TTUHSC IT Policies
1.4.22 VIRUSES AND OTHER MALICIOUS CODE
The purpose of this policy is:
- To establish procedures that define the responsibilities for reducing the threat of
computer viruses to TTUHSC computers and networks
- To establish responsibility for overseeing computer virus prevention activities within
TTUHSC, and to establish a reporting mechanism to ensure all appropriate personnel
are contacted in case of a computer virus incident
- To promote awareness of the threat posed by computer viruses to TTUHSC students, faculty,
staff, and to ensure that virus protection software and procedures are properly implemented
and utilized on a regular basis
Due to the collaborative nature and sensitivity of the work performed at TTUHSC, all
Institutional computers must have the institutionally provided antivirus software
installed. Users’ continued access to the TTUHSC network is contingent on the installation
of institutionally provided antivirus software on all TTUHSC-owned computers. This
virus protection software must not be disabled, bypassed, or modified in any way.
TTUHSC expressly prohibits:
- Development of any form of computer virus with the intent to distribute through the
TTUHSC network or beyond
- Intentional distribution of a virus, regardless of type (nuisance or destructive)
- Intentional creation of false alarms using hoax virus messages
Specific Responsibilities and Guidelines for Virus Prevention
Students, Faculty, and Staff should:
- Understand the risks associated with viruses and preventative measures that can be
- Be aware of and follow the procedures outlined in TTUHSC I.T. announcements (web page
or email), which will be used to communicate warnings of potential computer virus
- Treat nuisance viruses with the same urgency as destructive viruses. Write down the
name of the virus, if provided by the virus detection software.
- Write down any recent unusual computer activities (for instance, unexpected disk access,
error messages, or screen displays) and, if possible, include when these activities
were first noticed.
- Contact the Information Technology Solutions Center when a computer virus is suspected and/or detected.
- Never boot directly from external devices or media until they have been scanned for
viruses. By default, the Institutional antivirus program is configured to automatically
scan all devices upon use. (This is completely done in the background without any
visible disruption to the user.)
- Ensure files received from external sources are clean of viruses prior to use or distribution
and never use or introduce non-licensed software on any TTUHSC computing device.
- Back up critical data (e.g., student/patient/employee information, data related to
Institutional operations, vital mission data, etc.) to a floppy disk or to a drive
on the server (see your Department Administrator or Departmental I.T. Representative
for access restrictions) at least once a week (or more often for more critical data.)
Computer Security Analyst (CSA) is responsible for:
- Isolating the infected computer(s) from the TTUHSC network as soon as possible. Reasonable
attempts should be made to notify the primary user or the system administrator before
disconnecting from the network. Depending on the nature of the virus, this may not
be possible and the I.T. Solutions Center should be contacted prior to disconnecting a computer from the network. The Solutions
Center will coordinate the ITS and networking to minimize any potential risks.
- Identifying and isolating the suspected virus or worm-related file and processes.
Do not power off or reboot computers that may be infected. There are some viruses
that will destroy disk data if the computer is power-cycled or rebooted. Also, rebooting
a computer could destroy needed information or evidence.
- Attempt to halt and/or remove all suspicious processes from the computer. In the
case of a worm attack, it may be necessary to keep the computer(s) isolated from the
network until all TTUHSC computers have been inoculated and/or the other Internet
sites have been cleaned and inoculated.
- Implement fixes and/or patches to inoculate the computer(s) against further attack.
- Notify the ITS prior to bringing the computers back into full operation mode. The
users should also be notified the computers are returning to a fully operational state.
Information Technology Security (ITS)’s responsibilities include:
- Overseeing computer virus protection activities within TTUHSC which include the desktops
and servers, Internet mail gateway, and Exchange Servers. This is done in coordination
with the CSAs.
- Staying current with the latest virus exploits and maintaining attachment filtering
lists through the mail servers.
- Evaluating, recommending, and maintaining virus protection software and/or tools for
use on TTUHSC PCs, servers, and laptops.
- Coordinating any training on virus control required for CSAs and TTUHSC personnel
- Investigating every report of an apparent computer virus infection, and making every
reasonable effort to determine the source of the infection. The Information Security
Officer will keep all affected personnel advised of the investigation.
- Monitoring compliance of virus protection policies.
The CSA and ITS are jointly responsible for:
- Verifying the existence and identifying the type of virus on the user system.
- Coordinating with the anti-virus vendor or other sources on disinfection methods.
- Documenting any recent unusual computer activities (for instance, unexpected disk
access, error messages, or screen displays) and, if possible, including when these
activities were first noticed.
- Ensuring that the appropriate data for the monthly Department of Information Resources virus report is received by the Information Security Officer no later than the second business
day of each month.
Information Technology PC Support/System Support (all campuses) should take the following
- Ensure that virus protection software is installed on every desktop, server, and laptop
computer acquired by TTUHSC before they are made available for use by TTUHSC students,
staff, or faculty,
- Ensure that the virus protection software has loaded a ‘terminate and stay resident’
(TSR) program or service/daemon to constantly monitor for viruses to prevent introduction
to the network,
- Inform the ITS/CSA of new anti-virus installs. This procedure is to make sure the
desktop, server, or laptop can communicate with the anti-virus management server to
- Upon receipt of a notice of a possible virus, clarify the symptoms with the user,
- Verify if there is a virus and if so, report the incident to the ITS/CSA, and
- In the event the virus cannot be removed from the infected computer, the ITS/CSA will
contact PC Support or System Support to rebuild the computer.