| University of
Alabama at Birmingham Information Technology |
| IT Home UAB Home |
| Questions & Answers |
 Overview Top
Ten All Question & Answer Documents Request a Document |
|
Email Documentation |
| Data Security |
| After a System Exploit |
Your Computer After a System Exploit
Should your student port be shut down due to an exploit or vulnerability - meaning UAB detected your computer has been hacked or caught a destructive computer virus or worm - the AskIT team may be able to assist you in wiping and "rebuilding" your computer's operating system.
It is advisable to follow these best practices to avoid exploits and protect your computer.
- Install and use good-quality anti-virus software! Set the software to run and update itself automatically. For free anti-virus software, visit www.uab.edu/it/software.
- Backup your files onto removable disk, USB stick or CD, and keep them in a secure place.
- Don't open e-mail attachments you aren't expecting to receive, and never download files from questionable sites!
- Keep copies of all software installed on your computer. Should a serious exploit or vulnerability issue occur on your computer and IT professionals are forced to perform a system wipe, they will need that software to rebuild your system. This includes the installation CDs and the software license number.
- Please feel free to call the AskIT Help Desk at 996-5555 (from an on-campus phone, dial 6-5555) if you have any questions or concerns about protecting your computer!
If you computer is attacked, UAB will be forced to terminate your network service in order to protect the UAB network and its users. Your computer will not be allowed to connect back to the UAB network until a full system scan can be performed and your computer has been cleared. Unfortunately, cleaning a compromised system often requires the entire computer to be wiped out, and then rebuilt.
Here are some things you need to know if you believe your computer has been compromised:
- It's too late to patch your computer by running software updates. Software patches are preventative in nature, so installing a patch after a vulnerability issue arises will not remove the problem.
- "Vulnerability removers" are never a guarantee. Many companies offer such removers; some are even specific to certain kinds of tools used to attack your computer. Think about it, though: if your computer's already infected, can you be certain a removal program will be allowed to work? Are you sure the attack program isn't more technologically advanced than the removal program you're trying to use?
- Same goes for virus scans - don't count on them. Attackers plan on you trying to run virus scans and counter-attack software, and they put tools into their programs to account for this.
- Reinstalling software (including your operating system) over existing software will not help. If there is a program in your computer meant to corrupt any and all software, it will do the same to anything new you install. This is why a complete system wipe is often your only option - the attack software has to be wiped out before anything else can be repaired.
- Don't attempt to backup files on a corrupted computer. If you don't make a regular effort to keep backup files, you can lose a serious amount of work and other data. Attempting to save corrupted files and then opening them on another computer (even if this computer does have updated vulnerability protection) is very risky!!
- Additionally, be suspicious of your most recent backups. You probably don't know exactly when your computer was attacked, so take care when opening or installing any backup files you may have made recently.
- Be prepared to do a complete system wipe. This is the only way to fix a completely compromised system, and the best way to deal with corrupted computers in general. You will have to wipe out all programs on your system, reformat your system disk, and reinstall all programs (Windows, printer software, etc). AskIT can help you with this process! Call 996-5555 for assistance.