Computer Viruses Cripple Colorado DMV

Mr. Christmas Lights writes "The Denver Post has written the last three days (Tue, Wed, Thu) about how computer viruses have crippled the Colorado Department of Motor Vehicle's computers since last Friday. This has prevented them from issuing new/renewed licenses, so they are providing 30-day extension stickers. The 'dozen experts' have decided that 'fresh software' is the best way to remedy it - probably means re-installing Windows, but have they considered Linux? Colorado seems to be having its share of problems - today's article mentions the Zinc Whiskers issue several months ago that knocked the the Colorado secretary of state offline for a couple of weeks. And it could only get worse as the JPEG exploit starts showing up in the wild."

I'm sure...

[BJZQ8]

I'm sure the "fresh software" will be provided free of charge to the state...

Re:I'm sure...

[shokk]

And if they do run Linux, what makes you think that the existing software will run on Linux? Remember, the idea here is to get their existing service up and running as quickly as possible, not set up a platform for them to surf the web from instead of doing their actual work.

Re:I'm sure...

[dasmegabyte]

DMV software isn't the sort of thing you find on the shelf at Best Buy. The state is probably using custom software that will only run on one platform. They probably either designed it themselves or paid a contractor to do so. Either way, no new charges should be accrued...this sort of thing would be included in a yearly maintenance contract. Rewriting the software in Linux wouldn't be an option and it's embarrassing that somebody would suggest it. It'd be like telling somebody with a sick dog that they should have bought a cat.

"Fresh software" probably means bringing down the whole network, reinstalling and patching all machine operating systems, and then reinstalling the software. This will not cost anything extra in terms of the software -- however, the process will surely be costly in terms of manpower (I'm sure the state doesn't employ enough IT staff for every DMV office) and the state will have to pay for it. My company has had, on occasion, requests to help our customers recover from viruses they did not properly protect themselves from. We charge a premium for this service, because 1) there's nobody else who knows how to do it well 2) we TELL them how to protect themselves, and they still don't do it.

So, in short: no, the "fresh software" won't cost them anything. Installing it, however, won't be cheap. And I'm guessing the state doesn't have a discretionary budget for this sort of thing, meaning something will be getting cut.

What the hell

[chrisopherpace]

There are removal tools out there guys. You don't actually *HAVE* to re-install it to remove an infection. Sounds like the CO DMV needs to hire someone who knows what they are doing!

Re:What the hell

Just about any compromised Windows network is caused by a sysadmin who doesn't know how to properly run a network.
First, a firewall will prevent most exploits. Second, some kind of antivirus filtering on the mail server. Third, an updated version of some form of antivirus software on workstations to prevent risk by mailer worms that don't get caught by the firewall. Fourth, keep systems updated.
Is this so difficult for people to understand? If regular users switch to any other OS, you will still have problems with mailer-type viruses. As a result, you will need antivirus on any system that has one available.
I know this flies in the face of a majority of slashdot readers, but just because you have placebo-effect OS security (for example, "I run Linux or UNIX, therefore, I don't need to worry about having a compromised system" despite not having patched it in a few years) doesn't mean that you shouldn't strive to further secure every system on your network.

Now, I know of plenty of people that can keep a clean Windows network following the steps outlined. These people make as little as $8/hr. The CO DMV could have prevented this by hiring an intern, shelling out a couple hundred for some quality firewall software (Astaro Linux seems to be fairly easy to use yet secure) and an antivirus package to lock things down in a few days. Problem solved, no need for a full Linux desktop conversion here.
Carry on.

Re:What the hell

[Darth_brooks]

It's fun to play armchair QB.

Let's assume it's Sasser or blaster that's brought down the network. You'll have to go to each machine, run the removal tool to remove the virus, then patch the system so you don't get infected again. Wash rinse repeat for every infected machine on the on the system.

Or, you can eliminate the hassle of going to each system by mulitcasting a patched, clean, and perhaps improved system image using Ghost or something similar. Hell you can do that from a central console and never even see the remote machines. Why dick around cleaning up a virus and patching a single box when you can push out a clean image to all the machines remote site?

I'll wrestle with a virus when a machine absolutly can't be blown away. In an ideal world (where user files are on network drives and gumdrop fairys eat marmalade pies) that's never, but in reality it's once in a great while.

