Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Bug Operating Systems Software Windows

Computer Viruses Cripple Colorado DMV 394

Mr. Christmas Lights writes "The Denver Post has written the last three days (Tue, Wed, Thu) about how computer viruses have crippled the Colorado Department of Motor Vehicle's computers since last Friday. This has prevented them from issuing new/renewed licenses, so they are providing 30-day extension stickers. The 'dozen experts' have decided that 'fresh software' is the best way to remedy it - probably means re-installing Windows, but have they considered Linux? Colorado seems to be having its share of problems - today's article mentions the Zinc Whiskers issue several months ago that knocked the the Colorado secretary of state offline for a couple of weeks. And it could only get worse as the JPEG exploit starts showing up in the wild."
This discussion has been archived. No new comments can be posted.

Computer Viruses Cripple Colorado DMV

Comments Filter:
  • I'm sure... (Score:5, Funny)

    by BJZQ8 ( 644168 ) on Thursday September 23, 2004 @12:05PM (#10330658) Homepage Journal
    I'm sure the "fresh software" will be provided free of charge to the state...
    • Re:I'm sure... (Score:2, Insightful)

      by Anonymous Coward
      Hmmm ... speculation, speculation.

      Lets say they are running windows, and they don't have the expertise to secure it. What makes you (the submitter) think that they'll be able to run linux properly?
      • Re:I'm sure... (Score:5, Insightful)

        by shokk ( 187512 ) <ernieoporto @ y a h o o .com> on Thursday September 23, 2004 @01:18PM (#10331646) Homepage Journal
        And if they do run Linux, what makes you think that the existing software will run on Linux? Remember, the idea here is to get their existing service up and running as quickly as possible, not set up a platform for them to surf the web from instead of doing their actual work.
      • I only know what I read in the Denver Post the last three days (links in the submission) and it doesn't specify what type of OS they run, so that's why I said "probably means re-installing Windows" which I bet is a reasonable guess.

        In response to some other comments, it should be obvious to all that in a crisis/recovery situation, you don't switch OS's or other major changes, so they should recover to whatever they are using now ... but long-term (if they are running Windows), they may want to consider Li

      • When you submit to Slashdot, you don't have to think. Just use the word "linux" as an answer to any problem.
    • Re:I'm sure... (Score:5, Insightful)

      by dasmegabyte ( 267018 ) <das@OHNOWHATSTHISdasmegabyte.org> on Thursday September 23, 2004 @01:40PM (#10331995) Homepage Journal
      DMV software isn't the sort of thing you find on the shelf at Best Buy. The state is probably using custom software that will only run on one platform. They probably either designed it themselves or paid a contractor to do so. Either way, no new charges should be accrued...this sort of thing would be included in a yearly maintenance contract. Rewriting the software in Linux wouldn't be an option and it's embarrassing that somebody would suggest it. It'd be like telling somebody with a sick dog that they should have bought a cat.

      "Fresh software" probably means bringing down the whole network, reinstalling and patching all machine operating systems, and then reinstalling the software. This will not cost anything extra in terms of the software -- however, the process will surely be costly in terms of manpower (I'm sure the state doesn't employ enough IT staff for every DMV office) and the state will have to pay for it. My company has had, on occasion, requests to help our customers recover from viruses they did not properly protect themselves from. We charge a premium for this service, because 1) there's nobody else who knows how to do it well 2) we TELL them how to protect themselves, and they still don't do it.

      So, in short: no, the "fresh software" won't cost them anything. Installing it, however, won't be cheap. And I'm guessing the state doesn't have a discretionary budget for this sort of thing, meaning something will be getting cut.
  • by account_deleted ( 4530225 ) on Thursday September 23, 2004 @12:06PM (#10330660)
    Comment removed based on user account deletion
  • What the hell (Score:5, Insightful)

    by chrisopherpace ( 756918 ) <cpace.hnsg@net> on Thursday September 23, 2004 @12:06PM (#10330665) Homepage
    There are removal tools out there guys. You don't actually *HAVE* to re-install it to remove an infection. Sounds like the CO DMV needs to hire someone who knows what they are doing!
    • Re:What the hell (Score:3, Insightful)

      by GigsVT ( 208848 )
      The only way to be sure is to reinstall from trusted, read-only media.

      This isn't some LAN Party box, these are machines with access to millions of people's private data. It's not enough to be "pretty sure".

