jmolini@nasamail.nasa.gov (JAMES E. MOLINI) (01/13/90)
Jeff Spitulnik writes: > What should be done to rid UM of the WDEF virus or of any virus for >that matter? How does the bureaucracy at your institution handle it? >I question the ethicality of a laissez-faire attitude on viruses at >any institution. Although I agree with Brian McMahon's response (Virus_L 9 Jan 90) that: > KNOWINGLY allowing unsuspecting users to contract infections is > EXTREMELY irresponsible. I think there is a more subtle problem here. If U. Mich is like most universities, they place a great deal of emphasis on COOP work terms and Summer Faculty Research programs at government agencies and corporations around the US. Since most of these people bring their own programs and utilities along with them, a laissez-faire attitude toward viruses is like not doing anything about head lice. It may be easy to do at home, but can be embarrassing if you go some place else. Once these people get to their prospective sites and infect a few computers, they may find that their sponsors are unwilling to take a similar risk next year. I can say from experience that the cost of eradicating a virus at a large research facility usually costs more than the money spent sponsoring the faculty fellow, or coop. Therefore, even though no one may directly say so, the amount of problems you cause with a naive attitude about computing could have a bearing on whether, or not you are invited back. (Please don't take this thought out of context and try to flame on me for it.) Something any university should be concerned about is the concept of "Guilt by association." I have listened to several people who used to (incorrectly) associate Lehigh University with virus problems. Fortunately Lehigh is now developing a reputation for their efforts in the area of virus control. But I think you understand the point. Now, there are a few minor guidelines that anyone can follow to reduce their chance of taking viruses, or malicious programs with them when they travel. Although the methods are not foolproof, they should reduce the risk to a more acceptable level. 1. Don't bring bootable floppies with you when you go to a new job. There is usually no need to boot someone else's machine from your floppy and it will go a long way toward stopping boot infector viruses. 2. If you have written programs to use while you are there, bring the source code and recompile your programs at the new location. It is a reasonable way to prevent viruses and will avoid problems you may have with OS version differences. 3. If you use public domain software, try to download copies from the Organizational BBS at your new location, if they have one. Most large institutions today have a designated BBS system which is frequently checked for viruses and malicious programs. And if you find that you are infected anyway, at least you know where you got the software from. 4. If you must bring executable code with you, ask your sponsor if there is a procedure for checking software that comes in. Usually this function is centralized and associated with other help functions that you will probably need in the future. Anyway, by asking, you will show yourself to be a knowledgeable and concerned user. 5. NEVER bring pirated software with you when you go to the new location. There is nothing worse than finding out that someone infected your site with a piece of software that they weren't supposed to have in the fist place. Most large organizations already have all the software you should need and have huge software investments to protect. Prudent organizations would see this as cause for immediate dismissal. I hope this helps. Jim Molini