Virus Eats School District's Homework 321
theodp writes "Forget about 'snow days' — the kids in the Lake Washington School District could probably use a few 'virus days.' Laptops issued to each student in grades 6-12 were supposed to accelerate learning ('Schools that piloted the laptops found that students stayed engaged nad [sic] organized whiel [sic] boosting creativity,' according to the district's Success Stories), but GeekWire reports that a computer virus caused havoc for the district as it worked its way through the Windows 7 computers, disrupting class and costing the district money — five temporary IT staff members were hired to help contain the virus. Among the reasons cited for the school district's choice of PCs over Macs were the proximity to Microsoft HQ (Redmond is in the district), Microsoft's involvement in supporting local and national education, and last but not least, cost. In the past, the Lake Washington School District served as a Poster Child of sorts for Microsoft's Trustworthy Computing Group."
Re:Sick (Score:4, Informative)
http://en.wikipedia.org/wiki/Sic [wikipedia.org]
Re:Oh really? (Score:4, Informative)
...and last but not least, cost.
Wait...Windows 7-Ready hardware, Windows 7 Licensing Costs AND 5 additional IT-employees and they choose Microsoft because "it costs less"?! I seriously need to get a job in the public sector, seems like they can jack off all day or something.
Uh, you forgot about the part where Redmond is in this district. Chances are all licensing costs were either eliminated or heavily subsidized for education. And Windows 7 "Ready" hardware? Please. That's a $250 i3 with 2GB of RAM in a school budget. Why do you think the PCs are running like frozen dogshit when infected. Nothing in the Apple store is that cheap, or that slow.
Re:Looks like the school district (Score:2, Informative)
It would have cost them less, because they'd have been a lot less likely to even come across a trojan compatible with their system.
"I can't get it to install"..? You mean people don't know how to click "run" or "ok" or whatever UAC says?
Re:Complete bollocks there. (Score:4, Informative)
Keep your voice down and we can have a conversation.
Issue #1: The user should be taught how to keep their system clean. Doesn't matter whether it is Linux, Windows or OSX. So they handed out devices without any restriction imposed on the user, the user who is a kid, and is supposed to be restricted they have enough knowledge to be responsible for their own computer-like devices. For the same reason, people having a driver instructor while driving for a while, pass an exam, and only after that they are allowed to drive their own, or other people's car.
Issue #2: All major existing operating system today is capable to restrict the user's actions if they are set up correctly. Now the commercial OSes, like Windows and OSX are advertised as an out-of-the-box solution, and thus people think that they are ready to be deployed in virtually any situations. In practice however, it turns out that when it comes to managing a bunch of devices for predefined goals apart from having fun with personal computing at home, you need a competent administrator or administrator team to handle the set up and the maintenance. Customer support just doesn't cut it for this reason. They off site, and slowly responding, and they don't really know what are the exact requirements for their installation. CS could be handy perhaps in individual cases, where the user works within its competence, but any organization working with computers regularly (as I deduced from the article, the whole point of giving out laptops is to get the education system computerized) need competent maintainer.
Windows isn't really more vulnerable to viruses than OSX in a competent hand, and Linux is just as much stable as any of the commercial operating systems if maintained by skilled administrator. And an competent system administrator would be completely aware of the fact that children are not the most trustworthy users when it comes to downloading and executing software from unknown sources.
So, in my opinion what the school board/administration did is cuting corners on their computer staff, or hired incompetent, unskilled cheap labour for the position. Either way, it isn't really the OS that really matters, it is the person who keeps it running.
Re:Looks like the school district (Score:4, Informative)
Hmm , lets see. Just off the top of my head - not tightly integrating the HTML engine with the core OS, not having all system daemons running with administrator privs, having a proper setuid system, not being able to send abitrary messages to the windows of other apps. I'm sure google can provide you with a load more.
Re:Looks like the school district (Score:5, Informative)
Re:The real problem (Score:5, Informative)
My information: from using a netbook with a stock Win7 Starter installation (installed by the shop). Never asked me for setting up a user account; never asked me for a password.
Windows Starter assumes - in line with other OSes like Ubuntu or OS X - that the first user is also the administrator. You can easily set up more users - and they will default to be regular users. But even if you never create another account, you do not run as administrator by default. The UAC prompt is the way you are asked whether you are ok with your administrative privileges being invoked for the action you are trying to perform. MS reasoned that requiring you to enter your password once again would offer little extra protection: If you have decided to go ahead and ignore the screen dimming down and a warning prompt you would probably also just type in the password as well.
Never asked me for setting up a user account
And you never looked for it.
never asked me for a password.
It asks for your password each time you log on. A password is used to prove identity. You prove your identity when you log on.
And yes, I'm pretty ignorant on Windows. I'm a plain user. I got the system, I use it, that's it.
You forget about the part where you use it to post about "the real problem" on slashdot where you claim Windows mix users and system files. As if you know what the real problem is.
If I'm running as "administrator" by default, that's Windows fault to allow that to begin with and not asking me to set up a user.
But you are not running as administrator by default. Your account has the permissions to act as an administrator (as the owner of the device), but by default you are running as a non-admin user (admin privileges stripped away at logon). Would you rather that the shop retained the administrative rights and only set you up with regular users privileges?
It's my experience as a user - who hasn't used Windows in a really really long time.
I have installed drivers on the system (for my printer and "USB mass storage" drivers for my phone), without the need for a password, just clicking "allow" when the prompt came.
Yes, the system does not allow new drivers to be installed without an administrators permission. That's the prompt. Do you sincerely believe it would be more secure if you were required to enter your password once again? Didn't you decide that it was ok to install the drivers? Wouldn't you have entered the password? If you believe it should prompt for your password then by all means go ahead and crank UAC up to maximum security. Then it will ask for password. Whether a password prompt would stop stupid users from hurting themselves is a matter of debate. Personally I don't believe it will stop users who just want to install a new pr0n codec. The major barrier is that the system *does not* allow silent installs. It *will* prompt you.
Oh sorry, not even that, it was just done by the system for the USB drivers, I plugged it in and it started to do stuff. I wouldn't know whether they are "kernel mode" drivers or otherwise, nor would I truly care - it just has to work.
Yes, if the drivers are bundled with the OS or available on WindowsUpdate it will just install them, as they have been vetted and are known not to be malicious. But again, if you want to be prompted just crank up the security. For the majority of users (especially the ignorant ones) the defaults just work. Like it did for you.