Enhanced IT Security for UCOP

Date: March 28, 2012

To: UCOP Community
From: Shirley Bittlingmeier, Director, IT Infrastructure Services, ITS

Over the past six months, UCOP has seen a significant increase in virus and malware infections of desktops and laptops. Viruses and malware are often encountered when someone clicks on bad links sent in e-mail messages or visits Web sites that secretly install malware on the visitor’s computer.

Generally you can’t know if a link or site is bad before you click on it. Even reputable Web sites, such as a news organization, may host links in ads that take the visitor to malicious sites.

Once a computer is infected, the risk is high that the virus or malware will spread via our network to other UCOP systems. As a consequence, employees lose work time when the TechDesk has to clean and re-image infected computers.

Counter Measures

Information Technology Services (ITS) is taking two steps, starting April 2, to avoid computer infections and reduce down time:

  1. We are replacing our anti-virus software with an improved product. This software continuously scans your computer for viruses and removes them when possible. You should not notice any change from the current process.
  2. We will begin to implement a malware prevention service by filtering desktop network traffic through a server that blocks access to known malicious sites.

Explanation of the Malware Prevention Service

We have run anti-virus software for years but our use of a server for malware prevention is new. With this service, all Internet traffic will be directed through the proxy server, which is run by a respected security company called Trend Micro. The server will quickly scan the sites and files for viruses or malware before you connect to or download them. Trend Micro draws from a continuously updated database of Web sites known either to distribute malicious software or to bypass the proxy server itself. If Trend Micro encounters a known threat, it blocks access to the site or file.

The malware prevention server does not block access for any other reason, such as inappropriate content.

Sample Browser Message When a File is Being Scanned for Malicious Links

security1

Sample Browser Message When a Scanned File Has Been Blocked

security2

What If You Need Access Anyway?
We have piloted the malware prevention service extensively and found it to be very accurate. It should greatly reduce the number of computer infections at UCOP. At the same time, nothing is foolproof. The proxy server occasionally may block a site to which you need access. In this case, contact the TechDesk at TechDesk@ucop.edu and ITS will work with you to try to find a solution.

Privacy Concerns
ITS respects your online privacy and complies with the UC Electronic Communications Policy. ITS staff will rely completely on Trend Micro to scan sites and will conduct no additional review. We do not track or log allowed access to Web sites. We will only log attempted access to blocked sites for a maximum of two weeks for the purpose of managing associated security issues. As a further measure, only two network support staff are authorized to observe UCOP Internet traffic.

Implementation Schedule
The new virus scanning software has already been installed on new Dell computers provided through the Technology Asset Management Program. We will roll out the anti-virus software and malware prevention service to the remaining Windows-based and Apple computers April 2 through May 31, 2012.

Feedback
We believe the anti-virus software and malware prevention service will effectively reduce computer infections and network security risk. Certainly, we will assess the effectiveness of these security measures over time and modify them as necessary. Employees who participated in the malware prevention service pilot have reported that they appreciate the confidence of being able to click on Web links without fear of their computer getting infected. We look forward to your feedback as well.

An FAQ about the malware prevention service is available on the TechDesk website. If you have questions, or notice any problems during the time of the rollout, please contact the TechDesk.