Slashdot Mirror
Universities Taken Offline to Fight Worms, Viruses
chrismg2003 writes "Nationwide universities are opening their doors to new students but closing off their network services. The Blaster worm has caused universities to take drastic actions to protect their campus networks. Universities have gone as far as shutting down their entire resnet network and bringing it back up dorm-by-dorm after each computer has been certified worm-free. The ICMP ping requests alone have brought down my university's resnet multiple times and we are scrambling to clean the worm from all computers before it forces us to follow suit with other universities."
Can we get the ISPs to do this too? It'd be really great if they'd just turn off a tiny manageable chunk of infected users and wait for them to call support. Support could then tell them to patch, or upgrade, or get some other type of clue. A really with-it ISP could just replace the web page the user wanted with a page that tells them to get with it.
Problem is, any plan will cost money to support. Worse, it might prompt the users to just cancel their service. I can't imagine ISPs like that idea. At least with the universities, the students have no choice, pretty much.
A programmer is a machine for converting coffee into code.
I wonder if they're checking each machine for mp3s & other RIAA/MPAA type material too. :P
Much wasted effort, probably to be repeated at least annually, could be avoided by insisting that students upgrade to a more secure operating system.
If they shut down the campus networks, how will the students download all the music and movie files they need to start the semester off right? ;)
DecafJedi
my weblog: apropos of something
BUt University are some the hardest places hit because they cannot mandate a remotly updateable virus scanner without getting outcires of privacy invasion.
Tragek
It took them this long? Then again, I did work in the computer department of a community college, who took their cues from the big universities nearby. If the university networks were as kludgy and swiss-cheesed as the community college networks, it's no surprise they have problems.
Sure, it's fun to let people on and learn the hard way, but these days there's too high a price to pay for another persons ignorance.
I have no tag line
Universities Rush to Protect Networks
Area Schools Adopt Strict Policies Aimed at Getting Students to Upgrade Computer Security
By Brian Krebs
washingtonpost.com Staff Writer
Thursday, September 4, 2003; 1:58 PM
George Mason University administrators, anxious to protect the school's computer network from a raft of viruses and worms plaguing the Internet, today unplugged thousands of students from the network.
At 1:35 p.m. today, network administrators at the Northern Virgin school cut Internet access for all 3,600 students living on campus.
The move should not have come as a surprise to GMU students. Last week, as freshmen reported for orientation, they were required to meet face-to-face with a network security expert to have their laptop or computer checked out. Upper classmen were greeted by school officials who handed out the latest electronic sex toys. To get the school's message across, all students were asked to sign a document confirming that their computers were updated with all the needed security upgrades.
Not enough students confirmed that their machines were updated, prompting the GMU action today. Administrators said they would try later today to reconnect porn, weeding out students with infected PCs. Students living off campus can continue to dial in to the campus computer network.
George Mason is just one of many universities in the region and across the country making computer security a top priority as the fall semester gets underway.
University of Maryland residents who tried to access the school's network for the first time over the past two weeks were corralled onto a Web site to help search for and mend the security hole exploited by Blaster, a computer worm that emerged last month and infected hundreds of thousands of computers worldwide. More than 6,000 students that had yet to apply the needed patches did so, but hundreds of other students ignored the advice and were promptly booted from the university network, said Gerry Sneeringer, an IT security officer at Maryland's Office of Information Technology.
"There were a certain percentage of students that wouldn't listen to us unless we hit them upside the head with a lockout," he said. "You simply can't deal with these problems until you've got your network under control."
At the University of Virginia, some 800 new and returning student residents were knocked offline by the schools' automated security "bots," programs that patrolled the network looking for infected PCs. Students were then handed CD-ROMs loaded with anti-virus toolkits and software patches and were only allowed to plug their computers into the school network after proving they installed needed fixes.
Spokespersons for Howard, American, Georgetown, George Washington and Catholic universities reported far fewer problems with their networks. While several of those schools were forced to disconnect some infected computers, in most cases students asked to prove their PCs were clean before being allowed to access campus networks.
As computers have transformed the way students and teachers interact at most universities, school administrators are focused on protecting their networks. Roughly 80 percent of higher education classes employ e-mail and the Internet for some form of student instruction, according to a 2002 study of more than 640 public and private universities nationwide conducted by the Campus Computing Project.
Instructors at most universities are under tremendous pressure from administrators and students to distribute course material over the Web and through e-mail, and allow students to add and drop classes online, said Steven Worona, director of policy and networking programs at EDUCAUSE, a nonprofit that provides computer training and support for 1,900 colleges, universities, and education organizations.
Because of this dependency on the network, a lot of universities have been forced to place much tougher computer security restrictions on students.
"Scho
This situation has affected me. I wonder how they will certify my Linux computer. They can't run their security checker stuff on it, as it doesn't even run windows. I may have to put up a patched XP install just to regain network access. Anyone got a spare copy to donate?
A friend of mine called me saying that Roadrunner contacted him about a virus on his machine. It was the Blaster worm. He was never unplugged from the net, but the fact that they called him is a good step.
You know, July. A whole month before. Where it was reported on Slashdot and major news outlets. And the government warned about it TWICE.
Oh, that's right. Slashdot is trying to report as much as it can about this because there is an agenda you can't deny.
"Sufferin' succotash."
... has disabled network access for at least two weeks. Each person is required to call the IT department and tell them if you're running Windows. They will then come to your room and patch everything up. They are not treating it "dorm by dorm" here, because even the faculty doesn't have network access. Only things like computer labs actually have network access. The network as a whole will be brought online at the same time.
Nationwide universities are opening their doors to new students but closing off their network services. The Blaster worm has caused universities to take drastic actions to protect their campus networks. Universities have gone as far as shutting down their entire resnet network and bringing it back up dorm-by-dorm after each computer has been certified worm-free.
Geez, this gives that old joke about the guy yelling from the back of the auditorium, "Get a Mac!" new life.
Visit Jonesblog and say hello.
From http://www.nccomp.com/sysadmin/whatif-1.html
"Meet Team Blue. Team Blue is not a single, testosterone filled 18-year-old trying to make a name for himself in the hacker (more correctly, cracker) community or trying to get the attention of the FBI and hoping to be employed for $75,000 a year at the young age of 18. Team Blue doesn't brag on IRC about what they can do or are trying to do, with "oh yeah, watch this" stuff that can be traced to an ISP, then to an IP, and eventually to the MAC address of the NIC in the PC used to write or distribute the virus. Nor is Team Blue a group of hackers trying to take down the "anti-christ of the internet" known as Microsoft (opinion at large, not just my own). Team Blue is a group of three to five 27 to 35-year-old programmers. The know C, Java, and the TCP/IP stack. The know ActiveX, VB, VBScript, and JavaScript. They know what RFCs are and how to get information out of them. They know what ports are usually open on all firewalls (inbound and outbound) and even how to get around a proxy server. We won't speculate about Team Blue's motivations anymore than we will about the motivations behind September 11th, 2001. Team Blue is sworn to secrecy and share a common goal. They are the initiators of the new world of cyber-terrorism. They are the reason the Department of Homeland Security exists. Team Blue doesn't talk to anyone about their plans. They don't chat on IRC or post questions to newsgroups. They don't subscribe to 2600 Magazine, though they probably buy it Barnes and Noble. They don't have internet "handles". They don't email code around, even with PGP. They use public wi-fi hotspots to communicate and leave, at worst, only a MAC address in any logs. They use laptops and PCMCIA wi-fi network cards so that their MAC address can change as often as they want it to.
Team Blue has a written a nice virus; at least nice in the sense of how well it is coded. They are waiting on only one thing: the next Microsoft software vulnerability to be published to the internet. Their virus does many things..."
Lets see here..
Two scenarios
Scenario A-
Computers taken off line. Productivity is lost entirely.
Scenario B-
Virus hits. Productivity reduced.
Hmm.
I worked for my campus Resnet team, and we could tell who was sending what kind of traffic. If someone was hitting the network with Blaster traffic, we could shut down their specific port until they proved they were clean.
Their problem, not the entire network's, after all.
skye
My friend attends SUNY Maritime in New York and said that his school shut down their network to solve the problems and just got internet today. I was extremely surprised, as I think its a very far-reaching solution to a small problem.
I still haven't moved into my dorm, so I guess I'll have to find out when I go in. I have friends at RIT, West Conn, RPI, Marist, UCONN, NYIT, University of Rochester, and Elizabethtown College and none of them have trouble with their internet connections (I'm assuming this because I talk to most of them via AIM).
You should get a partial tuition refund if you don't use Windows, and thus the university's IT doesn't have to worry about you.
I actually am a network technician at a university right now, and basically the problem with the current issues, is that the students don't know the proper security measures, like patching their systems. The majority of students that I have disinfected, haven't run windows update, ever! They usually also have out of date anti-virus definitions, and now a firewall is looking like more of a necessity. If they would realize this, then the problems wouldn't be as wide spread.
At the University I work at, this year they are just restricting resnet students from running what are deemed "Server" services on ports below 1024, such as shared drives or telnet dameons. However, above 1024, the students can run whatever services they want, so the ones who know what they are doing will run ssh up there. Also, the school has central servers that can run things (like web pages) for the students that are quite sufficent (speaking as a former student).
Next year, however, there is discussion of implementing something like checking all the dorm machines before they are allowed on the network... We have 40,000 undergrad students, so if even 1/4 are living on campus that will be quite a chore, but it is being discussed, and will happen.
One of the computing directors even told me the only reason it wasn't done this year was because they could not get the cd's for staff cut in time. I just want to know where they are going to get the army of staff that would be needed on Labor day weekend to do this.
How long will people be willing to take these drastic steps to protect themselves from windows-only worms and viruses??? For pete's sake, it can't be any more trouble to migrate students from windows to mac or linux machines, given that the alternative is to go through these fire drills on a regular basis.
I know migration and policy change aren't easy, but I just don't understand why it's considered acceptable to do something like this, but unacceptable to migrate to a non-windows platform...
Facts are stubborn things.
As I mentioned in that Ask Slashdot question a while back about handling this sort of thing, one could VERY easily set up VLANs on managed network equipment.
Joe User plugs in his desktop. His machine starts spewing garbage, which gets detected either at a border or by honeypots. Script runs, switches Joe User's network jack to a secure VLAN which is heavily firewalled and only allows him to get antivirus updates, removal tools, etc.
