Could Your Office or Home Desktop Computer Be a Security Threat to NIH?

Recent computer viruses and worms taught us a big lesson—an unacceptably high number of our office and home computers were vulnerable to attack because the antivirus software and patches were not up-to-date. Many NIH computers were affected. Remote users—especially those who use Parachute—were hit the hardest. The NIH Help Desk received a record of more than 1000 calls in one day. These malicious attacks underscore the need for all staff to learn what they need to do to ensure that their computers are protected.

Why did this last round of worms and viruses (in particular, Blaster and SoBig) have such a huge impact on everyone—so devastating, in fact, that it shut down the Maryland Department of Motor Vehicles? Hackers adopted a new attack strategy, one that eluded conventional security protections.

Until now, NIH has been able to control the spread of viruses and worms by blocking them at our perimeter e-mail servers or more locally at individual desktops. Unfortunately, this last round of infections attacked Microsoft’s Achilles’ heel—individual desktop machines running Windows that were not up-to-date with the latest antivirus software and patches.

What Users Can Do

What needs to happen to keep NIH secure from this new form of threat?

• At NIH—Efforts have begun at NIH to electronically “push” updates to desktop computers. Be aware that this may require some action on your part. That is, log off but don’t shut down computers on days when local software updates are being performed through your network connection.

• At Home—Note that this type of electronic updating does not work for remote computers. This means that you will need to perform the updates on your home desktop. If you use your home computer for work purposes, you are encouraged to download antivirus software from
  
            http://antivirus.nih.gov/

  Remote users should consider installing a personal firewall if their home desktop is connected to the Internet for extended periods of time (e.g., users of cable, DSL, or high-speed satellite).

Instructions for Updating Antivirus Software

To help users understand how to apply patches and update antivirus software, CIT has developed instructions for updating office and home desktops running Windows operating systems.

• Doing It Yourself—Instructions for acquiring and updating oftware are available on the Web at
  
            http://irm.cit.nih.gov/security/how-to.pdf (139k PDF)

  Included are instructions for programming your computer to automatically update antivirus software and look for new patches.

• Getting Help—Non-technical folks who would rather not "do-it-themselves" can always get help and advice by contacting the NIH Help Desk at 301-496-4357, or by sending a message to helpdesk@nih.gov. You can also contact your IC's Information System Security Officer. The roster of ISSOs is located on the Web.

We recommend checking for updates for office and home computers (including laptop computers) at least once a week.

Security Is Everyone’s Job

NIH needs your participation to ensure the security of your computer and the information on it. If we are complacent, we are apt to be vulnerable.

Computers without updated patches and antivirus software are a threat to every computer they share a connection with, as well as to the NIH network.

Therefore, we must all work together. Learning how to apply these basic computer skills is a small investment of time that pays huge dividends to you and to all of NIH!