Spam filtering software
This is particularly useful when traveling or using someone else’s computer. UW’s email system, Exchange, is accessible from any computer with a Web browser at http://exchange.uwyo.edu. You will be prompted for your username and password to access your email account. (ASUWLink mail is also available at http://webmail.uwyo.edu.)
SPAM has grown into a massive problem – not just at UW but nation-wide. Studies estimate that SPAM represents between 40 and 60 percent of all email. The SPAM problem is a difficult one to solve. Although SPAM filtering software is well-developed, even the most sophisticated software occasionally misreads some legitimate messages, treating them like SPAM.
Information Technology has been reviewing various software alternatives that can help reduce the flow of SPAM into the campus community. Based on available support, features and cost, an IT Anti-SPAM committee has chosen PureMessage, from a company called ActiveState, to help curb the SPAM that plagues university email boxes. PureMessage is currently being implemented and will soon be available.
PureMessage applies a series of tests to each incoming message, determining the likelihood that a particular message is SPAM. Mail with a certain probability is “tagged” with some variation of the word SPAM in the subject line of the original message. Users can do one of two things: (a) use the filtering rules offered by the email application (Outlook, for example) to direct tagged messages to a separate folder or (b) sort email by subject to gather the tagged messages together for quick review and deletion. See www.uwyo.edu/spam for specific tagging information and assistance with the creation of filtering rules.
For now, PureMessage simply tags suspected SPAM and then delivers it to your inbox. In the future, alternatives for managing SPAM may include quarantining suspected messages to a unique location on the central Exchange email server or allowing users to set their own SPAM preferences. Users may opt-out of SPAM filter-tagging by emailing firstname.lastname@example.org.
Information Technology strongly encourages Windows users to install the security patch recently released by Microsoft – patch MS03-026. Microsoft issues security patches on a regular basis. Users should apply security patches whenever they are announced. The MS03-026 bulletin is of special concern because of a problem, or “exploit,” in the software that allows remote users to obtain full access to your computer. MS03-026 fixes this exploit.
The MS03-026 exploit itself is not detectable by antivirus software. However, antivirus software may detect the worms and viruses that take advantage of the exploit. Often, such worms and viruses pose severe threats because they do not require any user interaction to cause infection. Moreover, such worms and viruses can spread rapidly. The recent “W32.Blaster” worm that used the MS03-026 exploit was detected on campus by TrendMicro’s OfficeScan antivirus software. OfficeScan runs on most UW desktop systems, but it may not always offer adequate protection. To prevent future infections, either by direct infection or through a worm or virus that uses an exploit, it is critical to keep your computer updated with the most current patches. Unpatched systems are vulnerable to worms and viruses, which threaten the university’s network and could destroy all of your computer’s data.
Because of firewall restrictions in place at UW, the MS03-026 vulnerability remains relatively safe from off-campus attacks. That said, on-campus systems can still become infected by a variety of means. For example, an infected laptop or infected home computer can spread viruses to the campus network while connected through Virtual Private Network (VPN) services. Once an on-campus system becomes infected it can launch attacks and infections against other computers on the UW network. This occurred with the recent MSBlaster worm. The firewall restrictions blocked off-campus Internet attacks but on-campus computers still became infected.
Please see www.uwyo.edu/infotech/aboutit/newsletter/fall2002.htm#protect for information about patching Windows systems, as well as other suggestions for making your system more secure. Contact the IT Help Desk at 766-4357 (6-HELP), option 1, for assistance with any security questions. Your data and security are a top priority.
Further details of the MS03-026 exploit can be found at www.microsoft.com/security/security_bulletins/ms03-026.asp and in the Exchange email sent from Information Technology on August 15, 2003: www.uwyo.edu/infotech/aboutIT/stories/MSBlast0803.htm.
The Student Information System (SIS) at UW is a mainframe-based application that was originally installed in the 1980s. Although IT has upgraded the SIS application and it remains stable and supported by the vendor, SCT, only sixteen other universities continue to use it. As the system ages, its flexibility in adapting to the ever-changing needs of the university decreases. The system’s older technology and limited customer base raise concerns about its capacity for being upgraded and on-going vendor support.
