UCSB Bans Windows NT/2000 in the Dorms

nick58b writes "The people in charge of the networks for all of the on-campus dorms at UCSB banned the use of Windows NT and 2000 on their networks citing security and network problems associated with them. While there are problems with NT/2000, Windows 98 and ME computers are still permitted. Students using these are "recommended" to upgrade to XP Home Edition. In other news, sales of Windows XP are way up at the campus bookstore."

Ugh.

[SlashChick]

The idiocy of some network admins never ceases to amaze me.

"Residents' computers were compromised with several well-known vulnerabilities and used for all manner of unfriendly purposes such as the installation of viruses like Code Red and Nimda on other residents' computers."

Oh, so you really meant to ban IIS, which is, after all, the software that contributed to most of these worms. Ironically, www.resnet.ucsb.edu is running IIS 5.0 on that very same evil Windows 2000 OS.

Want to know my guess at what happened? Since the admins weren't blocking web servers running on port 80 outside of ResNet, someone set up an IIS server and got nailed with Nimda, which then killed their ResNet web servers (assuming that they hadn't patched their web servers, which isn't much of a leap to make, considering they don't seem to understand the difference between Windows 2000 and IIS.)

"OpenSSL and Apache holes? Wow, let's ban Linux!" That's the same ridiculous leap they made in banning Windows 2000.

"While we understand that it is possible to run a secure Windows 2000 environment, past history has shown that this rarely happens on ResNet."

Nothing like insulting your users AND taking away their right to run a particular OS. You know, this IS an educational institution -- why don't you try educating them? Better yet, cut off ports that are spreading Nimda -- that'll make people figure it out really quickly.

This is ridiculous in every sense of the word, and I hope the students there organize and fight against this. If I lived there, I know I would be.

resnet.ucsb.edu is using IIS on W2K

[Perdo]

http://www.resnet.ucsb.edu

The site that is telling students they cannot use W2K is running IIS.

The student's machines get compromised, and resnet get's compromised so some Admin who would otherwise get fired for not installing HIS updates, scapegoats the student's.

Crap sysadmin and non technical management are the cause of this.

If they were so worried, wouldn't they be running Apache?

Why not....

[Dynedain]

We all know that Win2k is a hell of a lot more secure than win98/ME and probably just as secure as XP....that aside...

Why don't they do what my university did.....if your machine was detected trying to propogate nimda or code red, the smart switches disabled your jack. Getting it re-enabled meant calling Information Services Division and proving that you had cleaned up and protected your machine (downloading and installing the free copy of Norton Antivirus they provided).

It really seems to be a good system. Plug in an unregisterd NIC - blam - jack turned off and MAC address added to a blocked hosts list. Plug in a hub with more than one machine behind it...jack turned off. Run an unauthorized web server...jack turned off, mac address added to blocked hosts list. etc. etc. etc.

I'm suprised other large institutions don't do the same thing. It sounds like it would save a lot of headaches.