Computer Support

Quick Links

LLE Office 2010 Upgrade | Safe Computing | Virus FAQs | Secure Global Desktop
Virtual Private Network | Computer Backup Policies | Documentation | Web Support
Microsoft Office Tips

LLE Office 2010 Upgrade

With the rollout of Office 2010 comes some significant updates, changes, and added functionality. Most obvious to everyone will be the change in the user interface (UI) from a menu based system to the "ribbon" UI that is shared by all Office 2010 applications. Microsoft has released several interactive videos that can help users FIND the functions they need in the new UI. You can view these videos here: Microsoft Office 2010 Instructional Videos

Various applications require updates to work with Office 2010, these include all the LLE Office Applications (ShopTime, AccountSummary, etc.), MathType and EndNote. The new LLE Office Applications can be found at: \\hopi\Access\Access 2010 Launchpad

Please remove any old links you may have to the old versions of these applications and copy the new versions to your system to use with Office 2010. You can also simply link to the above location and launch your chosen application directly from hopi.

If you are a MathType or EndNote user, please contact CSG before upgrading to Office 2010 so that we may ensure that you have the correct versions of these applications.

By default, Office 2010 applications save documents into the newer XML based file formats that Microsoft first released with Office 2007. Here at LLE, we have overridden this default and have instead configured the various applications to save files in the old style Office 2003-compatible format. Unless you have specific requirements for using the new formats, CSG recommends that you continue to use the old formats The OLD formats are .doc, .xls, and .ppt – the new formats tack an 'x' onto the old extension names (e.g. .docx, .xlsx and .pptx).

With the release of Office 2010, we are releasing two new (to LLE) Office applications for use here at LLE: Outlook 2010 and OneNote 2010.

Outlook 2010

[NOTE: Although Outlook will be installed on your system when you are upgraded to Office 2010 we do not have an automated means for configuring it to work on the LLE network. If you wish to use Outlook once Office 2010 is installed please contact PC Support for assistance.]

Outlook 2010 is similar in style of operation to Thunderbird, but includes a full calendar system. This calendar can be integrated with our mail server and webmail to provide a relatively seamless view into your personal (or other shared) calendar – either at home, on the road or here at LLE.

CSG will continue to support Thunderbird until a really vile vulnerability is released targeting it, at which time we may decide to uninstall it.

NOTE: Users of Outlook 2003 must contact CSG prior to upgrading to Office 2010 or risk losing their Outlook contact and calendar information!

OneNote 2010

Microsoft OneNote is like an electronic notebook. Users of notebook computers that take their systems to meetings may find the application especially useful. You can read about OneNote at Microsoft:

Note that we do NOT have any current plans to install a Microsoft SharePoint server. At the current time only OneNote notebooks created on "My Computer" are supported.

Safe Computing

What is clickjacking and why should I worry?

Clickjacking is a recently discovered method of compromising your information that is now being exploited by software criminals. In a clickjack attack, you click on and enter information into what seems like a normal web page. You will not see anything different because the attack is camouflaged. The figure below illustrates how the attack works.

clickjacking

Visualization of a clickjacking attack.

Unlike a virus, trojan, or other malware that compromises your computer by exploiting a deficiency in an application or the operating system, the attacker simply takes advantage of a standard practice in web page design called UI Redressing. To make interactive and engaging web pages, it is possible to hide certain content and then display it when needed. One can place something like a fill in box on top of something else on the page. If you tell the browser to make that box transparent, all you will see is the box below it. When you enter text, it will actually go into the hidden area and then be sent to the attacker. There are many clever variations on how this can be done. A good explanation with more detail is available in this article on the SecTheory web site. If you search in Google you will find lots of information.

What's important is how to protect yourself. All browsers are vulnerable to this and it does not matter what operating system you run. While version 8 of Internet Explorer tries to protect against this partially, it has been shown that it is easily circumvented. The only known protection for now is to use the NoScript extension with Mozilla Firefox. It is a free extension that allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites that you choose. This does mean, of course, that you now have to explicitly tell the extension to allow each new web site you want to visit. This is inconvenient but less so than having your identity stolen and that is the reality of this attack.

