Return to: U of M Home
Gold University of Minnesota M. Skip to main content.University of Minnesota. myU | One Stop | Directories | Search U of M  
Driven to Discover.

What's Inside OIT

links related to OIT

1-HELP

System Status

University of Minnesota

STANDARDS & GUIDELINES

     

STANDARD—Anti-Virus (Appendix C)

Responsible Office: Office of Information Technology
Responsible Officer: Chief Information Officer

EFFECTIVE DATE: April 2002
VIEW HISTORY
RELATED POLICY/PROCEDURE:
 Acceptable Use of Information Technology Resources

STANDARD
A standard is a level of quality that requires conformity.


Introduction

The Chief Information Officer is designated by the "University Acceptable Use of Information Technology Resources Policy" as the institutional officer responsible to identify standards for access and acceptable use of information technology resources. This standard defines the use of anti-virus software necessary for the protection of the University community and network.

Computer viruses (including trojans, worms, etc.) represent a substantial risk to the University community in terms of time, money, and potential data loss. The sophistication, damage, and speed of propagation have been increasing over time. To protect against the spread of these viruses on University computers and reduce institutional risk, the University advisory committee has recommended and the Chief Information Officer has approved a "two-tier" anti-virus standard. Two-tier protection means that anti-virus software is used on both the desktop and server systems. This is a common practice for protecting information technology resources on large complex networks and provides a layer of protection beyond that of the basic security requirement of regularly updating and patching the computer system.

Desktop/personal computer standard (computers used by a single user at a time)

Desktop and personal computers, including laptop computers, connected to the University network are required to maintain and use an up-to-date version of anti-virus software (or virus filtering software for Unix desktops) configured according to relevant standards. The most common desktop operating systems at the University are various versions of Microsoft Windows and Apple Macintosh. Desktop computers should use anti-virus software even if they don?t use e-mail on the computer. Although e-mail is a common source of virus infection, it is not the only one; network and web page propagation have also been used by recent viruses.

Computers used to control or report results from instrumentation (such as research instrument controllers) and some proprietary uses of desktop computers present unique challenges. If, for some reason anti-virus protection is not feasible, other risk mitigation alternatives (in addition to routine system patching) are required such as the removal of e-mail and other services and use of a software firewall. In some cases, removal of the computer from the University network may be the best alternative to mitigate the risk.

For exceptional situations the nature of the exception and the risk mitigation alternative selected in lieu of the above requirement should be briefly documented and approved by the head of the department. Exceptions are reviewed as part of the normal University audit procedures. Collegiate and departmental technology support staff as well as OIT security staff can assist in identifying alternatives (contact OIT by dialing 1-HELP).

Servers (computers used by multiple users at a time)

E-mail servers are required to maintain and use an up-to-date version of anti-virus software configured according to relevant standards. Because they send and receive email for multiple users that potentially contains viruses capable of infecting others, these servers represent a significant risk.

For servers other than those used as email servers, use of anti-virus software is highly recommended whenever feasible. In some cases use of anti-virus software on these other servers may not be appropriate. However, if e-mail is hosted on a multi-purpose server, anti-virus or virus filtering software on the server is required.

Implementation

The Office of Information Technology (OIT) offers free, centrally-funded email accounts to students, staff, and faculty that are protected by anti-virus software. Unless there is a compelling requirement not met by the central e-mail service, this is the recommended e-mail server service in lieu of departmental servers.

For the desktop, OIT has purchased a site license for commercial desktop anti-virus software for many common computing platforms. This licensed software is available free of charge to all students, staff, and faculty on all campuses of the University. When installed and properly configured (see recommendations on the OIT web site listed below), this product provides significant protection against viruses.

Resources and Links

Norton Anti-Virus: http://www.symantec.com/avcenter/
OIT virus information: http://www.umn.edu/adcs/help/virus/
OIT security and assurance: http://www.umn.edu/oit/security/
OIT helpline: http://1help.umn.edu
Policy links: http://www.umn.edu /oit/policies/index.html
© 2007 - 2008 Regents of the University of Minnesota. All rights reserved. Contact U of M | Privacy
The University of Minnesota is an equal opportunity educator and employer. Last modified on 10/11/07 11:08 AM