Now, they may not have the pipe to push an image to all the remote locations, so they're probably stuck sending the lackeys out into the field. That's going to take considerably longer (say, a couple days), but it's a small price for knowing the job is done right, and you're not just fixing up an old home for the same virus.

Re:What the hell

[tsm_sf]

Format
Install from original CD
Install updates from CD, not web
Plug in network cable
God dammit
Format ...

Re:What the hell

[jd142]

Unless they're wrong and it's not viruses that are causing the problem but ad and spyware that have infected IE, possibly even acting as local proxies. I've seen some of the nastier ones add their own proxy into the tcp/ip stack and cause all sorts of networking problems. Not to mention the normal problems of popups and redirects.

Some of them are bad enough that there aren't any good removal tools. From http://www.scumware.com/apps/scumware.php/action:: view_article/article_id::1075329940/topic::Scumwar e,-Spyware,-Adware-&-Malware-Applications/ in regards to the CoolWebSearch malware:

"Its growing complexity and the difficulty of removing the latest CoolWebSearch variants coupled with decreasing time available have culminated in the decision to stop updating CoolWebShredder."

And there are others that are just as bad.

Just because the paper calls it a virus doesn't necessarily make it so.

A new image, with things like spybot, spywareguard and spyblaster on it should be deployed asap. And switch them all to Firefox.

Re:What the hell

[jefftp]

First, a firewall doesn't protect you from jack now-a-days. The perimeter is compromised and the enemy is every Windows XP machine.

It's near impossible to keep a Windows network operational since MSBlast first hit the net. TCP port 445 is every network admins' favorite port--you need it somewhat open for users to get to file shares and it just so happens to be the favorite TCP port of every virus I've encountered over the last six months.

Second, some kind of antivirus filter on the mail server protects you only from non-zero day exploits, and only those that travel through email. The same is true for antivirus software on the workstations.

Fourth, you finally got one right, keeping systems updated with patches is the best way to actually avoid most virus/worms. The problem with that is finding an affordable patch management system and actually having someone in upper management who understands why such a system is essential. Usually it takes a massive network outage to get the message through.

These people who run networks for $8/hr probably don't run networks with 250,000 users across 318 sites like I do. (If they do then they are either crazy or stupid.) When you get to some real numbers of users all your simple rules go out the window.

One user installing an trojan can and will bring down the network. It's only through heavy-handed use of access-lists and static mac-address-table entries that my network has stayed up acceptably this week while our virus provider analysed three new worm variants.

Patched workstations would have avoided the problems all together, but I just run the network here, I can't (yet) force the machines to be up to date on patches... come on 802.1x rollout.

Linux is a virus risk!

[swillden]

have they considered Linux?

I should hope not! Don't you realize that Norton Anti-virus doesn't run on Linux? How would they protect themselves from these destructive viruses without every machine devoting a few hours each day to scanning for and eliminating viruses?

I suppose it's understandable that you overlooked this problem, though, I hadn't ever thought of it either until some security brainiacs at a client's headquarters refused to allow me to connect my laptop to their network unless I could demonstrate that a reputable virus scanner was checking my machine at least daily. I pointed out that my laptop runs Linux, and that there are no Linux viruses in the wild, but they made it clear that that doesn't matter -- any machine without a virus scanner is a risk to their uber-secure network.

I sure am glad they explained that to me...

Re:Linux is a virus risk!

[mreed911]

I pointed out that my laptop runs Linux, and that there are no Linux viruses in the wild, but they made it clear that that doesn't matter -- any machine without a virus scanner is a risk to their uber-secure network.

Which, if you have a SAMBA share, is true.

"As system administrators move to Linux files servers they have a real problem to deal with since the Linux file server can store Windows-based viruses. Windows-based viruses can write to a Linux/Samba network share as easily as they can on a Microsoft Windows based network. System administrators must protect the Linux server from storing these viruses. The only way is through active antivirus defense on the Linux server itself."

Re:Linux is a virus risk!

[DrCode]

Write your own:

#!/bin/bash
echo Scanning...
sleep 3s
echo Scanning...
sleep 3s
echo System clean!

Re:Linux is a virus risk!

[tsm_sf]

I just love how everyone in this thread hopes the other person isn't in IT. I guess this is what a tight job market gets you.

Re:Linux is a virus risk!

[mortonda]

headquarters refused to allow me to connect my laptop to their network unless I could demonstrate that a reputable virus scanner was checking my machine at least daily.

