Virus Eats School District's Homework 321
theodp writes "Forget about 'snow days' — the kids in the Lake Washington School District could probably use a few 'virus days.' Laptops issued to each student in grades 6-12 were supposed to accelerate learning ('Schools that piloted the laptops found that students stayed engaged nad [sic] organized whiel [sic] boosting creativity,' according to the district's Success Stories), but GeekWire reports that a computer virus caused havoc for the district as it worked its way through the Windows 7 computers, disrupting class and costing the district money — five temporary IT staff members were hired to help contain the virus. Among the reasons cited for the school district's choice of PCs over Macs were the proximity to Microsoft HQ (Redmond is in the district), Microsoft's involvement in supporting local and national education, and last but not least, cost. In the past, the Lake Washington School District served as a Poster Child of sorts for Microsoft's Trustworthy Computing Group."
Looks like the school district (Score:5, Funny)
Re: (Score:3)
Re: (Score:3, Interesting)
... all the while trying to save "cost" :-)
I'm not sure how it would have cost them any less if they'd have gone with an Apple-branded OS. Or even Linux for that matter.
Despite what the summary and school says, technically this was a Trojan which drops a backdoor into the system. It's been detectable by all the major AV software vendors for a very long time, the earliest variants were from back in the old DOS days.
Since the school can't even manage to spell properly, I'm going to assume that what happened was something like this:
Child A: "I heard t
Re: (Score:2, Informative)
It would have cost them less, because they'd have been a lot less likely to even come across a trojan compatible with their system.
"I can't get it to install"..? You mean people don't know how to click "run" or "ok" or whatever UAC says?
Re:Looks like the school district (Score:5, Insightful)
. These days almost every single exploit that hits a windows box uses a cross platform plugin.
Windows, with the history it has, has a number of highly sophisticated tools at detecting them; and Macs do not, and it is thus likely that any such infections would be completely unnoticed?
These are what is known as hypotheses. The problem is, there are a crap-ton of security researchers who actually look at these numbers, and both have been disproved. Most malware still doesn't have a cross platform component, either by numbers of infection or by variant. The infection rate of a random sampling of Macs inspected by security experts always finds a much lower infection rate by a huge margin.
Maybe to help explain this phenomenon you should wander over to a security convention like Blackhat or Defcon. Count the number of security experts with Macbooks versus other devices. Notice a trend?
Re: (Score:3)
As I recall, ever since Pwn2Own started, every single year with perhaps one exception the fully patched OSX box running safari was the first to fall.
There may be many reasons that Macs tend not to have a perception of "virus prone", but "theyre more secure" isnt one.
Re:Looks like the school district (Score:5, Informative)
Re:Looks like the school district (Score:5, Interesting)
Windows however does not have privileged separation from the ground up
What do you suppose UAC is? And what do you mean "from the ground up"-- NT "from the ground up" has notions of users and different privilege levels that possibly eclipses the Unix world in scope and granularity.
Why do you think Chrome has robust sandboxing on Windows, but not on other platforms? As I recall, the reason the Chrome team gave was that, quite simply, Windows had better supported mechanisms for stripping privileges from processes (I believe they mentioned there was a way to do the sandboxing, but it used a little-used method that was not recommended on Linux).
Im not a Linux guru; Ill admit that. But Im not aware of a bog-standard Linux or Mac install having the ability to set permissions and privileges on specific processes completely aside from the context that launched them; or being able to set permissions on specific entries in a particular plist file (the equivalent of per-key permissions in the windows registry). As I recall, Windows also has more robust ASLR-- or at least did for many years-- than Linux or Mac, earlier support for DEP, and more granular ACLs on its default filesystem.
I really dont want to get into a "this OS is better than that" argument, because different philosophies went into each, and each has its strength. OSX focuses heavily on user experience. Linux focuses heavily on modularity, flexibility, and extreme hackability. Windows tends to focus on business and end-user experience, but without as much focus on OSX; there is also, however, a very big focus on security given all the bad press Windows has had over the years. It has very much undergone trial by fire, and to some extent that makes me less inclined to just say "go OSX; it has 0 track record with thwarting viruses, but Im sure it will be fine". Most big viruses I see either tend to be on XP holdouts, or else tend to be removable in a few minutes due in large part to UAC.
Re: (Score:3, Interesting)
"Here's how to make the warning go away."
If only it were that difficult.
I got a virus last week because I was trying to install MS antivirus on a machine. Microsoft Security Essentials requires a WGA check and it failed for some reason (don't know why - it was a perfectly legal machine).
