Handling malware

Hello all,

At MSU College of Law, we generally apply the Give a Fish vs. Teach to Fish principle to virus cleanups. Even though Michigan State has an inexpensive site license for Symantec, not all students want to buy it. The most infected laptops tend to be those where the student got a year of AV with purchase, but never renewed after the first year was up. We also let students know about various free AV and Firewall products (Avast!, Comodo, ClamAV, etc) they could install instead of a paid commercial product. In addition to updating their Antivirus, we help students install a Malware-specific scanner, such as MalwareBytes and/or Spybot-Search&Destroy. We show them how to get to safe mode, run scans and do manual updates on the AV and Malware scanners, and then leave a fair amount of the grunt work for them to do on their own. I've successfully removed infections with MalwareBytes and Spybot-S&D that Symantec and McAfee couldn't clean. (I highly recommend MalwareBytes for the recent rash of Facebook worms, fyi.)

In severe cases, we help students re-image their laptops, provided they still have their laptop vendor's System Restore and operating system DVDs or CDs that shipped with the computer. We don't have a large staff, so this allows us to service the student's needs and help them take the preventative steps necessary to reduce their chances of being reinfected. So far, we've saved a lot of laptops for very grateful students, we have very few repeat infections, and feedback from the students has been positive. Once a student has been through a major cleanup from an infection, they become quite adept at keeping their AV and Malware scanners up to date, as well as conducting regular scans of their own systems.

Just like changing the oil in their cars, people can learn to update and run regular scans to halt problems before they become too severe. Pain is an excellent teacher, and most people who spent a few hours and several reboots to clean viruses and malware off a machine will be more diligent about keeping their computer clean in the future.

John A. Resotko
Head of Systems Administration
Michigan State University College of Law
208 Law College Building
East Lansing, MI 48824-1300
email: resotko@law.msu.edu
Phone: 517-432-6836
Fax: 517-432-6861

Current Chairperson of the
MSU Network Communications Community

>>> Dennis Bishop <dennisbishop@gmail.com> 3/24/2009 5:38 PM >>>
Hi Daniel,

At UO Law we clean up our students' malware for them. Our campus has a
site license for McAfee but despite having it installed on all of our
Windows users' laptops, we still see a steady stream of infected
laptops. We have been having an especially difficult time with Vundo,
a nasty trojan that keeps coming back.

We also encourage our students to use Macs and have seen a significant
drop in help desk traffic with the increase of Macs in our school. I
understand that this might open up another can of worms for your IT
staff but thought I'd mention it since we have had so much success
with this decision.

Best regards,

Dennis

===

On Mar 19, 2009, at 11:43 AM, Ra, Daniel Dong Joo wrote:

> Hello all,
>
> Relative newcomer, though I do lurk around.
>
> Emory Law School is seeing a constant stream of students coming in
> with infected machines. I wanted to ask you all what your policies
> were with dealing with students’ infected machines. Do you take
> effort in removing the malware user by user? Do you take a hard-line
> stance and force a wipe/reinstall without condition? Etc.
>
> BTW, none of the viruses are zero-day exploits or anything extreme,
> but the very annoying, somewhat crippling viruses that plague the
> average user.
>
> Thanks,
> Dan
>
>
> Daniel Ra
> IT Help Desk Coordinator
> Emory Law School
> 1301 Clifton Rd, Atlanta, GA 30322
> dra(at)emory.edu
> (o) 404.712.4854
> (f) 404.727.6820
>
>
> This e-mail message (including any attachments) is for the sole use of
> the intended recipient(s) and may contain confidential and privileged
> information. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination,
> distribution
> or copying of this message (including any attachments) is strictly
> prohibited.
>
> If you have received this message in error, please contact
> the sender by reply e-mail message and destroy all copies of the
> original message (including attachments).
> _______________________________________________
> You are currently subscribed to teknoids as: dennisbishop@gmail.com.
> To unsubscribe send a blank email to teknoids-leave@ruckus.law.cornell.edu
> --
> See the web interface at http://ruckus.law.cornell.edu/mailman/listinfo/teknoids
> to get your list password, unsubscribe, and view your list settings.

---

Dennis Bishop
Director of Information & Technology
University of Oregon School of Law
Eugene OR 97403-1221
(541) 346-3877 - Voice
AIM: uolawitdir

_______________________________________________
You are currently subscribed to teknoids as: tekarchive@host2.teknoids.net.
To unsubscribe send a blank email to teknoids-leave@ruckus.law.cornell.edu
--
See the web interface at http://ruckus.law.cornell.edu/mailman/listinfo/teknoids to get your list password, unsubscribe, and view your list settings.