ClamAV

ClamAV gets updated faster than the major AV companies, and some really neat matching algorithms match mutations before specific signatures are released. Very reputable.

...what, exactly, would that do?

[American+AC+in+Paris]

Crippling the DMV? That's on par with outsmarting a bar stool.

The 'dozen experts' have decided that 'fresh software' is the best way to remedy it - probably means re-installing Windows, but have they considered Linux?

Oh, brilliant idea. Why, they could have their entire statewide system gutted, upgraded to Linux, re-designed, re-written, tested, debugged, deployed, up and running in the time it takes Gentoo to boot!

They are undoing their own future

[skrysakj]

No entity (person, company, or organization) has faced a more damaging enemy than their own mistakes, laziness, and incompetence. [aka. themselves]

Microsoft will be it's own downfall, it's already happening, and will only snowball.
This is probably example #1,542 of thousands to come.

Of course, thank god for the alternatives, without them, no one jumping ship would have anywhere else to go but the cold drink of water below.

It's frustrating to see people/companies/governments stung by things so simple to avoid, especially when one (me, IT people?) feels like the have the "answer" but no one is listening.
(It could be Linux, BeOS, Apple, who knows.... it all depends really)
To me it may be similar to the feeling a doctor has if/when they have a patient who refuses to stop a habit that will eventually kill them, despite being told so to the point of exhaustion.

I'm not sure anyone really WANTS to dislike Microsoft, but they make so many bad mistakes, spit out so many garbage products that it's hard not to. It only frustrates me even more when "users" stick up for them! They need to read "The inmates are running the asylum" and learn about dancing bears, and the other ideas within. Being a power user of bad software does not make you an expert, it makes you blind to the way things really should be.

Sigh.

Re:They are undoing their own future

[Ancil]

It's frustrating to see people/companies/governments stung by things so simple to avoid, especially when one (me, IT people?) feels like the have the "answer" but no one is listening. (It could be Linux, BeOS, Apple, who knows.... it all depends really)

Or, it could be keeping your Windows box up-to-date with security patches which were released months or even years ago.

Why is it that when SSH or Linux has an exploit in the wild, everyone jumps in with "there's a patch out to fix it! Woot Open Source!!!"... But when an organization gets owned by Windows bugs which were fixed long ago, people on Slashdot blame Microsoft?

Even the original poster falls into this trap -- the JPEG buffer overrun was fixed days ago, but you can be sure that lots of people will get "owned" because they ignore the required fixes. These people are somehow going to properly configure Linux and keep it up-to-date? Please. If they switched to Linux their root password would be "".

You were right about the "simple to avoid", though.. Honestly, how difficult is it to let Automatic Updates keep your Windows box up-to-date? You don't even have to log in for it to work, for goodness sake.

Unpatched Systems and lazy IT Cripple Colorado DMV

[kippy]

How many people bet the headline should have been that?

Alternate joke: Things have ground to a halt at the DMV? You mean it's been more than 5 minutes since the doors opened?

Here's a better idea

[Weaselmancer]

How about blocking all traffic from the DMV department to the internet? Why the hell do their license computers need to be on the net anyways? A local net to talk to your databases and internal email, sure. But internet access?

Re:Here's a better idea

[Weaselmancer]

True enough, you'd need to disable internet access, down your LAN, then wipe everyone's computer. After that, bring up your LAN - but keep internet disabled.

As for email, host your own. One net connection goes to the LAN, and another goes to the internet. No gateway, and no web.

And take a few antivirus steps, such as having the email server strip attachments and images from inbound mail. Run good antivirus software and all that.

It's all basic IT stuff, really. Windows is vulnerable, users are usually fairly clueless...so prepare for it.

Or...skip all of the above and get your apps running under WINE. ;^)

Sure

[stratjakt]

probably means re-installing Windows, but have they considered Linux?

BEGIN LINUX CONSIDERATION

Q) Does it have the custom software we need?

A) No

Q) Do we have the budget, time, or employees with the skill to write it?

A) No

END LINUX CONSIDERATION

Sorry guys, that's just how the real world works.

Re:Sure

They don't need budget/time/employees/skill. All they have to do is put up a Sourceforge page, give it about a week, and their perfect bug-free open source DMV software will magically appear.

