Re: MS Outlook booted off campus

[InfoSec News <isn () c4i org>]

Forwarded from: Kylus <kylus () pizzle org>

On Tue, May 28, 2002 at 03:33:07AM -0500, InfoSec News [isn () c4i org] wrote:

> We run Norton, and get automatic updates every 24 hours,
> occasionally changing to every 12 hours.  Everything is automatic on
> our network (UNIX servers and NT workstations).  No user can open
> any file, e-mail or attachment unless the antivirus checks it first.  
> This isn't on the firewall, it's on the network.

I think things are a bit different on a university network. I can't
speak for every school, but the one I attended (and likely many
others) are not organized the same way as someone's home LAN or a
business/corporate network where one person or a technical group is
responsible for all of the machines connected to the infrastructure.
At my school and many others, it is made clear to students that they
are responsible for the security and liability of their own computers.
That means it is their responsibility to update the virus definitions,
purchase or install scanning software, and ultimately practice good
computing habits to avoid viruses.

Having just graduated from college, and leaving behind a position in
University Computer Support, I can echo the statements already made by
others who said that people do not a) bother or b) know enough to
update their virus scanners, or even purchase the software until they
are already infected (the industry is not the only section that is
'reactive' ;) ). Very often the only thing a University can and will
do is to do the very best it can to educate users of its network about
the dangers of recent viruses and worms, and its tech support
departments will just batton down their hatches when a new one breaks
out. It cannot be expected of a University--especially ones with 40 or
50 thousand people on its campus--to be responsible for the well being
of every student owned machine connected to the network ('babysitting'
I believe someone mentioned earlier). Not to rant, but M$ has made it
so people think they don't have to learn a thing to use a computer.
The attitude I've received from infected students in the past when
I've attemtped to teach them how to maintain their virus definitions
was such that I would have gladly left them infected if they didn't
spew out the worm to others on campus. People seemed to expect the
campus staff to watch out for their computers; and with the number of
students connected (over 14,000), and our resources (65 technicians,
10 managers, 1 boss), that was obviously not possible and, in my
opinion, not our job.
 
> I know it's impossible to catch every virus if it is radically new,
> but we very, VERY seldom get a successful penetration.  For example,
> we took over 600,000 hits with I love you, and none got through.
 
That's really good, but I would again wager that a university is
modeled a bit differently, with the expectations of liability and
security placed on its students. I know that at my school we could not
set up any sort of virus scanning system at the email-gateway level;
the system processed 2 million emails a day, and adding the overhead
of virus-scanning was totally impossible without a complete system
revamp.

> I'm no great fan of Outlook, but I don't see that it deserved the
> comments by that university.  For those who disagree, that's fine.

I disagree ;) If my alma mater were to do the same, there would be a
great cry of joy from the co-workers I left behind, since their
workload would likely be cut in half or by 2/3. Due to a site-license
with M$, however, I don't ever forsee that happening, so they have to
rely on educating users, installing virus-scanning software for
students (thanks to a new site-license with Symantec), and hoping for
the best when the next great worm fiasco starts.

And congratulations on your marriage. :)

Patrick Boyne



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.