Restrictions on Software for Personal and Professional Use

A growing number of computer security incidents detected at CERN are due to software installed for personal use. Some of the popular "free" software available on the web can introduce security problems, either at the time the software is installed (e.g. by adding  spyware/adware) or later through lack of updates to close security holes. Software which is not required for a user's professional duties introduces an unnecessary risk and should not be installed or used on computers connected to CERN's networks.

Personal use of KaZaA and other P2P (Peer-to-Peer) file sharing software (e.g. Aimster, Bearshare, BitTorrent, Edonkey2000, Eetee, Emule, Gnutella, KaZaA, Limewire, Morpheus, Napigator, Napster, Poisoned, Soulseek,  WinMX, 1-Click Player, ..)  is not permitted on CERN's computing or network facilities. This software violates CERN's Computing Rules on file services in most configurations. Further details on P2P file sharing restrictions at CERN are available at http://cern.ch/security/file-sharing.

Other examples of software not permitted on CERN's computing or network facilities are versions of Instant Messaging software not configured in CERN's distributions, e.g. ICQ, IRC, which have allowed computers to be taken over and used for network based attacks, and so-called "free downloads" which contain spyware/adware (e.g. Gator, Hotbar, etc) and have introduced privacy violations and/or security exposures.

Caution must be taken when considering the installation of any software which is not available from CERN's officially supported distributions. You must check the security and legal (e.g. licensing) aspects of the software, including assurance of a timely mechanism for obtaining security updates as well as compliance with CERN's Computing Rules. A list of some software known to cause security or network problems is available at http://cern.ch/security/software-restrictions/list, but the best advice is:

• Do NOT install software for personal use
• Do NOT install "free" or other software unless you have the expertise to configure and maintain it securely

In addition to security problems, software installed for personal use often creates support problems. The additional software can make problem analysis more difficult and time consuming and even if the initial installation appears not to impact the correct running of the system, it can cause problems for changes to the system at a later time. Removing additional software may require a complete re-installation of the system from scratch to recover from all changes which were made to the system. Re-installations have been required following the installation of some "free downloads".

All users of CERN's computing and network facilities are required to comply with CERN's Computing and Subsidiary Service Rules. These rules require users to protect their accounts and computers from unauthorised access. The risk of break-ins to a computer is related to the software installed and how securely it is maintained. To keep your computer secure: use a CERN centrally managed system, restrict the installed software to those applications which are required for your professional duties, ensure that the operating system and all applications are configured securely and regularly maintained with security updates.

Violation of CERN's Computing Rules may result in sanctions, which are defined within Operational Circular No 5, available at http://cern.ch/ComputingRules.