Elekta product security

反恶意软件策略

介绍

Malicious software (or malware) is software that can get on a computer and cause damage to the computer or the data on it. Malware can include computer viruses, worms, Trojan horses (Trojans), spyware, and rootkits.

政策

Elekta software runs on Microsoft Windows or GNU/Linux operating systems. Elekta recommends that you do not install anti-malware software on computers in the treatment delivery suite (TDS)¹。The design of the software on the computers in the TDS includes some protection from malware contamination. Elekta recommend that you examine the computers in the TDS out of clinical hours from a computer on the same network. If you find malware on a computer in the TDS, isolate the computer and install the operating system and software again.

The installation of anti-malware software on computers that are not in the TDS is recommended.

The Elekta anti-malware policy gives information about malware contamination from network connection or storage devices and media. The policy also includes information about the problems that can occur when you use anti-malware software. Included on this page there are two tables that give a list of Elekta software, with its applicable level of protection and policy on operating system upgrades.

网络连接

在某些安装中，Elekta软件将与连接到Internet的其他计算机相同的网络连接。该网络连接增加了恶意软件污染的风险。Elekta建议您使用VLAN，没有其他连接的计算机，用于TDS中的计算机。然后，我们可以为某些接口保留适用的端口，例如，来自治疗计划系统的DICOM。

The largest risk to Elekta software comes from other computers on the same network that you use to read email or go to websites that can cause malware contamination on these computers, and subsequently, other connected computers. Elekta therefore recommends that you:

• Do not use e-mail or Internet software on the computers in the TDS
• Do not connect portable computers to the network
• 在适用的情况下，从没有管理员用户权限的用户帐户运行Elekta软件。

当恶意软件尝试在没有管理员用户权限的帐户上运行时，恶意软件污染的风险会降低。如果恶意软件在没有管理员用户权限的用户帐户上运行，则恶意软件无法更改系统文件和设置。ELEKTA软件的设计是这样的，即没有必要使用管理员用户权限进行软件的通常操作。

Usually, Internet Explorer and Outlook Express are a standard part of Microsoft Windows. But on most computers in the TDS, we use an installation CD with Internet Explorer and Outlook Express removed. Where applicable, Elekta does use the security functions in the operating system, for example, the Windows Firewall.

存储设备和媒体

All computers are at risk of malware contamination from storage devices and media, for example, CD-ROM, DVD-ROM, USB hard disks, and USB flash memory drives. Elekta recommends that you examine storage devices and media for malware and remove the malware before you use the device or media on a computer in the TDS.

Windows XP, and later releases, decreases the risk of malware contamination from USB devices. The AutoPlay function in these releases does not automatically start programs, without your approval, when you connect the USB device. Malware contamination from storage devices or media can occur only if you open or run a file that contains dangerous data.

Operating system upgrades

Elekta does not let you install operating system security upgrades on the computer in the TDS because:

• 安装这些升级可以更改操作系统文件，可以对TDS计算机的操作产生影响。
• Elekta must make sure that the computers in the TDS which are delivered to its customers have a stable configuration.

注意：TDS中计算机上的保修状态指出，您不得对配置进行更改，而无需制造商的正确权限²。Elekta不对任何未经授权的配置变化或对患者安全影响的影响负责。

反恶意软件软件问题

The problems that can occur on systems that run anti-malware software are as follows.

• 表现下降
  实时，反恶意软件软件可能扫描所有打开或运行文件，所有接收的网络数据包以及所有接收的电子邮件和IRC消息。所有恶意软件扫描（那些实时完成的那些，以及用户完成的那些）使用处理时间，硬盘访问和内存。恶意软件扫描可能导致TD中计算机的表现不令人满意。这种性能降低会导致治疗递送的异常终止，但它不会对光束质量或安全产生影响。
• 文件位置的变化
  大多数反恶意软件软件将更改或将包含危险数据的文件移动到硬盘上的安全位置。如果软件移动或更改TDS中计算机操作所需的文件，则可以防止正确操作或导致完全系统故障。
• Incorrect reports
  Anti-malware software can give incorrect reports of dangerous files, and change or move these files incorrectly. This can also prevent correct operation or cause full system failure. It is important, therefore, that you update the malware database in the anti-malware software regularly.
• 计划备份失败
  在备份期间，反恶意软件软件可能错误地查找具有危险数据的文件。软件更改或移动这些文件，这可能会导致文件的备份失败，或者计划备份失败。
• Blocked network ports
  The firewall functions in the anti-malware software can make it necessary for the system administrator to open some ports for communication from other systems. This can prevent or decrease communication between the computers in the TDS or other Elekta systems (or systems from other manufacturers) on the network. And some functions, such as DICOM, backup and restore, and IntelliMax™ will not operate correctly.

Elekta software protection level

The tables that follow show Elekta software with their applicable level of protection.

Table 1: Elekta software on Windows operating systems

表2：GNU / Linux操作系统上的Elekta产品

Elekta软件

Elekta软件recommend that its customers use the information below to make their decision about antimalware protection for their software.

• Elekta建议对操作系统或第三方计划的更新必须首先在测试环境中具有升级系统的非临床测试。对于一些更新，软件支持将知道是否导致问题或防止正确操作。联系软件支持了解更多信息和导致问题的已知更新列表。
• Only install software updates without validation to third-party programs if the update decreases the risk to operation.
• After an update of the operating systems or third-party programs, do the applicable non-clinical tests for each program on which the update has an effect. Make sure that each program operates correctly. Where it is possible, do the tests in a test environment. Contact Software Support for assistance to set up a configuration of a test environment.
• Most anti-malware software can have a negative effect on system performance. Elekta recommends that you disable real-time malware scans and set all malware scans to run during non-clinical hours. If you must do real-time scans, contact Software Support for more information.

1.处理递送套件（TDS）包含连接到数字加速器的所有计算机，例如，Desktop Pro™，IViewGt™，XVI，MosaiQ Sequencer™。

2. FDA, Guidance for Industry, Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software, January 14, 2005.

Note: Elekta will update this policy regularly with information about other Elekta software, which will include treatment planning systems (TPS).