      I feel sorry for the company you work for, it sounds like they need to hire someone that knows what they are doing.
    • Re:What the hell (Score:5, Insightful)

      by Anonymous Coward on Thursday September 23, 2004 @12:26PM (#10330894)
      Just about any compromised Windows network is caused by a sysadmin who doesn't know how to properly run a network.
      First, a firewall will prevent most exploits. Second, some kind of antivirus filtering on the mail server. Third, an updated version of some form of antivirus software on workstations to prevent risk by mailer worms that don't get caught by the firewall. Fourth, keep systems updated.
      Is this so difficult for people to understand? If regular users switch to any other OS, you will still have problems with mailer-type viruses. As a result, you will need antivirus on any system that has one available.
      I know this flies in the face of a majority of slashdot readers, but just because you have placebo-effect OS security (for example, "I run Linux or UNIX, therefore, I don't need to worry about having a compromised system" despite not having patched it in a few years) doesn't mean that you shouldn't strive to further secure every system on your network.

      Now, I know of plenty of people that can keep a clean Windows network following the steps outlined. These people make as little as $8/hr. The CO DMV could have prevented this by hiring an intern, shelling out a couple hundred for some quality firewall software (Astaro Linux seems to be fairly easy to use yet secure) and an antivirus package to lock things down in a few days. Problem solved, no need for a full Linux desktop conversion here.
      Carry on.
      • Re:What the hell (Score:5, Informative)

        by jefftp ( 35835 ) on Thursday September 23, 2004 @02:29PM (#10332678)
        First, a firewall doesn't protect you from jack now-a-days. The perimeter is compromised and the enemy is every Windows XP machine.

        It's near impossible to keep a Windows network operational since MSBlast first hit the net. TCP port 445 is every network admins' favorite port--you need it somewhat open for users to get to file shares and it just so happens to be the favorite TCP port of every virus I've encountered over the last six months.

        Second, some kind of antivirus filter on the mail server protects you only from non-zero day exploits, and only those that travel through email. The same is true for antivirus software on the workstations.

        Fourth, you finally got one right, keeping systems updated with patches is the best way to actually avoid most virus/worms. The problem with that is finding an affordable patch management system and actually having someone in upper management who understands why such a system is essential. Usually it takes a massive network outage to get the message through.

        These people who run networks for $8/hr probably don't run networks with 250,000 users across 318 sites like I do. (If they do then they are either crazy or stupid.) When you get to some real numbers of users all your simple rules go out the window.

        One user installing an trojan can and will bring down the network. It's only through heavy-handed use of access-lists and static mac-address-table entries that my network has stayed up acceptably this week while our virus provider analysed three new worm variants.

        Patched workstations would have avoided the problems all together, but I just run the network here, I can't (yet) force the machines to be up to date on patches... come on 802.1x rollout.
        • Re:What the hell (Score:3, Insightful)

          by PPGMD ( 679725 )
          He forgot the proxy server with anti-virus software installed. It should also have limited access control list.

          Also do not allow executables through the mail server, and disallow all macros in office, disallow all compressed files. Sure it cramps some peoples stuff, but most companies make do, besides you shouldn't be sending that kind of stuff via e-mail. Also the proxy server should have the same rules, a normal user shouldn't need to run executables.

          Also most virus e-mails are from Spam IPs (aka home

      • Re:What the hell (Score:3, Informative)

        by Zak3056 ( 69287 ) *
        First, a firewall will prevent most exploits. Second, some kind of antivirus filtering on the mail server. Third, an updated version of some form of antivirus software on workstations to prevent risk by mailer worms that don't get caught by the firewall. Fourth, keep systems updated.

        All good suggestions--I'd like to add "block things like .exe, .pif, and .vbs attachments at the mail gateway" as well--but still not 100% foolproof.

        Your users could visit websites that do driveby installs of malicious code.
    • Re:What the hell (Score:5, Insightful)

      by Darth_brooks ( 180756 ) <clipper377@g[ ]l.com ['mai' in gap]> on Thursday September 23, 2004 @12:29PM (#10330941) Homepage
      It's fun to play armchair QB.

      Let's assume it's Sasser or blaster that's brought down the network. You'll have to go to each machine, run the removal tool to remove the virus, then patch the system so you don't get infected again. Wash rinse repeat for every infected machine on the on the system.

      Or, you can eliminate the hassle of going to each system by mulitcasting a patched, clean, and perhaps improved system image using Ghost or something similar. Hell you can do that from a central console and never even see the remote machines. Why dick around cleaning up a virus and patching a single box when you can push out a clean image to all the machines remote site?