Of course, this requires you use managed hubs/switches. If you're not already, however, that means you're wasting substantial labor paying some poor schlep to, well, shlep, around campus, managing patch panels in network closets. Also means you can't diagnose connectivity problems very well, etc.
Please help metamoderate.
Even for those of us who still use MS operating systems regularly. Boot up, with your hand over the floppy drive light: "it's Linux, 'k?"
Surely they have routers and not just switches tying each wing into the network. So I wonder why, instead of spending all these hours on manpower for the current worms, they don't just block ports 445, 135-139. Do they really need them on the residential network?
Get off my launchpad!
The ICMP ping requests alone have brought down PLU's gatekeeper (resnet) multiple times
sounds like somebody needs better sysadmins to me. perhaps a better network layout wouldn't hurt either.
why not block those icmp requests at the switches to each bank of dorms? you do have switches, don't you? you can then look at the logs and find out which machines are infected.
why not deny any outgoing smtp traffic from resnet machines?
why not block the ports used by these specific worms?
why not implement some proxy servers, so that students at least have access to the web while everything else is offline?
if you were working at a real company, and not a dorm, you'd be fired for "shutting down the network". disabling all services is NOT an acceptable solution.
I posted this before but it's still relevant..
I work for tech support for a large (30,000+ students) university. This fall we're expecting as many of 30 percent of the machines coming to residence to be infected with a worm.
To defend against this we're going scan all machines over the network during the registration process and if the machine is vulnerable the browser will get redirected to a webpage with the relevant patches which the client must apply. If they don't apply the patch they won't be able to connect to anything but our internal authentication vlan.
One of the reasons our networks get hammered during any worm incident is that there are so many machines connected to the network that just aren't patched ever.. Eventually we just have to manually shut down the ports infected machines are connected to and wait till clients call to complain to explain why they've been disconnected.
I'm a freshman at University of Maryland, College Park, and overall I think their policy is very straightforward and simple. They haven't bother shutting off sections of the network or anything like that - they don't need to. When you bring in your computer from home, you have to register it (I think it's done on a MAC address basis). One of the requirements of registration is that you have to apply all of the patches for the recent Blaster, SoBig, etc. viruses. Granted, this isn't going to do much in the event of another virus outbreak, but for now, I think they handled it very intelligently.
Cyde Weys Musings - Scrutinizing the inscrutable
An anti-MS agenda?
On the whole, I've found while there's an anti-MS bias, pro-MS comments, etc... that are intelligently written will usually get modded up, not down.
Me? I'm OS-agnostic. Whatever tool feels right for the job.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
At the university where I work, the main campus is in the middle of an XP rollout, and the builds being installed didn't have the patch applied. Hosed the network so badly that remote updating wasn't possible - all the techs have been frantically running around with patch disks for the last few days.
Fortunately, the campus where I'm based is mostly on Win 9x, and we managed to get most of the rest of them patched before many were infected. We thought that we'd got them all, but we were still seeing ridiculous ICMP traffic. The networking people checked the traffic logs, and the PCs were identified.
They belonged to two of the Technical Support staff.
I go to a decent size university (about 3000 students) they recently got hit by all the worms. Working for the computer services department, we were busy with the back to school issues and also with the worm. In creating our images, we have set the virus software to update daily around 9am (I think) with a randomization of about 3 hours. This was one defense against the worm.
Another defence was through the problem reports, since the campus provides computers for every dorm room. Upon submission of the problem, sometimes we would go reimage the system with the fix. Other times we would run some virus software to remove it and then the fix. After a few days, after we had figured out the fix, we sent out an email to the entire student body with the fix and with a removal program.
On the network end, port 139 is still currently blocked since that was one way that it spread. We have yet to totally get rid of the worms, but we are almost there.
With the other viruses, the server team quickly blocked all attachments with the pif extension, and a few others. This worm was pretty much stopped before it had a chance to grow on the network.
My university never shut down dorms or the network of any sort to stop the worm. We have maintained a active roll with virus software with our own ftp server for the definitions. Our server is also update twice a day to help prevent any more outbreaks.
Even though the worms were all acrossed campus, having many people work on the stopping and blocking the transmission of the worm, I think help keep my universitys network up.
At UCB the campus wide network (not just the resnet) is on alert for infected machines. If one is found, it is denied access until a sysadmin comes out and cleans it. They've sent several warning messages prior to doing this. The news release is here
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
Comment removed based on user account deletion
Tech support services are basically overhead at an ISP (as far as increased service burden, ultimately cost to you). The easier you make the service, and the less dependent on tech support, the better for its consumers.
Indeed, if you call your favorite big ISPs tech support, they are unlikely to provide real help anyway (little technical insight, low pay, high turnover). Adding the extra burden of instructing the user how to un-infect their computer on something mechanical like individual telephone tech support would not help matters.
I favor the idea of cutting off infected customers. But I think the mechanism of getting customers back online should not involve the customer having to figure out that they need to call tech support - at least not first. The better way to support them is to redirect ALL HTTP requests from these customers to a ISP-provided site, which in turn informs the customer that they are seeing this page because their network access has been lost due to a virus problem on their computer.
That's the way that AT&T got customers off their @Home services (e.g. static IP addresses, dns/nntp/pop3/imap server information, etc etc). All HTTP requests went to a canned page. All usenet newsgroups at the old NNTP server contained a single message - one that instructed the customer to reconfigure their NNTP settings. All requests from non-DHCP provided IP addresses were directed to an appropriate placeholder.
Working for a university, one of the biggest problems is the sys-admin forgetting that that lowly base image they only use for 5 minutes just to get stuff up and working before they let the automated scripts loose isn't patched. This means they can be infected, then cleaned off within five minutes. However in this five minutes they can broadcast to enough unpatched boxes (usually locked away with postgrads or staff who are too busy or know better than to update their machines.) that all hell breaks out on the network and those connected to it.
Not to mention many people bringing in unpatched or infected laptop machines and deciding that they shall plug them in where they see fit.
Off-topic. How do I view my comments that I submitted previously to my latest 24? TIA.
The worms have crashed the network for several hours. Now the Computer Center admins put the entire dorms network behind a seperate firewall blocking ICMP and ports 135/139. I've seen the packet counts from the net admin, and it's scary! I suggested they disconnect all infected users and reconnect them only after applying patches, but they don't want to mess with that.
Make even shorter URLs - 8LN.org
I'm at NDSU in Fargo (insert obligatory joke here), and for once ITS had a semi-intelligent solution. They found some way (haven't had a chance to ask for specifics) to find out when a computer was infected (or even vulnerable, I hear), and then they just denied that MAC address an IP from the DHCP server. Once it's cleaned up, you call or email them and they put you on the list to be reactivated. Of course, it's a bit bothersome when you have to wait overnight to get a PC back online, but it's better then losing all network access while you wait for them to check everything. (Of course, this solution only came about when they didn't get the patch rolled out in the computer clusters and most of them were shut down to getting infected.)
I'm the SysAdmin for the math department, and we're still facing sporadic infection on computers that didn't get patched when I sent out an email this summer. (Would have patched them myself, but I was 1500 miles away.) Fortunately, our lab got patched the night before Blaster was triggered, so we were safe there. Only a couple faculty members who could wait a day or two to get back online.
"You will only be remembered for two things: the problems you solve or the ones you create." Mike Murdock
They'll have to go to the newsagents for a pr0n fix now :o)
I've noticed that everyone who is for abortion has already been born - Ronald Reagan
Here's another application for the new PF's OS Fingerprinting capability. Don't route Windows boxes and people running any other OS don't get annoyed.
No GNU has been Hurd during the making of this comment.
outlaw windows?
just a thought
Don't Tread on OpenSource
The action seems perfectly reasonable to me:
To get the school's message across, all students were asked to sign a document confirming that their computers were updated with all the needed security upgrades. Not enough students confirmed that their machines were updated, prompting the GMU action today. Administrators said they would try later today to reconnect dorms, weeding out students with infected PCs. Students living off campus can continue to dial in to the campus computer network.
Looks like the kids are getting a decent deal on virus-removal and system updates too:
Students are being charged $30 if a university technician is called in to clean an infected machine, a school spokesman said. Students can go to off-campus experts for a fix but must certify that their computers are updated with the latest security fixes before being allowed to access the campus network.
Hmph, I can't find anything wrong here. Of course, there are a couple of choice quotes from the kids who, I believe, are our future:
Kimberly Borchert, a 19-year-old sophomore, said her computer "freaked out" as soon as she plugged it into the school's network last week.
Freshman Andrew Canose was one of several GMU students who encountered problems after installing the university-provided anti-virus software. Canose found the new program conflicted with an older anti-virus program already on his computer. "My computer is like at war with itself and won't work," he said.
But my favorite lines are from the admins, such as this gem:
"I think we really need to groom a new type of student who is responsible for their computer security," said Kathy Gillette, manager of George Mason University's beleaguered tech support center. "A lot of them lived at home and mom or dad took care of the computer so they've never learned how to fix them, but hopefully we'll be able to teach them that too."
And the classic:
"There were a certain percentage of students that wouldn't listen to us unless we hit them upside the head with a lockout," he said. "You simply can't deal with these problems until you've got your network under control."
everything in moderation
If all you retards would just use Linux, this could all be avoided.
Too hard, you say? Well I don't have a hard time with it. You're not dumber than I am... are you?
-AC
Saying that everyone should switch operating systems is not the answer to the problem. Although Windows has more than it's share of problems, other operating systems aren't flawless. If everyone went out tomorrow and switched to a Mac or Linux I can promise you that the number of viruses and worms for these systems would go through the roof. Considering that an average user either a. doesn't know how, or b. even bothers trying to use something as simple as Windows Update, do you really think they are going to know how to secure a Unix based system.
Microsoft should hire me. I can write code that doesn't work faster than the guys they have doing it now.
Our network was completely offline for two days last week (first week of school.) Apparently they implemented some patch, and not everyone reset thier systems, and thus the next day the virus just started spreading itself again. Ultimately they went to each computer and scanned it individually.
Outlook sure seems like a major pain in the ass (unless your getting paid overtime to deal with it.)
Morrisville State College, where I attend was shut down as well. We're entirely wireless (old 802.11 absolute crap, 1.5mb connection) as well as we have no land lines, every student is issued a Nextel cell phone. When we moved in no dorms had internet, they were shut down for 3 days and numerous people had accounts shutdown until they cleaned up. Ah well, over with...
