Accessibility statement

Virus & malware protection

The term malware is short for malicious software, and is a collective term that includes:

  • Viruses
  • Trojan horses
  • Worms
  • Rootkits
  • Keyloggers

Virus is sometimes used to refer to other malware types. For example, we often hear of "anti-virus" software. However, many anti-virus software packages detect other malware types as well.

It is important to protect your device from malware. Any infected device may be blocked from the network without prior notice to protect other users.

If you have any queries regarding virus and malware protection you should contact IT support at the Library and IT Help Desk:

  • IT Support

Installing anti-virus software

If you have any questions or concerns about viruses or anti-virus software, either on a University owned machine or a personal device, please get in touch with IT Support:

  • IT Support 

Managed Windows Devices

Microsoft Defender for Endpoint is installed and configured on all managed Windows desktops, laptops and classroom PCs. 

Unmanaged PCs and personal devices

Device Staff Students
Windows

Staff Connecting to the University network must be using a supported version of Windows.

Windows 10 comes with Windows Defender Antivirus, which provides real-time protection against various types of malware, including viruses, ransomware, and spyware. It's regularly updated via Windows Update to defend against the latest threats.

Windows 10 comes with Windows Defender Antivirus, which provides real-time protection against various types of malware, including viruses, ransomware, and spyware. It's regularly updated via Windows Update to defend against the latest threats.

 

Mac

OS X will actively try to prevent you from opening files that could potentially harm your Mac and so third party anti-virus software is not required:

OS X will actively try to prevent you from opening files that could potentially harm your Mac and so third party anti-virus software is not required:

Linux Anti-virus software is not required for Linux devices as these are far less prone to malware than Windows devices.


Anti-virus software is not required for Linux devices as these are far less prone to malware than Windows devices.

Android

Google perform their own scans to ensure that the Play Store is kept free of malware.

You can protect your Android device by making sure that the option to install apps from unknown sources is disabled (this is the default on most Android devices).

The following instructions are based on the stock version of Android 5 Lollipop - other versions may differ slightly.

  1. Go to the App menu and select Settings
  2. Select Security
  3. Scroll down until you see Unknown Sources and make sure this is set to Off

The most common reason to enable this option is to install apps from alternative Android app stores. You can't be certain that these app stores check their apps thoroughly for malware, so for security reasons it should be disabled.

There are a number of anti-virus apps available for Android, but we do not recommend installing these.

iOS

Apple perform their own scans to ensure that the App Store is kept free of malware.

There are a number of anti-virus apps available for iOS but we do not recommend installing these.

Using a firewall

As well as up-to-date anti-virus software, you need to make sure that you have a firewall switched on. A firewall will help to protect you against hackers, some kinds of malware, and other malicious network traffic.

Managed PCs

All IT Services managed PCs have their firewall settings configured by IT Services so there is nothing more you need to do.

Unmanaged PCs owned by the University and Home PCs

If you have purchased an anti-virus package (eg McAfee Internet Security, Norton, Kaspersky) this may include a firewall for you to use.

If not, both Windows and Mac OS X come with a firewall pre-installed:

Remember to keep your machine's software up to date

As well as installing anti-virus software, it's important to keep your machine up to date with the latest software patches:

Configuring your plugins

A browser plugin (such as Adobe Flash and Java) is used to run additional content on a webpage, such as videos or web applications, although this is becoming less common with Adobe Flash reaching End of Life (EOL) in 2020. (If you have Adobe Flash player this needs uninstalling immediately) 

It is common for malware to infect a computer by taking advantage of security flaws in plugins. The first step to protect your device is to make sure you install the latest available software updates:

You should also uninstall any plugins that you don't need.

Click to play

For greater protection, we also recommend configuring your browsers to prevent plugins from running in your web browser automatically. This means that if you inadvertently visit a webpage that uses a plugin to distribute malware, you won't be infected unless you choose to run that plugin.

This is sometimes described as 'click to play' - as you have to click to activate the plugin manually. Before activating any plugins you should always assess whether you trust the webpage.

Some recent updates to web browsers enable this function by default, however you should check your plugin settings to ensure no plugin is being activated without your knowledge.

Internet Explorer

Microsoft provide their own guidance on managing your plugins:

Unfortunately it isn't currently possible to enable click to play functionality in Internet Explorer. However you can disable the plugins that you don't need.

Mozilla Firefox

Mozilla provide their own guidance on managing your plugins:

The latest versions of Firefox will also automatically block versions of plugins that are known to be vulnerable, prompting you to update them:

Google Chrome

To enable click to play in Google Chrome you need to ensure that the Let me choose when to run plug-in content option is selected in the Plugin settings.

Google provide their own guidance on managing your plugins:

Safari

By default, the latest versions of Safari will prompt you when you visit a webpage using a plugin.

Apple provide their own guidance on managing your plugins:

If your device is infected...

If you have any questions or concerns about malware, either on a University owned machine or a personal device, please get in touch with IT Support:

  • IT Support 

We continuously monitor the activity on our network for signs of malware. Any infected device may be blocked from the network without prior notice.