      I'll wrestle with a virus when a machine absolutly can't be blown away. In an ideal world (where user files are on network drives and gumdrop fairys eat marmalade pies) that's never, but in reality it's once in a great while.

      Now, they may not have the pipe to push an image to all the remote locations, so they're probably stuck sending the lackeys out into the field. That's going to take considerably longer (say, a couple days), but it's a small price for knowing the job is done right, and you're not just fixing up an old home for the same virus.
      • Re:What the hell (Score:3, Insightful)

        by Enigma_Man ( 756516 )
        Ha, you think that a government agency would have things like "multicasting", "Ghost", or even know what a "central console" is? HAHAHAHA. It's not a matter of having the pipe. It's the fricking state government. Try working for/with them sometime in your life. I've worked for two state government computer agencies over school summer vacations. Let me tell you, it is beyond retarded there in terms of technology. It got to the point where I asked one of my bosses "how in the hell did you get this job?" to wh
      • Re:What the hell (Score:3, Insightful)

        by pbranes ( 565105 )
        Have you ever mass wiped hundreds of people's workstations? They aren't going to be too happy. People tend to want to back up their email, documents, and other data that they use to do their job.

        No, in a virus infection like this, they should clean off each system, and then they should implement some real security measures - even free ones will do:

        • Use SUS to distribute patches - its free from Microsoft.
        • Use group policies to set security settings such as IE security settings, IPSec, firewall, and even
    • Re:What the hell (Score:5, Insightful)

      by jd142 ( 129673 ) on Thursday September 23, 2004 @12:34PM (#10331005) Homepage
      Unless they're wrong and it's not viruses that are causing the problem but ad and spyware that have infected IE, possibly even acting as local proxies. I've seen some of the nastier ones add their own proxy into the tcp/ip stack and cause all sorts of networking problems. Not to mention the normal problems of popups and redirects.

      Some of them are bad enough that there aren't any good removal tools. From http://www.scumware.com/apps/scumware.php/action:: view_article/article_id::1075329940/topic::Scumwar e,-Spyware,-Adware-&-Malware-Applications/ in regards to the CoolWebSearch malware:

      "Its growing complexity and the difficulty of removing the latest CoolWebSearch variants coupled with decreasing time available have culminated in the decision to stop updating CoolWebShredder."

      And there are others that are just as bad.

      Just because the paper calls it a virus doesn't necessarily make it so.

      A new image, with things like spybot, spywareguard and spyblaster on it should be deployed asap. And switch them all to Firefox.

      • If this indeed is a virus/trojan/spyware//Microsoft Windows(TM) problem...
        Why do DMV employees need internet access in the first place?

        If they need email to communicate with other employees, 99.99999999% of it can be handled via an internel email network - no internet needed. _No one_ particularly needs an @co.dmv.gov email address.
        Why does a DMV employee need IE connected to the internet? Short of "Internet" being part of it's name, there's no reason. Any "IE only" network applications they might be using
        • Maybe because they need to communicate with other state agencies, local governments and agencies, vendors, and the public. Not to mention the federal government and other state governments. The world is much more complicated than you think.
  • by swillden ( 191260 ) * <shawn-ds@willden.org> on Thursday September 23, 2004 @12:06PM (#10330668) Journal

    have they considered Linux?

    I should hope not! Don't you realize that Norton Anti-virus doesn't run on Linux? How would they protect themselves from these destructive viruses without every machine devoting a few hours each day to scanning for and eliminating viruses?

    I suppose it's understandable that you overlooked this problem, though, I hadn't ever thought of it either until some security brainiacs at a client's headquarters refused to allow me to connect my laptop to their network unless I could demonstrate that a reputable virus scanner was checking my machine at least daily. I pointed out that my laptop runs Linux, and that there are no Linux viruses in the wild, but they made it clear that that doesn't matter -- any machine without a virus scanner is a risk to their uber-secure network.

    I sure am glad they explained that to me...

  • JPEG? (Score:2, Funny)

    How does the JPEG exploit affect the DMV? Are the lines so long because the agents are looking at pr0n all day long?
  • by American AC in Paris ( 230456 ) * on Thursday September 23, 2004 @12:07PM (#10330671) Homepage
    Crippling the DMV? That's on par with outsmarting a bar stool.

    The 'dozen experts' have decided that 'fresh software' is the best way to remedy it - probably means re-installing Windows, but have they considered Linux?