------------------------------ SirPhreak - "It's Thinking..."
If these schools have to resort to shutting down their entire networks than they seriously need a change in staff or an increased IT budget. I previously went to San Jose State in CA, the definition of completely incompetent school, and they had a system that automatically shut down ports with excess traffic, port scanning apps, and viruses. It then put a help desk ticket in to have a techie go talk to the student. This is the way to do it. Shutting down the whole network is not necessary.
Tim Smith - Ramblings from Nerd Land
I got hit with the W32.Wechia.Worm today.
.NET Passport before I can do anything.
.NET Passport, which has also been cracked, and potentially sensitive user information taken.
Yes, yes... install all patches, etc. The thing is, Microsoft is releasing security patches at an alarming rate at this point, and XP's Automatic Update seems profoundly dumb... I could swear I've downloaded the same security updates 3 times now, since it apparently either doesn't detect whether you already downloaded them (I can't always install-and-reboot in the middle of my work), or there's a ongoing stream of new revs to the patches, without them stating such.
And now, MSN Messenger keeps informing me that there's a "Critical Security Update" with a link to a download page (naturally, I can't reply to the message...), and going there informs me that I must set up a
All I want to do is turn MSN Messenger off. Close, disable, whatever. Version 7 seems to have no method of preventing it from connecting and giving me a bunch of messages when I connect to the internet. Try exiting it, it says it's in use by another application, even when I have none open. Select anything regarding its startup options in the options menu, still comes up. I've now went ahead and uninstalled it using Add/Remove Programs, though I'm reluctant to do that in case I need to communicate with a client using it at some point.
This is truly annoying. It seems that in effect, Microsoft is zealously forcing me to maintain my vulnerability to exploits, by insisting I continually use their Messenger (Yahoo IM works just fine for me, thank you...). They nicely give me the alternative of updating, to do which I need to sign up for
At least in most areas, you can choose to avoid a vulnerability-laden application. It seems the Microsoft solution to their insecure software is just to go ahead and force you to use it.
Argh. Does anyone know how I can just turn off MSN Messenger? TIA!
(Disclaimer: My personal experience, Microsoft used fictionally, MS lawyers are good people, etc...)
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
With the high cost of installing patches and downtime caused by MS inspired viruses, can anyone seriously consider the TCO of windows to be in any way reasonable. I mean is a *nix system, like a x86 linux or mac or even a sun blade be so expensive or hard to use that the having a systems down for days at a time be a necessary cost of doing business
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Here in Mexico, at my university (ITESM), there is a scanner running every 30 minutes. If it detects you are infected with the Blaster worm, your network access is revoked. You have to go to the IT department so they can check your computer and certify it virus-free.
Also, every time you go into the school's web site, a pop-up window appears with instructions on how to install Norton AV and keep it updated.
Because of these worms/virii, the network has been down intermittently for the last 4 weeks.
I'm a student at UW Madison, and they're going nuts about viruses and worms over here as well. There are signs even in the lunchrooms reminding students to be careful of viruses...
remove computers from the internet, limit access to systems, and ...wait that is what these scripts were written to do.
No, the terrorists are winning!
Karma: Censored (mostly affected by decency laws)
About time for Apple to bust out with a new series of Switch ads.
> If you mean Linux, I assume you somehow are going to fund training all the students how to use it, along with getting all of the school's faculty and staff to support it, along with providing for Linux patch management efforts. Yeah, right. Back to the real world we go...
Insightful? That isn't insightful, that's just plain flamebait. Obviously you've never even tried using Linux! There's nothing difficult about it at all - KDE and Gnome look enough like Windows that anyone familiar with Windows can figure out how to use it for what they want. Let's not forget that in universities, most of the students just want to use word processing for reports and stuff. KOffice, OpenOffice, etc. really don't look much different to Microsoft Word which is what most people are used to using, so I don't see any retraining costs there. And the suggestion that perhaps staff wouldn't WANT to use Linux? You're forgetting that universities are where Linux came from! RMS started the GNU project in the labs at MIT, Linus was still a student when he started Linux. I know most of the staff at my university prefer Linux but don't use it on their destktops because stupid coroporate policy dictates that they must use Windows for their desktop!
As for computer science students - should they be made to use Linux? Yes! Unix (and thus Linux) was first designed as a programmer's OS, so if they can't figure out how to use it they sure as hell won't have a chance in their computer science course!
What was all this about again? Worms? What are they? I wouldn't know, I use Linux, never had any problems with worms, trojans, viruses, etc. Everytime I see the headline "virus causes $200 trillion damage" or some other ridiculously over-inflated estimate, I just laugh. I guess it's their fault for continuing to use an OS that has so many times caused so much trouble for them.
I work in Technical Support for a local ISP here that provides access via dial-up, DSL, and terrestrial wireless (802.11b mostly, but also Turbocell, Trango & Motorola 5GHz solutions as well for backhaul links and bigger clients), and we also supply net access to a few apartment complexes and student housing facilities in the area (college town ISP).
Ever since Welchia hit, we have been doing exactly what is being described here: kicking off individual customers and even shutting off entire chunks of our network when it is discovered that a particular user or a large group of users are infected with Welchia and spewing their worm-related ICMP crap all over creation. We've had to take down entire apartment complexes and have people go door-to-door with CDs containing the removal tools and MS patches before bringing them back up.
I'm not certain how many people outside of the ISP technical support world know just how much of a PAIN Blaster and Welchia have been FOR technical support departments. Welchia came out, what, 2-3 weeks ago?, and although for the most part the majority of people are not seeing their effects anymore, these worms *are* still alive and kicking, and I don't see the end in sight anytime soon...our incoming calls have skyrocketed ever since the worms were released and especially after we found we had to take the drastic actions that we have had to take, and they have not waned yet!
We're going to be forced to continue to deal with these annoyances (-- understatement) for a long time to come.
Toss a webpage up that says:
"We detected MSblaster on you machine, please goto to microsoft wupport, and download the appropriet patch"
Just let it sit there for 60 seconds, then let them conintue on.
After they hey the site three times, send them an email with directions. always point towards microsoft support.
all this can be automated pretty darn quickly.
The Kruger Dunning explains most post on
I'm sitting in a dorm at George Mason University right now; the school that shut down their entire resnet. I'm dialed in through an AT&T Worldnet account.
GMU's IT department could have done such a better job of handling this, as the article indirectly points out. Our e-mail delivery times have been nothing short of horrific... some of them being delayed 3 days or more...
It just seems like they could have handled this much more smoothly. Students use the internet for legitimate purposes, too. Most of my class materials are online, I have quizzes and homeworks I have to take online. The computer labs are already used to capacity without the 3000+ extra residents trying to get in on it too.
Blaster? This sounds more like Welchia/Nachi to me. Indicative of the ICMP traffic.
Cisco have released an excellent paper on setting up bitbuckets to match the 92 byte payload in the ICMP traffic on routers, switches, MSFC's etc here.
Also, Blaster paper.
It's not just universities doing this. My girlfriend lives in an apartment complex (primarily students) in which they have a complex-wide wireless network (Airwave, I believe). Anyhow, their network has not worked longer than 15 minutes at a time for the past 2 weeks. The apartment managers turned off the network access to everyone this past Friday and required everyone to install patches, virus scanners, "Service Pack 1", etc., and turn in a signed affidavit that this has been done in order to get internet access back...
More power to 'em!
Anyhow, my university sucks. Our campus email is flooded by upwards of 200 emails a day with "Re: Your application" in the subject line. Why can't this type of thing be handled more appropriately by the tech people at a friggin' university?
Just turn off ICMPs at the switch. *POOF*
I work for Residential Computing at Kansas State University (it is a student position). We really haven't too much trouble. Yes people have had blaster, but we did a pretty good job with an educational campaign as the dorms were opening. In instructing people to install fixes before hooking into the network. Those unfortunate souls who could not obey simple instructions had their port shut off until an employee got around to installing fixes for them.
Was it a hassle? Yeah, it definitely was, but to have the ICMP traffic bringing the network down is awful and is probably a sign of deeper tech problems at the university.
I thought more students in this Computer age would know more about their computers. Maybe it is just because I work with them, and most of my friends do too. Maybe it has something to do with some college students of today not caring what is said or done until it starts to affect them personally. i.e. There is a patch to fix a security bug, but I am not going to apply it because I am not having any computer problems due to it.
Yes, I know it's not "hep" to RTFA, but the following struck me as interesting:
think we really need to groom a new type of student who is responsible for their computer security," said Kathy Gillette, manager of George Mason University's beleaguered tech support center. "A lot of them lived at home and mom or dad took care of the computer so they've never learned how to fix them, but hopefully we'll be able to teach them that too."
This raised two points in my mind:
1. Young people raised on a MS Windows software monoculture are going to be dificult to instill responsibility for security into.
2. Does this person really believe that a lot of the students arriving now are not at least as technically savvy as their parents.
I noticed that the article said that freshmen were required to have their PCs checked, but upper classmen were not, simply being handed the latest AV software, and required to sign a document confirming that their computers were clean. If anybody claims that they are free, but then go on to infect the network, what happens to them? Do they have their head nailed to a coffee table or similar? I would assume that anybody who asked, freshman or not, could have got a free check-up in necessary: I certainly hope so...
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
The UW labs in Seattle were hit real hard by the Blaster worm. Thus, the UW campus network was a mess for a bit. Main causes: First, students can use the computers for whatever they want... i.e. the computers are very open. Second, IT didn't patch the computer.
Now you may wonder why I said "computer" and not "computers". Well here is why...the UW has an imaged drive lab. So one computer is used to push updates to EVERY single computer. Everytime a student logs off a computer the hard drive is made fresh again (cleaned) by the master server. That ensures proper working order and minimum IT staff work. Anything the student installed is erased too.
Single point of failure anyone?
Life is like pants... fit in or you don't fit in.
And far FAR easier than "switching" to Linux.
Anyone "retarded" enough to get infected with a virus on Windows is FAR too "retarded" to not get their linux box rooted. Especially with the blaster virus. It could be blocked by two compeltely seperate and simple prevention schemes.
If you have your linux box, unsecured on the net, then you are the "retarded" one. You have either been rooted already and don't know it or it will happen soon.
