Re: Checking for AV software on students machines

[Antivirus Administrator <avmgr () UTK EDU>]

First I'd like to say that there is no "silver bullet" for us. We take a
tiered approach to the security issues and this is just the initial step
outside of IDS/IPS, regular scans etc...


Mark's Question:
As for non-windows boxes in the registration process, the individual can
register through the general process which requires no security measures
at this time. If you are not XP/2K The registration server will not
redirect you to the "registration security tool".  This is the way it
was for all OS's until we decided to place requirements on the XP/2K
systems.

Another option is to call the helpdesk and request a support person to
check the system and then register it for you via an admin interface on
the registration server.

In addition, support personnel across campus have already been given the
admin rights to register a computer (including phones/other devices) and
skip the normal process. Simply put, those who have a special need will
have to wait for a short time. Those who do these "unusual"
registrations regularly, have the ability to bypass registration
security. If they don't do what is required to prevent compromise, we
have their number and could revoke privileges if they continue to offend.


Craig's Question:
As for the question of EPO and student machines, we have installed it on
 thousands of student computers and are now forcing students accessing
the network to use it. We have no problems with licensing because of the
contract with McAfee. However, students are informed that they have
rights to the software only as long as they are affiliated with UT and
by downloading and installing they agree to abide by the license
agreements.

There have been no technical issues other than problems with
installation on top of an existing AV product. Specifically, Norton in
combination with McAfee can damage the OS beyond repair (other than
rebuild). To remedy this, we have built detection into the installation
to prevent McAfee from being installed if any other AV product exists on
the system.

Are there some other technical issues that you have encountered or some
specific worries that you may have?


Mark Poepping wrote:

> And if people are going to answer that question, I’d add the issues of:
>
>  . short-term visitors, especially day-long or week-long classes,
> trustees, or visiting researchers – does everybody have to run your
> software?
>
>  . what about non-windows boxes?
>
>  . what about embedded systems (e.g. IP phones, robots, security devices)..
>
>
>
> And for Brian Kaye talking about unb.ca..  “The conferencing people are
> happy”..  Do you create a UID/PIN for each conference and expire the
> registrations (and UID/PIN) when the conference is over?
>
> Thanks.
>
> Mark.
>
>
>
>
>
> ------------------------------------------------------------------------
>
> *From:* The EDUCAUSE Security Discussion Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Craig Blaha
> *Sent:* Thursday, June 10, 2004 3:02 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Checking for AV software on students machines
>
>
>
> The College of New Jersey briefly discussed expanding our EPO license to
> cover students and requiring an agent on student owned machines. We
> decided against it because of the support issues it could raise. I'm
> interested in how other people are dealing with the issue of mandatory
> anti-virus, patches, agents, etc. creating issues (either real or
> imagined) with a student machine. Do you charge for service, require
> students to sign a waiver, etc?
>
> Thanks,
> Craig Blaha


--
I. W. Woodle (Wes)
OIT Customer Technology Support
LaDS/FRP/Antivirus Administration
University of Tennessee, Knoxville
(865)974.9600 iwoodle () utk edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.