How to avoid a false sense of security

Even if a PC has up-to-date patches and the latest anti-virus software, and runs a local firewall, it can still be infected. Technical solutions help, but they cannot prevent all security problems. Computer users can help by taking simple precautions. The CERN computer-security team has produced some advice, which is targeted at Windows users, but should be useful for all platforms.

• Do not expose your password. Never use a work-related password for private use and be wary of e-mails, instant messages and chat that request your password, including via web links. This trick is known as phishing (password fishing). If you think your password may have been exposed, change it.

• Lock your screen when leaving your office. Locking your screen prevents others from accessing confidential material. From a Windows PC use [Control] [Alt] [Delete] and select "Lock Computer", or if you have a Windows keyboard, press [Windows] [L].

• Be wary of web links and pop-ups. Some web links and pop-ups can download malicious software, so think before you click. Some pop-ups can still infect your machine even if you click "Cancel" or "No" or close the window with the top-right "X" . On a Windows PC use [Alt] [F4] to close the active window.

• Ensure software downloads respect copyright and licensing. This is for legal reasons and also because "free" versions of copyrighted software can contain Trojan horses, spyware or other malicious software that could infect a PC. Spyware is often included in "free" software and is used to trace your activity and even the data you type, including passwords. Plug-ins may also contain malicious software. If a website requires a plug-in to view it, avoid using it.

• Be aware of social-engineering techniques. Do not click on web links in unexpected e-mails, spam, instant messages and chat. Do not open attachments that you are not expecting.

• Configure your machine to run without administrator privileges. If you accidentally execute malicious software, it can cause less damage if you are running without administrator privileges. As many tasks do not need these, you are recommended to run without them.

• Keep yourself informed of your institute's computing rules. There may be restrictions concerning software for personal use. When computers are used for personal as well as professional use, the chance of infections and other security incidents rises – downloading films, games, music and other personal applications all have risks.

• This is based on an article that appeared in the CERN Computer Newsletter.