Educause Security Discussion mailing list archives
Re: Checking for AV software on students machines
From: Antivirus Administrator <avmgr () UTK EDU>
Date: Thu, 10 Jun 2004 17:09:18 -0400
First I'd like to say that there is no "silver bullet" for us. We take a tiered approach to the security issues and this is just the initial step outside of IDS/IPS, regular scans etc... Mark's Question: As for non-windows boxes in the registration process, the individual can register through the general process which requires no security measures at this time. If you are not XP/2K The registration server will not redirect you to the "registration security tool". This is the way it was for all OS's until we decided to place requirements on the XP/2K systems. Another option is to call the helpdesk and request a support person to check the system and then register it for you via an admin interface on the registration server. In addition, support personnel across campus have already been given the admin rights to register a computer (including phones/other devices) and skip the normal process. Simply put, those who have a special need will have to wait for a short time. Those who do these "unusual" registrations regularly, have the ability to bypass registration security. If they don't do what is required to prevent compromise, we have their number and could revoke privileges if they continue to offend. Craig's Question: As for the question of EPO and student machines, we have installed it on thousands of student computers and are now forcing students accessing the network to use it. We have no problems with licensing because of the contract with McAfee. However, students are informed that they have rights to the software only as long as they are affiliated with UT and by downloading and installing they agree to abide by the license agreements. There have been no technical issues other than problems with installation on top of an existing AV product. Specifically, Norton in combination with McAfee can damage the OS beyond repair (other than rebuild). To remedy this, we have built detection into the installation to prevent McAfee from being installed if any other AV product exists on the system. Are there some other technical issues that you have encountered or some specific worries that you may have? Mark Poepping wrote:
And if people are going to answer that question, I’d add the issues of: . short-term visitors, especially day-long or week-long classes, trustees, or visiting researchers – does everybody have to run your software? . what about non-windows boxes? . what about embedded systems (e.g. IP phones, robots, security devices).. And for Brian Kaye talking about unb.ca.. “The conferencing people are happy”.. Do you create a UID/PIN for each conference and expire the registrations (and UID/PIN) when the conference is over? Thanks. Mark. ------------------------------------------------------------------------ *From:* The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Craig Blaha *Sent:* Thursday, June 10, 2004 3:02 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Checking for AV software on students machines The College of New Jersey briefly discussed expanding our EPO license to cover students and requiring an agent on student owned machines. We decided against it because of the support issues it could raise. I'm interested in how other people are dealing with the issue of mandatory anti-virus, patches, agents, etc. creating issues (either real or imagined) with a student machine. Do you charge for service, require students to sign a waiver, etc? Thanks, Craig Blaha
-- I. W. Woodle (Wes) OIT Customer Technology Support LaDS/FRP/Antivirus Administration University of Tennessee, Knoxville (865)974.9600 iwoodle () utk edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Checking for AV software on students machines Antivirus Administrator (Jun 10)
- <Possible follow-ups>
- Re: Checking for AV software on students machines Craig Blaha (Jun 10)
- Re: Checking for AV software on students machines Mark Poepping (Jun 10)
- Re: Checking for AV software on students machines Brian Kaye (Jun 10)
- Re: Checking for AV software on students machines Antivirus Administrator (Jun 10)