Meanwhile, the industry of student information systems continues to advance. The products available now can do much more for the campus than our current SIS system. In order to meet the ever-growing needs of students, staff and faculty and to be able to implement the changes to institutional processes dictated by the ever-changing higher education environment, UW has decided to replace the SIS system. The replacement process has already begun with a thorough review of available products, comparing them to the university’s needs. A new system will give UW the benefits of an integrated database that includes more university departments and organizations and can provide a more convenient "one-stop-shop" approach to student data management.
Earlier this year, the executive SIS Visioning Team tasked the SIS Development Team to develop and detail the requirements for a new system, document and streamline processes, identify potential vendors and request proposals (RFPs) from them, analyze the resulting proposals and recommend a new system to the president and board of trustees.
Three vendors received the request for proposals: SCT, PeopleSoft, and Oracle. Oracle decided not to participate. SCT and PeopleSoft sent representatives to campus July 24–25 to meet with functional and technical users and clarify requirements. SCT then returned to campus July 29–31 to demonstrate its products, including the core Banner Student module and Luminus portal product. PeopleSoft’s demonstration, from August 5–6, included its core Student Administration product and the PeopleSoft Portal. The visioning and development teams found both vendors’ demonstrations helpful. August 15 was the deadline for vendors to submit their responses. In the coming weeks, the development team will evaluate the proposals and contact the companies’ references, ultimately recommending one product, along with next steps, to the visioning team, the president and the board of trustees.
For details on the project to replace SIS, please see www.uwyo.edu/newSIS. The site is updated regularly to keep the campus informed of plans and decisions made by the development and visioning teams. If you have questions regarding the project, please contact Daniel Ewart, director, IT Department of Information Systems, at 766-4866 or email@example.com.
This summer, Information Technology installed wireless gateways and Virtual Private Network (VPN) services on the UW wireless network (also know as “WiFi” or “802.11”). These additions make the system more accessible and easier to use, and they provide better security. The wireless gateways provide user authentication by prompting users for their UW username and password. The VPN services allow users to create VPN connections that will encrypt their data, thus keeping it from being seen or intercepted by other users (for a description of VPN see www.uwyo.edu/infotech/aboutIT/newsletter/fall2002.htm).
Despite these changes, the Lightweight Extensible Authentication Protocol (EAP/LEAP) will continue to function as usual. Users who don’t use EAP or LEAP can be authenticated for wireless access by opening a web browser and entering their UWYO or UWSTUDENT username and password. (Note: If you haven’t yet authenticated with the wireless network, the wireless system will present you with a specific web page whenever you try to use your browser). MAC addresses will no longer be authenticated.
The Central Student Fee Committee (CSFC) made a large contribution to help bring this central solution to university students, faculty and staff. Recently CSFC placed wireless logos in campus locations where the CSFC provided the funding for wireless access. CSFC funded wireless access points are located primarily in study areas and other areas that emphasize student access.
New wireless access points funded by the CSFC include the Geology Library and atrium, the Fine Arts open-study areas and lobby, the student congregation (vending) areas in Engineering on all four floors, the Animal Science lobby and study area, the first-floor study room in Business and the student lab and library in Hoyt Hall. For up-to-date information on the UW wireless service, including instructions, maps, security, plans, locations and more, please visit www.uwyo.edu/infotech/wireless.
Information Technology has implemented a number of new systems and network configurations intended to help make university computers less vulnerable to hacking attacks and viruses. During the past year, IT has installed Virtual Private Network (VPN) services (www.uwyo.edu/infotech/vpn), intrusion detection systems and virus checking for email. IT has also blocked all Internet access ports (IP ports) typically used by hackers and has put into effect several other appropriate restrictions.