Anyway, I went to Google to see if I could find a workaround and ... the very first page I visited installed a virus on the machine. No warnings, no permissions asked for. Some system dialog or other flashed up then ten seco
Re: (Score:2)
What browser were you using? I install Chrome before I go searching for things like anti-virus :p
Re: (Score:2)
What browser were you using?
Guess...! [youtube.com]
Re: (Score:3)
Are you sure that wasnt a popup crafted to look like a non-browser window? That is a very common method of enticing people to click on them, and to run the files it downloads.
Alternatively, perhaps you should visit the Mozilla Plugin Check:
https://www.mozilla.org/en-US/plugincheck/ [mozilla.org]
If you truly got a driveby virus, your plugins are out of date, or your browser is. For the record, this is easily possible on Linux and OSX as well (and has been demonstraded before, and each year at Pwn2Own).
Re: (Score:3)
Re: (Score:2)
Parent used IE to surf the web, clearly.
Re:Looks like the school district (Score:4, Insightful)
"I'm not sure how it would have cost them any less if they'd have gone with an Apple-branded OS. Or even Linux for that matter."
Just a wild stab in dark but perhaps they wouldn't have ended up with a trojan on all their systems because OS/X and Linux have better security.
Re: (Score:3)
Re:Looks like the school district (Score:4, Informative)
Hmm , lets see. Just off the top of my head - not tightly integrating the HTML engine with the core OS, not having all system daemons running with administrator privs, having a proper setuid system, not being able to send abitrary messages to the windows of other apps. I'm sure google can provide you with a load more.
Re: (Score:3, Insightful)
"And are you telling me you can remove Safari from OSX?"
Dunno, but you sure as hell can remove every browser from Linux and it'll still function fine. Why does Windows need IE dlls at all?
"your driver "processes" in OSX run with kernel privileges."
Dunno, but in linux system daemons run under all sorts of users. eg apache, smmsp, daemon. They don't all need to run as root.
"you generally dont want a normal user launching a program that runs with root, and Windows already has a method of stripping privileges f
Re: (Score:2, Flamebait)
AKA Computer Voo Doo (Score:5, Insightful)
You were the last compentent person to touch their system. The only one who knew how to make changes. They know they changed nothing. How could this problem exist, it requires a change to have been made?
Computer Voo Doo. It has to be the change you made 2 years ago that caused the virus today.
Ah, Voo Doo, I know thee well. Many of my customers have claimed I have practiced the art.
Re: (Score:3, Insightful)
The premise-- that Macs somehow are immune to viruses-- is utterly ridiculous. Was everyone sleeping when each of the last several years' Pwn2Owns resulted in OSX falling first (I think that this year they did better)? Was everyone sleeping when Flashback hit and everyone was astonished that OSX has bugs just like every other computer program on the planet?
If they had a rampant virus despite having antivirus and filters, then I know several things: They were granting admin privileges to the users and / or
Re: (Score:2)
The premise-- that Macs somehow are immune to viruses-- is utterly ridiculous.
You know, there are other OSes out there than just Windows and MacOS... So the rest all falls down from this...
And I don't need to worry whether the fire extinguisher that I keep next to my bed is still current on its inspections, and all that other complicated stuff, because I simply don't smoke in bed.
laptops not desktops so you need a managed wifi (Score:2)
laptops not desktops so you need a managed wifi system with more then 1 AP.
and even then the systems use NON school AP's as well.
Also virus can pass though email and web uploading of school work / over usb key as well.
Let's see there a virus so trun off the web site / email and have the kids use usb keys to trun in there work.
Is it 10 years already? (Score:4, Interesting)
There once was this thing, the "trustworty computing" pledge. [theregister.co.uk]
What happened to that?
Re:Is it 10 years already? (Score:4, Insightful)
Re:Is it 10 years already? (Score:5, Insightful)
The trust is for the media cartels. They don't trust users not to copy their media, so Microsoft sold them the idea of computing they could trust.
The "End to End Trust" initiative is all about this - removing the computer's trust that it's owner should have control, and handing that trust to the people with the root signing keys - Microsoft will become indispensable to the entire Windows software ecosystem. The ultimate rent-seeking behaviour.
The Computer doesn't trust you [gnu.org].
Re:Is it 10 years already? (Score:5, Insightful)
Journalists raised a hue and cry about the end times because TC was implemented by Microsoft.
In the meantime, Apple came in and implemented the same spec and the same journalists fell over each other extolling the virtues of the walled garden.
