Computer Viruses Cripple Colorado DMV

Mr. Christmas Lights writes "The Denver Post has written the last three days (Tue, Wed, Thu) about how computer viruses have crippled the Colorado Department of Motor Vehicle's computers since last Friday. This has prevented them from issuing new/renewed licenses, so they are providing 30-day extension stickers. The 'dozen experts' have decided that 'fresh software' is the best way to remedy it - probably means re-installing Windows, but have they considered Linux? Colorado seems to be having its share of problems - today's article mentions the Zinc Whiskers issue several months ago that knocked the the Colorado secretary of state offline for a couple of weeks. And it could only get worse as the JPEG exploit starts showing up in the wild."

Re:What the hell

[MarkGriz]

Perhaps they were trying to use the supposed cold-fighting powers of zinc to fight off the infection?

Incidentally, the zinc whisker problem mentioned affected the Dept of Revenue. The DMV (which is the subject of the story) was affect by viruses.

The grandparent is certainly correct about not having to reinstall everything. Who the hell are these so called experts?. Unplug the damn network cable, run some removal tool, lather, rince, repeat.

To most people...

[GillBates0]

"People understand that we are living in a computer world," Reimer said.

Viruses are a universal problems with "computers". Ofcourse, that's to be expected when most people relate computers to Windows.

It's not a "computer world" you're living in, it's a "Windows world".

How much damage needs to occur?

[JohnnyNoSPAM]

The so-called convenience of having a standard OS with which most people are familiar coupled with concerns over the amount of money it would cost to convert to another OS are things to consider about migrating to a new system.

Unfortunately, Linux, BSD, and other alternatives still scare some upper management. If the cost of migrating + training is still a determining factor, then they should also weigh the risks of maintaining their current OS. That is, the cost of down time, man-hours to correct problems and get systems online as well as meet the needs of the public, and the cost of compromising controlled information such as privacy data.

How much damage will it take to consider a new system? How much money does a company or organization need to lose before the cost of migrating seems to be a viable option? How many compromises in security will it take? Microsoft's security exploits, among a host of other things, are well documented in daily news.

But, hey... Microsoft says that they deliver a better and more secure product. The news speaks louder than rhetoric. I recommend that open source community partners in that state contact their representation in a professional manner to help bring awareness that there are other options available.

Viruses and Security: A tech issue or a policy...

[Trolling4Dollars]

...issue? Part of the problem with viruses beyond the fact that many OSes still ship with pretty lax security, is the way that PCs are actually implemented when put into a networked environment. The implementation is dictated by the policies of the organization. Too many organizations do not put enough thought into what users should and shouldn't be allowed to do at EVERY level of computer use. Some of this is due to the fact that these organizations can't afford a decent admin due to being underfunded. Another cause is that many of these orgs also think that computers should be a "set it and forget it" kind of thing.

So how can this be addressed? Probably the first thing to do is GET A DECENT ADMIN and IT staff. Since we are talking the BMV here, this means better funding for the BMV to attract a decent admin and IT staff who will demand more pay. Which means... that taxes will have to be increased. Which means that indirectly, the tax payers who vote down county levies are are responsible.

Another thing that can be done once you have a decent admin is to set up a very detailed policy about what users are and aren't allowed to do on a machine. This includes whether or not they can even access external resources on the web (No external web mail during work time, etc...). Regarding the channel of e-mail for mass mailing worms, all mail should be filtered through a virus scanning and spam filtering appliance like the Barracuda Networks Spam Firewall.

If the environment is such that it demands that users be able to access external web resources, a remote application server (with automatic virus protection) running on a separate network should be used for all external web browsing. If they are accessing an internal resource, they can use their local browser. This way if the app server gets hit with some kind of worm or virus, it won't infect their system as the only connection would be over X , RDP or Citrix ICA.

