Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should Colleges Monitor Students' PCs?

Posted by Cliff on from the a-single-critical-point-of-failure dept.

dancedance asks: "I am a CS student at a small Liberal Arts college. Like most academic institutions, we have to deal with worm-infested computers being brought into the network from the outside. In the past the school's response has been to require all windows computers to install the virus software provided by the school. Although this helped protect the network, it was certainly not a complete solution, especially at the beginning of the school year. This year computing services is taking a more proactive approach to network security: it is requiring all Windows-based computers to install software which will allow the school to automatically update virus software, apply windows patches, install software 'deemed necessary' for network security, and 'report on the status of your computer'. This seems like a 'one step foreword, two steps backward,' approach to network safety as I fear that, under this system, a malicious user would only have to break into one central system to wreak havoc on the entire network. Are my concerns about this system well founded, or is this less of a problem than I make it out to be? Are similar policies getting implemented at other academic institutions?"

8 of 554 comments (clear)

  1. Not unreasonable by Rhesus+Piece · · Score: 5, Informative

    My campus will disconnect any computer it finds vulnerable. I suppose this could be considered the next step in that direction, but this time students have a way to be sure that they don't end up disconnected at an inconvenient time.

    If this were my school, however, I think I'd find it easier to make my computer not look like a windows machine to the network, then deal with stuff on my own instead of trusting their software.

  2. Just cut them off by Spetiam · · Score: 5, Informative

    Personally, I'd much rather just get cut off and be notified why. I don't like the idea of giving over control of my computer like that.

  3. University ResNet Responsibilties by KidGlory · · Score: 5, Informative

    I just attended ResNet 2004 which is a conference devoted to the Information Technology departments of all Colleges and Universities across the globe. There are usually around 300 participants and many other who do not make the guest list. I think the biggest conversation among those at the conference was how where is the line between appropriate and not appropriate actions to help keep the networks clean as well as the students computers. You can check out http://www.resnetsymposium.com for the website or http://web.princeton.edu/sites/resnet/ for a list of those who attended. There is also a listserv for @ http://listserv.nd.edu/archives/resnet-l.html. All of these sites will give you contacts for people who have answers to your questions. A trend for schools is purchasing solutions such as Perfigo www.perfigo.com or Bsi's campus manager http://www.bradford-sw.com to help them do their dirty work.

  4. Re:apples? by AgentOJ · · Score: 5, Informative

    I work for computer services at my college, and we have a number of Mac labs. We have absolutely no problem with these whatsoever. However, it's impossible in a college setting to have a completely homogeneous selection of platforms. We need our PCs for everything from our accounting courses (some specialized software) to our comp sci courses (Yeah, they force us to use Visual C++, switching to .NET next year).

    In all honesty, at a small college like the one I attend, there's a good reason to go with PCs from a financial standpoint: Despite educational discounts, Macs still cost more than PCs. That's a simple fact. Secondly, Microsoft gives AMAZING educational discounts for their software. I'm not talking about the "Educational" licenses for students, but rather we get X amount of free software per year, which is really a boon for our computer services department. We recently got our budget cut in half (management isn't comprised of the brightest of individuals), so the financial aspect is really appealing.

    If we had the option to run all Macs, I'd swing for it in a minute, as far as my duties for computer services are concerned. It would make my job a helluva lot easier. However, we don't have that option, and I think you'll find that the same is true for most small colleges.

  5. Re:Education by BobPaul · · Score: 5, Informative

    This is exactly what our school does. When you first go on the network you're given a 10. ip address. Any DNS calls resolve to an oncompus webserver that allows you to register your computer (ie, if you load your home page, the school computer responds instead). When you register, you enter your username and password (or create one) and your computer is scanned for known security vulnerabilities (are you vuln to Blaster, etc) and any broadcasting virii. If you are, you are not even given a 10. address lease until you install patches (free CDs available from ITS or Dorm staff.) Once you've installed, you have to call ITS and ask to be unbanned.

    You don't have to use the schools antivirus, but if you get a virus that broadcasts you are DHCP banned. Just like before, you have to ask to be unbanned and you must re-do the registration process from before (since your mac was removed from the "good" list).

    While the computer is scanned, we are not required to install spyware. I think our policy is a good trade off, campus required spyware is too much. I'd move off campus or hurry up and switch to Linux.

  6. This is true by captainmoo · · Score: 5, Informative

    Any time an institution requires software to be installed at all, it's a red flag that says that institution is doing something else wrong. While it's a good idea for students to keep their computers up to date with virus scanners and security patches and the like, it's not a good idea for the institution to take that responsibility away from the students themselves.

    I worked in the NOC here at the University of Washington, and the policy was to kill ethernet ports of infected computers. It was determined whether the computer was infected by analyzing traffic flow to/from the computers and picking out patterns characteristic of common worms and viruses. This not only helped alleviate the problem by preventing the viruses from propagating, but forcing the user to take action to get the wallport reactivated increased awareness.

    The UW also makes CDs with the latest virus software and patches available for free from the bookstore and various other places on campus. This way users don't have to connect to the internet to clean and patch their systems, and it makes the job easy through automated software. This kit doesn't, however, let the institution perform updates automatically or install arbitrary software. The university also maintains a repository on the LAN containing virus definition files, and the virus scanner on the CD is set up to download these automatically.

    So aside from the security implications the poster mentions, there are privacy issues with allowing the institution to install arbitrary software. By forcing the user to take action in order to use the resources provided, it eliminates the privacy concerns, and raises awareness of the greater issue.

  7. Re:apples? by AgentOJ · · Score: 4, Informative

    Before the rash of viruses over the past two years, I would have said that the software costs outweighed the downtime and maintenance costs. I would say that now, no, they don't outweigh the costs, but when they are paying us students (who do 99% of the cleanup when a virus hits) close to minimum wage, it probably is still cheaper for them to take the free flawed software. And yeah, I know the job has a crappy pay rate, but you can't beat how flexible they are around exams, homework, etc.

    The 'free' software is generally used, as most of it is comp sci department stuff (VC++, .NET, etc), or some web design stuff, or Word, etc. So yeah, overall it is used for the most part.

    I can't think of the name of the software package off the top of my head, but I remember there was some large-scale app that went to waste, and the copies are still sitting in a box in storage from two semesters ago. And due to the licensing agreements, we can't sell or give it away, so it kinda sucks.

  8. A good thing your experience is far from universal by orthancstone · · Score: 4, Informative

    You sound like you went to school where the department was run by crappy CS profs. I got my undergraduate degree at a liberal arts college and 99% of my Computer Science experience there was gained while using Linux (and even a bit of Solaris my first year) systems. We all knew BSDs, open source alternative software, and more. Many of us used it daily; some developed and tested for the open source community. Windows was pretty much shunned by all but one prof. Even the necessary evil of connecting to the IT Windows systems was considered highly undesireable.

    In reference to the topic at hand, I have to say this University is taking the wrong course of action. My school took the "lock the port" approach. Quite simply, if they could tell your computer was infected and you weren't doing jack to fix it, you lost your internet. Didn't like it? Well fix it. Otherwise you're gonna be going to another dorm room to try to hook up (and remember, your roommate isn't gonna like you either, cause you cost both of you an internet connection).

    PS to grandparent of this message - The author states he/she is a CS student; the author never states the CS department is the head of this action (I'm strongly willing to believe it is not).