University IT Departments and Viruses? 150
"[It should be noted that] the Norton server allows you to view the entire directory structure of someone's machine and allows you to see the files it is scanning as if it were your own machine. We realize this was designed more for companies and businesses, but we have found that viruses have become a major problem and give us a huge headache when we try to support all the students connected to the university network.
My question is what do other university IT departments do in response to the increase in viruses over the past 2 years. I know there are a lot of university IT employees in the Slashdot community and I look forward to getting some feedback as to how they go about doing this without causing too many privacy problems. The way we are looking at it, and we are very privacy concerned and wouldn't do anything malicious with it, is that the students are using our network under our regulations and as long as we don't use the software to 'check up on' the contents of someone's hard drive (except obviously for viruses), then what we are doing is completely legit.
Any feedback would be greatly appreciated."
Boot all PCs from sealed-shut bootable CDROMs. (Score:1)
VMWARE (Score:1)
Easiest thing in the world. Install vmware. Make one image of win9x. Shove it out to all your linux/vmware boxes. Configure it so that it doesn't save any writes.
You got virus?
Reboot. Virus gone. Also removes the problems of illegal software, drivers, etc etc.
Re:Breakage Account: Responsibility AND Consequenc (Score:1)
What if a similar approach were taken with student (and faculty) systems?
Ooh yah, that's a GREAT idea.
University Official: "Well, sez 'ere you made a call to the Help Desk a few days after you got here."
Student: "Yah, I wanted to know where I could download a new BIOS for my machine, the USB controller was acting up."
University Official: (eyes narrow) "So you had a problem with your computer, eh? Well, you know, computer problems are caused by viruses, and if you had a problem it means you had a virus. And you're financially responsible for having viruses on your computer! University policy, you know. That'll be nine hundred dollars, please."
viruses at the U (Score:2)
Anti Virus Solution (Score:5)
Scan at the gateway. (Score:2)
I wouldn't recommend Norton for this though; Norton was designed for the desktop and their server products are "lacking" compared to competitors. The two I've had the best experiece with are Trend Micro's Interscan Virus Wall or Aladdin's eSafe. My personal preference is for Aladdin's eSafe (as long as you don't tie it into Checkpoint's firewall
From what I've seen Aladdin's product holds up best under high stress using the same hardware; they don't have to operate as a proxy like Trend. Both of these companies started at the gateway, so their desktop product generally sucks compared to Norton.
Trend's desktop is the usual anti-virus scanning program; Aladdin's is a personal firewall and content checking program (uses SurfCONTROL for the URL list).
If you have any questions about the two drop me a line at "wpierce at athenasecurity dot com".
Wayne
--
University of Maryland, College Park OIT (Score:2)
Each machine, may it be Mac, NT, or Sun, on boot connects up either with an AFS server (NT/Sun) or AppleTalk server, and pulls a Makefile (the process is similar on the Macs). The Makefile is checked/run and files are replaced as need be. This includes McAffee Virus Shield patterns!!!
--
WolfSkunks for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.keenspace.com";
Simple solution (Score:1)
Frankly, the technically easiest solution is to use operating systems that are not susceptible to viruses. People who insist on using inferior systems may do so, but may not attach to the network. Good luck implementing this, though; the people who set policy are all on the take from Microsoft.
Re:email filtering (Score:2)
It's kind of annoying, though. I subscribe to a number of development email lists and a large portion of the content is whacked by the anti-virus software.
I basically have to get around it by using a different mail account like hotmail.com.
Try this question on unisog (Score:1)
Re:University of California Riverside (Score:1)
Re:email filtering (Score:1)
Since we installed it, we've had only one virus problem, and it was a sneaker-net transimitted one.
The wheel is turning but the hamster is dead.
NAV Corporate, AKA Intel LANDesk Protect (Score:2)
Ah, good ol' NAV Corporate. I just rolled out a hundred user license of that thing at my employer, only had three hiccups so far which are solved by an update. Unfortunately two of those three have fscked up their systems so badly not only will the update fail but the old version won't uninstall. That's right Bill, keep blathering about
One thing to remember is that the product isn't a modified version of Symantec's NAV codebase, it's really Intel's LANDesk virus protection software. Intel sold it a while back to Symantec, and they modified it and released it as their own. Sounds like a bastard child but with 7.5 it's pretty close to NAV in terms of problems/solutions. Registry keys are still listed as Intel LANDesk, heh.
Highs are the virus definitions coming to a central server and getting pushed out to secondary servers and all clients automatically, usually within minutes of the update being downloaded. AND without the users ability to cancel the update.
Lows are program updates. First, LiveUpdate doesn't grab program updates, not on the central server, and not on the client boxes.This means you have to call Symantec for updates, which while free for one person does take time (sitting on hold for 1hr). Second, there doesn't appear to be a LiveUpdate-ish method for rolling out program updates. Granted you can use login scripts, etc. for rolling them out but that, to some extent, involves user interaction. When some users reboot several times each week in a vain attempt to avoid the weekly administrative scan ("But I want to use MY system!" It's not your system, it's the company's system, and if you didn't think a coworker loved you that mess a few months ago might've been avoided. Go have some more coffee, it only takes 15 minutes, if you left it alone it'd be DONE by now), even though reboots just start the process over, keeping them out of the picture is a good thing.
Client support is limited to 9x/NT/2000, with NT/2000/Netware support for servers. A Mac client is in the box with 7.5.1 but it won't talk to the central server so it's back the end-user conundrum of the software asking to run LiveUpdate and the user declining to run LiveUpdate ("I just ran that there update three weeks ago! I don't need none of them updates for a while!").
I wouldn't hold your breath for any un*x tie-ins. Then again, my experience with colleges has been that un*x has a small foothold outside of the CIS & technical arenas (at the very least I've met few fresh-from-college marketing/management/legal/etc majors with any lasting un*x experiences)
Outlook! (Score:3)
Not a 100% cure but it will eliminate most of the worms going around.
Forget the desktops worry about the network (Score:2)
Oh, please (Score:3)
As for "cross-platform", what's missing? The antivirus scanners on the net gateways would trap any worms targeting your Linux box, as long as you aren't receiving it via an encrypted protocol. Windows antivirus software--especially the server stuff--carries pattern files covering not just the zillions of Windows viruses and such, but also the far fewer Mac ones and the dozen or so Unix/Linux ones. And the two targeting PalmOS.
If you don't want your school invading, uh, your "privacy", then don't use your equipment on their network. Do transfers with floppies and Zip disks. It's not your network, and you have no "rights" with regard to it.
Re:Who are these people that run viruses? (Score:3)
Until we installed a virus checker at my old workplace, we were inundated with macroviruses in Word documents - many of them from our clients (large, hopefully professional companies who shall remain nameless).
We were lucky. All these tended to corrupt were new documents we were writing. This person may not be so lucky.
Also, we all know that half of the students will be installing their own entertainment applications. It's not beyond reason to think that one may pick up a bug. Heck, if it's anything like my undergrad days, the students will have already be storing pirated games in secret locations, possibly with the help of moles in the sysadmin office.
Word macro viruses would be my main worry, though. These are _endemic_ to all Windows environments I've run across that exchange documents with the outside world.
Methods I've seen. (Score:4)
For the Windows network, my best suggestion would be a combination of virus scanning and regular, automated reinstall.
Put virus scanners on all of the machines, as part of their standard installation. If it's Nav, tell it to check incoming file attachments and documents - this is very, very helpful (my old workplace had a problem with macro viruses). You can probably get away with telling it to scan only local drives.
Put another virus scanner on a machine with direct access to all directories on the fileserver. It'll do your sweep of the network drives. You can either create a special NT profile for it that gives it access to all drives, or (failing that) you can run it on the fileserver itself at 4am Sunday morning (not Monday morning, because students will pull all-nighters on Sunday to finish projects due on Monday - I've TAd courses where they regularly did this).
Next, set up the user machines with one of the third-party bootstraps that compares all system files to copies on the network server, removes anything that shouldn't be there, and fixes anything that's changed. This is the only way I know of to really bulletproof Windows, and as far as I can tell, it does work. The version installed on the PCs at my university also wiped the local drives and did a full reinstall weekly. Either tell the users to power off the PCs at the end of the day, or send an admin around to do it at the end of every week.
Needless to say, you should enable boot virus protection in the BIOS. While you're there, you should also force booting from the hard drive first and then password the BIOS, to prevent student shennanigans. This is standard practice at most shared PC installations I've seen.
Re. Macs, you're on your own. This is outside of my experience.
Re. Linux, *BSD, Solaris, etc, you probably don't have much to worry about to the first order. The vast majority of viruses run under Windows. Anything malignant in the user's files should be caught by the sweep of the fileserver. I don't really see what could go wrong in an environment like this, given that the user doesn't have root access.
To make *sure* the user doesn't have root access, set the machine to boot off of the hard drive first and lock down the BIOS, for any *nix-on-PC machines. If you're paranoid, set up a cron job to refresh the machine's configuration from a CVS server nightly or weekly, just in case something goes strange or is tampered with.
If you're really feeling paranoid about *nix terminals, make them all netboot off of the file server, with the local hard drive just being swap space. Keep a close eye on the server's configuration, and you should be fine.
In summary, with a bit of planning, you should be fine under most conditions. Virus-hardening merges naturally with hardening against bit-rot and active attacks by the users.
e-mail virus scanning (Score:1)
Re:At VaTech... (Score:2)
Unfortunately, you have to know its there, which many people don't. And it has to be setup properly to auto-scan, and of course with IMAP the email scanning doesn't work...
---------------------------------------------
Oxford University (Score:4)
Here at Oxford, things are very decentralised. We have a crack team at the Computing Services (and our own version of CERT, OxCERT) who put emergency blocks on incoming mail if an email virus is doing the rounds (e.g. Kournikova) and manage the firewall between us and JANET, where some well-known and dangerous ports are firewalled out.
However, although we may have a site license for something (Sophos, I think) no-one's forced to use it. People are responsible for their own machines.
Why not just have a policy: "if your machine gets trashed by a virus and you didn't have this installed, we won't help you fix it." but not make it compulsory?
Gerv
Re:here's the solution. (Score:1)
however, at least in the securities industry, everyone seems to have exchange these days. I think it has something to do with conservative IT shops that are full of MS-oriented managers, who all view Lotus Notes as some old fringe product that is dying out.
I personally prefer to use a combination of postfix and IMAP, but then again I don't make purchasing or deployment decisions about mail. and god forbid I not have a nice drag-n-drop solution for you to manage your contacts and your calendar!!!
here's the solution. (Score:2)
Trend Micro's [antivirus.com] desktop scanning software, no client required; you can either have it scan fileshares (ala NT c$ etc) or have the end user do it from a web page that starts a little java app and scans.
There's other stuff out there but honestly speaking, trend micro's stuff is pretty nice. I had a few probs with scanmail to start but got it sorted and it's worked great (ILOVEYOU and other VBS email stuff dropped dead.) We used to use norton AV (corporate edition) but that is just a complete piece of crap. I dumped it entirely and moved to the (cheaper) trend micro stuff once I scored a demo copy.
In terms of handling multi-OS'es, and yadda yadda yadda... that's why students have to meet a code of conduct and follow the rules. make one of those be that they have to comply with virus updates or scanning, or not have network access to the uni's network. Or, if you don't feel like being so heavy handed, you could offer supported AV platforms for different architectures and then support installing and updating them- say, emailing SARC updates instead of pushing them down, or whatever. I suppose that would depend on how fascist you want to be- I personally would lock down all computers that the uni owns, but personal machines would just have to meet the criteria that is set out in the usage policy (properly updated AV software that, if you want, we'll help you to install and keep updated.)
Anyhow, you need to take some hard steps at first to keep it in check, and then that makes it easier later.... good luck!
How is.. (Score:1)
Also, how is it a risk? What kind of viruses are you afraid of here, exactly?
Miami U distributes a-v sw internally (Score:1)
I put together the Mac part of Miami U's network client CD, and both the Mac and PC distributions feature NAI's anti-virus software installers. We sell this CD at the university bookstore and distribute it for free to all on-campus residents. The installers and documentation highly recommend installing anti-virus software, but it is not technically or policy-wise mandatory. The NAI workstation software may be configured to periodically download newer versions of itself, but it does not report back any findings to a central server.
I'm also serving on Miami's committee to review responses to a university-wide email server RFP. Server-based anti-virus software was listed in our RFP as a strong preference. Most vendors included with their proposals referrals to third party anti-virus filters that could be shimmed into their email solutions.
I have also recommended that we investigate a virus filter for our Internet borders, and I think my suggestion was taken seriously. The biggest speedbump down that road, I imagine, is going to be funding. Border filters are not cheap.
Finally, I can say that our Support Desk has had an explosion in virus-related calls over the last few years. I believe I heard one of the SD managers say that viruses are now their biggest source of calls.
Our setup... (Score:1)
I was going to flame you, but... (Score:1)
Re:Breakage Account: Responsibility AND Consequenc (Score:2)
First, I wouldn't put it past the average university to blame students even if the latest update of the officially proscribed anti-viral software is installed and properly running.
Second, damage deposits are usually the property of the person who makes the deposit. So is the interest.
Despite the obvious signing of waivers, other students could claim that the university is responsible for their computers' safety should various protections be required.
Faculty will never agree to anything that may endanger their funding. No way, no how. University IT dept's are the faculties' collective 'beeyatch'.
Scan my ports, I DoS you. Deal with it. (I don't, but someone would.)
A few things to answer, but not a bad idea.
Re:Breakage Account: Responsibility AND Consequenc (Score:2)
propogation... (Score:1)
I'd suggest you look into implementing some solution like that prior to imposing your anti-virus policies on the university as a whole. Oh, and furthermore, what about folks who aren't using Windows on your network? What do they have to do?
-C
i work at a university as well... (Score:1)
wally
Re:VMWARE (Score:1)
dave
Re:E-mail Attaches (Score:1)
dave
Re:viruses at the U (Score:2)
I think it's damn funny, myself.
email filtering (Score:5)
Re:Methods I've seen. (Score:1)
On the email side of things, we encourage people in our department not to use Outlook, which has paid off well, as the inevitable Outlook worms don't spread through us, which saves both the clients us time well spent doing more productive things.
There's something in the Bible about not building your house on sand. That's one of my reasons for not supporting Microsoft.
E-mail viruses (Score:2)
--
Trivial to filter 'embedded' mail as well (Score:2)
As for the inconvenience and extra work, that is not what happens in practice. A standard notice that an attached executable (or HTML containing scripts or whatever) has been deleted suffices. Alternately, some products put the attachments into a "holding area" which requires explicit actions to retrieve, but I don't think they're actually used that much in practice.
I have a very hard time imagining even one user in 1000 preferring to lose internet connectivity once a month or so, as the University struggles with a viral infection, to being forced to use FTP or a different encoding to receive that rare legitimate executable image.
Re:Responsibility... (Score:2)
1) Viruses can consume significant network resources as the propogate from machine to machine. Since students will usually have professors and other students high in their address book, you'll have combinatorical explosion. Alice infects Bob. Bob infects Carl. Carl tries to infect Alice. Carl infects Diane. Diane tries to infect Alice.
2) Viruses often contain DDoS code. The university, being responsible netizens, will block the forged IP packets... but a large number of infected systems can still generate enough traffic to take down its network.
3) Viruses often contain code to implement packet sniffing. Universities are notorious for old coo... esteemed professors who don't understand that security issues affect them as well. An infected system may allow access to systems essential to ongoing research.
None of this should be viewed as a concession that the university has the right to inspect the student's computer "at will." It does, however, have a legitimate interest in taking reasonable efforts to ensure that these systems remain uninfected.
Oh, ECPA (Score:2)
In the US, there's this little thing known as the ECPA. You *do* have rights, some hefty ones, online. The only reason employers can monitor employee's (work) email is because it's legally addressed to the company but delivered to the person who is acting on behalf of the company. That argument might work with university employees, but not students.
To answer the obvious question, the ECPA allows filtering for technical reasons, if it's something that can be done without exposing the content of the mail to any person. The classic example is rejecting mail that's larger than some acceptable limit, or in an unsupported format. Automatically identifying and stripping blocks of executable code would seem to fall in the same category. Forwarding messages containing "prohibited words" to a human censor is not.
(IANAL, but this has been the law for many years.)
find out where they come from? (Score:1)
So get out that book on assembly and start cracking. There's money to be made all in the name of paranoia.
Command AntiVirus (Score:2)
Write your own software/hardware (Score:1)
That way, if you ever have a virus on your campus, you can be sure that *YOU* wrote it.
Optical fiber (Score:1)
Re:Oh, please (Score:2)
If you don't want your ISP invading, uh, your "privacy", then don't use your equipment on their network. Do transfers with floppies and Zip disks. It's not your network, and you have no "rights" with regard to it.
------
Method to compat viruses (Score:1)
Responsibility... (Score:3)
I am all for sane policies in keeping viruses off of campus networks, but scanning directories for infected files is no longer sufficient in catching virses, especially solutions that are known for their lack of cross platform support, and certain privacy issues as well.
Why is it the job of the University to ensure student machines are virus free? I completely understand using something like this for Department machines, Computer Labs, etc, but a machine in a dorm room is not the property of the school and should not be treated as such. Viruses are part of the computer experience and students should take charge themselves.
Procmail script to filter out vbs (Score:1)
MAILDIR=/var/spool/mail
LOGFILE=/var/log/procmail
##vbs
:0B
*filename=.*.vbs
junk
I have been using this for months. I don't even worry about these new vbs files. This recipe forwards all vbs files to junk@yourserver
Hope this saves you some time.
Mike.
Start at the e-mail server (Score:1)
In addition, here are some options that show up on a scan of the FreeBSD ports system.
Lookin' out for number 1 (Score:1)
After all, it is the students decision to plug into the network, and the student's decision to double click the stupid attachments. Let them pay the consequences.
The IT department of a University should be responsible for at MOST the connectivity of student machines, not the integrity.
That said, try filtering mail for the common stupid attachments, and beef up the security provisions on any university boxen.
-Ben
Re:Breakage Account: Responsibility AND Consequenc (Score:1)
Uh, isn't port-scanning illegal [slashdot.org]?
OT: Command AntiVirus (Score:1)
Jeeze... and you wonder why it costs what it does to get an education today. Might as well throw the baby out with that dirty bathwater
Down here we just burn new bios, insert and we're done.
TrendMicro (Score:2)
Re:server-side filtering (Score:2)
Re:Safe Hex (Score:3)
Seeing as how most colleges now mandate that all incoming freshmen must have a computer, the most sensible thing to do would be to mandate a computer security principles course in the first semester. Topics covered should include virusses and how they spread, E-mail hoaxes, physical security and protecting university assets, and miscellaneous other. It would have helped a lot even back when I was in college and the big security breach was the VM Christmas Card program.
You shouldn't stop with education either. Plan on having your lab systems hit because they will be, and have a good backup policy in place. Set them up so you can just ghost or DD a hard drive image off the network. Have your E-Mail servers eat attachments that come from outside campus. Have your servers run in an environment of paranoia. Keep logs on a write-only file system (An old line printer is often enough.) Make security a policy rather than an end-goal and your systems will remain secure enough while also remaining usable.
Safe Hex (Score:4)
Another vital part of Safe Hex is education. Now I know this is a controvertial subject among a lot of people (They should learn to do it on their own! They deserve to get a virus if they're doing immoral things like downloading warez or live goat porn!) but if you actually EDUCATE people about what's safe and what's not, you'll see a massive drop in the number of HTDs (Hexidecimally Transmitted Diseases) on your campus.
Norton, Ugh (Score:1)
----------------------------------
Some approaches (Score:1)
The approach I'd suggest is:
* Identify the way virii are getting in and concentrate efforts there. These days, that means the e-mail servers.
* Identify storage areas and say "what you put on here, my people will protect. We'll back it up and scan it for virii. If your disseration is valuable, put a copy of it here."
* Make AV software available to users either free or at low cost. Promo campaigns to explain why it is a good idea.
* And finally, since it's Slashdot: deprecate Windows OS's, and promote Linux, FreeBSD, MacOS et al. because no-one bothers to write viruses for non-wintel yet. (I know, I know, there are some. But I see 12 entries for Linux in McAfee's AV library, out of 50,000)
Re:Safe Hex (Score:1)
CONDOM(1) EUNUCH Programmer's Manual CONDOM(1)
NAME
condom - Protection against viruses and prevention of child
processes
SYNOPSIS
condom [options] [processid]
DESCRIPTION
_condom_ provides protection against System Transmitted
Viruses (STVs) that may invade your system. Although the spread of
such viruses across a network can only be abated by aware and cautious
users, condom is the only highly-effective means of preventing
viruses from entering your system (see celibacy(1)). Any data passed
to condom by the protected process will be blocked, as specified by
the value of the -s option (see OPTIONS below). condom is known to
defend against the following viruses and other malicious
afflictions...
o AIDS
o Herpes Simplex (genital varieties)
o Syphilis
o Crabs
o Genital warts
o Gonhorrea
o Chlamydia
o Michelangelo
o Jerusalem
When used alone or in conjunction with pill(1), sponge(1),
foam(1), and/or setiud(3), condom also prevents the conception of a
child process. If invoked from within a synchronous process, condom
has, by default, an 80% chance of preventing the external processes
from becoming parent processes (see the -s option below). When other
process contraceptives are used, the chance of preventing a child
process from being forked becomes much greater. See pill(1),
sponge(1), foam(1), and setiud(3) for more information.
If no options are given, the current user's login process (as
determined by the environment variable USER) is protected with a
Trojan rough-cut latex condom without a reservoir tip. The optional
'processid' argument is an integer specifying the process to protect.
NOTE: condom may only be used with a hard disk. condom
will terminate abnormally with exit code -1 if used with a floppy
disk (see DIAGNOSTICS below).
...
Read the rest from http://www.netfunny.com/rhf/jokes/92q4/condomman.
- grunby
Re:Anti Virus Solution (Score:1)
Trend's system has a few quirks and bugs in it (like Norton and McAfee) but it seems much more capable and easier to set up than them both. I really like the single "autopcc" program (OfficeScan, the component that scans workstations in a LAN environment) that pushes out software AND updates signature files regardless of PC OS platform.
Their server-based & e-mail protection is also excellent; signature files are updated automatically and transparently (as they should be) and there is a really neat web-based (IIS-based) console that pulls it all together. They also offer the "InterScan VirusWall" product which does a virus-stripping proxy that handles http, ftp & smtp sessions.
And they're really quick to issue new signatures if there's a sudden outbreak...
In our 300+ users company I'm running Kaspersky (Score:2)
Now I wish I was permitted to remove all floppy drives across the company...
Re:[OT] Signature remark (Score:1)
Latin is a language, as dead as it can be.
First it killed the Romans, and now it's killing me.
Re:Oh, please (Score:2)
So, sure, we can tell students that they may not serve pr0n from a campus server, but forcing them to surrender their privacy because we're troubled about viruses? I don't think so. It's never a good idea to piss off the people who are giving you money.
Gaudeamus igatur, iuvenes dum sumus...
Penn State (Score:1)
UTAustin (Score:1)
Here at the University of Texas at Austin - Red McCombs School of Business [utexas.edu] we use InoculatIT. It is a great program. Everything is automated. We set up a server to pull the updated infomation from the web and then set the clients to look for that server. We use Active Directory to push the client out to the client computers and to make sure that the lab machines and all notebooks keep it installed. The personal machines can uninstall the software if they choose.
We have been very happy with the performance of this software. If you have any questions about it please email me at Benton.Wink@Bus.UTexas.edu .Re:Oxford University (Score:3)
It sounds like you guys at Oxford have the right approach.
Pardon me for possibly espousing an anachronistic viewpoint, but aren't universities places where students (you know, tomorrow's leaders) should learn both
- depths of knowledge
- depths of responsibility
eh?To that end, I think it's great if you make available software tools for students to check their machines, and it's great if you care enough to support an expert IT staff on site that keeps up on the latest technology, runs vulnerability scans, consults with users, etc.
Ultimately, however, you should expect the students to exercise some willingness to educate themselves as to the nature of the dangers of their computer (mis-)use, both about the technologies and about the responsibilities that are incumbent on them.
In a nutshell:
If our future leaders are spoon-fed with an iron-fist, then I shudder to think of the world we'll live in two decades from now.
University of California Riverside (Score:2)
What I do, is keep norton on all my (windows)machines -- it has a pop3 mail scanner (that always ends up fucking up, but its better then getting a virus).
Second, Perform weekly scans of machines and nightly scans of home directories ( through a smb share ).
Third, Procmail is your friend. I'll admit I haven't done it yet, but (when I get a free moment) I plan to write a procmail script to delete vbs attachments (*.vbs) and rename exes etc to *.e_xe in users mail ... theres no reason on earth anyone needs to send anyone a vbs attachment -- and by renaming all executables, people must explictly choose to rename the file to be able to run it.
Lastly, you must educate your users ... Tell em, don't open mail from people you don't know, don't run EXE's you didn't compile or I didn't install :) Theres some idiots who think they know stuff who will never follow your directions, but mostly, people will.
These steps will keep you from getting 99.9% of viruses ... now you have to figure out how to keep your users from installing that f***ing comet cursor :)
"We support Windows" (Score:2)
In other words, draw up a list of software (Windows 2000, Office 2000, Norton Antivirus, etc.) which constitutes the "standard university computer"; if you're running a "standard university computer", you'll get (limited) support with it. If you install something like Linux, FreeBSD, or Mach-running-under-VMware-under-OpenBSD, *you are assumed to be able to take care of yourself*.
Voluntary use and rights to inspect (Score:1)
I can't agree with the viewpoint that using the University network gives legitimate rights to access the students' hard drives. I don't think for a moment that you mean to use the access maliciously, but there are places that one doesn't go in order to avoid even the appearance of impropriety. To try the usual argument by analogy: the students go to class all day in University-owned buildings under University regulation. That does not give rights to the the University to inspect the contents of every (or any!) student's wallet as they traverse the campus, however non-malicious the intent of the search.
Re:Filter at the mailserver, it's that simple. (Score:1)
True, but they already have the AOL virus on their computer. Seriously, any program that messes with network settings, etc. is a virus in my opinion.
-----------------
Re:Responsibility... (Score:1)
Well, I think the issue is that universities are held responsible, by outside parties, for anything that goes on on their network. As such, they're blamed whenever a virus comes from a machine on thier network, whether it be a "University-owned" machine, or a students machine.
dopp
Worry about University machines first (Score:1)
Now don't be a control freak (Score:1)
I think it's a great idea to install Norton Antivirus. If I were at that University, I would gladly install it on my arcade-mode Windows 95 boot. (But then again, I don't trust anything personal to Windblowz.)
But don't force anyone to install the software, or disallow alternate operating systems. I would sooner take my computer back home and use good old pencil and paper than be forced to use Windblows.
Re:Mcafee/Network Associates (Score:2)
Re:Mcafee/Network Associates (Score:2)
Re:Who are these people that run viruses? (Score:1)
I have downloaded countless programs from the internet...who are these people that run untrusted executables?
Either you download all those programs from the internet and never run them or you are one of those people that run untrusted executables
You can't even necessarially trust "trusted" programs. Weren't you paying attention when MS posted a virus infected files [theregister.co.uk] or when HP distributed infected drivers [theregister.co.uk]
Non-email viruses (Score:2)
--
No one will read this but.... (Score:1)
---=-=-=-=-=-=---
College Student computing preference (Score:1)
I'm a first year undergrad EE at UCLA. I can tell you that here, a vast majority of the students use Windows, but among those, there is a fairly even spread among the various flavors. I thought that this mass searching for infected files only worked on NT based machines. Maybe not?
I had an interesting time setting up the two boxes that are currently running in my dorm. One is Win2k, and the other is Redhat 7.1 There's a very specific set of instructions here about which set of protocals and settings to use to connect a Windows machine to the campus network. For Linux, no help is offered. It's as if the people in the Student Technology Center who run the network don't want students using Linux. It turned out to be easier to set up the Redhat box for network use, though! They seem to boot me off the network every few days, though, just for running apache with a couple of text files.
The admin is responsible, whoever s/he is... (Score:1)
If the university's computer system is at risk because some student administrated computers have viruses, then the university's computer system is too vulnerable, and should be fixed.
Re:If servers are banned, why are you running apac (Score:1)
I am not a lawyer, and I know the Constitution isn't 100% in force these days, so the above is likely wrong.
Limit Exposure (Score:2)
Why have a computer? (Score:1)
my $.02 (Score:1)
1. make the software valitary, people love free stuff.
2. Disclose to them your Problem with the sotware
3. MASSIVE PR move about viruses, notes on all of IS web pages, E-mail newsletter, print information
4. Antivirus software on all collage computers as standard, but alow it to be removed.
5. set in place a system to contact comptuer users
if a virus strikes the network, i.e. E-mail alert or notice on a big webpage.
6. MASSIVE PR move to change the Defult settings in IE to make it stop VBS files.
7. and finaly keep everyone updated, knowlage is not only power but motavation, if they know whats going on people can get involved.
Re:College Student computing preference (Score:1)
There's certainly no obstacle to anyone running Linux- and I've had no problem with Irix or Solaris either. I think we will continue to offer zero support for the forseeable future, though.
Re:Boot all PCs from sealed-shut bootable CDROMs. (Score:1)
There are very little of not any now (since fixes are available very soon) voor worm/virii that use a security hole to get root/administrator acces to infect.
A university deparment that uses Windows 9x on their computer shouldn't bother installing any anti-virus software
Re:Mcafee/Network Associates (Score:1)
MacAffee (and most other REAL virusscanner) are cross-platform, silent and automatically updateble.
On my work I've installed MacAffee on the (Linux-)virusscanner in combination with Amavis (http:/www.amavis.org I thought) that intercepts all infected mail messages and updates itself automatically (via cron of course) every month.
Re:Mcafee/Network Associates (Score:1)
I didn't want to waste internet bandwith, for virus-paranoia.
Re:Filter at the mailserver, it's that simple. (Score:2)
Yeah I'm sick of those programs that keep messing with my settings. Like linuxconf, ifconfig, ipchains, netconfig and vi. Does anyone have a virus scanner that can get rid of these damnable programs?
Enigma
Re:Outlook! (Score:3)
-antipop
Just don't do what my school did... (Score:2)
Due to a fear of virii and 'hackers' (and the fact that this was a "trained-monkey" MS admin), there was to be no remote ftp access to the server - not even for professors! Basically, I had to build the Db and front end, then burn it onto a CD and walk it across campus to the Biology building, and hand it to the admin.
Of course, there were some small bugs to be squashed. At least he let me email him the fixes.
(fairly OT) Re:Command AntiVirus (Score:2)
Breakage Account: Responsibility AND Consequences (Score:3)
Back in the day when I was in college (mainframes and dumb terminals), it was required for each student to fund a breakage account. The funds in the account would be refunded to the student upon graduation (transfer, leaving, etc.) MINUS any damages caused by the students (holes in the dorm room walls, broken windows, etc.) In other words, students were held financially accountable for their actions. In effect, there was something like self-insurance by each student for damages they might cause.
What if a similar approach were taken with student (and faculty) systems? (The following is off the top of my head and likely has some holes in it, but I would hope it would provide a starting point; add or adjust as you see fit.)
Ultimately, nothing is bulletproof, but make the protection readily and easily available, and impose penalties (sticks) on those who choose to not make use of them and provide benefits (carrots) for those who DO use the protection. Some viruses may get through, but the ones you DO catch are that much less to worry about.
Okay, now I'm going to step back and let the /.'ers blow holes in this. :)
At VaTech... (Score:3)
It's nice to see the school do this as a "perk" for us, and to help everyone stop the spreak of viruses.
antivirus.vt.edu
Question. (Score:2)
~
Campus Help Centers (Score:3)
Considering that most school communications now rely on email and other electronic means, I think our department is doing an outstanding job. We have a help center too. A good friend of mine says the largest portion of issues they get is how to use MS productivity tools, although I'd bet they got quite a bit of calls when the IRC server (which USED to be connected to DALnet) got DDoS'd. If you really want to get people to fight virii, forcing them won't help. Just put out some Press Release type emails about how you want to help, and write up some guidelines, instructions on how to forward mail, etc. Rather than force people to use Norton and "sanctioned hardware" , maybe get a site liscence and encourage people to download it. If your server allows it, write a tutorial on how to filter email, especially things that have .vbs or .exe attachments. Instead of telling people what not to do, help them do things on their own.
Re:email filtering (Score:2)
More importantly, such an across the board ban is a nontrivial decline in the quality of service for students, especially since most universities implementing it wouldn't bother to inform students of their filtering policy. Would you want to be the uni. tech support guy who has to answer "My attatchment disappeared!" calls all day?
--
Re:Responsibility... (Score:2)
Well, considering how many viruses there are that can turn a machine into a zombie (or help do it), its a good pursuit. University PCs are prime targets of DDoS hackers given the bandwidth these systems have available. Its not gonna be perfect, but it helps keep the thousands of student machines somewhat inoculated against script kiddies. Course if they don't get their virus in they'll take control of the machine some other way. But you gotta do something/start somewhere!
let them handle it themselves (Score:2)
But you do not have a right to force students to use any anti virus products, and you also do not have a right to grant/deny network access on the basis of usage of such products.
It's good to want your network to have high uptimes, but, frankly, most network failures are due to failed routers. Also in many University networks there are frequent cable problems. When I was at OSU, it was every other day an intra-campus cable had failed. Now that they're using fiber, it's probably more severe. But seriously, viruses only cause harm in mass, and although an e-mail virus can quickly spread to every person in the school (and their parents, grandparents, etc.) via Outlook, if you have e-mail filters the above said is no problem.
You should by all means encourage students to run virus scanners, because most support requests are local problems. As to the capabilities of the scanners, most do little than perform filename searches and occasionally search a bit of the file. Today's up-start global virus is usually polymorphic, embedding itself in rundll.exe or systray or constantly chuking itself up.
However, for catching things like Sub7, these scanners do work well. That being said, I have never used a commercial virus scanning product and have never had a virus. The only reason commercial virus products are so popular for their limited (null?) functionality is because of hype much associated with blaming something YOU did on an invisible gremlin 'virus' that 'must' be screwing things up.
But for the reckless who fancy accepting file transfers from haxor3llt in IRC, those who frequent warez sites, and those who infect themselves with sub7, they should by all means be forced to use any University-controlled virus software. Unfortunatly, I've just described virturall all college students so it fits perfectly
Power Corrupts (Score:2)