Q. How do I obtain virus protection software?

University Technology Services provides TrendMicro Office Scan (Windows-users) and and McAfee Virex (Macintosh) products for FREE distribution to faculty, staff and students. Students living on campus will be prompted to install virus protection on their computer when they first connect to the USC Network. You should download this from VIP. Login and click on Technology. From there, click on Software Distribution and choose the appropriate antivirus software. Instructions and information about virus protection can be found at http://www.uts.sc.edu/virus. 
 

Q. Where can I find more information about security @ USC?

For information about security, please visit http://security.sc.edu 

For information about protecting your identity, please visit http://www.sc.edu/identity 

Q. My computer or disk seems to have a virus. What should I do?

Contact the University Technology Services Help Desk at http://helpdesk.uts.sc.edu or 777-1800.

Q. Where can I find out if a virus that I hear about is real or a hoax?

Go to the Virus and Net Hoaxes section of the University Technology Services Virus Information Center at
http://uts.sc.edu/virus/virus.shtml

Q. Where can I find out what kind of Network Security is provided to users on the USC Network?

You can visit USC’s Security web site at http://security.sc.edu/.

Q. I received an e-mail that looks official and urgent! It even claims to be from "some_official_office@sc.edu"! It is asking me to submit personal information such as passwords, credit card numbers, VIP pin number and/or social security number. Is this a legitimate request? What should I do?

Never give anyone this information via e-mail - even if it seems official. Never click on any of the links found in such e-mails. Never open any of the attachments in such e-mails. Simply delete these e-mails. If you are still unsure about what to do, ask your local network manager or computer help desk for further assistance.

Q. I received an e-mail that claims to be from ebay, Citibank, paypal or some other organization/person that is asking me to login to their site to reset my account information. They were even nice enough to provide me a link in the e-mail! Should I?

Absolutely not. This is commonly known as a “phishing” attempt, and it’s goal is to get you to voluntarily disclose your passwords, credit card numbers and other sensitive, personal information. The link provided in the e-mail will *not* send you to the legitimate vendor site. Instead, it will send you to a look-a-like site. The following links provide more details on phishing:
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm 
http://antiphishing.org/

Q. I received an e-mail that looks like the one below... what do I do? What does it mean?

Warning: This message has had one or more attachments removed
Warning: (email-info.zip).
Warning: Please read the "VirusWarning.txt" attachment(s) for more information.

To safeguard your email account from possible termination, Please follow the instructions in the attached file.

----------------------------------------------------------------------
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "email-info.zip"
was believed to be infected by a virus and has been replaced by this warning
message for your protection.

NOTE: Email messages directed through University Technology Services guarddog.csd.sc.edu
mail server (mail addressed to Gamecock Email accounts, USC aliases,
and other USC systems using guarddog.csd.sc.edu for delivery) is being
scanned for viruses effective 6/26/02.

If you have questions about this action, please FORWARD a copy of this email with your questions to the University Technology Services Help Desk, HelpDesk@gwm.sc.edu. Alternatively, you can create a ticket via http://helpdesk.uts.sc.edu; please cut and paste the following detail into the error msg field of the ticket along with your comments:

At Sun Apr 12 11:16:29 2005 the virus scanner said:
McAfee: email-info.zip/EMAIL-INFO.PIF Found the W32/Mytob.gen@MM virus !!!

Note to Help Desk: Look on guarddog in /usr/local/MailScanner/quarantine/20050304 (message j6D4lA24014837).

--
Postmaster
http://helpdesk.uts.sc.edu
e-mail: HelpDesk@gwm.sc.edu
777-1800

Q. I tried to send an e-mail to someone with an attachment that I *know* is not infected with a virus, yet the mail system quarantined it! What gives?

Unfortunately, there are circumstances where the mail server will quarantine innocent messages. Any message that is named in such a way as to contain “multiple extensions” will be flagged as suspect and quarantined automatically. This is due to the prevalence of malware using this technique to trick people into opening infected files. For example, we often see infected files named in the following fashion (this is only a tiny fraction of actual file names we see, but serves to illustrate the point):

· document_full.pif
· attach.rar.exe
· email-info.htm.scr
· email-text.pif
· IMPORTANT.txt .exe
· body.htm .scr
· data.htm .exe

To prevent these sorts of attachments from sneaking in to our network before anti-virus vendors detect the latest and greatest malware, we simply quarantine them. This has the unfortunate side effect of also quarantining attachments that are legitimate but named in a similar fashion, like so:

· blahblah.rtf.wps
· blahblah.23mar04.txt
· very-important-dissertation.doc.pdf
· my life work.critical.doc
· my_cool_website-script.html.php
· statistics homework.assignment32.final.xls

Thus, a simple way to work around this limitation is to not name your files in such a way as to contain more than 1 period. If it contains more than 1 period in the name, the mail system will quarantine it.

Q. How can I stop getting so much spam?

Please see http://www.uts.sc.edu/emailservices/spam.shtml for instructions on how to filter your spam.

Also, be aware of the ways that spammers get your address. Here are the top ten ways spammers get their email addresses, according to FrontBridge:

1. Put an email address on a high traffic website.
2. Post or reply to a post on Usenet.
3. Post or reply to a post on a public web-based discussion group.
4. Register the address with a website that goes out of business and sells its email lists.
5. Register the address with a website that sells lists.
6. Subscribe to a porn site with the email address.
7. Reply to an opt-out email or click on an opt-out link in a message. Do NOT reply to a spam message - all this does is verify your address is real.
8. Use an address with a common name that can be easily guessed (e.g. bob@domainname.com)
9. Register a domain name.
10. Post an email address in a chat room.

Here is a web site that describes how to slow down the harvesting of your email addresses:

http://www.ftc.gov/bcp/conline/pubs/alerts/spamalrt.htm

Q. I do not want to receive all of those virus notification email messages, what can I do?

You can use the instructions on the spam filtering site:
http://www.uts.sc.edu/emailservices/spam.shtml 

Instead of filtering on the:

"{SpamScore:*sss"
or
"{SpamScore: sss"

tags, use the: "{Virus?}" tag.

(remove the double quotes)

Q. Who is guarddog.csd.sc.edu and watchcat.csd.sc.edu? I keep getting emails and spam from them.

Guarddog and watchcat are the two load balanced anti-spam/anti-virus machines at the border of our network. The reason emails look like they come from them is that, when a spammer fakes their "From" address and just puts a plain name as the address without any "@somewhere.somewhere" at the end of it, the anti-spam machines automatically tack their machine names onto the end of the name so that the email becomes compliant with email standards.

Q. I want to report this spam/phishing/fraudulent email attempt to someone. Who can I report it to?

The Federal Trade Commission (FTC) Bureau of Consumer Protection is who you are looking for. See the following link to report such emails:
https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01

Q. I cannot connect to a site or machine I was able to connect to yesterday, but I can connect everywhere else. Is it the firewalls?

No, it is not the firewalls. We do not make random changes to the firewalls. If you are still unsure check with your network manager and have them check with your local security contact. They are the ones that can request changes made to the firewalls that would affect your machines.

Q. My manager/chair/supervisor thinks that someone who works with us is spending their work time looking at porn or other non-work related sites on the Internet. Can my network manager or can you monitor their traffic so that we can prove this is the case?

No, this is a felony. University employees do not sign a consent form when they are hired stating that their traffic will be monitored. This would be considered an illegal wiretap. See:

"Interception of Wire, Electronic, or Oral Communications," Title 17, Chapter 30, Code of Laws of South Carolina for further information.