Forwarded from: Kylus <kylusat_private> On Tue, May 28, 2002 at 03:33:07AM -0500, InfoSec News [isnat_private] wrote: > We run Norton, and get automatic updates every 24 hours, > occasionally changing to every 12 hours. Everything is automatic on > our network (UNIX servers and NT workstations). No user can open > any file, e-mail or attachment unless the antivirus checks it first. > This isn't on the firewall, it's on the network. I think things are a bit different on a university network. I can't speak for every school, but the one I attended (and likely many others) are not organized the same way as someone's home LAN or a business/corporate network where one person or a technical group is responsible for all of the machines connected to the infrastructure. At my school and many others, it is made clear to students that they are responsible for the security and liability of their own computers. That means it is their responsibility to update the virus definitions, purchase or install scanning software, and ultimately practice good computing habits to avoid viruses. Having just graduated from college, and leaving behind a position in University Computer Support, I can echo the statements already made by others who said that people do not a) bother or b) know enough to update their virus scanners, or even purchase the software until they are already infected (the industry is not the only section that is 'reactive' ;) ). Very often the only thing a University can and will do is to do the very best it can to educate users of its network about the dangers of recent viruses and worms, and its tech support departments will just batton down their hatches when a new one breaks out. It cannot be expected of a University--especially ones with 40 or 50 thousand people on its campus--to be responsible for the well being of every student owned machine connected to the network ('babysitting' I believe someone mentioned earlier). Not to rant, but M$ has made it so people think they don't have to learn a thing to use a computer. The attitude I've received from infected students in the past when I've attemtped to teach them how to maintain their virus definitions was such that I would have gladly left them infected if they didn't spew out the worm to others on campus. People seemed to expect the campus staff to watch out for their computers; and with the number of students connected (over 14,000), and our resources (65 technicians, 10 managers, 1 boss), that was obviously not possible and, in my opinion, not our job. > I know it's impossible to catch every virus if it is radically new, > but we very, VERY seldom get a successful penetration. For example, > we took over 600,000 hits with I love you, and none got through. That's really good, but I would again wager that a university is modeled a bit differently, with the expectations of liability and security placed on its students. I know that at my school we could not set up any sort of virus scanning system at the email-gateway level; the system processed 2 million emails a day, and adding the overhead of virus-scanning was totally impossible without a complete system revamp. > I'm no great fan of Outlook, but I don't see that it deserved the > comments by that university. For those who disagree, that's fine. I disagree ;) If my alma mater were to do the same, there would be a great cry of joy from the co-workers I left behind, since their workload would likely be cut in half or by 2/3. Due to a site-license with M$, however, I don't ever forsee that happening, so they have to rely on educating users, installing virus-scanning software for students (thanks to a new site-license with Symantec), and hoping for the best when the next great worm fiasco starts. And congratulations on your marriage. :) Patrick Boyne - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 06:40:40 PDT