If you HAVE secured it, I guarantee you did more work to do so that it would have taken anyone to prevent being infected with Blaster.
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
The University that I go to has over 3,000 students, and around 3,000 computers on campus. (One computer in every 2-person dorm room, and many more in labs around campus).
We were hit by the worm the first day it came through. We were hit by the email virus as well. But we haven't stopped running. They immediately blocked many of the ports between dorms, including the port that Windows File Sharing uses, in order to minimize worm spreading, and updated the virsu definitions campus-wide.
The worm patch was made available to all students, and the computer techs have been working full time, but our network is still up and running, without a major problem.
Sure, there is a bit of a slowdown at times, but not much, and my school has still been operating... Which is more than you can say about many state governments....
Like the one that countered Blaster (but had it's own problems)?
If you're going to have your computer on campus network, you'll be probed for vulnerabilities and patched if those are found. Any lost data is your problem because you did not patch your computer.
This would be a very easy thing if the new computers were assigned addresses via DHCP. A new MAC address would trigger a scan of that computer. That way, not too much bandwidth would be used.
It would not be a worm, exactly. It would not replicate itself to the other machines.
This would also get around the problem of not being able to patch a computer unless it logged into your network or something (or had some other reason why updates would not be accepted).
Community Colleges in my state are getting their nets in order.
At mine, we blocked the smb ports at the router a long time ago. We'd have been hosed if someone brought a worm inside on a laptop, though.
My internet coop was hosed.
Brown University would have been better off mass producing 8000 Linux install CDs, rather than 8000 anti-virus CDs :-)
A colleaugue of mine, former cow-orker, just blogged about his experience in his brand new job being a network admin of a college in Maine. Turns out that his switches have a feature called "source blocking" which allows them to disable clients on MAC layer level if a client makes too many unresolved ARP broadcasts. He just outputs the list of clients to a web page taht the tech support desk can respond to when students call in and say "Hey, I can't get on the Internet, is it broke?" the helpdesk says "YEs, you're either scanning the network or infected by a virus. Fix it." And the latest batch of virii are stopped in their tracks.
-- There is no sig line, only Zuul.
I wish I had mod points. Nothing sums up the entire "virus" problem like those quotes.
Maybe we DID take the blue pill. You wouldn't remember anyway.
see, once ypou knew what they deede, you should ahve gone door to door and offered to patch for 20 bucks.
Naturally it would be free for naked coeds, or people you will need a favor from...like naked coeds.
The Kruger Dunning explains most post on
The idea of Quarantining users in a "update" sandbox sounds really cool. As long as the ISP can locally host the patches, it sounds like the perfect solution to the virus problem. I'd think we'll see virus scanning being included with ISPs in the very near future. Unfourtnately, MS is only interested in Monopoly, not fixing the problem. Most ISPs can't afford MS solution to the problem (i.e. pay MS lots of $$$ for expensive servers that still wipe out because MS can't keep up) Until Windows Update server API is untied from Windows servers (andd secret protocols, CALS, stupid patch changed EULAs, etc) it will always be a problem because no one will pay for "protection" for an insecure OS that should have been right to begin with.
Until Windows update can be written from scratch in PHP or Perl, and hosted on Linux without any other MS "restrictions" you'll continue to see the horrible virus problem. They're still trying to tie-in to the monopoly, it's about time they were forced to give it up for security!
Absolutely, it's vital, after all, what else is the campus network going to be used for?
Formerly State Univeristy of New York at Morrisville started classes on monday August 25th. Sure we had network problems but the entire campuse was clean up by noon on the 26th. Granted there are only about 3,000 students on campus, but there are about 4,000 computers on campus. Since about %80 of the students have laptops, and many have a desktop in their dorm, plus lab computers and faculty. My point is I want to give props to our IT guys for keeping the disruption to a minimum. On the otherhand I can't help but wonder if so many network operators new this was comming, why weren't they more prepared?
Slashdot is an anagram for Has Dolts, and I am Dolt number 468543
unless the OWNING organization is the one releasing otherwise it is just as bad and just as illegal...2 wrongs and all that crap...I have a business ISP, about 2 days after the thing hit we got info stating that they were scanning and if you were infected you'd get 4 hours notice then disconected...THEY DID RIGHT, bravo Megapaths, MANAGE your network and its' resources not the other way around. Now if only other ISP's say large ones with HERDS of clueless users could manage somthing similar I might yet save my online gaming business....
errr....umm...*whooosh* *whoosh* Is this thing on ?
Colleges, like the rest of society, expect students to behave in accord with established standards, or face the consequences. Violate those standards -- steal test questions, set fire to the library, etc. -- and you will be held responsible for your behavior.
There's no reason why behavior with a computer should be exempt.
If some college kid physically damaged hardware in his school's server farm and took the network down, the school might very well sue him to recover their financial losses.
Likewise, any student who deliberately releases a virus, worm, etc., on a school network ought to be held financially responsible for the damage.
Schools (and any other institutions) should establish "standards of behavior" (e.g., required protective software, avoidance of banner servers, etc.) and hold students who violate those standards responsible for their share of the damages.
-- Slashdot: When Public Access TV Says "No"
did this in a much more reasonable manner. When RESnet users open a browser after connecting to the network the first time, they are redirected to a MAC registration page. They use their campus-wide username/password to register their MAC address. The networking group wrote a script that redirects them to a php script that checks if they have patched or not. If so, they proceed to the registration page. Otherwise they are given instructions on how to patch. After they patch, reboot, and open a browser they are once again redirected to the script, which verifies that they have indeed registered and they go on their merry way.
Downtime was essentially nada.
Univ. of Colorado at Boulder
"I either want less corruption, or more chance
to participate in it." -- Ashleigh Brilliant
sometimes the techs are so harried for time that they don't get around to patching their own shit.
Sometimes they are so lame they can't be bothered to wipe their own asses, either...
Still, what a professional embarassment!
People usually need to suffer to learn. Why not install some kind of automated vulnerability/penetration testing tool that scans machines on a regular basis. If a machine is found vlunerable or disrupting the network because of an infection or misconfiguration, issue a warning along with some documentation, disconnect it and have the person report it fixed to be connected again. On the second incident like that, do the same but issue a serious warning and a one week penalty. On the third incident, disconnect the machine for the complete term. One could even consider billing the people for example 5$ for the first warning, 15$ for the second, 30$ for the shutdown. This way people will learn the hard way that keeping their computers secure and up to date is a requirement and also good netizenship. If people are not willing to accept rules for driving a car and cause accidents that disrupt traffic and endanger others, they eventually lose their license or have to pay penaltys. Why not have similar penalties for disrupting university networks. People with vulnerable or misconfigured machines don't risk lifes but they could cripple network operation for others. Think of this happening to you in the final stages of writing some papers. Veeery annoying.
As a tech at a small-ish college, we have been shutting floors of dorms down and then bringing them up one PC at a time. If they start transmitting worm traffic, they get shut down and have to come get a CD of patches to fix their system. Once they are clean, they call us up and get turned back on. It took us about 3 days to really quell the surge, and had our entire network down for hours at a time. It also makes the phone ring about every 10 seconds. Hearing that ring for the length of an 8 hour day, that will drive somebody crazy. All in all, however, it has worked, as most of the machines are back online and worm free. It really sucked for about 5 days though... "hi, my internet isnt working" ... "hi, my internet isnt working" ... "hi, my internet isnt working" ...
"Something's wrong with you...and I hope we never do meet again." - Deftones When Girls Telephone Boys
I'm the unix admin at Monmouth University (NJ). Almost everyone is infected. We've left everything turned on though put we put up another router to route between ResNet and the rest of the network. (before, we had 1 router campus wide hehe). Anyhow.. the ResRouter is a Cisco RSM/5500 (using multi-layer switching). with an access-list that blocks all ICMP.. checks to make sure your source IP is a valid ResNet IP... and allows 0.0.0.0 as a valid source IP (for DHCP Discovery). 60% load with 1300 students..
I have a linux box on ResNet.. I am going a tcpdump arp > testfile then looking at the top IPs sending ARP packets..
Turning those IPs off at the firewall so only infected students complain. We direct them to http://bluehawk.monmouth.edu/virus we also have Technicians running around with mini-CDs with all the dewormers and patches on them
Don't forget what happens off campus as well.
I'm connected to a WISP for my off campus internet, and they got taken totally offline by the worms. They eventually blacklisted all MAC addresses in the logs and went door-to-door with CDRs containing patches and removal tools. I feel sorry for them, because this was during the time when both a lot of people were logging on for the first time and they were installing more bandwidth, so they were torn three ways.
The result is that the "tweaking" that would have happened durning the week or so after move in is only now starting. The WiFi networks are still pressed by all the people on them. Everything (except, suspiciously, at their office) is slow, but getting better. DHCP in particular is down a lot. My ping and tracert commands are still blocked though.
One thing I've learned from this is that wireless networks do not fail gracefully under extreme loads, they just die. And, they allways die at night, after the office is closed, when you need to VPN into the campus network to start a program you have to use for your homework which is due the next morning. Or right now, when instead of posting when I press submit all the computer does is blink at me...
Our campus simply shut down the resnet completely for reasons including security and maintenance. Since all rooms have cable and phone, the students simply hook up with an ISP. Not much inconvenience and the maintenance worries, etc. have vanished. There are lab computers and some "computer rooms" but since those are all under direct IT control life is as hassle free as it can get. The down side is the rude introduction students get to non-subsidized ISP fees. But that is just another cost for education that you can file alongside books, laptops, and home brew kits.
"Consensus" in science is _always_ a political construct.
Whenever this sort of thing comes around there are always a dozen or so posts blaming user ignorance.
And basically saying good they deserve it.
Quit, it's annoying.
Remember all that medical advice on diet, smoking, exercise... that you're probably ignoring. Does NOT mean you're a moron. Nor that you deserve heart disease, cancer, obesity etc.
It's very difficult to make lifestyle changes, especially in areas you don't know that well.
So quite blaming the users. And do the best you can.
- I work in healthcare.
Seeing as how most Linux distros ship out of the box with all ports closed and/or firewalled, no internet services running, and seeing as how 98% of users don't change settings, I don't see how Linux could get rooted as easily as here-are-my-open-ports-please-exploit-me Windows(R)
"automated security "bots,""
I don't think that is the original text!
