Computer Viruses Cripple Colorado DMV

Mr. Christmas Lights writes "The Denver Post has written the last three days (Tue, Wed, Thu) about how computer viruses have crippled the Colorado Department of Motor Vehicle's computers since last Friday. This has prevented them from issuing new/renewed licenses, so they are providing 30-day extension stickers. The 'dozen experts' have decided that 'fresh software' is the best way to remedy it - probably means re-installing Windows, but have they considered Linux? Colorado seems to be having its share of problems - today's article mentions the Zinc Whiskers issue several months ago that knocked the the Colorado secretary of state offline for a couple of weeks. And it could only get worse as the JPEG exploit starts showing up in the wild."

Re:Linux is a virus risk!

mcafee virus scanner runs on linux

As a Coloradoan...

[Chagatai]

I've been listening to local radio where they have been talking about this issue for the past couple of days. Apparently, according to the talk show hosts and call-in experts, the real issue is in the system that transfers the licenses to a company in Oregon for print out. Up until a few years ago, Colorado was one of those states that would laminate driver's licenses on the spot, much like a high school ID. Somewhere along the line they decided that these cards could easily be faked, so they started sending them to a company in another part of the country to be produced a la credit cards with "more robust security". Data currently cannot make it to this production company, so the production of cards has been backlogged by as much as 30 days in some cases. Local law enforcement has been told to be lenient on people with expired licenses in recent days due to these problems.

Me? I'm just happy seeing my Colorado tax dollars at work.

Re:Linux is a virus risk!

[bentfork]

just open up a shell and show them this line your /etc/crontab file.

25 6 * * * root test -e /usr/sbin/anacron || run-parts --report /etc/cron.daily

That is you daily virus isn't it. ;)

I personally use sophos as a virus scanner on *nix. I find lots of funny stuff flying through my mail server. Keeps the mail clean so the executives can click on almost whatever they want...

Speaking of tools...

[logos22]

I recently found this tool, it has helped me out with removing virii/malware. http://www.sysinternals.com/ntw2k/freeware/autorun s.shtml

Re:Linux is a virus risk!

[mortonda]

headquarters refused to allow me to connect my laptop to their network unless I could demonstrate that a reputable virus scanner was checking my machine at least daily.

ClamAV

ClamAV gets updated faster than the major AV companies, and some really neat matching algorithms match mutations before specific signatures are released. Very reputable.

submitter responds to AC

[xmas2003]

I only know what I read in the Denver Post the last three days (links in the submission) and it doesn't specify what type of OS they run, so that's why I said "probably means re-installing Windows" which I bet is a reasonable guess.

In response to some other comments, it should be obvious to all that in a crisis/recovery situation, you don't switch OS's or other major changes, so they should recover to whatever they are using now ... but long-term (if they are running Windows), they may want to consider Linux. And yea, there are other issues in terms of admin expertise/capability/etc. in terms of their ability to look at other solutions.

And finally, consider posting with a username, since The Incredible Hulk SMASHES Anonymous Cowards! ;-)

Re:Linux is a virus risk!

[mcrbids]

I keep hearing about this "linux virus" that's just around the corner...

There are security issues with Linux, but viruses just really aren't on the list, and the need for a "virus scanner" is just lost. Don't look for the virus, fix the problem that allowed the virus in the first place!

There are many articles on why this is so so 20 minutes with google and you'll begin to see the difference.

Again, it's not as though *nix is perfectly secure, it's just that automated viruses are really not in the mix.

And there HAVE been a number of Linux viruses, one good enough to cause me to update outside my usual update cycle.

It's just rare, and it will most likely stay that way.

Re:What the hell

[Matey-O]

Hmph. THIS state Government Agency does. (mine) I'll assume others do too, putz.

Re:Linux is a virus risk!... no, it isn't.