The good news is that the NoScript extension is very easy to install and use (watch video). You can enable a site temporarily, permanently, or forbid it to run potentially dangerous content.

What do I need to do?

  • Install NoScript on your LLE office computers
  • Install NoScript on your home computers
  • Stop using other browsers such as Internet Explorer

Firefox is LLE's default browser and is installed automatically. Do not install Firefox yourself on your work PC. If you can't find it or are having trouble, please contact Computer Support.

VPN users are required to use Firefox with NoScript. All LLE staff are responsible for protecting LLE's intellectual property. If you don't have them, install them now. If you have trouble contact Computer Support for help.

Firefox and NoScript can be downloaded from the following links:

Virus FAQs

Frequently Asked Questions about Viruses

Virus incidents are on the rise here at LLE. If you think you have received a virus, please forward the message to Computer Support's virus@lle.rochester.edu. Do not delete the suspect message until Computer Support can look at your copy. In general, be extremely cautious when opening any e-mail attachment.

The following are frequently asked questions about receiving a virus via e-mail:

What is an "incident"?

The easy answer is "Anything you want." Anytime you have a question about an e-mail message you should feel free to forward the message to the "virus" address. Do not delete a message that you forward to us until we have contacted you. This may seem counterintuitive, but in order for us to track down the source of a virus transmitted via e-mail, we must be able to examine the entire message. Unfortunately, the act of forwarding a message does not (by default) pass on all of the message headers, and these headers help us determine the origin of a message.

But isn't a virus dangerous sitting in my inbox?

No—only if you open any attachment(s) to the message. Never open any of the attachments.

I already clicked on an attachment that I think might be a virus. What should I do?

If you have actually opened an attachment that you now suspect has infected your machine, you should unplug your machine from the network, if you know how. Immediately call anyone in the Computer Support Group or the on-call pager (9-1-877-504-6820).

I received a message that warned me of some danger and urged me to do something to my system (such as deleting a file, forwarding the warning on to others, etc.); what should I do?

Forward the message to virus@lle.rochester.edu and do nothing else.

When I attempt to forward the message to the virus address, Eudora says that it will have to download the attachments in order to forward it; is this ok?

Yes. This only happens to people who are set up to use the IMAP protocol (rather than the POP protocol) to read their mail.

Is there anything else I should include when I forward the suspected virus message?

The following additional information will be useful:

  • Your telephone extension
  • Name of the possibly infected computer
  • Whether or not your OfficeScan software flagged the message
    • If it did: what action OfficeScan took

In a strict sense, we are MOST interested in tracking down "uncaught incidents." An uncaught incident is when you receive an e-mail with an attachment that you feel is in any way suspicious but has NOT been reported by Trend OfficeScan.

If you have any virus-related question, contact Computer Support's virus e-mail at any time.

Additional Virus Information

We collect information from a variety of sources in order to protect the LLE user community from virus or other forms of computer attack.

Places to get virus information:

Sources of Information on Vulnerabilities:

  • Secunia- A leading vulnerability intelligence provider and distributor
  • CERT- Computer Emergency Response Team at Carnege Mellon
  • InfraGard- Guarding the Nation's infrastructure
  • SANS- System Administration, Networking, and Security Institute
  • FBI- Federal Bureau of Investigations
  • SARC- Symantec AntiVirus Research Center

We also rely on our users to let us know about unusual or somehow questionable content they receive via the Internet.

There is no foolproof protection as yet and there probably never will be so common sense is your best protection. If you don't recognize the name of the person that sent you the e-mail and it contains any kind of attachment, DON'T OPEN IT!

Be very stingy with the information you provide on the web and if you shop on the web, avoid unsecured pages at all costs (use the phone instead) and check your credit card statements carefully. Notify your bank if anything looks suspicious. They can investigate and let you know exactly who charged your account. Notifying them also protects you from liability!

For help with computer security concerns, contact Computer Support.