Re:Is it 10 years already? (Score:5, Insightful)
Perhaps it's the difference between inviting people into your walled garden, and building a wall around the people in your already highly populated garden?
Re: (Score:2)
Sorry, posting to cancel error in modding...(damn this 'instant' button)
Mod up someone, please
Re: (Score:2)
Re:Is it 10 years already? (Score:4, Funny)
Bill Gates also thought (in 2004) that we'd defeat spam in two years. [theregister.co.uk]
The only fool bigger than one who believes a prediction from MS is one who believes a promise from MS.
And Linux? (Score:5, Interesting)
Among the reasons cited for the school district's choice of PCs over Mac's were (...) cost.
And yet Linux was never an option? Avoided Apple to reduce the cost and ended up hiring 5 people to contain the damage that came as a consequence of their choice... way to go!
Re: (Score:2)
^ What I wanted to say.
Sure they shouldn't buy macs. But if they worry about viruses they don't need to get Windows machines just because of that.
Also is it really that hard to keep a Windows machine free of viruses? All the kids installed the same crap?
Re: (Score:3)
It is a bit hard. Not for me... not for people with self control and a little understanding of what goes on out there. The weak link is humans.
But that said, there is some blame in the design of Windows. I think the Apache web server needs to be stripped of its name to have it awarded to Windows. I think it might make Windows cooler somehow.
People want to claim there is no original code from DOS/Windows in the current versions of Windows. That may be true. Part of the problem is design. It still harb
Re: (Score:2)
Re: (Score:2)
Part of the problem is design. It still harbors the design of a single user, single tasking OS which was added upon for more than a decade of incremental changes, patches and fearure improvements, one after the other after the other. It's amazing it's not messier than it already is.
[citation needed]. Where do you see a design of single user/single tasking OS?
Microsoft didn't have a plan in mind for Windows when it created DOS. It didn't even have Windows95 in mind when it created Windows 3. It's all a pile on top of a pile on top of a pile.
That may be so. But current Windows is not built upon any of those. The current strain of Windows is built upon Windows NT, which *was* a clean-room implementation of Windows. It has *nothing* to do with DOS, Windows 3 or Windows 9x/ME, except that it has a compatibility subsystem for running legacy applications.
Windows NT was always a multi-user and network-aware OS. From the very start. Unlike Unix and Linux which were designed
Re: (Score:2)
Incompatibility with 99% of all software, including viruses, is not a feature.
Re: (Score:3)
It's as hard to keep a Windows machine free of viruses as it is to keep a Linux machine from shitting itself on boot.
I've only seen Linux not booting two times in 6+ years of using it: The first was faulty hardware which caused SEGFAULTS. The second was a damaged home-partition. From all the arguments you could come up with, this is the least viable. ... At least say "...as it is to keep Linux from randomly killing X", that at least sounds believable.
Re:Complete bollocks there. (Score:4, Informative)
Keep your voice down and we can have a conversation.
Issue #1: The user should be taught how to keep their system clean. Doesn't matter whether it is Linux, Windows or OSX. So they handed out devices without any restriction imposed on the user, the user who is a kid, and is supposed to be restricted they have enough knowledge to be responsible for their own computer-like devices. For the same reason, people having a driver instructor while driving for a while, pass an exam, and only after that they are allowed to drive their own, or other people's car.
Issue #2: All major existing operating system today is capable to restrict the user's actions if they are set up correctly. Now the commercial OSes, like Windows and OSX are advertised as an out-of-the-box solution, and thus people think that they are ready to be deployed in virtually any situations. In practice however, it turns out that when it comes to managing a bunch of devices for predefined goals apart from having fun with personal computing at home, you need a competent administrator or administrator team to handle the set up and the maintenance. Customer support just doesn't cut it for this reason. They off site, and slowly responding, and they don't really know what are the exact requirements for their installation. CS could be handy perhaps in individual cases, where the user works within its competence, but any organization working with computers regularly (as I deduced from the article, the whole point of giving out laptops is to get the education system computerized) need competent maintainer.
Windows isn't really more vulnerable to viruses than OSX in a competent hand, and Linux is just as much stable as any of the commercial operating systems if maintained by skilled administrator. And an competent system administrator would be completely aware of the fact that children are not the most trustworthy users when it comes to downloading and executing software from unknown sources.
So, in my opinion what the school board/administration did is cuting corners on their computer staff, or hired incompetent, unskilled cheap labour for the position. Either way, it isn't really the OS that really matters, it is the person who keeps it running.
Re: (Score:3)
Keep your voice down and we can have a conversation.