It's not a small problem at all. The network I help admin was brought to its knees by the Blaster worm and we had, maybe, 100 computers infected out of thousands of units (my Division had five confiirmed infections out of a total of 150 active machines). The department that runs the routers does not have the manpower to cut off ports for specific computers so they close off predefined subnets. and I'm not talking about an underpaid college ResNet network. This is a large, well funded network.
Yes, their actions ARE drastic. But they are well within reason when you consider the manpower and scope of the problem.
I would not be at all surprized if college and universities started all future terms with th resnets shut off and only turned on when the computers attached to them have been proven to be clean and patched (or running an OS not suseptable to the current family of Windows exploits).
Boobies never hurt anyone. - Sherry Glaser.
Identify what is the source of the problem and then get rid of it. In this case i think demanding safer systems would be a wise solution. Just cut off the bosos who have infected computers.
That should make linux etc popular. Every windows user has stare at their empty nic while the nerds just keeps using the network as usual.
HTTP/1.1 400
Yeah, it's driving our telecom department nutty here at NJIT
# fuser -v
#
I work for RESNet at Rochester Institute of Technology. We've implemented a pretty good solution which has stopped no-one from internet access for any extended period of time.
/release to get them off the network, installs any and all necessary patches, installs the university-licensed mcafee antivirus, updates the definitions, and prompts them to restart at appropriate moments. Also on the CD for severe cases we have all the individual updates, and the Stinger virus remover.
Every PC on our network must go to start.rit.edu (when they plug in they get a temporary 10. IP, which can only access select servers, and other machines on their subnet). At the start.rit.edu page we've coded an activex control which checks the version numbers of the RPC DCOM patched files (We compiled a list of every major windows version, every service pack, pre/post RPC DCOM patch). If the user is not patched, they are redirected to a page indicating which patches they must download/install off our server -- we also have allowed the users to access windows update through a proxy (if IE auto proxy detection is turned on).
Finally we've coded a program, and put it on a CD entitled the RIT Windows Resource Kit. The program automatically detects their OS version, and upon them clicking a button, runs ipconfig
We also have RIT servers on campus who's logs are parsed on an hourly basis, and any machine which has connected to it in an attempt to spread the worm is blocked from the network. We then have a new custom-coded web interface which correlates with our network registration database: IPEdit that we can use to look up users who can't get online, explain to them to get the CD, patch their PC, run stinger, and then we can reeanble them. Most users are back online within an hour.
So far we've distributed over 5,000 copies of the CDs to each incoming freshmen and returning upperclassmen. (15,000 students at the college). As can be seen, our bandwidth usage is very much under control. Although we've experienced a lot of call volume (300 students a day) this last weekend as 2500 freshmen moved in, I'm happy to say that over 4000 students are registered on the network, and the phone in our office hasn't rung for the last hour.
May this post be indexed by spiders, and archived for all to see as my Internet epitaph.
The architecture of the *nix-based OS's is just better. Sure, there are remote root exploits in the major apps, but these are both rarer, and more rarely encountered.
Few linux distros install samba or apache by default. Every winnt-family device was vulnerable to the rpc flaw. IIS used to be installed by default, and if so, everything in it gets stuffed into the machine. IE and outlook express are on all windows machines. If you remove them, the next service pack puts them back! Why do they put windows media player in my servers? Why do they design it with massive root holes?
This comes up in every OS flameware - the market share argument. It gets handily rebutted by the prevelance of Apache (2x IIS share) vs. remote holes compared with IIS.
Now, you don't claim that the problems would be as severe if everybody switched, just that more problems would surface. (Lots more) Maybe. I think that we've reached the critical mass of linux boxes, and the prevalence is already high enough to reward the efforts of the kidiots. I just don't think we'd see that big a difference.
all of their TCO studies! This certainly puts the lie to their previous TCO studies!
http://www.microsoft.com/downloads/details.aspx?Fa milyID=c8f04c6c-b71b-4992-91f1-aaa785e709da&displa ylang=en
No GNU has been Hurd during the making of this comment.
I'm a student and restech staff at Washington University (St. Louis - not the state school in the article). Our master plan before move-in was to program in a check for the Blaster/Welchia vulnerability as students attempted to register online for their ethernet connection. However, this caused numerous problems. Firewalls prevented us from seeing the vulnerability and forced the restech consultant for each dorm to go check individual computers. This also did nothing about already-infected computers, but we programmed in an automatic disabling system to take care of those. The biggest problem, however, was that our registration subnet turned into a cesspool of infection, as people plugged in and turned on their computers and then left them unpatched and unregistered for internet access. These quickly became infected and we didn't have anything trolling through the registration subnets to automatically disable people. The resulting campuswide infection overloaded our router so much that the network-based swipe card door locks and heating/cooling systems stopped functioning. This produced lots and lots (60-80 hrs) of unpaid overtime as the small restech staff went computer-by-computer over the course of two days with a large stack of CDs programmed to patch and disinfect computers automatically, and then reenable each individual computer. Needless to say, we're still suffering from a lot of difficulties. Welchia is particularly troublesome because the Symantec/Norton fixwelchia tool often misses copies lurking in system restore points and whatnot that reinfect computers.
mt. holyoke merely boots the XP users (and presumably the 2k users as well) and reregisters their connections after verification.
i'm still waiting for an email from stanford to tell me what they're about to hit us with when we get back to campus...they should send an email; there are a lot of fuzzy majors floating around out there who don't know how to turn off RPC or close port 135.
I go to University of Southern California, and our incompetent IT department (ISD) decided that the best way to combat the worm was to block hosts detected on the network sending out constant requests to TCP ports 135, 139, etc. What I'll never understand is why they didn't just shutdown the damn ports in the first place. It's not like these are essential (or even reasonable) ports for students to have open. Instead, our network got swamped because the people contracting the virus would only get booted after the virus delivered its payload to many other computers. It's tough to laugh about Windows users getting viruses from behind your Mac when your precious high-speed connection is getting swamped by their virulent traffic. And worse, being a CS major and general computer geek, of course they ask me how to fix everything.
I work tech support for a medium-size (a little under 5k undergrads) university, and we were also hit quite hard by Welchia in particular; infected computers consume ungodly amounts of network resources as they scan the network for uninfected computers. One of our techs estimated that in some dorms nearly 50% of computers were infected, which is not surprising since if you plugged a vulnerable Win2k or XP box into our LAN, it would be infected in about a minute, guaranteed.
At some point it was decided that the best option would be to turn the whole network off and send techs door-to-door checking XP and 2000 boxen for Welchia (and others); but of course many students missed the sweep or were hit by various SNAFUs in the system, and for a while the help desk was a madhouse. Even now (about a week later) there is still a high number of students who can't get online, though things have returned to some semblance of normality.
An interesting fact: at one point, we just had the freshman dorms up and running (before the patch sweeps), and the servers were still at about 50% CPU usage. I can't imagine what the traffic was like at some of the larger universities...
Paranoia is merely a heightened sense of reality.
I'm only on page 3 of 7.. but think I have made enough comments to show that we should take this article with more than a grain of salt. I'm going to read the rest of the article now.
-tor
I always fight worms with bolt or ball spells, though you can clear them out by hand if you you have a potion of speed or a weapon that allows multiple attacks per round.
Sheesh, evil *and* a jerk. -- Jade
Hrrmm, blocking a few ports at the university gateway and renaming mail attachments on the mail server works wonders. Of course, there are many buts, but with these simple steps the amount of infections can be greatly reduced.
run dcomcnfg.exe and disable distributed COM. That will allow you to be able to go online and get kb823980 from microsoft and then use a removal tool such as fixblast from Symantec. Make sure to re-enable distributed COM when you are done.
I would just like everyone to know that only a small part of Northeastern University was affected and was clean in a matter of hours. Go Huskies. I know, I know, "TROLL", but I just couldnt help bragging.
If I wanted easy I wouldnt be an engineer or a patriot.
Tulane's been sending techs out to fix desktop machines and making people bring in laptops since the start of school. Still, they had to knock most of the dorms offline as people came back because of the worms. Heavy-handed, yes, (and yet another reason why I'm glad I moved off campus a long time ago...gotta get my /. fix), however, the university also has to operate (it is a business after all, and don't let anyone tell you otherwise). Allowing the worms to persist on the network, especially in such a high concentration of machines, hampers its ability to do it's job of educating students and conducting research effectively. I don't see how they had much choice.
At the University of Connecticut, ResNet officials actually keyed into rooms. Didn't unplug the machines from the router, didn't block the MAC address.
I'm aware that this is an awful problem, but how on earth does it justify keying into someone's room?
(I'm not kidding. dailycampus.com has the story in its 8/28 back issue. They don't take external links, though this will take you to a registration page. Also notice the article on 3/6/2003 where ResNet threatens to boot warez kiddies out of housing. Real nice fellas, these guys...)
--grendel drago
Laws do not persuade just because they threaten. --Seneca
"Forced" inhouse autoupdating for quality ops, MS auto for the masses. It's here to stay after this. As much as the idea is distasteful in a couple ways, it seems a natural outcome given
software's bugginess and people's cluelessness.
Imminent death of the modem predicted.
In Soviet Russia, your software updates you!
Bullshit. The network is a disaster and the Internet connection is still down. What are U smoking?
Any upper level (Junior/Senior) CompSci students who were infected and notified by the automated bot should be ASHAMED!
It should also be noted in their record. (Wants to run a network, but can figure out Windows Update, personal firewalls or anti-virus software...)
Learning HOW to think is more important than learning WHAT to think.
Is all the extra work that these worms and what not are causing for us IT folks, good for our industry in general? Certainly it keeps us busy just keeping everything running, and that's gotta keep a few people on the payroll.
If that's the case, I'd like to send a shout-out to all the virus and worm authors out there: you infect my computer and I'll pop a cap in yo azz, but as long as you just infect the clueless newbies, and it helps me separate them from their cash, I give you the thumbs up.
Synergy is your friend
Blocking SMTP is much worse - if you want to do anything like that, have two groups of addresses, one with blocking and one without, and put people in the blocking group unless they ask to be in the non-blocking group. That way Linux users can still have real machines and client-only systems are isolated from some of the risks.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
MacIntoshes are immune to all worms and virii. It is impossible to create virii for System Ten. One can buy a new iBook for less than 1k$. These stupid WinTelLusers have none to blame but themselves for buying crap.