More recently, IT installed a hardened network firewall between the Internet and University of Wyoming’s internal network. A hardware and software device that protects an internal network from external attacks, the firewall protects the internal network by assigning computer (IP) addresses to devices inside the network. The assigned "inside" addresses are not accessible from outside networks. The firewall provides campus users with connections to the outside by translating the inside addresses into addresses that are accessible from the outside.
Since May, IT has connected the Residence Halls’, Bureau of Mines (WRI) building’s and the new University Annex’s (the old Farm Bureau building) networks behind the firewall. During the next few months, the networks in all remaining campus buildings will be placed behind the firewall.
Moving a building’s network behind the firewall requires that all computers in the building be assigned and configured with new IP addresses. Most users simply need to reboot their computers on the date their network is moved. Servers that require public access from off-campus require additional reconfiguration after being moved behind the firewall. Complete details, including a schedule for each building, are at www.uwyo.edu/firewall.
In order to make the campus network more secure, IT must balance the benefits of stronger security with the inconveniences of new security measures. Whenever possible, IT will implement changes gradually and notify network users in advance. Some situations, however, may require the immediate implementation of blocked or restricted network access.
No firewall is perfect. For this reason, IT asks that you keep your desktop, laptop and any departmental servers properly updated and patched. This often requires frequent updating of your computers. And, no matter how secure the UW network, keep in mind that your computer is always vulnerable to attacks from other computers on campus and computers that have remote access to the UW network.
During the summer, IT implemented a new communications technology on campus. Telephones equipped with voice over internet protocol (VoIP) were installed in the recently purchased Farm Bureau Building (now the University Office Annex). VoIP telephones offer essentially the same services as conventional “wired” telephones. The difference? VoIP phones don’t require wire running from each telephone set all the way to the central telephone switch. In other words, VoIP telephones can function anywhere an Ethernet data jack is available. Sharing a computer connection, they function over the university’s data network.
IT had been testing VoIP for approximately a year. Deployment of the technology on campus was accelerated when it became apparent that underground conduit (for copper twisted-pair cable and optical fibers) could not be installed in the Farm Bureau Building in time for the university’s move-in date. Instead of installing optical fiber and twisted-pair cable to connect the building to the campus network, IT installed a gigabit wireless Ethernet system (with a 10-Mbps wireless system for emergency backup). Because twisted-pair cable was not available, VoIP data technology became the obvious solution for telephone services.
VoIP telephones offer many benefits over wired telephones. A VoIP telephone can easily be moved from office to office (or even used at an Ethernet connection off campus), whereas a wired telephone needs to be physically re-wired in each new location (due to emergency 911 requirements, VoIP telephones will still need to be centrally registered prior to being moved).
Moreover, VoIP telephones will soon be available for connecting laptop computers to the phone system. Known as a “softphone,” these computers, used in conjunction with VoIP software, can be used remotely as telephones. Effectively, the laptop becomes the user’s telephone, appearing as if it were located on campus. VoIP telephones open a world of opportunities for home office use and frequent travelers.
Associated with the VoIP telephone service is a new voicemail system called “Unity.” The Unity system allows users to choose either a standard voicemail account, with features similar to the current Meridian voicemail system, or a Unified Messaging enabled account, which allows for advanced features including the integration of voicemail (vmail) with Exchange email.
With Unified Messaging, Outlook users will be able to retrieve both email and vmail
from their Outlook inbox. A vmail message appears as an attachment in the Exchange
email account. Vmail message attachments can be played over the computer’s speakers,
or directed to a VoIP telephone set. Just like email messages, vmail messages can be
forwarded and saved in an Outlook mailbox folder or .pst file.
Due to network restrictions and cost, VoIP telephones are currently available only in the University Office Annex. At present, Unified Messaging is only available to VoIP telephone users. However, in coming months IT plans to integrate the Unity and Meridian voicemail systems. At that time, Unity Voice Mail and Unity Unified Messaging will be made available to all campus users.
Do you have a printer that’s jamming or needs cleaning, a keyboard with keys that stick, a monitor that has a fuzzy picture, or a PC that won’t power up? Is anything keeping your PC or related equipment from working like it should?