Re:Sure

[ViolentGreen]

I think the time is the biggest issue here. Their systems are down, Even if software is available, they don't have the time or manpower to test and impliment their system on Linux.

This is an emergancy situation. The best thing they can do is get their trusted system running again and then look for other options.

Migrate to Linux? Are you kidding me?

[Jailbrekr]

Even the suggestion that they should migrate to linux instead of flattening and reinstalling is premature, and horribly ignorant. A migration to another OS would take a company of that size months, and possibly years to do. Yes it would reduce the TCO, yes few viruses are written for it (so far), but to even suggest that linux would SOLVE their immediate problem is an idiotic proposal.

Cripes, set your zealotry aside and think.

Patching the way to go

[pyro101]

Now is not the time to upgrade the entire system to Linux it is time to patch and go. But it is a good time to consider if a full system upgrade should be done, when time is not so critical. An ill planned upgrade will squash the likelyhood of linux getting a good chance. Also it would require getting a good staff of IT guys that know linux and not a bunch of MCSE's.

Re:linux? Oh yeah, that will solve it.

[Anita+Coney]

One glitch?! An entire government bureaucracy is shut down for nearly a week (and who knows how much longer) because numerous computers are crippled is hardly "one glitch."

And considering that the problem would not have occurred if Linux had been used, I'm not sure how you can say, "Oh yeah, that will solve it." Please explain that to me please!

And also please explain how a flaw found and fixed in Firefox has anything to do with Linux.

Hm...

[StevenHenderson]

Who to root for, the viruses or the DMV? A conundrum if there ever was one...

As a Coloradoan...

[Chagatai]

I've been listening to local radio where they have been talking about this issue for the past couple of days. Apparently, according to the talk show hosts and call-in experts, the real issue is in the system that transfers the licenses to a company in Oregon for print out. Up until a few years ago, Colorado was one of those states that would laminate driver's licenses on the spot, much like a high school ID. Somewhere along the line they decided that these cards could easily be faked, so they started sending them to a company in another part of the country to be produced a la credit cards with "more robust security". Data currently cannot make it to this production company, so the production of cards has been backlogged by as much as 30 days in some cases. Local law enforcement has been told to be lenient on people with expired licenses in recent days due to these problems.

Me? I'm just happy seeing my Colorado tax dollars at work.

Worst computer related reporting...ever

[gorbachev]

The reporter is a complete pussy.

Tens of thousands of Detroit drivers are without service, and the DMV rep says:

"People understand that we are living in a computer world."

Uh. The followup question should've been "why the f*** did you let a virus infect a critical computer system?"

Ballmer on TV ...

[cpn2000]

I was watching tv in the company break room (lunch hour) the other day, when a program on MSNBC (I think) was showing Steve Balmer talking about Microsoft.

He said something to the effect of ' ... my parents said give us a good reason why we need a computer ...' . Almost instantly, 3 people in the room said 'Where else would you install anti-virus software' .

Microsoft has a serious image problem right now, and it does not look like its going to get better any time soon.

"Have they considered..."

[YrWrstNtmr]

...but have they considered Linux?

I'm sure someone in their organization has. Has the submitter considered the year or two (and LOTS of $$$) it would take to implement such a change?

"The Colorado DMV will be down until early 2006. We thank you for your patience."

Viruses and Security: A tech issue or a policy...

[Trolling4Dollars]

...issue? Part of the problem with viruses beyond the fact that many OSes still ship with pretty lax security, is the way that PCs are actually implemented when put into a networked environment. The implementation is dictated by the policies of the organization. Too many organizations do not put enough thought into what users should and shouldn't be allowed to do at EVERY level of computer use. Some of this is due to the fact that these organizations can't afford a decent admin due to being underfunded. Another cause is that many of these orgs also think that computers should be a "set it and forget it" kind of thing.

So how can this be addressed? Probably the first thing to do is GET A DECENT ADMIN and IT staff. Since we are talking the BMV here, this means better funding for the BMV to attract a decent admin and IT staff who will demand more pay. Which means... that taxes will have to be increased. Which means that indirectly, the tax payers who vote down county levies are are responsible.

Another thing that can be done once you have a decent admin is to set up a very detailed policy about what users are and aren't allowed to do on a machine. This includes whether or not they can even access external resources on the web (No external web mail during work time, etc...). Regarding the channel of e-mail for mass mailing worms, all mail should be filtered through a virus scanning and spam filtering appliance like the Barracuda Networks Spam Firewall.