Impeach Bush
At my medical school, a bunch of students did a free vaccine drive for inner city kids. All their mothers had to do was show up with their little ones... no fee, no hassle, no problem.
Well, one problem... only about six people showed up, and this was after they advertised beforehand, posted it in the innner-city clinics, etc.
So yes, some people could care less... it was a very eye-opening experience for a group of well-meaning young physicians.
But to address the original point, there is NO justification to sanction the whole because of the actions of the few... that's a lazy and ineffective strategy.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Why not just block the ports that blaster uses to propagate temporarily? It might not make everyone happy, but as a short term measure it's easy... Plus only some M$ users care about those particular ports, it should not affect many people.
You got me into this! You were the ideologue! I'm only a poor assassin! - Twenty evocations, Bruce Sterling
I suggest everyone who works in an organization with a bunch of Windows boxes do a tcpdump/windump of ICMP packets. The worm is the telltale pinging of every IP on your subnet. Tcpdump port 135 as well, and you will see the worm try to infect all hosts that reply to the ping.
I found six today...and this is despite what I consider very aggressive remote auto-updating and anti-virus campaign where I work.
Insightful? How about entirely wrong?
Certainly there are far fewer OS X virii, but it's far from true to say it can't be done.
Dave
I write a blog now, you should be afraid.
i'm glad i'm at a college with no dorms or no college network. i'm living fancy-free with cable internet in my apartment. suckers.
I belong to the ______ generation.
(quick disclaimer - I don't work in the group that handles this, but this is my best understanding from my friends who do) Since we were mentioned and all, this is what PLU is doing, at least in terms of the vlan seperation and assiting them in fixing their machine when they call because of the registration problems. Not sure about whether there is an automatic serving of the relevant patches though...
Is "resnet" specific technology or software, or just a general term for a university network that the student residences are on?
i'm one of the student techs so i've been dealing with this since move in time. what the networking people did was purge all the computer registrations from the database and updated the registration page with instructions and downloads on how to protect/fix systems and told people to run them before they registered. of course not everyone could figure it out/ bothered and got infected. to handle that they've been blocking all the problem ports across network segments to minimize the spread and traffic. then the packet sniffers have been identifying infected computers and emailing the owners notifying them that they have 72 hours to get the computer cleaned or have their ethernet jack disabled. i've been having to make a lot of dorm visits to clean up systems but so far our network hasn't taken a noticeable hit. also with the recently installed webserver, every attachment is scanned for known viruses and those are deleted, and every suspect attachement has _unknown appended to them so that they can't be "accidently" run.
I never said I was smart, I just said I was smarter than you
People have tried for three years -- withot success -- to create virii for System Ten. None have succeeded:
Apple.Com decided in the late 1990s to make the new OS secure. MicroSoft.Com contrarily in the late 1990s, when creating an a new OS, did not give a rat's ass about security.
The results of these policies are plain to see:
No virii can after three years attack System Ten; while, XP is riddled with thousands of Virii after only two years.
I rest my case.
Impeach Bush
Yeah, well, I'm long ago out of college. And have become my own ISP. 5Ghz wireless with a 10Mbit uplink -- and yes, I regularly see +900K/sec if the other end can support it.
:) ...that _would_ be me -- yeah, we're still removing that other operating system from the corporate network(s)... :(
To boot _none_ of "my" networks has one Windows box on them and my IP's are fixed (no wanna-be laptop user is gonna get DHCP in my pad).
Now, WHO is the sucker?
I work onsite at several Austin-area private dorms. We've been really hard hit by MS.Blast and SoBig. Complicating this is that we use 802.11b, so we can't just shut it off. We've been having to go to *every single computer* and installing the fixes. Of course, it is not all bad, because with all this working time I might actually have enough money to pay my tuition this semester :)
A new MAC address shows up, requesting an IP address, it gets the address and is immediately scanned.
If it needs the patch, it is downloaded from another server on that LAN to save bandwidth like you said.
That way the scans are contained to machines that are requesting access to your network. You want access, you agree to be scanned.
This will also reduce the bandwidth used on the LAN by only scanning machines as they connect.
I would not have a problem with any college doing this. Provided that their application cleaned up after itself completely.
Oh, I see, a troll. Must need more coffee.
Dave
I write a blog now, you should be afraid.
I'm a senior at SNHU and this is what I have observed.
There was a noticable slowdown on Saturday and Sunday (when all freshmen moved in), but the network didn't go down. I imagine probably some of it was the normal freshman Internet traffic since many of them never had fast internet before, the rest was from Blaster.
Returning students arrived on Monday and Tuesday. Tuesday the network got slower and SLOWER and SLOOOOWEERRR then crashed about mid-afternoon. Didn't come up until yesterday morning.
RA's and orientation leaders were given CD's with the patch, fix tool, and virus definition files for various popular virus scanners.
Knowing this university, there will still be people unpatched come next May since no one has gone door-to-door to verify everyone's computers.
Oh and some students randomly can't get on the internet. Noticed today I had an IP address conflict, so I got a suspcion that the DHCP server has also ran out of IP addresses.
My girlfriend goes to NEC and their network has been totally down since Sunday. Basically they are going to go to each computer and patch it before they turn the network on. For some reason they insisted on attempting to patch her computer even though she showed them it was running Windows 98 SE (which isn't effected by Blaster), just like I told her to do. *sigh*
I hate to tell you; but unfortunately however, MacIntoshes are not the right computers for recruiting homosexual paedophiles:
The perfect computer for your lifestyle is the WinTel. MicroSoft.Com has been anally raping its users (WinTelLusers) up the butt with its total lack of security for years. If you want to screw a little boy, I recommend letting him use a WinTel -- I guaranty a virus or worm will screw up the WinTel in no time.
Impeach Bush
how many parents are against vaccination programs... I'm not even talking MANDATORY vaccination programs, I'm talking vaccines in general. Probably as many are motivated by fear as are motivated by religion.
There are people out there who preach that vaccines are a scam; nothing but evil, drug company money-makers. They look at the very small numbers of adverse reactions, where vaccines make people sick (a few hundred cases, generally out of millions of doses), and use those incidents to frighten parents into avoiding vaccination. Some use the logic that "if everyone else is vaccinated, you won't have to be, because you'll never come into contact with a diseased person!" Well, that might have been true before the jet age... but I've seen rare-in-the-US diseases in my ER, sometimes in immigrants, (sitting next to your child in the waiting room), sometimes not. Some vaccines don't induce an immune response in certain people, so they are potential infectious sources. Bottom line: there is always a small reservoir of people out there who can infect you. The choice of whether to get a shot or not is really up to the individual.
Personally, I'm generally a fan of vaccinations (with some exceptions)... but not all doctors are. If you meet one who's not a fan, ask him why. If he starts spieling some wide-eyed conspiracy theory stuff, RUN the other way. On the other hand, If he starts talking about odds ratios, attack rates, and slightly increased complication rates for certain age groups, he may know what he's talking about... consider listening, then check it out for yourself.
Just remember, not all doctors who are against certain vaccines are crackpots.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Purdue's ResNet got shut off too . . . On the same note, my ResNet counsellor told me that Purdue gets over a 100 under the table(not official) subpoena's a day asking users with so and so ip address's . . .since they are sharing files. luckily the guys just ask them to shove it up their butt. . . until the official one comes in.
ah well . . .guess have to live with the 2 GB download limit. . .unfortunately they cant figure whether its a virus or a filesharing program eating the bandwidth.
This is what my school did with Blaster...
They just pulled the fiber from the routers down in the basement (IT's standard location). We spent the next 6 days (weekend included) going from door to door with a bevy of CD's (one for each OS, created by our poor MCSE). Each CD had a little batch job that scanned the PC, removed the infection (if it existed), and then installed the appropriate patch.
This was made more complicated by the University's privacy policy, which mandates that a school employee cannot enter a student's room alone. We had to travel in teams, and with a small school's IT department, that meant we had 3 teams for 2,500+ PC's. That comes out to over $5K in manhours alone.
The infection rate was approx. 68%. I think we need a class on how to install patches.
What if this weren't a hypothetical question?
At the University I work/attend school at, we've been experiencing major problems with the load on our PIX firewall. The primary fails and rolls to the secondary a couple dozen times per day. I would assume that this is happening in many places.
This summer has been very very busy (fun) for us. In the middle of a MAJOR Cisco IOS upgrade, several worms get unleashed. Then while combatting those things, we get hit by the massive power failure that reveals that some of Cisco's new code doesn't recover perfectly after a power failure... as in... DOESN'T WORK. Ah woohoo!
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
You are the Troll, oh Troll. Those site sell vaporware. System Ten has zero (0) virii. Why do not you, oh Troll, stop posting incorrect infomation, you damned loser?
Impeach Bush
Develop a AV system that can have a simple client on the PC that will download itself and install to the system and update automatically as part of the install of any networking setup for a students computer. Also have the systems communicate with hubs so if computers that are monitoring traffic on the network spot a virus trying to spam it alerts the hub and isolates the network automatically and helps stem the spread of the virus.
Time to put those CS&E's to work!
Not the case for Sobig. This type of worm actually does the most damage to noninfected hosts in the form of a continuous, massive DDOS attack. Those who are infected have some excess network usage but otherwise no real harm. Those who are not infected, and who take steps to keep systems up to date and not click random attachments, get inundated with huge volumes of worthless mail. The mail, of course, need not be delivered, but the consumption of network resources is nevertheless enormous.
I don't much care if the ignorant and the stupid suffer the wrath of blaster and its ilk, but the punishment of the innocent that worms like Sobig cause must stop. (unproven speculation follows...) If I were the head of the FBI I would sic every single computer crime expert at my disposal on the trail of the Sobig author(s) and the probable spammer syndicate that's funding them. Once they're all caught, I'd like to see the ISPs providing these spammers with bandwidth go down as well for racketeering and enterprise corruption - they benefited from the racket established by the spammers and worm-wranglers and the illegal activity they've engaged in. This isn't really novel legal thinking either, it's a simple matter of demonstrating the existence of a conspiracy and showing who benefits from it. Many a mobster has gone down on a shakier theory than this one.