    Oh, brilliant idea. Why, they could have their entire statewide system gutted, upgraded to Linux, re-designed, re-written, tested, debugged, deployed, up and running in the time it takes Gentoo to boot!

    • Why, they could have their entire statewide system gutted, upgraded to Linux, re-designed, re-written, tested, debugged, deployed, up and running in the time it takes Gentoo to boot!

      More like, in the time it takes gentoo to install.
  • by skrysakj ( 32108 ) * on Thursday September 23, 2004 @12:07PM (#10330672) Homepage Journal
    No entity (person, company, or organization) has faced a more damaging enemy than their own mistakes, laziness, and incompetence. [aka. themselves]

    Microsoft will be it's own downfall, it's already happening, and will only snowball.
    This is probably example #1,542 of thousands to come.

    Of course, thank god for the alternatives, without them, no one jumping ship would have anywhere else to go but the cold drink of water below.

    It's frustrating to see people/companies/governments stung by things so simple to avoid, especially when one (me, IT people?) feels like the have the "answer" but no one is listening.
    (It could be Linux, BeOS, Apple, who knows.... it all depends really)
    To me it may be similar to the feeling a doctor has if/when they have a patient who refuses to stop a habit that will eventually kill them, despite being told so to the point of exhaustion.

    I'm not sure anyone really WANTS to dislike Microsoft, but they make so many bad mistakes, spit out so many garbage products that it's hard not to. It only frustrates me even more when "users" stick up for them! They need to read "The inmates are running the asylum" and learn about dancing bears, and the other ideas within. Being a power user of bad software does not make you an expert, it makes you blind to the way things really should be.

    Sigh.
    • by Ancil ( 622971 ) on Thursday September 23, 2004 @12:31PM (#10330973)

      It's frustrating to see people/companies/governments stung by things so simple to avoid, especially when one (me, IT people?) feels like the have the "answer" but no one is listening. (It could be Linux, BeOS, Apple, who knows.... it all depends really)
      Or, it could be keeping your Windows box up-to-date with security patches which were released months or even years ago.

      Why is it that when SSH or Linux has an exploit in the wild, everyone jumps in with "there's a patch out to fix it! Woot Open Source!!!"... But when an organization gets owned by Windows bugs which were fixed long ago, people on Slashdot blame Microsoft?

      Even the original poster falls into this trap -- the JPEG buffer overrun was fixed days ago, but you can be sure that lots of people will get "owned" because they ignore the required fixes. These people are somehow going to properly configure Linux and keep it up-to-date? Please. If they switched to Linux their root password would be "".

      You were right about the "simple to avoid", though.. Honestly, how difficult is it to let Automatic Updates keep your Windows box up-to-date? You don't even have to log in for it to work, for goodness sake.

      • The reason we don't make a big deal out of the Linux exploits is that most of us have never seen any harm from them. Yet Windows, throughout its life, has been a constant hassle.
  • by Anonymous Coward on Thursday September 23, 2004 @12:07PM (#10330673)
    and you think that because they have one glictch that they should just go off and switch to linux? Oh yeah, that will solve it.

    You're a hater, you can read it in your style.

    BTW, Firefox browser just had a recent flaw (prior to 1.0) so should I switch to I.E., or upgrade to Firefox 1.0? Your logic is swayed by your hatred towards Windows, as most others who will flame me for writing this.
    • by Anita Coney ( 648748 ) on Thursday September 23, 2004 @12:16PM (#10330777) Homepage
      One glitch?! An entire government bureaucracy is shut down for nearly a week (and who knows how much longer) because numerous computers are crippled is hardly "one glitch."

      And considering that the problem would not have occurred if Linux had been used, I'm not sure how you can say, "Oh yeah, that will solve it." Please explain that to me please!

      And also please explain how a flaw found and fixed in Firefox has anything to do with Linux.

    • by erroneus ( 253617 ) on Thursday September 23, 2004 @12:29PM (#10330947) Homepage
      Hey Mr. Anonymous:

      The Microsoft problem is far more than this one incident and it's not about "hating." For most of us, it's quite far removed from being an emotional concern and more of a prediction of future and larger disasters.

      Firstly, Microsoft's vision is a homogenus computing environment. That's DANGEROUS and every computer expert agrees on this point. What could be worse than a single bit of malware crippling more than 70% of all PCs and Workstations? Right! 100% being crippled by said malware. We've seen the lightning fast spread of some malware across the net at rates that are far too fast to remedy in time.

