German Ministry of Education Throws Away PCs For 190,000 € Due To Infection 347
An anonymous reader writes "German IT magazine Heise reports (original in German) that the Ministry of Education in Schwerin had a Conficker virus infection on 170 machines, that was dealt with by simply throwing them on the trash. Other German authorities have now decided that 'the approach taken is not up to the principle of efficiency and economy' and that the 187,300 Euro invested in this radical form of virus removal were inappropriate. The ministry had earlier estimated the cost of cleaning their desktops and servers by more conventional means to 130,000 Euro."
Re:Money well spent (Score:5, Interesting)
Conficker.... suddenly it becomes clear. I know an organisation that was infected, and they ended up spending 2 weeks with a Microsoft consultant to clear everything up. The problem is that it spreads too quickly, so when you clear a PC and move on to the next, it re-infects the first one. Silly old Microsoft.
So, if they upgraded their PCs too.... makes perfect sense. I wouldn't have binned the old ones though, I'd have wiped the HDDs and sold them or given them away.
Re:Conficker???? (Score:5, Interesting)
Re:760 Euros per PC (Score:4, Interesting)
For half of that money I'd fucking take a first class plane trip to Germany, pay for my own hotel, and be done reimaging their PCs over a workweek. That includes deploying whatever they need deployed on those PCs, and leaving a solution in place to reimage them at will. And that's all being quite green when it comes to Windows administration. At work I really only do the minimum needed not to need to muck with it.
Re:Money well spent (Score:4, Interesting)
This thread is disappointing. So much hate. Hate leads to fear, and fear leads to the dark side.
Anyway. Conflicker. Nasty. Simple. Old. A clean up is not easy, but conflicker requires some bad baselines to be operating for it to get through and thrive. If you fix the baseline issues, the clean up can follow. A clean susyem thats updated properly isn't infectable via conflicker. So frankly a system sorted put back in should be fine. You'll obviously have to do this step by step and yes, there is a price. Most orgs this size have IT staff so I don't know how the figures are drawn up.
I also have to say, the clean up tools and detection tools mean attacking conflicker infection is on the easier end of security clean up. The story is sad because it seems to indicate ever present stupidity in public services. Advocates and supporters of public services need to understand that its not a ob creation scheme. If someone has a role or job, they must be competant. Trained. Skilled. People who are not have no place in it.
Re:Far cheaper options (Score:5, Interesting)
Re:Money well spent (Score:4, Interesting)
No, conflicker has worm elements. So, the hard part of the clean up is not per se an individual machine. Its that you need to solve the baseline problems that allow conflicker to do its thing.
Re-installing 'stuff' won't make this go away. Doing it wrong just reinfects the machine.
So, as I said, what has to be done is the cause and baselines that allow conflicker to replicate have to be solved (harder part) - and then machines with good baselines go through clean up and go back on the network (easier part..)
http://support.microsoft.com/kb/962007 [microsoft.com]
Any tech learning about conflicker can read about it, and start to understand what needs to be fixed. Patch, correct password weakenesses, stop autorun etc etc. Today, this is somewhat simple as a lot of tools and detection tools exist.
People in threat waving around Fdisk and re-install media saying 'they could fix this' - probably in fact are clueless and need to understand the problems involved. Conflicker breeds off poor security and bad baselines. Thats how it gets in. Thats how it replicates. Thats how it hangs around and re-infects.
Lather, Rinse, Repeat. (Score:3, Interesting)
There's only so many times you can lather, rinse and repeat in a given time period before someone points out that you're insane.
Some folks might think I'm saying switch to Linux instead of just creating a fresh patch of systems to be virused. Smarter folks would realize that VMs with automated image rollouts would be a much better (and even OS agnostic) investment in the long run.
Is that PC hitting public facing stuff, or does it allow users to bring their own data? Then it should be hosted via VM then unless you're focusing on 3D graphics applications.
Next time they do a Hardware upgrade, you just roll out the VMs again and save virtually all the "support" cost of the rollout. Pays for itself after one or two upgrades. Doubly so if you've got a nasty malware infection since you already have the re-imaging process in place. With hardware supported virtualization standard now, it's kind of dumb to even not be using it...
Re:Far cheaper options (Score:4, Interesting)
Why would you sit and stare at a computer while running virus removal tools. Move on to the next computer. This is a very common virus with pre-made tools available to remove it from several vendors. Just start it running on 100 computers at a time - just as fast as you can run and type.
All you have to do is get one computer fixed reliably. Then just make sure you do the same thing to the others. It's not like you have hundreds of totally unique infections.
Re:They ain't dumb (Score:4, Interesting)
Seems that my country is not alone in employing the stupidest morons they can find for jobs in the departments/agencies/institutions that the state controls. Waste of money and waste of human resources in a time when unemployment for young people is soaring.
A damn shame.
Re:Money well spent (Score:2, Interesting)
1 machine per hour as gross underestimate is gross incompetence.
There should be an image or at least an install disk with all updates slipstreamed, and even manually you can do reinstall on 3-5 machines at once.