Client Support Services now has a convenient way for users to request repairs,
installation, estimates or advice about whether to fix or replace computer components.
It’s easy to do. Go to
Your request will be submitted to the Help Desk and forwarded immediately to either the PC Maintenance or Apple Maintenance group where staff will make arrangements for diagnosis or pickup of the problematic equipment.
Many users enjoy access to their favorite music via the Internet. However, it is illegal to have and share unlicensed copyright protected material on university computers, including music, videos and software. The University of Wyoming does not track or monitor the activities of music and movie file sharing. But, the university does receive regular notifications from both the Recording Industry Association of America (RIAA - www.riaa.com) and the Motion Picture Association of America (MPAA - www.mpaa.org) of suspected copyright violations. Complaints regarding suspected copyright violations are reviewed by the IT Security Office. Legitimate complaints result in having the computer with unlicensed copyright material being disconnected from the university’s network. The computer will remain disconnected until its user can demonstrate the copyright-protected material has been removed.
The RIAA, MPAA, and other software companies’ representatives have recently begun collecting evidence and preparing lawsuits against those who offer music or movies online illegally and against those who store unlicensed software on their computers. See www.riaa.com/news/newsletter/062503.asp and www.mpaa.org/anti-piracy for additional information. IT strongly advises users not to share copyrighted materials and to remove any unlicensed material from computers on the university’s network.
spyware (def.) –
Software that sends information about your Web surfing habits to its Web site. Often quickly installed in your computer in combination with a free download you purposefully selected from the Web, spyware, also known as “parasite software,” transmits information in the background as you move around the Web.
The license agreement that most everyone accepts without reading may clearly
indicate what the software does, or it may not. It may state that the program
performs anonymous profiling, which means that your habits are being recorded, but
not you individually. Such software is used to create marketing profiles; for
example, people who like Web sites that feature product “A” often go to Web
sites that feature product “B” and so on.
Have you seen this line at the bottom of some email messages? “Upgrade Outlook® Add Icons to your Email.” Often, these “advertisements” are accompanied by cute smiley-face characters dancing around on your screen. You might think twice before choosing “Click Here!” This is HotBar, and it is spyware.
What Is HotBar?
Hotbar is an application that enhances email and web browsers, while recording information about the person using the application. It supplies animations and backgrounds for email and allows the design and transmittal of e-cards from the mail program. It adds “smart buttons” to the browser and allows the browser skin, or wallpaper, to be changed to a variety of pleasing images.
Spyware “watches” your surfing habits
HotBar may be bundled with free software, or it may be advertised through junk email that claims to provide an upgrade to Microsoft Outlook. Visiting some web sites may result in an attempt to download and install HotBar. Even if “no” is selected on the download popup, HotBar will continue to install. If HotBar’s toolbar is not removed from the View/Toolbars menu, it will add buttons on the left-hand side of the browser that lead to advertisers’ sites. These are often competitors of the site being visited. Even when the toolbar is disabled, HotBar continues to gather information about sites you visit and from on-line forms you complete. HotBar has a silent update feature that downloads updated software without your knowledge.
What do you really get?
HotBar collects your personal information, including the full URL of visited web pages, your IP address, the date and time for each page viewed, information about any advertisements shown on the HotBar website, your browser type and version, and your operating system and platform. It also transmits cookies to your computer so it can track the pages viewed on the advertiser’s website. Personal information that you provide voluntarily is also collected.
Our review indicates that HotBar does acknowledge that it collects personal information such as names and email addresses, but it says it stores them separately, and does not correlate or link them directly with the other data it collects. It also claims not to use personal information to determine which advertisements and buttons to display.
HotBar indicates as well that it won’t sell, rent, or disclose personal information to outside parties without your express consent unless they believe, in good faith, that such release is reasonably necessary to comply with law or law enforcement or apply the terms of their user agreement.
How can HotBar be removed?