      Heterogenus computing is simply dangerous ESPECIALLY when combined with Microsoft's history and handling of even current issues. They have to write an entirely new OS if they want a secure product since the Win32 message queue problem is inherent to the API in such a way that "patching" is impossible. Of course they could create a BSD variant kernel and then build their own "wine" to secure things AND maintain compatibility but their pride takes priority over stability and security.

      And finally, you have to consider where Microsoft's core interests lie. There are still companies out there who prioritize customer satisfaction over profit, growth and domination but it's pretty obvious that Microsoft isn't one of them given their choice to abandon MSIE development for "legacy operating systems." Are they running out of money or is this another way to manipulate people onto XP? I don't think cost of development is the motive do you? Honestly?

      It's not hate... it's fear.
      • Firstly, Microsoft's vision is a homogenus computing environment. That's DANGEROUS and every computer expert agrees on this point.

        Luckily, computer experts generally don't run businesses. You're suggesting that instead of having everybody in an organization run the same software, that you should have multiple platforms, so you have to double or triple your IT bugdet to track security holes on MULTIPLE platforms, do MULTIPLE software rollouts, and hire several people just to deal with data translation be
  • by Gabrill ( 556503 ) on Thursday September 23, 2004 @12:07PM (#10330677)
    They keep their master disks refrigerated?

    Pr0n in governemnt?

    The prince of Bel-Air installs it?

    The pack Dentine in with the restore disks?

    *rimshot*

  • by kippy ( 416183 ) on Thursday September 23, 2004 @12:09PM (#10330684)
    How many people bet the headline should have been that?

    Alternate joke: Things have ground to a halt at the DMV? You mean it's been more than 5 minutes since the doors opened?
    • Obl. Quote (Score:3, Funny)

      by nautical9 ( 469723 )

      [Patty and Selma on working at the DMV]
      Patty: Some days, we don't let the line move at all.
      Selma: Yeah, we call those weekdays.

  • We are all assuming the Colorado DMV runs Windows. They probably do. But no where in the articles is the name of the OS they run mentioned. Yesterday I searched Google news for the name of their OS, and no article mentioned it.

  • by Weaselmancer ( 533834 ) on Thursday September 23, 2004 @12:12PM (#10330711)

    How about blocking all traffic from the DMV department to the internet? Why the hell do their license computers need to be on the net anyways? A local net to talk to your databases and internal email, sure. But internet access?

    • Why the hell do their license computers need to be on the net anyways? A local net to talk to your databases and internal email, sure. But internet access? Uh, maybe because there is more than one DMV office, they a geographically distributed over the state, and putting in your own WAN is a lot more expensive than just piggybacking on the internet? Maybe they would like to be able to answer questions emailed to them from citizens? Maybe all their machines have floppy drives; why are you assuming the viruses
  • Sure (Score:5, Insightful)

    by stratjakt ( 596332 ) on Thursday September 23, 2004 @12:12PM (#10330716) Journal
    probably means re-installing Windows, but have they considered Linux?

    BEGIN LINUX CONSIDERATION

    Q) Does it have the custom software we need?

    A) No

    Q) Do we have the budget, time, or employees with the skill to write it?

    A) No

    END LINUX CONSIDERATION

    Sorry guys, that's just how the real world works.
    • What happened to the "If we use windows will this happen again" part?
    • Re:Sure (Score:4, Funny)

      by Anonymous Coward on Thursday September 23, 2004 @12:19PM (#10330807)
      They don't need budget/time/employees/skill. All they have to do is put up a Sourceforge page [sourceforge.net], give it about a week, and their perfect bug-free open source DMV software will magically appear.
    • Re:Sure (Score:5, Insightful)

      by ViolentGreen ( 704134 ) on Thursday September 23, 2004 @12:21PM (#10330826)
      I think the time is the biggest issue here. Their systems are down, Even if software is available, they don't have the time or manpower to test and impliment their system on Linux.

      This is an emergancy situation. The best thing they can do is get their trusted system running again and then look for other options.
      • I think their next solution should be web based. That way, any new hardware issues can be resolved simply by bringing in a new PC. I can't think of any function performed by the DMV that can't be accomplished through a series of web forms, other than actually taking the photos without handling CF cards or something.
    • Q) Does it have the custom software we need?

      A) No

      Q) Has the person who didn't put "platform independent" into the RFP for the custom software, been fired yet?

      Using Windows is dangerous, but locking yourself into it is downright stupid and this has been known for quite some time now.

