Re: [ISN] MS Outlook booted off campus

From: InfoSec News (isnat_private)
Date: Wed May 29 2002 - 02:46:03 PDT

  • Next message: InfoSec News: "[ISN] Kimble/Schmitz gets 20 months suspended sentence"

    Forwarded from: Kylus <kylusat_private>
    On Tue, May 28, 2002 at 03:33:07AM -0500, InfoSec News [isnat_private] wrote:
    > We run Norton, and get automatic updates every 24 hours,
    > occasionally changing to every 12 hours.  Everything is automatic on
    > our network (UNIX servers and NT workstations).  No user can open
    > any file, e-mail or attachment unless the antivirus checks it first.  
    > This isn't on the firewall, it's on the network.
    I think things are a bit different on a university network. I can't
    speak for every school, but the one I attended (and likely many
    others) are not organized the same way as someone's home LAN or a
    business/corporate network where one person or a technical group is
    responsible for all of the machines connected to the infrastructure.
    At my school and many others, it is made clear to students that they
    are responsible for the security and liability of their own computers.
    That means it is their responsibility to update the virus definitions,
    purchase or install scanning software, and ultimately practice good
    computing habits to avoid viruses.
    Having just graduated from college, and leaving behind a position in
    University Computer Support, I can echo the statements already made by
    others who said that people do not a) bother or b) know enough to
    update their virus scanners, or even purchase the software until they
    are already infected (the industry is not the only section that is
    'reactive' ;) ). Very often the only thing a University can and will
    do is to do the very best it can to educate users of its network about
    the dangers of recent viruses and worms, and its tech support
    departments will just batton down their hatches when a new one breaks
    out. It cannot be expected of a University--especially ones with 40 or
    50 thousand people on its campus--to be responsible for the well being
    of every student owned machine connected to the network ('babysitting'
    I believe someone mentioned earlier). Not to rant, but M$ has made it
    so people think they don't have to learn a thing to use a computer.
    The attitude I've received from infected students in the past when
    I've attemtped to teach them how to maintain their virus definitions
    was such that I would have gladly left them infected if they didn't
    spew out the worm to others on campus. People seemed to expect the
    campus staff to watch out for their computers; and with the number of
    students connected (over 14,000), and our resources (65 technicians,
    10 managers, 1 boss), that was obviously not possible and, in my
    opinion, not our job.
    > I know it's impossible to catch every virus if it is radically new,
    > but we very, VERY seldom get a successful penetration.  For example,
    > we took over 600,000 hits with I love you, and none got through.
    That's really good, but I would again wager that a university is
    modeled a bit differently, with the expectations of liability and
    security placed on its students. I know that at my school we could not
    set up any sort of virus scanning system at the email-gateway level;
    the system processed 2 million emails a day, and adding the overhead
    of virus-scanning was totally impossible without a complete system
    > I'm no great fan of Outlook, but I don't see that it deserved the
    > comments by that university.  For those who disagree, that's fine.
    I disagree ;) If my alma mater were to do the same, there would be a
    great cry of joy from the co-workers I left behind, since their
    workload would likely be cut in half or by 2/3. Due to a site-license
    with M$, however, I don't ever forsee that happening, so they have to
    rely on educating users, installing virus-scanning software for
    students (thanks to a new site-license with Symantec), and hoping for
    the best when the next great worm fiasco starts.
    And congratulations on your marriage. :)
    Patrick Boyne
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed May 29 2002 - 06:40:40 PDT