Issue #1: The user should be taught how to keep their system clean. Doesn't matter whether it is Linux, Windows or OSX. So they handed out devices without any restriction imposed on the user, the user who is a kid, and is supposed to be restricted they have enough knowledge to be responsible for their own computer-like devices. For the same reason, people having a driver instructor while driving for a while, pass an exam, and only after that they are allowed to drive their own, or other people's car.
However, very few extremely technical users can keeps their windows installation clean and running for years. You certainly can't expect this from the general population, let alone children.
[...]
Windows isn't really more vulnerable to viruses than OSX in a competent hand
In a competent hand, yes, it is.
, and Linux is just as much stable as any of the commercial operating systems if maintained by skilled administrator.
Please name one piece of malware out in the wild that affects distros like Mint or Ubuntu.
And an competent system administrator would be completely aware of the fact that children are not the most trustworthy users when it comes to downloading and executing software from unknown sources.
So, in my opinion what the school board/administration did is cuting corners on their computer staff, or hired incompetent, unskilled cheap labour for the position. Either way, it isn't really the OS that really matters, it is the person who keeps it running.
Linux and BSD require no effort to keep malware out. There are none, and the defaults are pretty sane (there aren't plenty of security-holes in default services which run as root).
Re: (Score:2)
Having an IT staff for a program this big is pretty much a necessity which they should have thought of before launching it.
Re: (Score:2)
From the way the summary is written ("temporary IT staff members") I make up they have a permanent IT staff of more than one already.
Re:And Linux? (Score:5, Insightful)
Unlikely. As with everything in modern American public education (well, anything in a major American organization, public or otherwise), decisions are made based on how little something costs RIGHT NOW as opposed to how much it will cost in the long run, and any attempt to build infrastructure to support a new initiative is met with "that's so much money, we'll just cross that bridge when we come to it if it's a problem." Handing out tens of thousands of Windows-based laptops (especially with Redmond's subsidy for OS cost) may be cheaper up-front, but bringing in that many laptops requires substantial infrastructure to handle the 'side benefits' of Windows, namely the need for strong antivirus solutions and the most restrictive group policies that are possible that still allow the students to log into their laptops. I can guarantee you that at one point as this program was being developed the following conversation, or one very much like it, happened:
Tech: "We need to take security measure X, because Y."
Suit: "How likely is Y to happen?"
Tech: "Hard to say, exactly, but it's possible, so we should do X. It will require additional effort Z, but it's a fair trade."
Suit: "And how much will Z cost us?"
Tech: "Well, it will probably generate additional help desk traffic."
Suit: "Work around it, help desk traffic costs money."
Tech: "If we do that, and Y happens, the entire network could be trashed and we'll have to hire (expensive) additional staff to fix things, and we could potentially be down for weeks or months."
Suit: "Ehh, that'll probably never happen. Do the workaround."
I'm guessing in this case the students were required to have privileged accounts on their laptops because of shitty software that doesn't install correctly in userland.
Re: (Score:3)
If they have any IT staff at all, they should be fired for incompetence. If they don't have any IT staff, the administrators should be fired for incompetence. Either way, someone should be fired for incompetence.
I work for a school district, in IT, and we don't let users have the ability to install anything. Period. A properly managed system, means that you have all the tools in place to get systems functioning without users needing Admin level (UAC or otherwise) access. Problem is, schools cry poverty when
Re: (Score:2)
No, they are to close to Redmond (Score:3)
I heard that if you buy a Mac, Ballmer comes to your house and dances the Developer dance in your garden. If you install linux, he dances naked.
Please think of your neighbors, install Windows.
On a more serious note, this was a MS project, MS is not going to install linux... well except for when they need a reliable stable server platform to host a project.
Re: (Score:2)
Re: (Score:2)
It would actually be a matter of making Linux not suck as a desktop OS.
Re: (Score:3)
Re: (Score:2)
Gotta love the irony of the person churning out the tired old "it's not ready for the desktop" line accusing another of trolling, though.
Oh really? (Score:5, Insightful)
...and last but not least, cost.
Wait...Windows 7-Ready hardware, Windows 7 Licensing Costs AND 5 additional IT-employees and they choose Microsoft because "it costs less"?! I seriously need to get a job in the public sector, seems like they can jack off all day or something.
Re:Oh really? (Score:4, Informative)
...and last but not least, cost.
Wait...Windows 7-Ready hardware, Windows 7 Licensing Costs AND 5 additional IT-employees and they choose Microsoft because "it costs less"?! I seriously need to get a job in the public sector, seems like they can jack off all day or something.