Is all of this a pain in the ass to both implement and live with? Most certainly. Will the users complain? Count on it. Will it buy you a lot more protection against the worms and viruses today? Yes. It's just a question of which environment is more of a pain in the ass for you. One where you are constantly dealing with users that are infecting their machines and taking down the network so that productivity grinds to a halt? Or one where users gripe for a bit about the new restrictions, but you have far fewer or no virus/worm incidents? The choice as they say, is up to the peoplpe with the power to rethink these things.

Why the problem in the first place?

[Large+Bogon+Collider]

I may be oversimplifying the problem, but why don't they go to OSS. Afterall, don't their software needs boil down to 1) relational database, 2) (small size) digital photography, 3) some internet connectivity to share info with the main database, and 4) word processing with mail-merge? OSS should have good software for all 4 functions. I don't see anything that they need that the rank-and-file can't run on a hardened linux variant. Once the system is setup properly, they can lock it down to prevent tampering - easier to do than on windows. The only downside I see is that they may miss MS Solitare and other PC games - maybe that's the holdup ;)

As someone who lives in CO

[FerretFrottage]

I went to renew my car registration this past year and while stting down at the counter with the clerk, I noticed a little yellow sticky on the lower part of her monitor:

[sticky]
Password
password
(all lowercase)
[/sticky]

Made me feel nice, warm, and fuzzy...next year, just renew it myself (now where is a yellow sticky when you need one?)

I suspect they will we continue to see and hear/read more about these type of incidents....I also believe we will start to see incidients at that related to non Windows based systems because
(a) as *nix/OSS is taking a deeper foothold in systems, more flaws are bound to show up
(b) MS will make sure that those incidents get reported to as many outlets as possible to show people that it's not just them.

Re:What the hell

[chrisopherpace]

And let's be honest- how popular are those viruses? Viruses are just like the biological ones, in order for a virus to survive in it's host "body", the virus must have as little side effects to the host as possible. The "perfect" viruses are the ones that can live in their host for years before being recognised, giving the virus plenty of time to spread to other hosts. The viruses that kill a host within 38 hours are failures, and soon dwindle out of existence. The last major destructive virus I remember was MyDoom.K I think, wiped out .xls, .doc, and .mdb.

Re:What happened to good old fashionned mainframes

[The+Blue+Meanie]

Actually, as a resident of Colorado that recently got a new license, I have to mention that while the process IS digital, they do not "print your license right in front of you". Our DMV in its infinite wisdom has outsourced the printing of the licenses to a company in California. You now leave the DMV with a little slip of paper that's good for 30 days, until your new license is mailed to you - FROM ANOTHER STATE!
They do at least let you keep your old license if you're renewing, but not before punching a hole through the expiration date to mark it as expired pending the new arrival.

Imagine the pleasure I experienced when after having had said hole punched in my license, I had to fly two weeks later, prior to the arrival of the new license. The oh-so-friendly TSA people in Chicago were not impressed with either my "punched" license, or the little photoless slip of paper that was supposed to pass in its place. I very nearly wasn't able to come home. (The TSA folks at Denver's airport were aware of the DMV's stupidity, so I had no problem leaving).

To add just a little more to the "stupidity" column, did you know our DMV must take a new picture of you for every document? If I have no license, and come in to take both the written and driving tests the same day, it goes like this:
- Take/pass written test
- Get photo taken
- Take/pass driving test
- Get photo taken again, 1 hour later than last one
- Leave DMV with silly slip of paper
- 3 weeks later, learner permit (which was only valid for about an hour 3 weeks ago) AND license arrive in the mail FROM ANOTHER STATE!

You just can't make this stuff up. Oh, and can we please skip the painfully obvious "???" "profit" jokes.

Bullshit

[schon]

The greatest security advantage that Linux offers is that it is a relatively small target.

Yes, that's why there are so many exploits for Apache, and so few for IIS - because Apache has such a large market share, right?

Market segment has nothing to do with security.