      (I'd place the cutoff date as being when MS started putting that ActiveX stuff into their web browser. (When was that? About 1995, I think?) After that, anyone who didn't start at least planning for being able to get

  • by Cyb3r ( 224792 ) on Thursday September 23, 2004 @12:12PM (#10330718) Homepage
    What happened to good old fashionned mainframes + thin clients with monchrome screens...

    They are issuing liscences, its not like they need anything speciale, windows like, to do that...

    Anyways they would probably get better productivity out of this since there is no web access etc etc...
    • Can you edit photos on that mainframe?

      You know that the whole process is digital.. They take your photo, crop it, and print your license right in front of you.

      You need something with a GUI and some photoshopping tools to do it, you also need to drive specialized hardware to print out the stickers and licenses and whatnot.

      Last time I went to the DMV they used Mac's for this. Vendor lock-in is only bad when it's MSFT, or didn't you read the slashbot handbook?
      • by The Blue Meanie ( 223473 ) on Thursday September 23, 2004 @01:37PM (#10331932)
        Actually, as a resident of Colorado that recently got a new license, I have to mention that while the process IS digital, they do not "print your license right in front of you". Our DMV in its infinite wisdom has outsourced the printing of the licenses to a company in California. You now leave the DMV with a little slip of paper that's good for 30 days, until your new license is mailed to you - FROM ANOTHER STATE!
        They do at least let you keep your old license if you're renewing, but not before punching a hole through the expiration date to mark it as expired pending the new arrival.

        Imagine the pleasure I experienced when after having had said hole punched in my license, I had to fly two weeks later, prior to the arrival of the new license. The oh-so-friendly TSA people in Chicago were not impressed with either my "punched" license, or the little photoless slip of paper that was supposed to pass in its place. I very nearly wasn't able to come home. (The TSA folks at Denver's airport were aware of the DMV's stupidity, so I had no problem leaving).

        To add just a little more to the "stupidity" column, did you know our DMV must take a new picture of you for every document? If I have no license, and come in to take both the written and driving tests the same day, it goes like this:
        - Take/pass written test
        - Get photo taken
        - Take/pass driving test
        - Get photo taken again, 1 hour later than last one
        - Leave DMV with silly slip of paper
        - 3 weeks later, learner permit (which was only valid for about an hour 3 weeks ago) AND license arrive in the mail FROM ANOTHER STATE!

        You just can't make this stuff up. Oh, and can we please skip the painfully obvious "???" "profit" jokes.
    • They should be keeping all the old DL photos on line, to make sure any person renewing a license isn't committing identity theft. In which case, a 3270 terminal isn't going to do them much good, is it?
  • by Jailbrekr ( 73837 ) <jailbrekr@digitaladdiction.net> on Thursday September 23, 2004 @12:13PM (#10330728) Homepage
    Even the suggestion that they should migrate to linux instead of flattening and reinstalling is premature, and horribly ignorant. A migration to another OS would take a company of that size months, and possibly years to do. Yes it would reduce the TCO, yes few viruses are written for it (so far), but to even suggest that linux would SOLVE their immediate problem is an idiotic proposal.

    Cripes, set your zealotry aside and think.
    • Company? Who said we were talking about a company? This is a state government. It would take them decades to change anything. Believe me, I've worked in state government before.

      From the day I got an interview offer it took a month for them to schedule it. Then it took a month for them to decide, and then another month before I started. We moved offices and it took a month for them to clear up the cubicles and two whole days to move 20 computers.

  • by pyro101 ( 564166 ) on Thursday September 23, 2004 @12:13PM (#10330731) Homepage
    Now is not the time to upgrade the entire system to Linux it is time to patch and go. But it is a good time to consider if a full system upgrade should be done, when time is not so critical. An ill planned upgrade will squash the likelyhood of linux getting a good chance. Also it would require getting a good staff of IT guys that know linux and not a bunch of MCSE's.
  • Has anyone though that there could be other problems as well. I bet there are ton of viruses out there targeting a piece of custom software for a DMV for a relatively small state (Population Wise). Well the first thing comes to mind is "Don't use windows you dumb asses" If you are spending the money to rewrite the software that only fails because the OS uses windows and the windows virus corrupt the application, you might as well switch to a sturdier infrastructure. Sure Linux is a better solution (Open
  • Hm... (Score:5, Funny)

    by StevenHenderson ( 806391 ) <[moc.liamg] [ta] [nosrednehevets]> on Thursday September 23, 2004 @12:16PM (#10330778)
    Who to root for, the viruses or the DMV? A conundrum if there ever was one...
    • Re:Hm... (Score:3, Funny)

      by DoubleD ( 29726 )
      The virus of course.

