padgett%tccslr.dnet@uvs1.orl.mmc.com (Padgett Peterson) (03/26/91)
>From: eldar@lomi.spb.su (Eldar A. Musaev) >Subject: Re: Standardized virus signatures (PC) >The scanners have an unpleasant feature. If someone changes the >signature of the virus, it (virus) becames unfamiliar to scanner. >Subject: Hardware failures & viruses (PC) >I am very often disturbed by users who takes hardware failures for a virus. These and several recent postings from institutional users really have the same solution. Like the PC model I have been discussing lately, it is a layered solution: First, divide the institution into three elements: Users, Technicians, and Gurus (for want of a better term). The great bulk of the population are the Users. The are concerned with completion of tasks and require tools that are able to help them. Users should be concerned only with a binary question - Is the machine working properly ? Yes/No. In order to do this the user must be trained to be able to determine this. For a bare PC, this requires considerable sophistication but with layered in integrity checking such as we have discussed, all that may be necessary is to respond to a screen. The real message that is taught is that "If an exception occurs, call a technician". Second, the technician must be equipped with the tools of his/her trade. In the case of the PC, these will include viral scanning devices and programs. The technician's responsibility is again binary: Can I repair the machine ? Yes/No. To be able to do this, the technician is trained not only as a user (though this is necessary), but also in the repair and structure of the machine. Here the message is "Repair the machine if you understand the problem, call a Guru if not". Third is the "Guru" who may or may not be an employee but who is on call and is capable of determining any problem: hardware, software, mistake, or virus. Generally, this role will be handled by not more than one or two people in an organization who will also design "seamless" training. From this structure, levels of responsibility will also emerge. The User is required only to report malfunctions. The technician to repair those problems that are understood, and the Guru to direct training and handle all else. The dicotomy of the Guru is necessary since this is where evaluations must be made to determine when to add functions, directions, and training to the lower levels. Unfortunately, in many organizations, the third level is left off and results in the problems that Mr. Musaev refers to. It would appear that in his organization that he is "informally" filling the "Guru" function without the auhorization to determine where the functional divisions are and what training each shall receive. With this three layer model, the division of labor becomes natural, provides natural filters at each level, and allows personnel to rise according to their ability. With proper training and internal integrity checking, the users can correct the bulk of their problems themselves or with a telephone call. Of the remainder, most can be corrected by the technicians, leaving the "Guru" to handle the few really difficult ones. Scanners, by their nature are a very valuable tool for the second level (technicians) since proper use and disinfection procedures require knowlege and training to determine how disinfection can be done with minimum impact (low level formatting is never necessary). At this point 90+% efficiency is sufficient so long as limitations are understood. They are also valuable tools for the "Guru" as an aid. Good Scanners state up front that only known malicious software can be found. And the technician must have a means to handle something he/she does not know how to handle. For this reason, the users must have a tool (whether they know it or not) that will detect change to a system, if it includes Scanning, fine but scanning alone is insufficient a "complete" answer. In my experience, the ratio of users/platforms to technicians is usually about 200:1 and it is unusual for any organization to have more than one or two "Gurus". Enough, Padgett