Are we as prepared as we should be for the next virus attack?

During the heaviest viral activity in the history of the College, the Office of Information Technology (OIT) was able to avoid disaster on the College’s network this summer. However, concerns remain about the College’s ability to defeat a virus striking a full load of student computers on campus.

Despite the College’s success this summer, it is uncertain what would happen if a major virus attacked the campus with a full load of student computers on the network. All faculty computers are equipped with anti-virus software. Mark Berman, director of networks and systems for OIT, credited this as one of the reasons the campus network survived the summer.

However, a happy ending is not guaranteed for this school year. Although the College owns the relevant licenses for the Command F-PROT antivirus software, students must choose to download and install the software themselves. Many have not done so.

“If it had hit two weeks later, it probably would have been a lot worse,” Berman said.

Some have suggested the College should make more robust virus protection software available to students. At Middlebury, students have access to Symantec’s Norton Anti-Virus. At Amherst, all students are given licenses to McAfee VirusScan. While Norton and McAfee scored five and four stars, respectively, from PC Magazine, Command Antivirus was described as “disappointing in almost every regard” en route to a two-star rating. The software was criticized, among other things, for the difficulty of updating its virus definitions.

Williams also differs from some of its peer schools in the level of support it offers to students. While Swarthmore and Amherst, among others, offer to send support staff to student residences to help install software and check for viruses, Williams generally requires students to bring their computer, including heavy desktop computers, to Jesup, where OIT staff is located.

“We posted a sign on every dorm room door,” said Phil Fitz, director of Information Technology at Amherst. “We had a small army of students going from room to room to help with problems.”

The first major virus to strike the campus this summer was the Bugbear-B virus, which is specifically designed to attack computers running Microsoft Outlook or Outlook Express. The second was the Blaster-A worm. Unlike the Bugbear-B virus, the Blaster-A worm does not use e-mail communications to spread. Instead, it takes advantage of a security flaw in the system that computers running Microsoft Windows XP or NT use to communicate with each other. The most recent virus to attack, Sobig-F, creates its own mail engine. It gains access to the infected computer, achieving access to sensitive data. It also allows the infected computer to be set up as a spam relay server, according to Symantec, creator of the popular anti-virus software Norton.

Despite the unusually high number of quickly spreading viruses, the Williams network was never toppled. According to Berman, “We’re doing a whole lot better than most people. Some people are talking about networks coming to a complete halt.”

Berman credits the College’s relative success against viruses to several factors. The first, he said, is an excellent system that scans every email sent to, from or on the College network. “We were early in implementing that,” he added.

Recently, OIT increased the rate at which the College downloads new virus definitions from its vendor. Before the summer’s viruses hit, virus definitions were updated daily. However, they are now updated every three hours.

Because the Blaster-A worm does not spread by e-mail, however, the College’s e-mail scanning software is not an effective tool against it. But because Blaster was a poorly written virus, it was not able to wreak complete havoc on the campus.

“The Blaster worm was badly written, and the first symptom that we had of it was it was crashing machines,” Berman said. “The symptom was a machine would crash, reboot, and then almost as soon as it was back up, it would crash and reboot again. So, that was easy to find.”

Thus, the virus was fairly easy to defeat. Infected users could download a patch from the internet, or be given a patch CD from OIT. OIT staff also configured the Novell network so that when an infected user logged in, his or her computer would automatically be disinfected and patched.

“That was a real demonstration of the ingenuity of our people,” said Dinny Taylor, chief technology officer for OIT.

For now, the major risk against the College network seems to be Blaster-style worms the College’s e-mail scanning system is useless against them. However, the e-mail scanning system seems to be working fairly well, since OIT increased the rate of new virus definition downloads. In the month of August, it caught and deleted over 118,000 incarnations of the Sobig virus.

The College’s primary weapon against Blaster-style worms that don’t use e-mail to propagate is a system called Snort. Because all network users must register their computers when they connect them to the network, the College can identify suspicious, potentially viral network activity and identify which users are responsible for it. This has led to some members of the College community being informed via email that they are infected with a virus and instructed to bring their computers to Jesup Hall. If they do not swiftly do so, Berman said, they may find themselves disconnected from the College network.

The best tool that OIT has against viruses is education. Berman strongly urged all network users to install and keep updated anti-virus programs. Taylor stressed the importance of Windows users’ updating their computers with patches from Microsoft Windows Update.

Regardless of any problems the College may have had keeping its network clean, the situation could have been much worse. According to The Washington Post, George Mason University had to simply disconnect its entire network from the Internet so that it could get the network under control. At Oberlin, reports CNN, students are being threatened with a fine if they spread a virus.

In short, OIT seems to be winning the fight against the viruses – for now. “I feel really good about how we handled it,” Taylor said. “But we could certainly be vulnerable to the next new thing that comes along.”

Meanwhile, OIT announced on Saturday that it would begin to make wireless Internet access available on the College campus, beginning in the Schow Science Library and Jesup Hall.

“For the last year we have been prototyping technology for campus-wide wireless deployment,” Berman said. “We are now beginning to deploy wireless networking on campus.”

Because OIT plans to move slowly in its expansion of the wireless network over the next several years, those members of the College community wishing to install their own access points may do so. In order to allow as many people as possible to use these access points, as well as to manage the security of the College network, OIT is requiring users to register them. Failure to do so constitutes a violation of the Computing Ethics and Responsibilities Policy.

In order to access wireless connections in Schow and Jesup, users will need to configure their computers specifically to access the Williams wireless network. Information on how to do so, as well as a registration form for user-installed access points, is available on the OIT website.