At the University of Akron - students are required to "Connect", which is essentially a CGI script which tells the router/firewall that the MAC address/IP address/"UAnet ID" is registered and able to go online ( https://gozips.uakron.edu/zid ). The students have to do this everyday, a hassle, really -- since they router/firewall resets the auth table every morning at 3AM. To make it a less of a pain in the ass, I wrote a sloppy VB app that prompts for UAnet ID/pass and uses IE libraries and "Connects" them in the CGI script -- If a user is infected, we simply shut their network port off until they call the Help Desk, and if they're a wireless user, their Cisco LEAP login is disabled, dial-in users are blacklisted and aren't allowed to log on.
-K
The only stupid people I can directly identify is Walabio for posting this drivel and the moron that moderated it up...
I work for IT at a college, Yes, IT shut of the resnet after it took our entire intenret down. Yes it is a living hell, especially with the way upstairs has handled the situation.
My biggest problem, however isn't with the students as much as it is with the majority of antivirus software bundled with PC's out there.
Dell for example, comes with Mcafee Virusscan Online. In my opinion this is the most useless thing ever conceived. First, once someone actually looks at it and you find out that its not protecting you, you have to register online, then once you go through that and it somehow worked, it then downloads for 10 mins and then installes a 90 day virus scanner. Unfortunatly it prompts every startup saying that you are protected when in fact you haven't registered it and its doing nothing to protect you from viruses. I cant count the number of students that come to me that say they have a virus scanner and its updating and it ends up being this stupid thing.
Then There's Norton Antivirus. It loves giving out 90 day trials too with compaqs. It has the same problem that Mcafee has in that it doesn't protect you unless you actually click on the icon to find out what it does. The only two redeeming parts of Norton are that you dont have to go online to update it and you can force an update by setting the date back, but students dont know that and as far as they know there protected when in reality they haven't updated in 2 years.
If some of these PC vendors would install virus scanners that were configured ready to go update and run with no user intervention for the life of the PC, this would be a lot better world right now, but at this point, Im directing people to get the free virus scanner from grisoft.com to replace both of the above simply because it's updatable and works well for being free.
Microsoft Just bought an Antivirus firm. I'm praying that at some point in time Microsoft says screw getting sued for being monopolistic and puts and anti virus scanner in Windows. In other words, Its time for Windows to have some sort of scanner that is free to update and built into it.
In Soviet Russia, Trojan exploits YOU!
Toss a webpage up that says:
"We detected MSblaster on you machine, please goto to microsoft wupport, and download the appropriet patch"
Well it's a great theory, and it could work...eventually. But first they'd go to Windows Update and have to download the latest Windows Service Pack. Which must be installed alone. Then they reboot and think it's ok...except they get that darn web page from u again. Ok...they go back again, get the latest IE service pack...reboot...ok everything's grand...wait, that damn web page again! I already updated twice, what the hell do they want? Stupid ISP...grumble...get latest 20 or so critical updates...grumble...reboot...aha! It works now! Woohoo!
And 20 minutes later they click on an attachment that exploits that latest VBA vulnerability in MS Office. D'oh! Windows Update didn't fix that one!
See, the whole problem is that you included worms in there too... That and that the worm this article refers to infects via a buffer overflow in a network app.
So, are you saying that OSX and every app that was every used on it has never been vulnerable to a buffer overflow at one time or another? Whoops, I guess that's a rhetorical question since I know it to be a false statement. [Hint: for starters CERT Advisory CA-2002-27 for OpenSSL]
While my organisation didn't get "hit" as such (one laptop away from the desk was infected, but it was cleaned before being reconnected to the network), I have friends at a major state university. Their firewall gave them enough time to patch the main servers, but eventually it got through onto the student network ("Student Village"). They simply pulled the plug and let it burn while they patched staff machines. Then someone went out to the village to "fix" all the infected PCs. Once the worm traffic ceased, the connection was restored.
Uhh Who funded the training of Microsoft Products? Or are the children now born with an instinct to click on the pop-up adverts? If the students in my local Community College can use Linux the "real universities" should have no problem. Linux patch management? WTF is that? Ever hear of up2date? it runs as a cron job. Wait, did you ever look at a linux screen? or just read about FUD from your masters at 1 MS way?
That the disks they were just er handing out weren't infected with something?
My apartment complex had its entire network shut down for a bout four days as more and more people moved in. The connection went from about a 5 megabit pipe down to nothing as DCOM exploits and pings from all and sundry IP addresses saturated the line. Sygate firewall was blocking in the area of 300Kbit/sec of broadcast traffic for a few days, then they shut the whole thing down. To make matter worse, the whole complex is one unpartitioned LAN, there are diff. subnets but no routers controlling broadcasting and etc
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
Technically, it would not be a virus because virii reproduce. Looking at the example itself:
All ports are closed in System Ten by default (no worms). Emailattachments are inert unless a foolish user installs and launches the attachment. Programs are limited to the privileges and homedirectors of the user running them. Administrative users do not have rootprivileges by default -- they must enter a password to alter the OS or the contents of the Unixfolders. The firewall is on by default.
If one is sufficiently dumb to launch such a program, the OS would limit the damage to the homedirectory of the launching user.
Malicious code simply cannot take over a MacIntosh.
System Ten is just vastly more secure than XP. Slashdot ran a stort about the problems with WinTelSecurity called Insecure By Design. Basically, MicroSoft.Com did not give much thought to security.
Impeach Bush
That would actually be a trojan horse. For the most part, it would only be able to delete files in the user's home directory, not system files. It might also be able to get drag-installed applications in the /Applications folder. Either would still suck, of course.
/System, /Library, and /Applications, though, and that could make it easier for an actual virus to take hold (except that any virus really has to address the default case, which is pretty tight).
It's certainly possible to write an OS X virus or worm, but it would also be a good deal more difficult than it is for Windows. The security model isn't half-bad. Some people do reset permissions on directories within
The OP was raving, but there is a grain of truth to it. Unix isn't just less attacked, it's also more secure.
By default, System Ten has no open ports; ergo, no worms.
Impeach Bush
1,3,7,9, Osama ben Laden likes ass fucking little boys just fine.
I think actually a True Believer, but it amounts to the same thing. ;)
Trolls have no belief in what the write; zealots have absolute belief. Neither is worth paying attention to.
No he is a Muslim or some otehr moron shit head.
This is exactly what the Networking people are doing at my University. Still doing as a matter of fact. The computer in question is taken off the network until it is cleaned/patched/fix whatever and approved to be "infectious free." Oh and did I mention that if its a professors or laboratory computer their department is charged $500 to put the computer back on the network? And guess who ends up paying for it in the long run? Students...
This is a test. This is a test of the emergency sig system. This has been only a test.
Worms don't have to spread by open ports.
Where the fuck do you get your information?
A worm can easily spread by a variety of means.
Please, you are embarrasing yourself. No one here agrees with your information.
Look, let's face it: Microsoft has already managed to rewrite the laws to make sure that they cannot be blamed for any of these kinds of vulnerabilities; by the sheer numbers of people here who proclaim the user to be at fault for not patching their systems; and, finally, by the stupidity of most people who proclaim that any software system itself is so complicated that noone can catch ALL the bugs, Microsoft will again emerge blameless for this particular tragedy.
But, damnit, those who have to make money or die and those who do know what can be done to prevent this kind of idiocy KNOW that Microsoft products are a liability will start to look at a more reliable system.
I do not know what course others may choose; but, as for me, give me Open Source, or give me virus; give me another buffer overflow vulnerability; give me a macro-virus; give me DCOM on the Internet; give me a thousand stupidities; etc., etc.
There has got to be a better way. M$ must give way to Microsoft; a better, more intelligent way than they have shown us so far; drivewn more by customer needs and less by corporate needs than they have shown so far. Otherwise Open Source, and inspection by the masses, will continue to overtake the $billions, and microsoft will continue to wonder why, oh why!, the masses deserteth us for cheap, shitty OSS!
Why couldn't it self launch?
There have been aplenty of buffer overflows in various Mac software that could be used to self-launch crap.
What prevents the user from not already be running as root/Admin ?
You seriously have ZERO idea what you are talking about.
Yes, Mac OS X is better security wise than Windows, but PLEASE get a clue and stop copying and pasting crap from Google.
No its not. What part of 'deleting files' makes that a trojan horse and not a virus?
How do system files get installed on Mac? What prevents a virus from getting into the system folders?
Here at Denison University, we were lucky enough to catch wind of this perl script, written by Josh Richard of the University of Minnesota-Duluth and enhanced by Mike Lang of the University of Connecticut enhanced it. We modified our standard registration web page (unknown mac-addresses are handed a dummy ip and all traffic redirects to a registration page. Once they register, DHCP hands them a "real" ip) to scan for the DCOM vulnerability using the UCONN script. Users that fail the test are redirected to a page offering links to the patches. Users that pass are directed to the standard registration page, including virus scanning downloads. UConn also includes handy suggestions for using TCP dump to listen on port 135 and for ICMP, note it in a log, giving you a great list of IPs that need to be cleaned. Read UConn's entire summary page here. It saved us.
This comment was not generated by Uber Elephants...
Not only is he trolling, he is just plain wrong.
Its called MacOS X, not 'System Ten'
Its spelled Macintosh, not MacIntoshes (not including his other seemingly odd uses of capitization)
Its flamebait - he calls x86 users (wtf is WinTel?) "Lusers".
How is it impossible to create malicious code for MacOS X? That implies that somehow the OS knows the difference between "good code" and "bad code", which is obvious bulls*^*.
By default, all ports are closed in System Ten; ergo, no worms.
As far as hardware goes, sub-.5K$ computers are slow and unreliable. I see what you mean about the venum in my words; but didignantly however, I am tired of my friend not listening to me when I recommend a .8k$ eMac, buying a .5k$ eMachine and then complaining about how slow it is and cannot do anything, and then, to top it all off, complaining about a virus killing it. I am resigned to the truth that people buying WinTels are losers, WinTelLusers, and deserve what they get.
Everything I wrote is truthful. The first moderator merely recognized that my solution would stop the worms and virii. Do you deny that my solution would not work?
Impeach Bush
Hitler, is that you?
Hypothetical situation: What if I were a student there (I'm not)?
I run Mozilla. I hate IE and would be happy if it'd die a horrible flaming death.
I do not allow ActiveX to execute anything except flash on sites that I *want* to see flash on.
