Slashdot Mirror
Handling Viruses in an Uncontrolled Network?
An anonymous reader asks: "Recently I've gotten a (volunteer) job looking after a small (approximately 500 computer) network, located within a large block of student flats.
We've been having numerous problems with viruses over a few years. They spread like crazy on our network, with 100megabit connections in every residents room. Every so often they 'go off' and start a flood, which of course takes the entire residence network down. I've tried desperately to educate users on the virus problem, but those that are the problem don't care - they ignore every warning they get and just buy a faster computer to compensate for their systems sluggishness. As we only need two or three ping flooding computers to bring down the network it's hard to keep our network up whenever a worm starts its payload. What solutions have Slashdot readers came up with this and similar problems?"
"Keep in mind that I'm doing this on a volunteer basis, and that my own study time and personal life takes first priority. The residence isn't prepared to spend more money bringing help or a replacement in, which I can understand given that I pay them rent that I would prefer not to increase. I also don't have any control over the network infrastructure itself, just over our DHCP server. I can't force users to keep their computers safe, as I don't own the things - all it seems I can do is point them to the *FREE!* virus scanner and local Windows update mirror and urge them to protect their computer, and offer to help out those that need it - (although due to time constraints, personally helping out everyone in a 500 member network isn't a possibility).
I can also email off a request to have certain IPs dropped off at the switch, but those users have to come back online soon enough. Whenever someone is infected I try and sit them down and make them realize that keeping their computer safe is their responsibility, and they always seem very attentive whenever we're discussing when they get reconnected to the network, but soon after they'll be infected again."
I can also email off a request to have certain IPs dropped off at the switch, but those users have to come back online soon enough. Whenever someone is infected I try and sit them down and make them realize that keeping their computer safe is their responsibility, and they always seem very attentive whenever we're discussing when they get reconnected to the network, but soon after they'll be infected again."
Windows machines have little to do on networks anyway. Unpatched winboxen even less. Cut them off until they get a clue - as simple as that. Or make it a policy that everyone has a Mac (or clue).
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
1. Colt 45 to the temple.
http://xs4.xs.to/pics/04481/p556222.gif
Don't issue addresses to DHCP clients that are identified as a Microsoft Windows PCs. No IP address, no ping flood!
The second step is enforcing a "zero tolerance i386 policy". No Intel i386 compatible chipsets allowed near your network. If they can't run Microsoft Windows, they can't run Microsoft Windows viruses.
Then you just have the problem of the smart punks assigning a static IP address.
Alternately, get friendly with the network administrator (the guy who "owns" the switch that these PCs are plugged into), and arrange to have virus-laden PCs cut off from the network (as in - turn off the port). Leave a copy of the latest virus definitions file on their doorstep with a note explaining that access to the network will be restored once they've cleaned up their machine.
And sprinkle the document with the usual "Think Different" propaganda. Linux and Mac OS X good! Microsoft Windows bad!
you might suggest they all install Service Pack UNIX. This will fix the problem quite nicely.
UNIX: A set of Linux-like operating systems that grew out of an original version written by some guys at a phone company