Virus Eats School District's Homework 321
theodp writes "Forget about 'snow days' — the kids in the Lake Washington School District could probably use a few 'virus days.' Laptops issued to each student in grades 6-12 were supposed to accelerate learning ('Schools that piloted the laptops found that students stayed engaged nad [sic] organized whiel [sic] boosting creativity,' according to the district's Success Stories), but GeekWire reports that a computer virus caused havoc for the district as it worked its way through the Windows 7 computers, disrupting class and costing the district money — five temporary IT staff members were hired to help contain the virus. Among the reasons cited for the school district's choice of PCs over Macs were the proximity to Microsoft HQ (Redmond is in the district), Microsoft's involvement in supporting local and national education, and last but not least, cost. In the past, the Lake Washington School District served as a Poster Child of sorts for Microsoft's Trustworthy Computing Group."
Is it 10 years already? (Score:4, Interesting)
There once was this thing, the "trustworty computing" pledge. [theregister.co.uk]
What happened to that?
And Linux? (Score:5, Interesting)
Among the reasons cited for the school district's choice of PCs over Mac's were (...) cost.
And yet Linux was never an option? Avoided Apple to reduce the cost and ended up hiring 5 people to contain the damage that came as a consequence of their choice... way to go!
Need to teach the kids proper browsing habits (Score:4, Interesting)
Viruses are easy to take out of the system, but that doesn't stop the same behavior that puts the virus there in the first place.
Example: A friend of mine I end up fixing his laptop for viruses usually gets them because his kids are looking for TV shows and gets sent to sites that want them to download something. Boom, infected. Looking for a youtube/Disney/Hulu video downloading, boom! Infected.
I don't care too much because I get paid. And getting rid of the viruses/whatever is as easy as taking the harddrive out of the computer and hooking it to an already running computer (via usb-ide/sata adaptor), and run a few programs. Takes a few hours, or more depending on the size of the harddrive and how much space is taken up. But very, very easy to fix.
Re:Looks like the school district (Score:3, Interesting)
... all the while trying to save "cost" :-)
I'm not sure how it would have cost them any less if they'd have gone with an Apple-branded OS. Or even Linux for that matter.
Despite what the summary and school says, technically this was a Trojan which drops a backdoor into the system. It's been detectable by all the major AV software vendors for a very long time, the earliest variants were from back in the old DOS days.
Since the school can't even manage to spell properly, I'm going to assume that what happened was something like this:
Child A: "I heard this is cool, let's open it up!"
Child B: "But it keep says there's a warning. I can't get it to install."
Child C: "I already have it. I have a friend on Facebook called p3d0b3ar who sent it to me last week. Here's how to make the warning go away."
Child A & B: "Cool! Let's help all our friends install it too!"
Re:Looks like the school district (Score:3, Interesting)
"Here's how to make the warning go away."
If only it were that difficult.
I got a virus last week because I was trying to install MS antivirus on a machine. Microsoft Security Essentials requires a WGA check and it failed for some reason (don't know why - it was a perfectly legal machine).
Anyway, I went to Google to see if I could find a workaround and ... the very first page I visited installed a virus on the machine. No warnings, no permissions asked for. Some system dialog or other flashed up then ten seconds later I was looking at one of those "Police! Your computer has been locked!" screens (and the prospect of another Late Night With Windows(TM)).
Catching a virus by trying to install an anti-virus? Only with "Trustworthy Computing"....
Re:How about they.... (Score:5, Interesting)
Yeah... I didn't think so. After four years, I make around 60% of what I would in the private sector starting wage for the same job. Guess what, though! Jobs are scarce, so I can't afford to be picky. Yes, I'm good at what I do (and I've done great things for this school), but by no means is the public sector all green fields and pork barrel funding. We're more cash-strapped than you can imagine (I'm having to buy cheaper asset labels, for pity's sake).
Re:Looks like the school district (Score:5, Interesting)
Windows however does not have privileged separation from the ground up
What do you suppose UAC is? And what do you mean "from the ground up"-- NT "from the ground up" has notions of users and different privilege levels that possibly eclipses the Unix world in scope and granularity.
Why do you think Chrome has robust sandboxing on Windows, but not on other platforms? As I recall, the reason the Chrome team gave was that, quite simply, Windows had better supported mechanisms for stripping privileges from processes (I believe they mentioned there was a way to do the sandboxing, but it used a little-used method that was not recommended on Linux).
Im not a Linux guru; Ill admit that. But Im not aware of a bog-standard Linux or Mac install having the ability to set permissions and privileges on specific processes completely aside from the context that launched them; or being able to set permissions on specific entries in a particular plist file (the equivalent of per-key permissions in the windows registry). As I recall, Windows also has more robust ASLR-- or at least did for many years-- than Linux or Mac, earlier support for DEP, and more granular ACLs on its default filesystem.
I really dont want to get into a "this OS is better than that" argument, because different philosophies went into each, and each has its strength. OSX focuses heavily on user experience. Linux focuses heavily on modularity, flexibility, and extreme hackability. Windows tends to focus on business and end-user experience, but without as much focus on OSX; there is also, however, a very big focus on security given all the bad press Windows has had over the years. It has very much undergone trial by fire, and to some extent that makes me less inclined to just say "go OSX; it has 0 track record with thwarting viruses, but Im sure it will be fine". Most big viruses I see either tend to be on XP holdouts, or else tend to be removable in a few minutes due in large part to UAC.
Re:Looks like the school district (Score:2, Interesting)
Dunno, but in linux system daemons run under all sorts of users. eg apache, smmsp, daemon.
Your examples are bad. The windows equivalents also run under non-system accounts. IIS has its own account that it uses to run under. Most services that you install aftermarket generally recommend that you install under a separate user account-- although, as in Linux, you have the option of being unwise and running with root privileges.
Windows was a free for all desktop OS thats been upgraded piecemeal over the years and it shows.
Windows NT and above were built from the ground up for privilege separation. I could just as easily remark that ACLs and Mandatory Access Control were bolted onto Linux after the fact; AFAIK you cannot for example grant "create folder" access in Ext3/4 without granting delete folder, create file, delete file, and change permission rights as well-- at least not without using something "bolted on after the fact"