      after all:
      "Do not be afraid of those who kill the body but cannot kill the soul. Rather, be afraid of the One who can destroy both soul and body in hell." Matthew 10:28
  • by dbleoslow ( 650429 ) on Thursday September 23, 2004 @12:18PM (#10330797)
    I wonder if any of the work they do will involve teaching the DMV employees not to open up unknown attachments and other forms of "safer" internet use. All complaints about security holes and stuff aside, there's a good chance this mess started when someone opened an infected email.
  • As a Coloradoan... (Score:5, Informative)

    by Chagatai ( 524580 ) on Thursday September 23, 2004 @12:20PM (#10330822) Homepage
    I've been listening to local radio where they have been talking about this issue for the past couple of days. Apparently, according to the talk show hosts and call-in experts, the real issue is in the system that transfers the licenses to a company in Oregon for print out. Up until a few years ago, Colorado was one of those states that would laminate driver's licenses on the spot, much like a high school ID. Somewhere along the line they decided that these cards could easily be faked, so they started sending them to a company in another part of the country to be produced a la credit cards with "more robust security". Data currently cannot make it to this production company, so the production of cards has been backlogged by as much as 30 days in some cases. Local law enforcement has been told to be lenient on people with expired licenses in recent days due to these problems.

    Me? I'm just happy seeing my Colorado tax dollars at work.

    • ...I'm just happy to see Colorado tax dollars come here.
    • Up until a few years ago, Colorado was one of those states that would laminate driver's licenses on the spot, much like a high school ID.

      This is one of those damned if you do damned if you don't things.

      Office issuance clearly has the advantage that the person gets the license immediately, as opposed to some piece of paper, which may or may not work as ID if the person needs it immediately. It doesn't give them a very good feeling.

      Office issuance has the problem that the offices themselves are often not
  • by rtphokie ( 518490 ) on Thursday September 23, 2004 @12:21PM (#10330836)
    The 'dozen experts' have decided that 'fresh software' is the best way to remedy it - probably means re-installing Windows, but have they considered Linux?

    Yeah, that's a great way to get things back up and running. Introduce a new OS. I'm sure everything will run smoothly after that. Comments like this dont do much to dispell the view that many have of linux proponents: a lack of a grip on the realities of IT.

    While considering Linux would be wise, it should be considered a long term solution, not one that will get everybody up and running again. For now, if reinstallation is the best option, you put together a plan to train some people really quickly to do it and fan and and work 24/7 until it's done.

    The Linux option should be brought up but not now, that's for the post-mortem meeting.
  • by gorbachev ( 512743 ) on Thursday September 23, 2004 @12:21PM (#10330838) Homepage
    The reporter is a complete pussy.

    Tens of thousands of Detroit drivers are without service, and the DMV rep says:

    "People understand that we are living in a computer world."

    Uh. The followup question should've been "why the f*** did you let a virus infect a critical computer system?"
  • by wafflemonger ( 515122 ) on Thursday September 23, 2004 @12:22PM (#10330840)
    Would anyone actually notice the slowdown? This is the DMV after all.
    "Somedays we don't let the lines move at all. We call those days weekdays."
  • by cpn2000 ( 660758 ) on Thursday September 23, 2004 @12:22PM (#10330846)
    I was watching tv in the company break room (lunch hour) the other day, when a program on MSNBC (I think) was showing Steve Balmer talking about Microsoft.

    He said something to the effect of ' ... my parents said give us a good reason why we need a computer ...' . Almost instantly, 3 people in the room said 'Where else would you install anti-virus software' .

    Microsoft has a serious image problem right now, and it does not look like its going to get better any time soon.

  • by YrWrstNtmr ( 564987 ) on Thursday September 23, 2004 @12:22PM (#10330847)
    ...but have they considered Linux?

    I'm sure someone in their organization has. Has the submitter considered the year or two (and LOTS of $$$) it would take to implement such a change?

    "The Colorado DMV will be down until early 2006. We thank you for your patience."

  • To most people... (Score:3, Interesting)

    by GillBates0 ( 664202 ) on Thursday September 23, 2004 @12:23PM (#10330860) Homepage Journal
    "People understand that we are living in a computer world," Reimer said.

    Viruses are a universal problems with "computers". Ofcourse, that's to be expected when most people relate computers to Windows.