HotBar can be removed by using the complete uninstaller available on HotBar’s site at http://hotbar.com/downloads/HbUninst.exe. The deletion can also be done by using Add/Remove Programs in the Windows Control Panel. Then, see www.safersite.com/PestInfo/h/Hotbar.asp for a list of other files and registry entries that must be removed manually. This type of removal is not recommended for inexperienced users.
Software Assurance Renewal Window
The University of Wyoming's new Microsoft Select License 6.0 became effective Aug. 1, 2003. This means that users who have Software Assurance for any licensed Microsoft product—including FrontPage, Project, Publisher, Visio, VStudio.NET, and server software— should consider renewing it. Once renewed, it may be upgraded at no additional cost for the term of the new Select License 6.0 agreement, which is three years (until summer 2006). Please see www.uwyo.edu/InfoTech/aboutit/news/newsletter/2003/03spring.asp#sa for additional details.
Users will have until October 30, 2003, to renew Software Assurance. Users who allow their Software Assurance coverage to lapse must acquire the “License & Software Assurance” new bundle. Users may not purchase Software Assurance for products that were previously paid for but not enrolled in Software Assurance.
For a listing of all Software Assurance licenses and pricing, see www.uwyo.edu/InfoTech/Services/software/select/. Please address IDRs to Information Technology and include the user’s full name, username, item name for the software license, and the part number of the software license. Please send the IDR to Lynette Chance, Information Technology, Client Support Services, Ivinson Building, Room 140.
What Is Microsoft Select License 6.0?
Information Technology manages and administers two Microsoft licensing agreements—
Campus Agreement 3.0 and Academic Select License 6.0. Campus Agreement allows UW
faculty and staff to install or upgrade to the latest versions of Office
Professional® for Windows and for Mac over the term of the agreement. For no
additional cost departments may upgrade the Windows operating system.
Microsoft Select License 6.0 is effective August 1, 2003, through July 31, 2006.
For a complete listing of all Microsoft Select License 6.0 products and pricing, see www.uwyo.edu/InfoTech/Services/Software/select/. Prices and availability are subject to change without notice. Submit an IDR to Information Technology following the instructions provided in the previous section.
Every UW employee and student is eligible for a UW computer account. To meet individual departmental needs, Information Technology also provides special computer accounts for such things as occasional outside consultants working on UW projects or for shared use by university faculty or staff. These accounts have the same function as normal computer accounts, including user login, network disk space, and access to network resources. (For a full description of this service and similar alternatives, see the Fall 2000 IT News article, “Email aliases and email lists, generic mailboxes and special computer accounts,” available online at http://www.uwyo.edu/InfoTech/aboutit/news/newsletter/.)
Special accounts are provided when requested by UW departments, faculty, or staff. There is a small monthly fee associated with each account or generic mailbox. Fees are billed to the department’s monthly telecommunications bill. (For a listing of related fees, see www.uwyo.edu/InfoTech/Services/clientfees.htm#Special.) The fee covers the costs of software licenses, server resources, and administration. To request a special computer account, contact your IT User Consultant or the IT Help Desk at 6-4357 (6-HELP), option 1.
In the past, IT has provided departments with a limited number of special computer accounts and generic email accounts for no charge. Although IT is no longer able to offer new accounts of this type for free, all existing arrangements will remain in effect.
There is a charge for UW affiliate accounts. As of July 1, 2004, all affiliate accounts will be billed at the published rates. Affiliate accounts have been under review, as mentioned in previous newsletters and on the Infotech Web.
Human Resources Management System (HRMS)
The implementation of the new PeopleSoft Human Resources Management System (HRMS) is scheduled for this fall. Meanwhile, during the current testing phase of the project, both Human Resources and the Payroll Office continue to enter data into both the old and new systems, compare payroll results between the two systems and ensure that all necessary software, report and procedural changes have been completed.