Uh, you forgot about the part where Redmond is in this district. Chances are all licensing costs were either eliminated or heavily subsidized for education. And Windows 7 "Ready" hardware? Please. That's a $250 i3 with 2GB of RAM in a school budget. Why do you think the PCs are running like frozen dogshit when infected. Nothing in the Apple store is that cheap, or that slow.
Re:Oh really? (Score:5, Insightful)
Wait...Windows 7-Ready hardware, Windows 7 Licensing Costs AND 5 additional IT-employees and they choose Microsoft because "it costs less"?! I seriously need to get a job in the public sector, seems like they can jack off all day or something.
I know it is fashionable to rail on government spending as wasteful in all circumstances, but this attitude always pisses me off.
For every government project that goes over-budget or delayed, there is a corporation happily cashing the checks and under-delivering. That's where the problem is.
Make all school districts use Windows! (Score:5, Funny)
Just imagine how many new IT jobs this would create.
Re:Make all school districts use Windows! (Score:5, Funny)
Re: (Score:2, Troll)
The broken Windows fallacy?
5 hired IT staff that would have been unnecessary had the school used Linux or Mac say so.
Re: (Score:2)
You can really believe that hiring 5 *temporary* employees to clean up a mess and give some advice costs more than the price difference between a mac (which wouldn't have necessarily fixed this, and mac techs probably cost more) and pc times, what, thousands of laptops?
Re: (Score:2)
An extreme example was the last job I had, where there was a typical level of windows admins, and there were zero unix admins. Everyone was given a machine with a blank hard drive, and told on their first day to install whatever OS/distro they wanted, and were comfortably running themselves. I guess a third went debian, a third ubuntu
Re: (Score:3)
Did they ask the kids to help them sort it out?
I know times have changed since I was a nipper, but at my school, there were probably 3 of the kids + 0 staff who knew the BBC + echonet system really well. I seem to remember one kid hacking it to within an inch of it's life then writing a report on "security" so he didn't get expelled for it. Anyway... my point is, the kids may know how to fix this better than these drongo staff members they hired (heck, the kids may have done it in the first place, so they'd
Sick (Score:2)
You can't just put "[sic]" next to any random string of characters and expect the reader to understand. What the hell is "whiel boosting creativity" supposed to mean, anyway? Maybe I'm slow this morning, but it took me 5 minutes to see the "while". Brackets can help readers stay engaged [and] informed [while] improving understanding, but this time they failed us.
Re:Sick (Score:4, Informative)
http://en.wikipedia.org/wiki/Sic [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
At least in the US, the convention is to use square brackets.
The real problem (Score:5, Insightful)
Among other things, TFA implies that this is because they were using 'PCs instead of Macs' [sic].
While it's true that OSX has way less malware than Windows, the main cause of malware infections is the users who click anything that's offered to them without thinking.
You can hide behind less popular operating systems, but the sad truth is that the average computer user simply can't handle the freedom of being able to do whatever they want, without messing things up.
So the solution is better tech education or--the cheaper way--locking things down. Both MS and Apple are doing it in their mobile OSs and they're starting to implement this in their desktop OSs as well.
Of course, the IT could also have locked Windows down with Group Policy and SRP, so that it would be pretty much impossible to install anything (unless reinstalling the OS).
Instead, they relied on some crappy antivirus (Sophos) and I wouldn't be surprised if the users were given admin rights as well.
I'm not a Microsoft fan at all (and they might have played dirty to get the school to use Windows), but the real story here is IT staff incompetence and the poor education of the average computer user.
Re: (Score:2)
"but the sad truth is that the average computer user simply can't handle the freedom of being able to do whatever they want, without messing things up."
The Sad truth is people actually believe you need to allow a user to anything they want. You dont. It's school property, you restrict your users to only what they need the devices for, anything else is simply incompetence.
Re: (Score:2)
"but the sad truth is that the average computer user simply can't handle the freedom of being able to do whatever they want, without messing things up."
The Sad truth is people actually believe you need to allow a user to anything they want. You dont. It's school property, you restrict your users to only what they need the devices for, anything else is simply incompetence.
The user needs to be sandboxed and he can do whatever he likes including install a virus without affecting the system. Sure he destroys his files if he is not careful but he does not destroy the system and he does not destroy the backups.
Limiting a computer in this situation would limit education. Users don't need to run any software above their privileges including IE and Office.
Re: (Score:2)
While it's true that OSX has way less malware than Windows, the main cause of malware infections is the users who click anything that's offered to them without thinking.
