Secure Computing

Back up your files regularly

Use the 3-2-1 rule: 3 copies, 2 formats, and 1 other location ("off-site") especially for important files including photos. And do it regularly. If you already have an external hard drive backing up your information, you're partway there. It's best to have online backup solution set up to complement your external hard drive (3 copies) especially if your laptop or other machine and your external hard drive are usually stored in the same place or travel together. Cloud storage like Stanford Box, Google Drive for Stanford, and other cloud storage services are fine for files that don't have sensitive information, but by default, they don't encrypt the data that is backed up and an online backup solution with encryption capabilities is recommended especially if you connect to financial institutions, pay your credit card bills, view your medical information, file your taxes, and other financial, medical, or similar personal activities using your main computer.

One option we recommend for personal use is Crashplan and Stanford students, faculty, and staff can purchase the cloud backup solution at a discount. We are also currently reviewing other options (and their security practices).

Encrypt your machine

Scramble your files so no one else can read them if they have physical access to your machine after you've set up regular backups. For details on how to enable encryption for your devices, see Enabling Encryption on Your Devices.

Run and keep antivirus software up to date

Antivirus software offers real-time protection against viruses. When properly used, such programs can help to prevent malicious attacks and quarantine infected files before they do additional damage to your computer and spread to others on the network.

Stanford offers free anti-malware software for its users through a site license of Anti-Malware for Windows PCs and Macs. To download and install, visit Essential Stanford Software.

Antivirus software must be kept up-to-date to be effective. These programs rely on the latest virus definitions in order to spot the problems. We recommend that you set up your anti-virus software to automatically download updated virus definitions daily.

If you are unlucky enough to get a virus beforeyour antivirus program has a chance to catch it, you can still get help. Update your antivirus software with the latest virus definitions and then run a full scan of your computer. If your antivirus software identifies and quarantines any infected files, you can either delete or try to repair those files.

For more complicated viruses, you may have to manually fix the damage or use a special virus removal tool. If you need help or have questions, you should talk to your RCC.

Install security patches as soon as possible

A software patch is often used to fix a software bug and is usually a piece of code that is inserted into ("patched into") the broken software. Security patches help to remove vulnerabilities from your computer, such as open backdoor ports or other bugs in the operating system. If you do not patch your computer, a hacker can exploit one or more of those vulnerabilities to use your computer to spread viruses, send out spam, illegally serve up copyrighted material, launch denial of service (DOS) attacks against Internet servers, and more.

ITS is now using BigFix via Essential Stanford Software to distribute operating system patches and help keep computers on the Stanford network up-to-date. For more information on this new service and to find out if its the right fit for your computing needs, visit our BigFix FAQ for Residential Students.

In addition to operating system patches, your software applications may also need to have patches installed. Many programs check for updates automatically each time you open them, but you should check with your software vendor.

As with antivirus software, you must continually check for and install critical security patches as soon as they are available. We recommend that you set up your computer to automatically check for and install important operating system updates.

Avoid suspicious emails and the viruses that they could carry

We email all the time with people we've known for a long time as well as people we've never met.

Be careful of attachments, even if looks like it's from somebody you know. Attachments are the main mode of transmission for email viruses. Curious users often double-click an email attachment to open it and they are immediately infected. Subsequently, some email viruses attach themselves to all outgoing messages from an infected computer. So somebody might be sending you a valid email in terms of the text, but they may also be sending you a virus as an attachment. Some viruses hijack the user's address book and send out fake emails, forging the "From" field to appear as if they are coming from people you know. As a result, you should never open an attachment unless you knowit is safe and valid.

Some email programs, such as Microsoft Outlook, can be configured to display email in a "preview pane" or "reading pane." While convenient, this feature usually ends up opening the email attachments -- loading picture files or running executables (programs that are usually named *.exe). Make sure you have an antivirus program providing real-time protection against these sneaky attachments.

Many email viruses try to make their emails look legitimate. You'll also see this with spam. They try to use subject lines like "hello" or "your account" to get you to open the email. Spammers also use these kinds of techniques to get you to give them private information or send money, so even if a message doesn't have an attachment, you should still be suspicious about clicking on links or giving your personal information to an unknown source.

Use good passwords

Your passwords are the keys to your computer and your private information. Don't give out your passwords, make sure they are not easy to guess.

Your SUNetID and password is one of, if not the most, important username-password combination you have. Do not tell your SUNet password to anyone. This includes friends, your RCC, and even boyfriends, girlfriends, spouses, and partners. It is a violation of the Usage Policy to use another person's SUNetID and password or to grant anyone usage of your own.

When choosing a password, you should avoid using words that appear in the dictionary, words or numbers of personal significance that are easily guessable (such as your birthdate), and the longer the password, the better. For more tips on choosing good passwords, visit these suggestions provided by ITS.

Beware of malware / spyware

Sometimes also called adware, it is software that covertly gathers information about you and your computer usage and then transmits that information back to someone using your Internet connection, usually for advertising purposes. Spyware is usually installed without the user's knowledge since it is often bundled with freeware or shareware programs downloaded on the Internet. Spyware can monitor keystrokes, scan files on your hard drive, snoop on other software applications, examine your cookies, install other spyware programs, and perform other actions without your express permission. In addition to the privacy concerns, spyware can also eat up your computer's resources and network bandwidth, causing your computer and/or network connection to be unstable.

Don't give spyware a chance to get onto your computer. Spyware is often bundled with shareware or freeware programs downloaded off of the Internet and during installation, the program will give you a warning or notice about "additional" programs that will be installed (ostensibly for your benefit). Be sure to read all of these warnings and be on the lookout for anything that might be spyware or adware.

Not all software tells you that it is installing spyware. As a result, you should download and install Anti-Malware available from <a href="/%3Ca%20href%3D"">">Essential Stanford Software</a> that will scan your computer and remove any spyware or adware it might recognize. 

Need Help?

Contact your Resident Computer Consultant (RCC).