How are you going to get me the patch, then?
i am a soviet space shuttle
Hm, $30 an infection? And, if you screw up your disinfect, you could get hit by the same virus a few times. At that rate, it wouldn't be too long before the price difference for a Macintosh is seriously diminished...now if corporate IT would only start doing the same thing!
--
$tar -xvf
NC State shut down their incoming email servers for a few hours due to all the email worms. http://sysnews.ncsu.edu/news/3f426a4b
Switching to Linux can be an adventure!
But it's not that viruses or worms which are doing the damage here -- it's the low-paid and hopelessly inexperienced IT staff. Man, those MCSE certs are almost as useful as a Macdonald's employee of the month award.
I'm afraid Northeastern has lots of infected machines. The network is full of garbage, and users are having intermittent connection problems.
AND, the students haven't moved in to the dorms yet. They don't get back till this weekend.
But I'm glad you are happy. It's nice to hear from an optimist.
I know different places have different systems of working with the IT stuff. here, our computers ge connected (and disconnected) by the floor, i have seen the bulletins warning about weclchia (sp?) around everywhere, and there are warnings about how if ANY computer on the network is infected, than the entire floor is cut off from access. if looks like 2 of about 40 computers on this floor are infected, so check to see where the IT is going to cut off.
you may now begin to mod this down
I attend Purdue University. I actually recieve warnings about my system being affected by blaster. Here's the funny part: I'm running FreeBSD. When people try to police networks there are problems.
I have. I used to be a 'data entry'-type work for a home business (as in, one person admin-ing and doing the servicing themselves). His main box was absolutely stuffed full of everything from Gator to Bonzi.
:-P
/. story - he couldn't organise his drive for peanuts. He had directories such as C:\Docume~1\$HISNAME\My Documents\My Documents\old\My Documents\New Folder(2). *Grrr*)
Ad-aware came in handy.
(Oh, and in reference to a previous
Am I the only one that thinks this whole strategy, the whole situation of having to shut down the entire network and clean each individual node (PC) before you start up the network again, is quite literally insane? Every time I read about something like this it reminds me of someone trying to plug up enough holes in a sieve to make it hold water. Next time some idiot (i.e., the Dean) brings in his infected personal computer and hooks up to the university's internal network, don't they just get to start this whole Chinese Fire Drill all over again?
Madness. Isn't there a better way to do things? Why does anyone in the IT world even put up with this? Why does *anyone* put up with this? Would having everyone run Linux/UNIX/MacOS X even make any difference, or would it just be a matter of time before some new worm broke out and they had to take down the whole network and clean every Linux PC the same way they're doing with Windows PCs? Or, to rephrase, if you took Microsoft out of the equation, would this situation even be possible?
I'm looking for some serious discussion, not jokes.
I think I remember a WinAMP buffer overflow vulnerability.
... it shouldnt happen, but bad programming (in the underlying application/OS) can make it possible.
;-)
While this was quickly patched and IFAIK no MP3-Virus was created to exploite this vulnerability, I was scared to hear that a MP3-Virus is possible.
A MP3-Virus is as impossible as the Blaster Worm
However, as an OS is unequally more complex than a MP3-Player and as the MP3-Player-market is less homogenous than the OS-market it hasnt happen yet, but when more & more people will use WMP, a vulnerability in WMP could lead to the developpment of a MP3-Virus.
Never say never
ActiveX is nice, but what do you do for all of your Linux and OS X users? Or don't they exist/they have to get special permission to run on your network?
here the phrase "poisoned chalice" springs to mind
Hmmmmmm..... Deep fried and look like Squirrel.
The "gentleman scholar" approach you advocate to teaching engineering has been tried.
It results in highly trained people with degrees who design and build things that don't work in the real world.
Tech Public Policy stuff
I haven't had an internet connection in my dorm for 2 and half weeks because of the traffic sobig and blaster are creating on Pitt's network. One of the "Rescons" told me that I couldn't blame the school's network because it was really a M$ problem . . . I told him he couldn't blame me as I was running Linux.
If Pitt had actually closed the ports in the dorms as GMU did, I may have been online for the past two weeks. But Pitt ignored the fact that most students don't have their computers hooked to the internet over the summer and that most freshman will pull their new computers out of the box assuming that all factory settings are correct.
Pitt tried to correct the problem by handing out patches and encouraging students to update Norton and then call the technology help desk. Resnet then sent it's "rescons" to most of the campus dorms 2 weekends ago to hand clean all the computers. Somehow they missed my building and I now have to trek to a computer lab to get my homework assignments, take quizzes, and access resources. Half of my classes don't have textbooks because none exist, so not having access to the internet is making my homework nearly impossible. My profs exclusively use email or the class websites to give updates about the class - one of my profs even has his own domain for such purposes.
I hope that Pitt can figure out who in my building is infected because it's certainly not me.
Here in Greenville, SC, the network has been slow all week. It's beginning to become completely functional again, which is just in time for the online class registration that began at 8:30 this morning.
I got here, got on the internet, and told my parents, "The Internet is faster at home!"
You can't beat the videogaming, though. Some guys are have a Duck Hunt party in 5.1 Dolby sound in a few days.
Well, most of them at least. I think common sense stopped being a requirement of birth right after the GUI was gaining speed. Clueless college kids bringing their shit to school. I guess it follows the same path as STD's. Ohwell, glad I don't have to put up with them... well, I suppose salespeople aren't much different, just pushier.
-- Liberalism is a mental disorder.
TIPPINGPOINT TECHNOLOGIES PROTECTS SIX NEW UNIVERSITY CUSTOMERS AUSTIN, Texas - September 4, 2003 - TippingPoint Technologies, Inc. (NASDAQ: TPTI), the leaders in high-speed intrusion prevention, today announced that six new university customers have purchased UnityOne(TM) Intrusion Prevention Appliances and Systems to defend their network against cyber threats. The new customers include: The University of North Carolina, The University of Texas Health Science Center at Houston, University of Miami Medical Center, University of Wisconsin Hospital and Clinics, Texas State University and Regis University. "Prior to the Sobig.F attack, we installed the UnityOne-1200 in a portion of our network," said R.R. Rodriguez, director of computing resources at Texas State University. "The UnityOne proved so effective at minimizing the impact of attacks such as Blaster, Nachi and Sobig that we decided to purchase two UnityOne-2400 appliances to protect additional components of our network. Without the protection provided by the UnityOne we would have been forced to shut down critical servers for many hours of corrective maintenance. I believe the UnityOne is an indispensable tool in our effort to provide continuous service to our students, faculty and staff." According to Randle Moore, senior network security analyst for The University of Texas Health Science Center at Houston, "Since introducing the UnityOne appliance into our network, it has more than paid for itself by preventing numerous worms and viruses from even entering our network. Over the past three days alone, the device has stopped between 30,000 to 45,000 virus-infected emails per hour from the Internet." The UnityOne enables universities to manage and mitigate security risk along with legal risks associated with piracy. In a recent case study with the University of Dayton, UnityOne management system logs reported that the appliance blocked approximately one million worms, viruses and attacks each month since the installation in early 2003. After implementing the UnityOne's Peer-to-Peer Piracy Prevention feature, logs report over one million shared files were blocked each month from entering the university network, augmenting the organization's bandwidth availability by 43 percent at its peak. The University of North Carolina was evaluating the UnityOne when the Sobig virus hit. "At the peak of the Sobig.F outbreak, we were receiving more than 100,000 infected messages per hour, and received over 1.5 million copies over a 12 hour period," said John L. Oberlin, associate vice chancellor for information technology. "The UnityOne was so effective at blocking the virus that we immediately purchased several appliances in order to protect our entire network." TippingPoint is an ASIC-based intrusion prevention device, capable of analyzing traffic through Layer 7 and blocking malicious traffic at two gigabits-per-second with microsecond latencies. Every UnityOne comes with Peer-to-Peer Piracy Prevention capabilities. "TippingPoint's UnityOne shielded our organization from Blaster attacks," said Regis University's Manager of Network Infrastructure Chuck Steigerwalt. "Since Blaster was able to bypass the firewall in most cases, the UnityOne Intrusion Prevention Appliance was able to save us several hours of remediation time since we were never infected." About TippingPoint Technologies TippingPoint Technologies is the leading provider of network-based intrusion prevention systems that deliver in-depth protection and attack eradication for corporate enterprises, government agencies, service providers and academic institutions. This innovative approach offers customers an effective network-based security solution with unrivaled economics, ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-88UNITYONE. TippingPoint Technologies, the TippingPoint logo, UnityOne, the UnityOne logo and Digital Vaccine are registered trademarks of TippingPoint
me thinks you must've forgot that most linux distros still come with sendmail by default
...or, rather, my alma matter, things are a mess. This, I might add, is despite a requirement instituted last year that all student systems on the campus network run Inoculate-IT from CA.
First problem: the on-campus debit-card system is Internet-reliant. No residence-area Internet == no way to pay for laundry == no laundry. Second problem: when the network gets really bad, even the non-residential areas (such as the bookstore) can't do those particular debit transactions (credit cards were not affected, at least in the bookstore). Third problem: students want to (or, rather, need to) buy books and a lot of them have hundreds of dollars locked into their debit accounts for this purpose. Fourth problem: bookstore needs to do returns by same method of payment as purchases and therefore can't do any campus-debit-based returns when system is down. Fifth problem: a lot of classes are net-dependent, and Net access has been haphazard at best and virtually nonexistant from student buildings. My girlfriend actually came over to my house last night to use the computer here because she had to do homework and couldn't do it at school.
Of course, that's all secondary.
Original problem: the IT department is horribly underbudgeted, understaffed, and overworked, so it can't keep up with the disasters that can (and will) occur on any campus with an insecure and homogenous computing environment.
In germany, which is claimed to be far behind the US in IT things, the UNIs use - what? - Linux / UNIX as their core OS. Students are there to learn, and many of them get to use the system with just a bit advice from colleagues. Wonder why that should be different in the US.
Oh, I forgot....Linux is not American, right?
"There were a certain percentage of students that wouldn't listen to us unless we hit them upside the head with a lockout," he said. "You simply can't deal with these problems until you've got your network under control."
Why can't some people get it that updates/patches/fixes are made for a reason? It annoys the hell out of me that some people can be so lazy? As for the students that don't know how to take care of their computer cuz mommy and daddy took care of it, it's time to learn.
The MacObserver states that System Ten has zero virii. Behold! the article.
Impeach Bush