No. Any system that can be botched more or less accidentally is a complete failure. While GNU/Linux and to a lesser extent OS X are far from perfect, they make it considerably harder to run untrusted code, simply because this is an operation typically not needed during daily use.
Re: (Score:2)
How, exactly?
The main difference is that for admin stuff by default Windows will pop up a UAC prompt, while Linux will pop up a password prompt.
I don't think that's that much better, especially since you need to enter the password about as often as you need to click on a UAC prompt.
You seriously don't see a huge difference between a user being asked a yes/no question and having to come up with a password they've never been told? You're ok with a single click being the only rampart between your system files
Re: (Score:2)
You do know that non-admin users have to provide an admin login to elevate using UAC, right? And that proper Windows practice since Windows 2000 has been to run users as non-admins?
Re: (Score:2)
Re: (Score:3)
Windows' mess of not keeping system files and user files strictly separate is partly to blame.
Baloney. Windows keeps operating system files separate from installed application files and separate from user content files. Really.
Even in Win7 you all the time get warnings like "this program wants to make changes to your hard disk, allow/deny?"
No you don't. You get a prompt when a program wants to make changes to the system - not the hard disk. Where do you get your faulty information? Are you making it up? Windows is locked down so that regular users cannot make changes to the operating system or installed applications. Administrators can make changes to installed application files (directories below "program files
Re:The real problem (Score:5, Informative)
My information: from using a netbook with a stock Win7 Starter installation (installed by the shop). Never asked me for setting up a user account; never asked me for a password.
Windows Starter assumes - in line with other OSes like Ubuntu or OS X - that the first user is also the administrator. You can easily set up more users - and they will default to be regular users. But even if you never create another account, you do not run as administrator by default. The UAC prompt is the way you are asked whether you are ok with your administrative privileges being invoked for the action you are trying to perform. MS reasoned that requiring you to enter your password once again would offer little extra protection: If you have decided to go ahead and ignore the screen dimming down and a warning prompt you would probably also just type in the password as well.
Never asked me for setting up a user account
And you never looked for it.
never asked me for a password.
It asks for your password each time you log on. A password is used to prove identity. You prove your identity when you log on.
And yes, I'm pretty ignorant on Windows. I'm a plain user. I got the system, I use it, that's it.
You forget about the part where you use it to post about "the real problem" on slashdot where you claim Windows mix users and system files. As if you know what the real problem is.
If I'm running as "administrator" by default, that's Windows fault to allow that to begin with and not asking me to set up a user.
But you are not running as administrator by default. Your account has the permissions to act as an administrator (as the owner of the device), but by default you are running as a non-admin user (admin privileges stripped away at logon). Would you rather that the shop retained the administrative rights and only set you up with regular users privileges?
It's my experience as a user - who hasn't used Windows in a really really long time.
I have installed drivers on the system (for my printer and "USB mass storage" drivers for my phone), without the need for a password, just clicking "allow" when the prompt came.
Yes, the system does not allow new drivers to be installed without an administrators permission. That's the prompt. Do you sincerely believe it would be more secure if you were required to enter your password once again? Didn't you decide that it was ok to install the drivers? Wouldn't you have entered the password? If you believe it should prompt for your password then by all means go ahead and crank UAC up to maximum security. Then it will ask for password. Whether a password prompt would stop stupid users from hurting themselves is a matter of debate. Personally I don't believe it will stop users who just want to install a new pr0n codec. The major barrier is that the system *does not* allow silent installs. It *will* prompt you.
Oh sorry, not even that, it was just done by the system for the USB drivers, I plugged it in and it started to do stuff. I wouldn't know whether they are "kernel mode" drivers or otherwise, nor would I truly care - it just has to work.
Yes, if the drivers are bundled with the OS or available on WindowsUpdate it will just install them, as they have been vetted and are known not to be malicious. But again, if you want to be prompted just crank up the security. For the majority of users (especially the ignorant ones) the defaults just work. Like it did for you.
Need to teach the kids proper browsing habits (Score:4, Interesting)
Viruses are easy to take out of the system, but that doesn't stop the same behavior that puts the virus there in the first place.
Example: A friend of mine I end up fixing his laptop for viruses usually gets them because his kids are looking for TV shows and gets sent to sites that want them to download something. Boom, infected. Looking for a youtube/Disney/Hulu video downloading, boom! Infected.
I don't care too much because I get paid. And getting rid of the viruses/whatever is as easy as taking the harddrive out of the computer and hooking it to an already running computer (via usb-ide/sata adaptor), and run a few programs. Takes a few hours, or more depending on the size of the harddrive and how much space is taken up. But very, very easy to fix.