New federal tax regulations made it necessary for UW to perform an upgrade to HRMS 8.3, a difficult and time-consuming task. In order to install the new tax tables and rules, our HRMS team needed not only a service pack (SP1) software upgrade but also an upgrade for PeopleTools to version 8.19. These updates are now complete. The functional staff, the IT staff and consultants have also worked hard to prepare the system for tracking employee time (Time & Labor), which is being extensively tested at this time.
For anyone who is interested in HRMS 8.3, team representatives are available in Knight Hall, Room 74, from 10 a.m. to noon on Fridays to answer questions, work through issues or provide a refresher on the functionality of the system. Everyone and all questions are welcome.
The PIStOL upgrade to Financials 8.4 has reached a critical stage. A significant number of application “fixes” (software corrections) have been released by PeopleSoft since UW started its upgrade process. It has become clear that many of these fixes need to be applied in order to solve problems that have been identified during the testing process. Unfortunately, the same fixes used to solve certain problems cause other difficulties in properly converting data. UW has enlisted PeopleSoft’s assistance to resolve the problems. PeopleSoft technical and functional experts will be on-site over the coming months to help the UW team develop and implement a detailed plan to successfully work through the upgrade.
For the latest information on the PIStOL upgrade to Financials 8.4 or the implementation of HRMS 8.3, please see “PeopleSoft at UW,” online at www.uwyo.edu/peoplesoft. If you need additional information, please contact Chad Marley, IT Project Manager, at 766-4874 or firstname.lastname@example.org.
On Tuesday, August 19, 2003, a massive flood of email messages with subject lines such as Re: Wicked Screensaver, Re: Thank you!, Re: Approved, and others began arriving in email inboxes across campus (and the world). These email system-clogging messages originated from the SoBig.F Worm. The worm-virus rapidly propagated itself via users’ email address books and quickly became the fastest spreading virus ever.
If an unsuspecting user opened an infected email attachment, the virus would replicate and spread by re-mailing itself to the email addresses in the user’s address book. Using a random email address from the address book, this virus forges or “spoofs” the sender’s email address in the “From” field. The propagated emails appear as if they came from the random email address but were actually sent from the infected user’s email account.
Due to the spoofing component of this virus, many users have received returned, “bounced” or undeliverable messages referring to an email message that did not, in fact, originate from the user. The bounced message is in response to the virus-propagated message that actually came from the person who opened the infected attachment. In most cases, the receiver of the bounced message did not have the virus, but rather it was their email address that had been spoofed when the virus replicated itself. This is especially true for UW users, having received bounced messages even though their computers were not infected by the virus.
The University of Wyoming email servers protected campus users from this virus at the outset of the virus attack. Infected SoBig.F attachments were detected and removed from email messages by antivirus software before reaching campus inboxes. The messages were delivered to UW users, but the virus had been removed from the messages.
The extreme number of virus-created email messages threatened to overwhelm the UW servers and caused delays as the system fought to keep up with deleting the incoming infected attachments. To lessen the impact and eliminate the delay the UW email system was programmed to delete the entire message instead of just the attachment. While this helped to curtail the flood of emails created by this virus, it does not eliminate the delivery of the bounced or undeliverable emails coming back to spoofed email addresses. In many cases, UW users are receiving these messages and believing they sent the infected email. This is not the case. They are receiving the bounced message because their UW email address was the random address spoofed when the virus propagated itself from someone else’s address book.
For more complete information on the SoBig.F Worm, go to http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
The recent viruses and exploitation of the Windows operating system vulnerability
(see Security Update for Microsoft Windows in this issue) have
created the potential for damage to the UW network and UW computers. This potential
has made it necessary for Information Technology to take more aggressive measures to
protect UW’s network. IT is using tools to scan for vulnerable, unprotected and
infected computers connected to the network. When vulnerable or virus infected
computers are found Information Technology may disable the computer’s external
Internet access (computers will not be able to browse off campus Internet sites, but
will still have access to internal UW computer resources). In certain cases it may be
necessary to fully disable the computer from accessing the network. Information
Technology will attempt to forewarn customers when circumstances allow. In severe
cases it may be necessary to immediately remove computers from the network without