Saturday, 11 July 2009

School blames ministry for antivirus failure

An article on stuff online, in the national, education section brought this to my attention

Virus-hit school in 'dinosaur age'
Last updated 05:00 10/07/2009

A school is demanding thousands of dollars in compensation from the Education Ministry after computer software it supplied failed to detect a virus.
Otaki College says its computer network has been crippled for more than a month after the Conficker virus infected it. It now expects a $10,000 repair bill.
The virus has infected millions of personal computers worldwide and hit the Health Ministry in January. A memory card was thought to have been the source of the Otaki College infection. Up to 30 other schools in Wellington are also dealing with computer viruses, but Otaki College was the only one with the Conficker bug.
Otaki College head of ICT Chris Magill said the virus took the school back to the "dinosaur age", with all 400 computers disabled, forcing teachers to take the roll manually and postpone reports for six weeks.
The college's anti-virus program was supplied by the Education Ministry, so it was only fair that the ministry paid for the repairs, he said.
"We had the program installed on all our computers and servers and the virus went right past it. We hope they come to the party. In some respects they have allowed schools to get into this situation by offering software that doesn't do the job."
It would probably be another 10 days before the problem was fixed.
However, the ministry said the school should have made contact as soon as the problem emerged.
"We knew nothing about the problems described at Otaki College until they emailed us with a request for a $10,000 reimbursement, one month after the problem first appeared," senior ICT consultant Douglas Harre said.
"If the school had contacted us initially we would have provided any necessary support to assist them, including the services of on-site engineers if required, at no cost to the school.
"We do not have a policy of reimbursing schools who, rather than contacting us about the problem, go elsewhere to have computer problems fixed."
The software, which has been installed at more than 2200 schools since 2003, was provided at no cost to schools. However, its use was not compulsory and schools were free to use other products.
Aaron Middlemiss of Norrcom, which provides IT support for schools, said computer viruses had always been a problem for schools, but this year seemed to be particularly bad.
"We are dealing with viruses at about 30 schools, but none are as bad as the catastrophe of problems that were caused at Otaki College."
Microsoft NZ spokesman Brett Roberts said Conficker could turn computers into zombies, allowing them to be controlled remotely. The virus could spread spam, steal corporate data or perform cyber extortion or cyber militia attacks.
By NATHAN BEAUMONT - The Dominion Post

Wasn't this the critical patch that was circulated October last year, microsoft informed people through it website?

Microsoft issued a patch for MS08-067 on October 23 2008 and rates the severity of the flaw as "Critical." for all previous versions of Windows 2000, XP, XP-64, and Server 2003. Windows Vista and Windows Server 2008 are apparently less vulnerable; Microsoft's aggregate severity rating for these two operating systems is "Important."

There's a story within the rise of Conficker that I think is worth exploring. Microsoft appears to have dealt with this issue in textbook fashion; the company issued a warning, released a patch, and (presumably) rolled that patch into November's Patch Tuesday.

No comments: