Anti-Virus Software for Staff (Windows Users)

All users of computer facilities on the NUI Galway network have a responsibility to follow best practice in avoiding infection by computer viruses, whether you are using University-owned or privately owned equipment.

 

To protect against infection users must follow the steps below:

  1. Install the ePolicy Orchestrator Agent (EPO agent)
    If you are using a Windows computer on the NUI Galway network, you are required to have  the ePolicy Orchestrator Agent (EPO agent) installed. The EPO agent must be installed before installing McAfee VirusScan.

  2. Download and install McAfee version 8.8 
    Suitable for Windows 8, 7, Vista, XP, or earlier 
    Note: Off-campus file download is password-restricted and is available to NUI Galway staff only. 
    Please contact the Service Desk for off-campus password details.

  3. Latest DAT file from the McAfee website  
    Download the latest McAfee XDAT file to the Desktop (Last updated: Monday, May 19, 2014) 
    Go to the Desktop and double click on XDAT download 
    Follow the on-screen instructions to install the DAT file - no restart is required 
    Alternatively go to the  XDAT files section of the McAfee website

  4. Check the SuperDat file version regularly
    Users must ensure that the SuperDat file version is being continuously updated.  
    Do this at least once every month.


    

Anti-Virus Software for Staff (Macintosh Users)

Supported Operating Systems

  • Lion 10.7.x and later
  • Mountain Lion 10.8.x and later
  • Mavericks 10.9 and above
  • Mac OS X server
EPO Installation

Download, expand and install the McAfeeEPO_Agent_OSX.dmg file to install the McAfee EPO agent on your Mac

McAfee Anti-Virus Application

Download, expand and install the EPM210-RTW-1085.dmg file to install the McAfee Anti-Virus Application on your Mac

Installation Instructions for McAfee Anti-Virus Application
  1. The DMG file will download to your Downloads directory on your MAC.
  2. Drag the file to your Desktop
  3. Double click on McAfee End Point Protection (EPM210.dmg) file
  4. You will be presented with a .pkg file. Double click on the file to run it. You may get a message about running the installer. Click Continue
  5. You will be presented with an Endpoint Installation Wizard. Click Continue
  6. Click Continue
  7. Click Continue
  8. Click Agree
  9. Click Install
  10. Enter your Mac password to allow the installation. Click Install Software
  11. The installation will start
  12. Click Close when the installation finishes
  13. You will see the McAfee Shield on the Apple Menu at the top of your MAC
  14. Your Anti-Virus will now begin the auto update process once it is installed.
  15. Then right click over the shield where you will be presented with a number of options
  16. Go to McAfee Endpoint Protection for Mac Console
  17. You will see items such as Last Update, your virus History and Quarantine.
To manually update your AV protections do the following
  1. Go to the Activity menu
  2. Update Now
  3. To scan your Mac, do the following
  4. Go to the Activitymenu
  5. Scan Now

 

Please note that a scan can degrade the performance of the MAC if you are trying to do some work at the same time on your MAC.

If any virus is discovered, McAfee will tell you what it has done. It will either clean, delete or quarantine it.

Malware and Spyware - Phishing


What is Malware?

Malwarealso known as Malicious Software, is software designed to infiltrate or damage a computer system without the owner's informed consent. The term is a portmanteau of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Many computer users are unfamiliar with the term, and often use " computer virus" for all types of malware.

What is Spyware?

Spyware is usually advertising software that gets installed on your computer without your knowledge. Companies use it to pop up advertisements on your computer, track your Internet usage, and gather other personal information about you. These programs are usually not written very well and tend to cause a lot of problems.

Besides invading your privacy, these programs often cause problems with Internet Explorer and other web browsers. If you have a lot of spyware on your computer, chances are that one of these programs has affected your Internet browsing capabilities.

Common Symptoms of Spyware

If your computer is experiencing any of the following symptoms, you might have spyware:

  • Random advertisements that pop up on your computer
  • Unusual slowness of your system
  • Unusual instability in your system (computer crashes more than usual)
  • Odd behaviour in Internet Explorer or other browsers, such as re-direction to search sites that you've never seen, or your homepage has been switched to a different page.

Major Sources of Spyware

The following programs are either spyware themselves or spyware is installed along with the program.

  • KaZaa
  • Gator
  • Morpheus
  • Most web search toolbars (except the Google toolbar)
  • Most pop-up blocking software (except the Google toolbar or built in pop-up blockers in browsers)
  • Download accelerators or managers
  • There are many other sources of spyware. We recommend only installing programs from reputable companies and only if the software is necessary. If a website asks to install software on your computer, always click "no" unless you know specifically what it does.

How do I remove Spyware?

Information Solutions and Services recommends the following spyware detection and removal programs:

What is Spam?

eMail spam, also known as "bulk email" or "junk email," is a subset of Spam that involves nearly identical messages sent to numerous recipients by email. 93% of email address to nuiglaway.ie email address is Spam and blocked by our email security appliances.  eMail which is potentially SPAM is tagged [NUIGspam]. Users can filter [NUIGspam] emails to a separate folder.

What is Phishing?

Phishingis an attempt to fraudulently acquire sensitive information, such as username, password and banking details, by masquerading as a trustworthy organisation or individual in an email message. 

IMPORTANT
 
You should never respond to an unsolicited email requesting personal information. 

How can I protect against phishing messages?
 
Be suspicious of any email with requests for personal information. 
Note specifically that Information Solutions and Services will never send an email asking you to provide us with your password by email. 

If you receive a fraudulent email:

  1. Do NOT click any links 

  2. Do NOT open any attachments  

  3. Do NOT enter any personal details on the fraudulent email or website 

  4. Report the ’phishing’ email to the Service Desk 

  5. Delete the email.

What if I responded and gave my username and password? 
You should change your email password immediately.  Report the ’phishing’ email to the Service Desk 
As your account was compromised you will start to receive a large amount of SPAM emails.  Do not open/reply to any of these emails.  Delete these emails.

ISS Response  
When ISS are alert by an account generating large amounts of outbound email, this usually means SPAM emails

  1. ISS will reset the password on your account
  2. Log on to the account and check the rules. If there is a rule to move all messages as they arrive into Deleted Items, delete the rule.  Usually the SPAMMer creates a rule to move ALL mail to the deleted items as they arrive. This usually delays the users awareness that their account has been compromised and the problem they usually report is that they are not receiving new mail.
  3. Create a new rule to move bounced SPAM to the deleted items folder. This might be based on the subject line.
  4. ISS will ring (if your telephone number is available) and inform you of your new password and the new rule created on your account
  5. A large amount of outbound SPAM emails can sometimes lead to nuigalway.ie emails being blacklisted, depending on the extent of the volume of SPAM.  ISS will follow up with individual service providers to get the block removed.  It can take up to 24 hours for external service providers to remove the block on nuigalway.ie emails

Share Responsibility for Protecting our Community at NUI, Galway

A number of you will have received a recent fraudulent message purporting to be from the NUI Galway "Technical Upgrade Team" or “IT SERVICE webteam” asking for your email login details.

We are all becoming increasingly familiar with the need to protect ourselves against malicious and fraudulent attempts to get us to disclose personal information. Many of you will be familiar with this through your use of Internet banking. On this occasion the fraudsters' objective was to use the University's IT resources to send out Spam on a large scale.

Only a tiny handful of people in our community were unfortunate enough to be deceived by this particular message. However, even this enabled the fraudsters to obtain limited access to our resources. The gaps created have now been plugged.

Despite our best efforts and significant technology investment we cannot guarantee to intercept and block all such messages in future. We have to ask you to share responsibility for protecting our community.

You should be aware of the following key principles:

  1. At work and outside work you should never ever respond to unsolicited emails requesting personal information such as your bank details, your date of birth, or your computer login credentials. 

  2. Remember that Information Solutions and Services will never send you an email asking for your computer password. 

  3. Any "All Staff" email sent by Information Solutions and Services will always be signed off with the name and position of a Information Solutions and Services manager. If you don't know the person or their position then check them out on our website.

  4. In future we will introduce messages from Information Solutions and Services with the words: "Information Solutions and Services / Réitigh agus Seirbhísí Faisnéise". If the message doesn't have this heading then don't trust it. 

ICT Regulations


If you have any queries about these regulations please contact Information Solutions and Services

In support of its mission of teaching and research, NUI Galway provides access to computing resources for students and staff of the University within available resources. Access to the University's computing facilities is a privilege granted to members of the University. The University reserves the right to limit, restrict or extend computing privileges and access to its information resources.

University computing resources are provided to facilitate a person's work as a member of staff or student of NUI Galway and/or for educational, training, or research purposes. Computing or network resources must not be used for any commercial or significant personal use.

Providing a secure, efficient and reliable computing and network system depends on the cooperation of all users who are required to use the resources in a responsible manner, respecting the integrity of the computer systems, networks and data to which they have access.

User Code

No person shall jeopardise the integrity, performance or reliability of the University's computer equipment, software and other stored information.

Users are required to take appropriate steps to ensure the integrity of NUI Galway's Computer Systems. This integrity may be jeopardised if users do not take adequate precautions against malicious software (e.g. computer virus programs).

Users must not undertake any actions that bring the name of NUI Galway into disrepute.

The ability to undertake any action does not imply that it is acceptable.

In particular users are not permitted to use any NUI Galway computing or networking resources for any activity which:

  • Seeks to gain unauthorised access to the resources of other organisations. The user may use approved University links to other computing facilities for which they are authorised. When using external facilities the user must also abide by their rules or code of conduct
  • Adversely affects the operation of NUI Galway computer systems and network or jeopardizes the use or performance for other users
  • Wastes resources (people, network bandwidth, computer)
  • Destroys the integrity of computer-based information
  • Compromises the privacy of users. No user shall interfere or attempt to interfere in any way with information belonging to another user. Similarly no user shall make unauthorised copies of information belonging to another user. Existing norms of behaviour apply to computer-based information technology just as they would apply to more traditional media. Examination of any files on the computer of a colleague is equivalent to examining their filing cabinet. Seeking to find unprotected files on a multi-user system falls into a similar category
  • Creates or transmits (other than for properly supervised and lawful research purposes) any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material
  • Creates, transmits or publishes defamatory material or material in violation of any right of any third party
  • Transmits material in such a way as to infringe the copyright or intellectual property rights of another person or organisation
  • Transmits unsolicited commercial or advertising material
  • Causes offence or discriminates on grounds laid down in current Equality legislation including grounds of age, race, religion, sexual orientation, gender, marital status, family status, disability or membership of the travelling community. Whilst it is possible to send communications which may be offensive, obscene or abusive, such behaviour is not acceptable
  • Conflicts with practices as laid down from time to time by the Director of Information Solutions and Services
  • Contravenes the law of the State (in particular, but not exclusively, the Data Protection Act (2003), the Criminal Damages Act (1991), the Child Trafficking and Pornography Act (1998) and the Copyright Act (1963)(2000)).

Use of Software 

In this context, "software" is taken to comprise programs, routines, procedures and their associated documentation, which can be implemented on a computer system, including personal computers and workstations. Software and/or information provided by NUI Galway may only be used as part of the user's duties as a member of NUI Galway or for educational purposes. The user agrees to abide by all the licensing agreements for software entered into by the University with other parties.

The user undertakes not to infringe any copyright of documentation or software. 
Thus any software, data or information which is not provided or generated by the user personally and which may become available through the use of computing or communications resources shall not be copied or used without permission of NUI Galway, or the owner of the software, data or information.

User Registration and Authentication

In order to use the computing facilities of NUI Galway a person must first be authorised. University registration grants authorisation to use some or all of the computing and networking facilities of the University. During registration, a password will be allocated for the exclusive use of the person registering with the University. Passwords used must adhere to accepted good password practice.

Unauthorised use must not be made, or attempted to be made, of computing or network resources allocated to another person. The user is responsible and accountable for all activities carried out under their username. The password associated with a particular username must not be divulged to another person. Attempts to access or use any user's account, which is not authorised to the user, are prohibited. Such attempts may be in breach of the Criminal Damages Act (1991).

The University requires the completion of a Node Registration Form, available from Information Solutions and Services, for all computing equipment which is to be connected to the University Network. The Head of Department and where appropriate, a permanent member of staff, must sign this form.

Email and Internet Access

The above code of conduct applies in particular to the use of electronic communication facilities provided by NUI Galway. Such facilities are provided to facilitate a person's work as a member of staff or student of NUI Galway and/or for educational, training, or research purposes. Email must not be used for any commercial or significant personal use. Care must be taken to ensure that any file, document or software is not transmitted or copied in breach of copyright or intellectual property rights. If emails are being sent to express personal as opposed to University views, users should put in a disclaimer to that effect in their message.

Rights and Responsibilities of the University

Ownership: All email accounts maintained on the email systems are the sole property of NUI Galway. The University encourages the use of email and respects the privacy of users. It does not routinely inspect, monitor or disclose electronic messages without the users consent. However the Director of Information Solutions and Services or his nominees may access any individual's account, without the user's consent, if required by law or where there is reasonable evidence that violation of law or University policy may have taken place or where failure to do so may hamper the University functioning administratively or meeting its teaching or research obligations. Users will be notified of any such action taken, which is lawful and consistent with other University policies, at the earliest possible opportunity.

Monitoring of Information: Users should be aware that, during the performance of their duties, certain members of Information Solutions and Services staff, who operate and support the electronic communication facilities (email and internet access) need from time to time to monitor transmissions or observe certain transactional information to ensure the proper functioning of the systems. On these and other occasions they may inadvertently observe the contents of electronic communications. Except as provided by law or this policy they are not permitted to hear, see or read the contents of electronic communications intentionally, observe transactional information that is not germane to the foregoing purpose, or otherwise disclose what they have heard, seen or read.

Privacy: On exception to this is when Information Solutions and Services personnel are required to inspect the contents of electronic communications when re-directing or disposing of otherwise undeliverable mail or for transactional records. Such unavoidable inspection is limited to the least invasive level of inspection required to perform such duties. This exemption is subject to the same rule of non-disclosure except in so far as is required, in good faith, to deliver the undeliverable electronic communication to its intended recipient. 
Except as provided above, Information Solutions and Services personnel shall not search electronic communications or transaction logs for violations of law or policy. In the event that Information Solutions and Services personnel discover violations of law or policy in the course of their duties they shall report all such occurrences to the Director of Information Solutions and Services.

Backup of information: All central servers are backed up on a regular basis with a view to speedy and complete restoration in the event of a disaster and as a consequence copies of email files and logs are stored and retained, consistent with the backup policy of Information Solutions and Services which is published seperately.

Confidentiality: Regardless of the level of protection provided for internet communications, confidentiality cannot be assured. Confidentiality may be compromised by: law or policy, including this policy, by unintended redistribution or by the inadequacy of current technologies to protect against unauthorised access. Therefore, users should exercise extreme caution in using internet communications to transmit confidential or sensitive matters. The nature of email is that there is no guarantee of delivery or confidentiality. Therefore the University cannot accept any liability for delivery or confidentiality in respect of any message sent from or to the University.

Routine Monitoring: Staff should be aware that the University keeps logs of all access to the internet via the proxy server for the purposes of analysing statistically the University Internet traffic. Logs include the identifier of the computer accessing the Internet, the identification of the site being accessed and the amount of data being transferred. These logs are kept for one month and are also kept off-line by virtue of our backup policy. Information Solutions and Services may be requested to reveal such logs in the event of the law being broken or by court order.

Individual Information: Information Solutions and Services shall only permit the disclosure of sites accessed by an individual without their consent when required and consistent with law, where there is reasonable evidence that violation of law or University policy may have taken place or where failure to do so may hamper the University functioning administratively or meeting its teaching or research obligations. Such disclosure will be authorised by the Director of Information Solutions and Services. 

Persons who break this code of conduct may find themselves subject to NUI Galway disciplinary procedures and/or criminal procedures.

If you have any queries about these regulations please contact Information Solutions and Services