[JohnnyNoSPAM]

Actually, some might be able to argue that the LSB is in a way a monoculture. The LSB is good since it gives software vendors a common base rather than having to develop a package for different distributions. But, would the LSB also be an invitation to would-be virus writers? As Linux grows in popularity, we can expect to see more virus attempts. Of note, another reader said the McAfee has an antivirus for Linux. It is called McAfee LinuxShield. http://www.networkassociates.com/us/products/mcafe e/antivirus/fileserver/linuxshield.htm

Another question is that as more and more users migrate from Windows, we they also be migrating the bad Internet practices that many of them have? On the whole, I believe that Linux users today tend to be more Internet savvy than users of Windows in that they are familiar with and regularly implement good Internet practices such as using a user account for every day purposes such as surfing the web and reading email vice using a root account or one with root access. That being said, if Windows users also migrate their bad habits, then Linux can be more vulnerable in that respect than it currently is. As we spread the word about Linux, then we should also be willing to teach them vice saying things like "RTFM".

Linux by its UNIX-like nature, even if it were monoculture, is not nearly as susceptible to virus attacks as Windows. This is one of Linux's most valuable features.

Re:What the hell

[jefftp]

First, a firewall doesn't protect you from jack now-a-days. The perimeter is compromised and the enemy is every Windows XP machine.

It's near impossible to keep a Windows network operational since MSBlast first hit the net. TCP port 445 is every network admins' favorite port--you need it somewhat open for users to get to file shares and it just so happens to be the favorite TCP port of every virus I've encountered over the last six months.

Second, some kind of antivirus filter on the mail server protects you only from non-zero day exploits, and only those that travel through email. The same is true for antivirus software on the workstations.

Fourth, you finally got one right, keeping systems updated with patches is the best way to actually avoid most virus/worms. The problem with that is finding an affordable patch management system and actually having someone in upper management who understands why such a system is essential. Usually it takes a massive network outage to get the message through.

These people who run networks for $8/hr probably don't run networks with 250,000 users across 318 sites like I do. (If they do then they are either crazy or stupid.) When you get to some real numbers of users all your simple rules go out the window.

One user installing an trojan can and will bring down the network. It's only through heavy-handed use of access-lists and static mac-address-table entries that my network has stayed up acceptably this week while our virus provider analysed three new worm variants.

Patched workstations would have avoided the problems all together, but I just run the network here, I can't (yet) force the machines to be up to date on patches... come on 802.1x rollout.

Re:What the hell

[Zak3056]

First, a firewall will prevent most exploits. Second, some kind of antivirus filtering on the mail server. Third, an updated version of some form of antivirus software on workstations to prevent risk by mailer worms that don't get caught by the firewall. Fourth, keep systems updated.

All good suggestions--I'd like to add "block things like .exe, .pif, and .vbs attachments at the mail gateway" as well--but still not 100% foolproof.

Your users could visit websites that do driveby installs of malicious code. You could be infected by some new virus during that window where its released and your AV vendors release new definitions. Microsoft's latest patch mike break some of your applications requiring you leave a vulnerability untouched.

I'm not disagreeing with your post in general--indeed, your suggestions are probably enough to handle 90% of problems seen in your average Windows shop--but that other 10% needs to be acknowledged.

Re:Which begs the question...

[Detritus]

Maybe because they need to communicate with other state agencies, local governments and agencies, vendors, and the public. Not to mention the federal government and other state governments. The world is much more complicated than you think.

Re:Here's a better idea

[Ptraci]

They need access just to PRINT the licenses. The printers are all run from one server in Denver, apparently. I stood in line for a couple of hours and got sent home and told to come back in a couple of weeks a couple of years ago just because they couldn't print, as the central server was down.

Re:Oregon DMV used to use OS/2.

[RobertEdwards]

I belive many states used OS/2 for Driver License systems until quite recently. I have personal knowledge my own agency (Tennessee Department of Safety) did. Polaroid's one of the leading vendors in ID cards, and their systems in the ninties were build around OS/2 and LU 6.2 over SDLC. Which made sense given legacy IBM mainframes and SDLC networks.

Oh, and they were also typically maxed out on interfaces, with cameras, SCSI-based ID printers, signature capture devices -- so much stuff and so many drivers loaded into memory that Windows 3.1 or Windows 95 would curl up and die.

These systems were typically planned to have a 5 year life cycle, and may have been streatched out further given the usual government procurement follies for their replacements.