Anti-malware Policy for Elekta Software

Introduction

Malicious software (or malware) is software that can get on a computer and cause damage to the computer or the data on it. Malware can include computer viruses, worms, Trojan horses (Trojans), spyware, and rootkits.

Policy

Elekta software runs on Microsoft Windows or GNU/Linux operating systems. Elekta recommends that you do not install anti-malware software on computers in the Elekta treatment delivery suite (TDS). The design of the software on Elekta TDS computers includes some protection from malware contamination. We recommend that you examine Elekta TDS computers out of clinical hours from a computer on the same network. If you find malware on an Elekta TDS computer, isolate the computer and install the operating system and software again.

The installation of anti-malware software on computers that are not in the Elekta TDS is recommended.

The Elekta anti-malware policy gives information about malware contamination from network connection or storage devices and media. The policy also includes information about the problems that can occur when you use anti-malware software. Also included are two tables that give a list of Elekta software, with its applicable level of protection and policy on operating system upgrades.

Network connection

In some installations, Elekta software connects to the same networks as other computers that connect to the Internet. This network connection increases the risk of contamination from malware. Elekta recommends that you use a VLAN, with no other connected computers, for Elekta TDS computers. We can then keep the applicable ports for some interfaces open, for example, DICOM from a treatment planning system.

The largest risk to Elekta software comes from other computers on the same network that you use to read e-mail or go to Web sites that can cause malware contamination on these computers, and subsequently, other connected computers. Elekta therefore recommends that you:

  • Do not use e-mail or Internet software on Elekta TDS computers
  • Do not connect portable computers to the network
  • Where applicable, run Elekta software from a user account that does not have administrator user rights.


The risk of malware contamination decreases when the malware tries to run on an account that does not have administrator user rights. If the malware runs on a user account without administrator user rights, the malware cannot change system files and settings. The design of Elekta software is such, that it is not necessary to use administrator user rights for the usual operation of the software.

Usually, Internet Explorer and Outlook Express are a standard part of Microsoft Windows. But on most Elekta TDS computers, we use an installation CD with Internet Explorer and Outlook Express removed. Where applicable, Elekta does use the security functions in the operating system, for example, the Windows Firewall.

Storage devices and media

All computers are at risk of malware contamination from storage devices and media, for example, CD-ROM, DVD-ROM, USB hard disks, and USB flash memory drives. Elekta recommends that you examine storage devices and media for malware and remove the malware before you use the device or media on an Elekta TDS computer.

Windows XP, and later releases, decreases the risk of malware contamination from USB devices. The AutoPlay function in these releases does not automatically start programs, without your approval, when you connect the USB device. Malware contamination from storage devices or media can occur only if you open or run a file that contains dangerous data.

Operating system upgrades

Elekta does not let you install operating system security upgrades on Elekta TDS computers because:

  • Installation of these upgrades can change operating system files that can have an effect on the operation of the Elekta TDS computer.
  • Elekta must make sure that the Elekta TDS computers it delivers to its customers have a stable configuration.

Note: The warranty on Elekta TDS computers tells you not to make changes to the configuration, without the correct authority of the manufacturer1. Elekta will not be responsible for any unauthorized changes in configuration or their effect on patient safety.

Anti-malware software problems

The problems that can occur on systems that run anti-malware software are as follows.

  • Decreased performance
In real time, it is possible that the anti-malware software scans all opened or run files, all received network packets, and all received e-mail and IRC messages. All malware scans (those done automatically in real time, and those done by the user) use processing time, hard disk access, and memory. Malware scans can cause unsatisfactory performance of the Elekta TDS computers. This decrease in performance can cause abnormal termination of treatment delivery, but it will not have an effect on the beam quality or safety.
  • Changes in file location
Most anti-malware software will change or move files that contain dangerous data to a safe location on the hard disk. If the software moves or changes a file that is necessary for the operation of an Elekta TDS computer, it can prevent correct operation or cause full system failure.
  • Incorrect reports
Anti-malware software can give incorrect reports of dangerous files, and change or move these files incorrectly. This can also prevent correct operation or cause full system failure. It is important, therefore, that you update the malware database in the anti-malware software regularly.
  • Scheduled backup failures
During backup, it is possible that the anti-malware software incorrectly finds files with dangerous data. The software changes or moves these files, which can cause a failure in the backup of the files, or a failure of the scheduled backup.
  • Blocked network ports
The firewall functions in the anti-malware software can make it necessary for the system administrator to open some ports for communication from other systems. This can prevent or decrease communication between Elekta TDS computers or other Elekta systems (or systems from other manufacturers) on the network. And some functions, such as DICOM, backup and restore, and IntelliMax™ will not operate correctly.

Elekta software protection level

The tables that follow show Elekta software with their applicable level of protection.

Click to open tables file

Note: We will update this policy regularly with information about other Elekta® software, which will include treatment planning systems.