Front Page

Previous Story

Next Story

NIH Record vertical blue bar column separator
Could Your Computer Be a Security Threat to NIH?

By Cheryl A. Seaman

Recent computer viruses and worms taught us a big lesson — an unacceptably high number of office and home computers were vulnerable to attack because the antivirus software and patches were not up-to-date. Many NIH computers were affected. Remote users, especially those who use Parachute, were hit the hardest. The NIH help desk received a record of more than 1,000 calls in one day. The malicious attacks underscore the need for all staff to learn what they need to do to make sure their computers are protected.

Why did this last round of worms and viruses (in particular, Blaster and SoBig) have such a huge impact on everyone? Hackers adopted a new attack strategy, one that eluded conventional security protections.

Up to now, NIH has been able control the spread of viruses and worms by blocking them at perimeter email servers, or more locally at individual desktops. Unfortunately, this last round of infections attacked Microsoft's Achilles' heel — individual desktop machines running Windows that were not protected by the latest antivirus software and patches.

What needs to happen to keep NIH secure? Efforts have begun to electronically "push" updates to desktop computers. Be aware that this may require some action on your part (e.g., log-off but don't shut down computers on days when local software updates are being performed through your network connection). Note that this type of electronic updating does not work for remote computers. This means that you will need to perform the updates on your home desktop. If you use your home computer for work purposes, you are encouraged to download antivirus software from http://antivirus.nih.gov/.

To help users understand how to apply patches and update antivirus software, CIT has developed instructions for updating office and home desktops running Windows operating systems. They are available at http://irm.cit.nih.gov/security/how-to.pdf. Instructions for programming your computer to automatically update antivirus software and look for new patches are included in these directions. Non-technical folks who would rather not "do-it-themselves" can always get advice by calling the help desk at 496-HELP (4357) or by sending a message to helpdesk@nih.gov. You can also contact your IC information system security officer; the roster is located at http://irm.cit.nih.gov/nihsecurity/scroster.html.

CIT recommends checking for updates for office and home computers (including laptop computers) at least once a week. Remote users should consider installing a personal firewall if their home desktop is connected to the Internet for extended periods of time (e.g., users of cable, DSL or high speed satellite).

NIH needs your participation to ensure the security of your computer and the information on it. If we are complacent, we are apt to be vulnerable. Because computers without updated patches and antivirus software are a threat to every computer they share a connection with — including the NIH network — we must all work together.


Up to Top