If the environment is such that it demands that users be able to access external web resources, a remote application server (with automatic virus protection) running on a separate network should be used for all external web browsing. If they are accessing an internal resource, they can use their local browser. This way if the app server gets hit with some kind of worm or virus, it won't infect their system as the only connection would be over X , RDP or Citrix ICA.

Is all of this a pain in the ass to both implement and live with? Most certainly. Will the users complain? Count on it. Will it buy you a lot more protection against the worms and viruses today? Yes. It's just a question of which environment is more of a pain in the ass for you. One where you are constantly dealing with users that are infecting their machines and taking down the network so that productivity grinds to a halt? Or one where users gripe for a bit about the new restrictions, but you have far fewer or no virus/worm incidents? The choice as they say, is up to the peoplpe with the power to rethink these things.

Re:linux? Oh yeah, that will solve it.

[erroneus]

Hey Mr. Anonymous:

The Microsoft problem is far more than this one incident and it's not about "hating." For most of us, it's quite far removed from being an emotional concern and more of a prediction of future and larger disasters.

Firstly, Microsoft's vision is a homogenus computing environment. That's DANGEROUS and every computer expert agrees on this point. What could be worse than a single bit of malware crippling more than 70% of all PCs and Workstations? Right! 100% being crippled by said malware. We've seen the lightning fast spread of some malware across the net at rates that are far too fast to remedy in time.

Heterogenus computing is simply dangerous ESPECIALLY when combined with Microsoft's history and handling of even current issues. They have to write an entirely new OS if they want a secure product since the Win32 message queue problem is inherent to the API in such a way that "patching" is impossible. Of course they could create a BSD variant kernel and then build their own "wine" to secure things AND maintain compatibility but their pride takes priority over stability and security.

And finally, you have to consider where Microsoft's core interests lie. There are still companies out there who prioritize customer satisfaction over profit, growth and domination but it's pretty obvious that Microsoft isn't one of them given their choice to abandon MSIE development for "legacy operating systems." Are they running out of money or is this another way to manipulate people onto XP? I don't think cost of development is the motive do you? Honestly?

It's not hate... it's fear.

As someone who lives in CO

[FerretFrottage]

I went to renew my car registration this past year and while stting down at the counter with the clerk, I noticed a little yellow sticky on the lower part of her monitor:

[sticky]
Password
password
(all lowercase)
[/sticky]

Made me feel nice, warm, and fuzzy...next year, just renew it myself (now where is a yellow sticky when you need one?)

I suspect they will we continue to see and hear/read more about these type of incidents....I also believe we will start to see incidients at that related to non Windows based systems because
(a) as *nix/OSS is taking a deeper foothold in systems, more flaws are bound to show up
(b) MS will make sure that those incidents get reported to as many outlets as possible to show people that it's not just them.

Re:What happened to good old fashionned mainframes

[The+Blue+Meanie]

Actually, as a resident of Colorado that recently got a new license, I have to mention that while the process IS digital, they do not "print your license right in front of you". Our DMV in its infinite wisdom has outsourced the printing of the licenses to a company in California. You now leave the DMV with a little slip of paper that's good for 30 days, until your new license is mailed to you - FROM ANOTHER STATE!
They do at least let you keep your old license if you're renewing, but not before punching a hole through the expiration date to mark it as expired pending the new arrival.

Imagine the pleasure I experienced when after having had said hole punched in my license, I had to fly two weeks later, prior to the arrival of the new license. The oh-so-friendly TSA people in Chicago were not impressed with either my "punched" license, or the little photoless slip of paper that was supposed to pass in its place. I very nearly wasn't able to come home. (The TSA folks at Denver's airport were aware of the DMV's stupidity, so I had no problem leaving).

To add just a little more to the "stupidity" column, did you know our DMV must take a new picture of you for every document? If I have no license, and come in to take both the written and driving tests the same day, it goes like this:
- Take/pass written test
- Get photo taken
- Take/pass driving test
- Get photo taken again, 1 hour later than last one
- Leave DMV with silly slip of paper
- 3 weeks later, learner permit (which was only valid for about an hour 3 weeks ago) AND license arrive in the mail FROM ANOTHER STATE!

You just can't make this stuff up. Oh, and can we please skip the painfully obvious "???" "profit" jokes.