Re:Need to teach the kids proper browsing habits (Score:4, Insightful)
Re:Need to teach the kids proper browsing habits (Score:5, Insightful)
Re: (Score:2)
Chrome has its own built-in PDF reader which works fine for 99% of cases, no need for Foxit. Chrome even has a "Save to PDF" virtual printer so you don't even need Foxit for that.
bios malware? (Score:2)
I take it you don't believe in the existence of malware that can over-write the BIOS?
No. Need to teach admins proper admining habits. (Score:2)
From reading a quick description on how the virus works... This school seems to have no fucking clue what AD/GPO/LUA means. It sounds like the notebooks can either copy files to each other over the network or students can copy .exe's to the network servers. Fail 1. It also sounds like the students are running without least user authorization, aka, they can get admin access to their computers easy, or they already have it. Fail 2, maybe. It could have been a teacher who got it and was allowed to write stuff
It's not my fault! (Score:2)
How about they.... (Score:5, Insightful)
Hire COMPETENT IT staff to begin with? Honestly, what kind of amateur hour school is this? having to hire temp IT staff to deal with it, really? how about actually staffing your departments properly and with competent staff?
Re: (Score:2)
What I find curious about a need for temp IT staff is this:
If you are doing a deployment of that size(unless the district is a 1 room schoolhouse or something, "grades 6-12, all students" is a fair number of laptops), you will need some sort of system imaging setup, to plunk your OS and applications on new machines/machines that lost an HDD, you will need a decent number of lowish-skilled screwdriver labor to keep up with all the physical damage and parts replacements, and you will likely need some basic ne
Re: (Score:3)
Problem is most manufacturers are idiots and change models every 15 days. a stock image you make today will not work on the next batch of laptops you get.
Second School administrators are idiots. they dont buy Business class, they buy as cheap as possible and as random as possible. So yu get craptastic Compaq laptops bought 5 at a time over the summer. now you have 30 different models and revisions. No chance in hell to make a standard image. You have to make a OEM disk that will re install everything
Re:How about they.... (Score:5, Interesting)
Yeah... I didn't think so. After four years, I make around 60% of what I would in the private sector starting wage for the same job. Guess what, though! Jobs are scarce, so I can't afford to be picky. Yes, I'm good at what I do (and I've done great things for this school), but by no means is the public sector all green fields and pork barrel funding. We're more cash-strapped than you can imagine (I'm having to buy cheaper asset labels, for pity's sake).
Re: (Score:3)
There is a lot of money for you. Lower pay for administration. your principal does not need to make 6 figures. Oh and the Coach does not need to make high 5 figures. (Typically PE teachers make more than the Science teachers)
Call up a CxO in your company and tell him you can hire another three techs if he'd just lose an order of magnitude of his paycheque. Let me know how that goes.
Have you been drinking?
Here's what I think happened (Score:5, Insightful)
Before we blame the IT staff, let me give this some perspective. (I have nine years experience as a teacher & tech director in a public K-12 US school.)
First, I'm reasonably confident in saying that, if proper Group Policy was implemented and user restrictions put in place, this never would have happened. Second, this is a HUGE school district with over 50 schools. They can certainly afford a public liaison (who was speaking on behalf of the district in the local broadcast), and I'm sure they have a large IT staff...I'm guessing in the neighborhood of 20-30 employees. Though public school districts would pay less than Microsoft right next door, given the sheer numbers there must be at least a few people on that staff that know how to accomplish this and as well of its value in preventing this sort of mess from happening.
With that in mind, here's what I've concluded: There is likely someone with leadership authority who told IT staff to let students manage their own laptops and have admin privileges. Given the size of the district, the directive either came from the district technology committee, or directly from the superintendent, school board, or both. All it would take is a number of parents to ignorantly complain to a "friend on the board" that "Johnny's laptop is broken - he can't install the programs he needs to do his homework" for the school board to direct the superintendent to "fix the issue." Likely this was a top-down order; I simply cannot imagine a tech staff that large to be that incompetent on their own.
What bothers me about this is how they're going about trying to fix the problem. If I had a worst-case mass-deployment of a virus at my school, I would just recall all the equipment, reimage everything, and redeploy a week later. I would issue a directive to all the staff that the equipment is down for one week to be cleaned, and make due without it. It's either one week of downtime or months of unreliability. If teachers would know that they have the option of either the problem being fixed in a week or the problem being "managed" over months, they would all take the week's downtime in a heartbeat.
