Minimal required IT security measures

A reliable malware removal is not possible from within the infected system. You must scan the infected system with a bootable antivirus system, see tools. To prevent reinfection you should use the same procedure to scan the backup of your personal data before you restore them.

UniMS-CERT suggests to completely reinstall an infected system, because of the fact that you can never be sure if all malware or backdoors have been found and removed. Backup your personal data and format the system partition before you reinstall the operating system from a clean medium (CD/DVD/USB). Please ensure that you use a clean and up-to-date system when creating the installation medium!

The following steps have to be taken if you want to securely use your system in the university network again (cf. the decision of IV-L from May, 6th 2004):

  1. Install the latest security updates for your operating system and up-to-date versions of needed software, e.g. webbrowsers. Enable regular automatic updates for your operating system and your installed software.
  2. Install and enable a firewall software before first connecting to the internet. For currently supported Windows versions the build-in firewall is sufficient (see Windows Security settings).
  3. Install and enable a permanently running antivirus software. When using Windows 8 or newer the build-in Windows Defender is sufficient (see Windows Security settings).
  4. Choose a complex password for your local administrator account.
  5. Create at least one local user who is no administrator.
  6. Never log in as the local administrator for every day work activities. Always use the low-privileged account to open emails or surf on the internet. Otherwise the former steps will be useless!

Please also consider the following points:

  • After cleaning the system you have to change all passwords which have been used on the system, in particular your central password and network password of the university. Old passwords have to be considered compromised and insecure.
  • An antivirus and  firewall software (at present Sophos Antivirus (Home)) is available for free to all employees and students of the university.
  • We recommend to use alternative Internet browsers like Mozilla Firefox or Google Chrome to minimize risks of malicious websites.
  • Malware often abuses vulnerabilities in browser plugins, like Java, Flash, PDF and so on. Make sure that your plugins are always up to date, too.
  • In most cases malware is hidden in downloads or emails. Always be careful when opening such files!
  • People who deliberately distribute malware, spam or the like through their computer possibly make themselves punishable according to German law (§§ 303 a, b StGB Data modification, Computer sabotage) and liable to pay for damages according to § 823 (1) BGB.