information technology, social engineering may become the greatest threat to security systems. Education is necessary to counteract social engineering attempts, including educating people about the value of information, training them to protect it, and increasing awareness of how social engineers operate.
Identity theft is a crime in which the perpetrator obtains key pieces of personal information in order to impersonate someone. The
information can be used to obtain credit, merchandise, and services in the name of the victim, or to provide the thief with false credentials.
To prevent identity theft, experts recommend that you check your credit report regularly, follow up with creditors if your bills do not arrive on time, destroy unsolicited credit applications, and don't provide personally identifying information (particularly your Social Security Number) in response to unsolicited email or calls.