One other question I have for those here: have you ever encountered a Windows virus that, as they claim, just "spreads on the network" without user initiation of the virus by clicking on an executable, script, or loading an infected webpage? I think the much more likely scenario is that this virus is being spread through usb flash disks, but I'm not sure whether that explanation was too technical for staff to understand.
Re:How about they.... (Score:5, Insightful)
"Drugs are bad!"
Depends which drugs. Cannabis? Not so bad. Crack cocaine or meth? Hell yes!
"Kids are locked in prisons all day without any freedoms or rights"
Oh get over yourself. Kids are made to go to school because if left to their own devices 90% of them would learn NOTHING. And kids DON'T have the same rights as adults so stop sulking about it just because you probably didn't like school much.
"totally unnecessary activities such as gym/exercise/art/music/computers/and other classes that are non-essential."
Yeah , I mean who wants a country full of fat bastards with heart disease to get fit. I'm mean thats just cruel isn't it? As for other stuff, peh! Learning, who needs it eh when you can be a troll on slashdot all your life instead?
"setting up the school day for non-learning and/or non-critical life activities and then requiring every student to participate in them is wrong."
No, it isn't. But perhaps when you become an adult you'll realise why.
People psyhology... (Score:2)
...is not leaded by logic, but by "evil you know" decision chain. Therefore no matter how many homeworks Windows will eat, it will stay.
Switch OSes, that's the ticket! (Score:2)
Non-story: 90% still up and running (Score:2)
Translating from media hype: someone did something foolish on a computer, then got a new virus which spread quickly, but it hasn't been the end of the world. In fact, it seems contained. Weird how it's the worst possible virus. Funny how this just happened to
I guess that depends on what the definition of (Score:2)
"low cost". Maintaining a MS OS is only "low cost" if you have someone who will do it for free- i.e. you're the family geek, keeping the wife and kid's computers working so they can enjoy compatibility with systems at school and work.
I subscribe to the "conspiracy theory" of MS OSes. They are deliberately unreliable and insecure in order to keep an army of IT people employed fixing them. The army continues to support and specify MS OSes because they know they'll have years of bugs, security problems, and
Lake Washington School District (Score:2)
The geek kicks off on stories like these.
But a small word of caution: LWSD has a very good reputation
Lake Washington School District named to AP District Honor Roll [kirklandreporter.com]
Among the more than 900 U.S. and international middle school students invited to the ceremony on the Johns Hopkins University campus, all earned exceptionally high scores that place them well within the top one-half of one percent academically of all same-grade students.
Past participants in the CTY Talent Search include Facebook founder Mark Zuckerberg, Google cofounder Sergey Brin, and performer Lady Gaga.
Whiz Kid: Sammamish Middle-Schooler Kartik Iyer Honored for SAT Scores [patch.com]
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Its prefectly crolument.
Re: (Score:2)
The GP needs to embiggen their vocabulary.
Re:Why is ANY school district still using Win/Mac? (Score:4, Insightful)
There used to be this expression "no-one ever got fired for buying IBM". Buy IBM, and you're safe; if it still breaks you can always say "well I went with what everybody does, what is generally considered a good choice, so I did the best I could". By buying some no-name brand, or brandless hardware, you don't have this excuse. Then it's instantly your responsibility.
Same for Microsoft vs Linux. Linux is "that hacker platform" while Windows is "what all businesses use". It's the safe choice - from a job security pov. We know Linux is statistically more stable and secure than Windows, but if it goes wrong, it's the fault of the guy going for the alternative, off the beaten track, and insisting of going against what the rest of the world does.
Or for the obligatory car analogy: Linux is the self-driving car that reacts faster, is more alert, won't speed, stops for red lights, and has a perfect accident record, while Windows is the human driven car. When one of the human drivers has yet another accident, that's too bad, humans aren't perfect. When the self-driving car has an accident, that's a disaster, totally unacceptable and why isn't there a human at the wheel paying attention to correct those mistakes.
Re: (Score:3)
Uh, sure. In 1993. It's 2012 .. a vast number of businesses use Linux. It put the commercial Unixes out of business. Entire cities [pcworld.com] use Linux, even on the desktop. We have highly successful distros like Ubuntu that do nothing but pander to the non-hacker.
The only safety involved is "this here is Microsoft country, and the Microsofties on the board want Microsoft. MICROSOFT!" If you're getting generous donations [lwsf.org], you don't want
Re: (Score:3)
Re: (Score:2)
They probably shipped them with the free carpware virus checker.
Carpware? Sounds fishy.