Prairie View A&M University

Malicious Code

1. General

University information resources are strategic assets, which as property of the State of Texas, must be managed as valuable state resources. The integrity and continued operation of University information resources are critical to the operation of the University. Malicious code can disrupt normal operation of University information resources. This procedure is intended to provide information to University information resource administrators and users to improve the resistance to, detection of, and recovery from the effects of malicious code.

2. Applicability

This procedure applies to all University network information resources. The purpose of the implementation of this procedure is to provide a set of measures that will mitigate information security risks associated with Malicious Code. The intended audience for this procedure includes all owners, managers, system administrators, and users of University information resources.

3. Definitions

  • Information Resources (IR): The procedures, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.
  • Malicious code: Software that is designed to operate in a manner that is inconsistent with the intentions of the user and which typically results in annoyance or damage to the user's information systems. Examples of such software include:
  • Viruses: Pieces of code that attach to host programs and propagate when an infected program is executed.
  • Worms: Particular to networked computers to carry out preprogrammed attacks that jump across the network.
  • Trojan Horses: Hide malicious code inside a host program that appears to do something useful.
  • Attack scripts: These may be written in common languages such as Java or ActiveX to exploit weaknesses in programs; usually intended to cross network platforms.
  • Spyware: Software planted on your system to capture and reveal information to someone outside your system. It can do such things as capture keystrokes while typing passwords, read and track email, record the sites visited, pass along credit card numbers, and so on. It can be planted by Trojan horses or viruses, installed as part of freeware or shareware programs that are downloaded and executed, installed by an employer to track computer usage, or even planted by advertising agencies to as in feeding you targeted ads.
  • Owner of an Information Resource: an entity responsible for:
  • a business function (Department Head)
  • determining controls and access to information resources

4. Prevention and Detection:

  1. For each computer connected to the University network, security updates from the manufacturer of the appropriate operating system, and/or application software, must be kept current (e.g., patched and updated).
  2. Where feasible, personal firewall software or hardware shall be installed to aid in the prevention of malicious code attacks/infections.
  3. Email attachments and shared files of unknown integrity shall be scanned for malicious code before they are opened or accessed.
  4. Diskettes and mass storage devices will be scanned for malicious code before accessing any data on the media.
  5. Software to safeguard against malicious code (e.g., antivirus, anti spyware, etc.) shall be installed and functioning on susceptible information resources that have access to the University network.
  6. Software safeguarding information resources against malicious code shall not be disabled or bypassed by end-users.
  7. The settings for software that protect information resources against malicious code should not be altered in a manner that will reduce the effectiveness of the software.
  8. The automatic update frequency of software that safeguards against malicious code shall not be disabled, altered or bypassed by end-users to reduce the frequency of updates.

5.  Response and Recovery:

  • All reasonable efforts shall be made to contain the effects of any system that is infected with a virus or other malicious code. This may include disconnecting systems from the network or disabling email accounts.
  • If malicious code is discovered, or believed to exist, an attempt should be made to remove or quarantine the malicious code using current antivirus or other control software.
  • If malicious code cannot be automatically quarantined or removed by antivirus software, the system shall be disconnected from the network to prevent further possible propagation of the malicious code or other harmful impact. The presence of the malicious code shall be reported to Information Technology Services by contacting the Helpdesk at 936-261-2525, so that they may take appropriate actions in removing the malicious code and protecting other systems.
  • Personnel responding to the incident should have or be given the necessary access privileges and authority to afford the necessary measures to contain/remove the infection.
  • If possible, identify the source of the infection and the type of infection to prevent recurrence.
  • Any removable media (including diskettes, mass storage cards, etc.) recently used on an infected machine shall be scanned prior to opening and/or executing any files contained therein.
  • Information Technology Services personnel should thoroughly document the incident noting the source of the malicious code (if possible), resources impacted, and damage or disruption to information resources, and bring the matter to the attention of PVAMU administration.
All content ©Prairie View A&M University2012
All rights reserved.