Protecting your Computer

Passwords

Setting a strong password for all user accounts on your computer is crucial. Lack of a password, or the use of a weak password, could result in invasion of your computer by spyware, trojans and other malware, subjecting it to manipulation and possible data theft.

Protect your computer with a strong password according to the following basic guidelines:

  •  The password should be changed frequently
  •  Do not give over your password to ANYONE
  •  Do not write down your password near your computer
  •  Do not store your password in a file in the computer
  •  Do not share the same password with other accounts on the computer or with other accounts (such as mail account)
  •  Password should contain at least 6 characters
  •  Password should not be based on a dictionary word, on a reversed word, or on common names
  •  Password should contain enough different characters
  •  Password should not be too simplistic or systematic
  •  Password should not resemble the username, full name or ID number
  •  Create strong passwords that you can remember: The easiest way to create a strong password that you won't have to write down is to come up with a sentence. Use the first letter of each word of the sentence and use a combination of upper and lowercase letters, numbers, or special characters that look like letters.

 

Security Updates

Regular updating of Microsoft Windows and other software such as browsers Office products is a critical factor in protecting your computer against hacking. Make sure the system updates automatically. 

 Windows 8   Windows 10

MIcrosoft provides two sets of updates for a Windows 10 computer. The first set of updates are security updates and are ususally distributed once a month.  The second type of updates are called feature updates.  These are usually distributed once every six months.  Security updates are only delivered to computers that have received one of the last three availabe feature update.  

 

Firewall

Windows systems 7 or higher have a built-in firewall program. In general this program is activated by default. To ensure that your firewall is activated look at the instructions below:

Windows 8   Windows 10

 

Safe Internet Browsing

  • Avoid as much as possible downloading free software from the network. There are free software that contain bots and spyware content.
  • Do not click buttons or links in pop-up windows even if the window looks like a Windows error message. Pop-ups, Trojan horses, viruses, and spyware can take over your computer.
  • Be very suspicious when it comes to providing personal information and e-mail addresses on Web sites, make sure that the site is valid and secure (SSL), and make sure the SSL certificate is not fake or self-made.
  • Avoid adding plug-ins to your browser as much as possible.
  • Do not install any other browser add-ons, such as icons, buttons, easy access to search engines, or any module that changes the original form of the browser.

 

Anti-spam

What is spam and who are spammers?

Spam is a problem for anyone who gets mail. The word "spam", in the context of e-mail, means mail that has not been given consent to be sent by the recipient. In addition, mail is sent as part of a collection of messages that all have the same content. Mail is considered spam if it is sent without the recipient's consent and as part of a large collection of messages. If you've sent or received an e-mail message, you'll probably also receive spam known as spam. Spam is a profitable business for its senders: it is cheap to send messages in millions or billions of messages, even if a small percentage of recipients will buy something in response to a message.

 

How do they get my address?

Through newsgroups and chat rooms, mainly through large sites. There are millions of websites that contain e-mail addresses. These pages are scanned by the spammers.

Through sites that are specifically designed to collect e-mail addresses by encouraging users to register to the site and by doing so the data on them are collected. The most common source of e-mail addresses is the search for "dictionaries" of mail servers of e-mail storage companies.

 

The University's Spam Filter

The university uses a server-level anti-spam filter, which eliminates the need to install and update anti-spam software on any computer. If you did not receive mail that you expected, it may be on the Quarantine list. We keep suspicious messages in the "quarantine" for one week. If you have not received the expected mail, please send mail to infosec@savion.huji.ac.il.

 

Filtered outgoing messages

The university also checks for spam in outgoing mail. Here are some tips on how your mail will not be considered spam:

  •  Do not send the message to many recipients. The number of recipients must be limited to 200.
  •  If you send the message via Webmail, you will not be able to send the message from an address other than @ ... huji.ac.il
  •  When working with a web interface, you must disconnect by clicking the Disconnect button or link before closing the browser
  •  Do not use many colors and decorations in the message.
  •  The clock on your computer should be synchronized to the correct time. Messages sent from out of sync computers are considered suspicious
  •  If you have trouble adjusting the clock to daylight saving time, see: Setting daylight savings time

 

Antivirus

Any mail that arrives at the university mail is scanned for viruses. When a virus is detected, the attachment is thrown and the rest of the message is sent to the recipient with a new attachment that contains a message from the antivirus of the university gateway. File extensions: Files that are attached to the mail and have the following extensions: .exe, .rar, .pif, .vbs, .scr, .cmd, .bat are blocked by most e-mail programs. If you still want to send mail with a file with one of the above suffixes, perform a zip operation first and only then send the mail.

 

Phishing

Phishing is a deception attempt that is designed to steal your personal information. In phishing scams, predators try to obtain personal information, such as credit card numbers, passwords, account details, and other details, by misleading customers to fill their personal details with fake emails. Phishing scams can be obtained online via spam messages or pop-up windows.

Notice the following example - it is real, and it was sent to university researchers. In this example, we try to "catch" the user's passwords by sending an e-mail on behalf of the faculty’s computer unit:

From: administrator@agri.huji.ac.il mailto: administrator@agri.huji.ac.il]

Sent: Tuesday, June 07, 2005 12:52 AM

To: user@agri.huji.ac.il

Subject: Security measures

Dear Valued Member,

According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons. http://www.agri.huji.ac.il/confirm.php?email=tripler@agri.huji.ac.il

Thank you for your attention to this question. We apologize for any inconvenience.

Sincerely, Agri Security Department Assistant.

 

Safety Rules:

  •  Do not give any personal information. If a suspicious email arrives in your mailbox please forward the message as an attachment to infosec@savion.huji.ac.il,
  •  You should update your browser. If you enter a link from a suspicious email, the browser can alert you of dangerous sites, thereby preventing your entry.