EMU Other Services

Computer Spyware and Virus Threats and Access to Inappropriate Internet Sites

Spyware
We have recently responded to reports of virus outbreaks on computers in schools. Upon investigation the problem has proven to be caused by the latest form of a computer nuisance threat, namely ‘Spyware’. This is software that is surreptitiously downloaded onto computers from particular websites and its purpose is to report to a third party somewhere on the Internet, the types of activity undertaken on the computer. Much of this software is innocuous but some is malicious and in some cases can report back details of online banking software passwords etc.

Unfortunately, Spyware is often used as a marketing tool by many legitimate website companies. Many music download and sharing sites are reputed to be a particular nuisance and I have recently observed apparently similar problems with other popular websites.

Spyware differs from another form of surreptitious download onto computers, namely ‘cookies’, in that Spyware is active and sends information back to the originator whereas cookies are passive and a legitimate way of maintaining information on websites that you visit (a form of ‘preferences’ file).

Spyware, Adware, Spam and Viruses
Spyware is the latest Internet nuisance to cause problems for our schools. It was preceded by ‘Adware’ (nuisance ‘pop ups’ advertising goods) and ‘Spam’ – a form of ‘bulk’ unsolicited e-mail advertising goods a nd services. Technically, none of these are computer ‘viruses’ and are not a threat to the computer hardware or software, unlike computer viruses. However, people often refer to them as viruses. They are a threat to personal information and network performance.

Owing to the fact that this is a relatively new and growing problem, not all anti-virus software caters for spyware or adware, and few, if any, tackle spam. Cynics may argue that this is because the vendors can sell a separate product to deal with each separate threat.

The Measures in Place on the Broadband Network Service to Address Spyware, Adware, Spam and Viruses

Computer Viruses
All Internet traffic coming into the network is scanned by a powerful array of fileservers to stop viruses entering the network. Web pages, e -mail and e -mail attachments are scanned by two systems (Trend and Clearswift) and any that are found are quarantined. On average between 400 and 600 viruses per month are stopped.

Although this system will stop most viruses from entering the network, there is always the very small possibility that new viruses that have not yet been identified can get through. This is very rare and the system is constantly updated with ‘fixes’ for new viruses.

It should be noted, however, that this system can only protect against viruses that come from the Internet. It cannot protect against viruses that are introduced to school computers and networks locally, via CDs, DVDs, memory sticks or floppy discs. For this reason all schools must maintain anti-virus software on all of their computers and servers. EMU will advise schools on suitable anti-virus software, also advice and guidance is available on the EMU website.

Spam
The Clearswift software also attempts to trap suspected ‘Spam’. Unfortunately, trapping spam is not an exact science, as spammers use many techniques to evade detection. Occasionally, legitimate e-mail is mistaken for spam and quarantined. A recent report stated that whilst the best anti-spam systems can trap 90% of all spam, the sheer volume of spam means that the remaining 10% still constituted a significant nuisance.

If you suspect that you have not received an e-mail from someone then contact the EMU helpdesk and we will investigate the quarantine list to see if it has been mistaken for spam and trapped, if so we can arrange to have it released.

Adware and Spyware
Currently the broadband network’s security software does not scan for Adware or Spyware. We will investigate the possibility of addressing this when we renew our service contract in September but as this is a relatively new threat, the choice of remedy is limited.

As a short-term measure, schools are advised that there is free software available that can scan for and remove most known Spyware and Adware. A popular product is ‘Ad-aware’ and may be downloaded free from either http://www.lavasoft.de or http://www.tucows.com/preview/236049.html . Regular free updates are available online for this software.

This software should be installed on every PC connected to the Internet.

Microsoft is currently developing software to address this problem also and currently have a ‘beta’ test version, which we are evaluating.

All of the above threats are the result of malicious activity, and the developers of these products go to great lengths to evade detection. All detection software and anti-virus software can only act ‘after the event’, and because of this it is never possible to guarantee 100% protection.

Access to Inappropriate Material
The broadband network has a powerful content filtering system operating called ‘Websense’, which scans all web requests and blocks access to known unsuitable sites. The sites are categorised into categories such as adult, firearms, drugs and alcohol, extreme religious groups and cults etc. Access to known Internet chat rooms is also blocked. Full details of the categories are to be found in the ‘Code of Connect’ document that was issued to all schools (with a page requiring a signature, to be returned to us). The list of blocked sites is updated automatically and
frequently.

Some malicious sites and some pornographic sites seek to evade detection and so as with anti-virus software the detection software acts ‘after the event’; therefore, it is never possible to guarantee 100% protection. Schools should be vigilant and not abdicate this aspect of pastoral responsibility to a piece of software.

Some sites, such as Google, allow a search for images. This can result in unsuitable thumbnail images being displayed. The actual websites should not be accessible. Schools are advised to use the Google ‘Safe Search’ function which can be configured in Google’s ‘preferences’ section, however, this setting is not ‘sticky’ and reverts to the standard search occasionally, so vigilance is required. The same will apply to many other popular search engines.

Occasionally, you may find perfectly acceptable sites being blocked. The ‘Websense’ product is an American one and some cultural differences are evident, for example; we have added blocking to sites selling firearms, we have unblocked sites about the Sikh religion and on one occasion we discovered a religious website used by a school had been blocked, this proved to because the commercial service it was hosted upon was also hosting pornography websites, - of course this was unbeknown to the operators of the religious site.

If you encounter unsuitable websites when using the broadband network, then please report them as soon as possible to the EMU helpdesk and we will arrange to have the site blocked. Likewise, if you find a site is blocked and you feel it should not be, then contact the helpdesk and it will be reviewed and if appropriate, unblocked.

If schools require more individual control over the sites that are blocked then this facility is available via the proxy server located on your network. Contact the EMU helpdesk for further advice. It is anticipated that the newer version of the Websense software, which should be available from September, will allow schools to manage their own blocking lists if they so choose.

The Broadband Sandwell Network and Security
I have stated on previous occasions that Sandwell schools do not have a broadband connection directly to the Internet, they in fact have a connection to a private Sandwell network, and this in turn is connected to a private regional network which in turn is connected to the Internet. The reason for this is to provide a high level of security for schools. The security design of the network was provided by our commercial partner whose expert is a highly qualified security consultant
accredited with HM Government’s GCHQ.

We have very powerful measures in place but it is important that they are used effectively. If you have further queries on this matter or require assistance or advice then please contact me. If you are aware of sites you consider unsuitable and should be blocked then please let us know as soon as possible.