IT Express Prepares Dorms for Computer Viruses Employees from IT Express, the campus computing help desk, recently met with student employees of the Learning Resource Center (LRC) who staff the dorm computer labs. The purpose of the special training day was to prepare the LRC for the computer security issues they’ll confront when 4,348 freshmen move into the dorms. “One in four freshmen is likely to have an infected system,” explained IT Express consultant Dan Rackerby (pictured above).

It was an active summer for computer viruses and worms. An unprecedented wave of computer virus attacks on Windows XP, 2000, and NT has debilitated scores of businesses, colleges, and government offices across the nation. The good news is that most of these dangers can be avoided by patching your operating system. The bad news is that many people don’t know they need to get these patches. And one infected computer on the UC Davis network can translate into many more infected computers.

Anticipating the influx of students, faculty and staff arriving on campus this week to log on to the network, IT security staff have determined a direct way to inform people that their systems are unpatched or vulnerable in any way: deny them access to the campus Web applications such as MyUCDavis.

Unsafe computers will regain access as soon as they patch their systems. And a number of measures have been taken to help them with the whole process. Read on:

How to Know if You Need a Patch
Between September 19 and September 30, 2003 all computers attempting to access secure campus

“One in four freshmen is likely to have an infected system”

Web-based applications (i.e., prompted to supply username and password) will be automatically scanned for vulnerabilities and infections. At this time, systems will be scanned for the Windows remote procedure call (RPC) vulnerabilities, which may allow attackers to access files or services hosted on a system, gain control of programs and/or systems, and perpetuate attacks. Computers found to be vulnerable or infected will be denied access until the user patches his or her system.

Additionally, the campus network will be scanned daily for vulnerabilities from September 20 through September 25 in order to identify infected systems already connected to the campus network.

Previous Issue A Decade of Computer Security Issues The Attack of the Worms Campus Works to Repel Network Intrusions Virus Be Gone! How the Campus is fighting Future Outbreaks UC Davis Bookstore Emergency Directive for Computer Vulnerabilities Computer Lab locations IT Express Windows Web site Windows Vulnerability Check

Administrators or owners of systems found to be vulnerable will be contacted and required to update their systems before reconnecting to the network. To further protect computer owners and the campus network, access from off-campus locations to some Microsoft functions, such as Windows domain logins, file sharing, Exchange email and scheduling services will be restricted.

Help for Users Needing Patches
As soon as a computer is denied access, the network will automatically refer the user to a Web page that provides a description of the vulnerability or infection as well as detailed instructions and options for updating his or her system. The Web site will also present direct links to patches for affected Windows systems and contact information to get help installing the patch.

To further facilitate infection prevention and recovery, the campus is offering a free CD that contains the necessary Windows operating system patches and virus removal utilities. The CD will be available at various locations around campus, including the UC Davis Bookstore Computer Shop, MU Information Desk, the Arbor, and IT Express. Faculty and staff should contact their department Technical Support Coordinators (TSC) for further assistance.

For additional information, see the Emergency Directive for Computer Vulnerabilities. Questions about the above measures should be directed to security@ucdavis.edu.