Slashdot Mirror
Handling Viruses in an Uncontrolled Network?
An anonymous reader asks: "Recently I've gotten a (volunteer) job looking after a small (approximately 500 computer) network, located within a large block of student flats.
We've been having numerous problems with viruses over a few years. They spread like crazy on our network, with 100megabit connections in every residents room. Every so often they 'go off' and start a flood, which of course takes the entire residence network down. I've tried desperately to educate users on the virus problem, but those that are the problem don't care - they ignore every warning they get and just buy a faster computer to compensate for their systems sluggishness. As we only need two or three ping flooding computers to bring down the network it's hard to keep our network up whenever a worm starts its payload. What solutions have Slashdot readers came up with this and similar problems?"
"Keep in mind that I'm doing this on a volunteer basis, and that my own study time and personal life takes first priority. The residence isn't prepared to spend more money bringing help or a replacement in, which I can understand given that I pay them rent that I would prefer not to increase. I also don't have any control over the network infrastructure itself, just over our DHCP server. I can't force users to keep their computers safe, as I don't own the things - all it seems I can do is point them to the *FREE!* virus scanner and local Windows update mirror and urge them to protect their computer, and offer to help out those that need it - (although due to time constraints, personally helping out everyone in a 500 member network isn't a possibility).
I can also email off a request to have certain IPs dropped off at the switch, but those users have to come back online soon enough. Whenever someone is infected I try and sit them down and make them realize that keeping their computer safe is their responsibility, and they always seem very attentive whenever we're discussing when they get reconnected to the network, but soon after they'll be infected again."
I can also email off a request to have certain IPs dropped off at the switch, but those users have to come back online soon enough. Whenever someone is infected I try and sit them down and make them realize that keeping their computer safe is their responsibility, and they always seem very attentive whenever we're discussing when they get reconnected to the network, but soon after they'll be infected again."
That's not actually a bad suggestion.
As Seen On TV's? Come back!!!
"I really hope that the software isn't required to be running to have access to the internet, because otherwise it would be screwing Linux users over big time."
My school (Swarthmore College) uses the same McAfee Virusscan Enterprize. It works well to keep the network clean, and if you're running Linux it doesn't require you have to have it running.
The system is in fact a bit buggy and there was quite a number of people who had trouble at the beginning of the year with the scan not determining that their computer was clean and protected, but it got sorted out fairly quickly and is far better than the alternative of having viruses take over the network.
The system requires you to have the anti-virus running and be updated with the latest security patches from Microsoft to be let through (SP2 is not required though, for some reason).
My friends and I have also figured out how to do some technical fiddling around with port blocking and the like that lets us not run the relatively clunky anti-virus and use our program, but McAfee works just fine for most people.