Managed PCs

If we detect that your managed PC contains malware we will attempt to take the steps necessary to remove the infection. You will be contacted if there are any further actions that you need to take.

You should contact IT Support if you suspect your managed PC is infected with malware:

  • Contacting IT Support

Unmanaged devices owned by the University

If we detect that your University-owned, unmanaged device contains malware we will contact the Departmental Computing Officer (DCO) of your department and ask them to remove the infection. You will be contacted if there are any further actions you need to take.

You should contact your DCO if you suspect your unmanaged device is infected with malware:

Personal devices

Windows

Windows Defender Offline lets you scan your computer for malware and viruses before the whole operating system loads. It's especially handy when you've got a stubborn malware that's giving you trouble while your system is up and running. Here's how you can use Windows Defender Offline to scan for viruses:

  1. Step 1: Get ready for Windows Defender Offline
    Make sure you disconnect your computer from the internet: Malware tends to spread through the internet, so it's best to disconnect to avoid any further infection during the scan.
  2. Save your work and close all your open apps: The scanning process might need a restart, so it's important to save your work and close everything you've got open.
  3.  Get into Windows Defender Offline
    Open Windows Security:
  4. Click on the Start button and select "Settings" (the gear icon).
    Then, in the Settings window, click on "Update & Security."
    From there, go to "Windows Security."
    Now it's time to access Windows Defender Offline:
  5. In Windows Security, go to "Virus & Threat Protection" from the left menu.
    Under "Current threats," click on "Scan options."
    Choose "Windows Defender Offline scan" and hit "Scan now."
    Start the Offline Scan:
  6. You'll be asked to save any work you have because this process will require a restart.
    Click "Scan" and your computer will restart.

While your computer restarts, Windows Defender Offline will run a scan before Windows fully loads.
The scan might take a bit of time depending on how big your hard drive is and how many files it has to go through.
After the scan is done, your computer will boot back into Windows.
Open Windows Security again and go to "Virus & Threat Protection" > "Protection history" to see the results of the scan.
If any threats were found, Windows Defender Offline will have tried to get rid of them or quarantine them.
Follow-up Actions:

If any threats were found and removed, it's a good idea to run a regular Windows Defender scan after just to make sure your system is clean.

If there were any threats that couldn't be removed, you might want to consider an alternative tool such as

 

Mac OS X

If your Mac is infected with malware, you can make sure that your anti-virus application is up to date and run a full scan. We have compiled a list of recommended anti-virus software:

If this fails to remove the infection you can also try running a scan using Bitdefender Antivirus for Mac .

This can also be effective if you are encountering problems with adware - adverts and pop-ups appearing in your web browser that are not legitimate:

Linux, Android & iOS

If your Linux, Android or iOS device is infected with malware, we recommend contacting IT Support for assistance.

Content filtering software

Content filtering software

On managed devices Google Chrome and Firefox automatically download and install the uBlock Origin adblock extension. This extension filters advertisements from websites and prevents potentially unsafe web pages from loading, displaying this screen instead:

Advertisements are a common method of distributing malware, and installation can happen even without clicking on the advertisement itself. Malware is not limited to “unsafe” websites - it can also reside in advertisements on websites generally considered to be “trusted”, such as the BBC website. Blocking these advertisements significantly reduces the risk of your computer being infected.

uBlock Origin can be disabled completely in FireFox if you don't want to use it. To disable, open the Add-on Manager by pressing Ctrl+Shift+A and click the green toggle next to the uBlock Origin logo. The extension can be re-enabled by clicking the toggle again. If you prefer not to block advertisements on specific websites, uBlock can be disabled by clicking on the red shield icon next to the search bar and then clicking the big blue “power” button. uBlock will then be disabled on that website until you re-enable it.

uBlock cannot currently be completely disabled in Chrome. If you need it disabled, please contact IT Support on ext 3838.

Installing uBlock Origin on unmanged devices:

Malicious file-type redirection

A common way that malware is distributed is via email. Users can sometimes receive a .ZIP file which contains a file with one of the following extensions: .jse, .js, .ws, .wsf, .wsh, .hta, .mod. Once the user opens the file, it runs malicious code which will then infect the computer.

The file association has been set up to open these file types in Notepad. Instead of running the script as it normally would, the file will open instead as a Notepad file full of code.

If you accidentally download and run one of these file types, and see a Notepad file full of code like the one below, then any potential infection should have been prevented. You should still contact IT Support to report it on ext 3838.

Office 2016, 2013 & 2010 macros

Office macros are disabled by default to prevent malware from infecting PCs. If you need to run macros in Microsoft Office, you should contact IT Support who can arrange this for you.

Malware distributed via macros is difficult to detect with antivirus software. They generally spread via email attachments and removable media (USBs, CDs etc). Microsoft Office does not automatically run macros, so malware authors will try to trick users into enabling them by clicking Enable Content. Often these arrive as fake invoices, such as the ones below.

 

If you see something similar to the screenshots above, do not enable macros, and contact IT Support on ext 3838. With macros disabled by default, you shouldn’t get the option to enable the macro at all, protecting your computer from infection.