    It's not a "computer world" you're living in, it's a "Windows world".

  • Therefore, the DMV's problem will not be solved.

    Unscheduled downtime due to security vulnerabilities will continue to happen, from time to time.
  • The so-called convenience of having a standard OS with which most people are familiar coupled with concerns over the amount of money it would cost to convert to another OS are things to consider about migrating to a new system.

    Unfortunately, Linux, BSD, and other alternatives still scare some upper management. If the cost of migrating + training is still a determining factor, then they should also weigh the risks of maintaining their current OS. That is, the cost of down time, man-hours to correct proble
  • Have you considered what it costs to switch to Linux?

    Finding/writing replacement software, ensuring hardware compatibility, finding competent admins, installing everything, retraining personel, working out issues, ...
  • by Trolling4Dollars ( 627073 ) on Thursday September 23, 2004 @12:25PM (#10330888) Journal
    ...issue? Part of the problem with viruses beyond the fact that many OSes still ship with pretty lax security, is the way that PCs are actually implemented when put into a networked environment. The implementation is dictated by the policies of the organization. Too many organizations do not put enough thought into what users should and shouldn't be allowed to do at EVERY level of computer use. Some of this is due to the fact that these organizations can't afford a decent admin due to being underfunded. Another cause is that many of these orgs also think that computers should be a "set it and forget it" kind of thing.

    So how can this be addressed? Probably the first thing to do is GET A DECENT ADMIN and IT staff. Since we are talking the BMV here, this means better funding for the BMV to attract a decent admin and IT staff who will demand more pay. Which means... that taxes will have to be increased. Which means that indirectly, the tax payers who vote down county levies are are responsible.

    Another thing that can be done once you have a decent admin is to set up a very detailed policy about what users are and aren't allowed to do on a machine. This includes whether or not they can even access external resources on the web (No external web mail during work time, etc...). Regarding the channel of e-mail for mass mailing worms, all mail should be filtered through a virus scanning and spam filtering appliance like the Barracuda Networks Spam Firewall.

    If the environment is such that it demands that users be able to access external web resources, a remote application server (with automatic virus protection) running on a separate network should be used for all external web browsing. If they are accessing an internal resource, they can use their local browser. This way if the app server gets hit with some kind of worm or virus, it won't infect their system as the only connection would be over X , RDP or Citrix ICA.

    Is all of this a pain in the ass to both implement and live with? Most certainly. Will the users complain? Count on it. Will it buy you a lot more protection against the worms and viruses today? Yes. It's just a question of which environment is more of a pain in the ass for you. One where you are constantly dealing with users that are infecting their machines and taking down the network so that productivity grinds to a halt? Or one where users gripe for a bit about the new restrictions, but you have far fewer or no virus/worm incidents? The choice as they say, is up to the peoplpe with the power to rethink these things.
  • Or the next thing you know, some sick computer hacker will get in there and start sending tax bills to rich people.

    God forbid some 'sick hacker' do such a thing.
  • I may be oversimplifying the problem, but why don't they go to OSS. Afterall, don't their software needs boil down to 1) relational database, 2) (small size) digital photography, 3) some internet connectivity to share info with the main database, and 4) word processing with mail-merge? OSS should have good software for all 4 functions. I don't see anything that they need that the rank-and-file can't run on a hardened linux variant. Once the system is setup properly, they can lock it down to prevent tamperin
  • by FerretFrottage ( 714136 ) on Thursday September 23, 2004 @12:32PM (#10330992)
    I went to renew my car registration this past year and while stting down at the counter with the clerk, I noticed a little yellow sticky on the lower part of her monitor:

    [sticky]
    Password
    password
    (all lowercase)
    [/sticky]

    Made me feel nice, warm, and fuzzy...next year, just renew it myself (now where is a yellow sticky when you need one?)

    I suspect they will we continue to see and hear/read more about these type of incidents....I also believe we will start to see incidients at that related to non Windows based systems because
    (a) as *nix/OSS is taking a deeper foothold in systems, more flaws are bound to show up
    (b) MS will make sure that those incidents get reported to as many outlets as possible to show people that it's not just them.

  • There is a mandate from the govornors office to be a MS-only shop. This goes back to the ties that Owens made with Bill Gates.
  • It is time to fix the problem and start switching to
    a system that can actually handle enterprise level transactions without the daily threat of being owned.

    Linux may or may not be the immediate solution but it is damn sure the long term solution. Don't give me a bunch of lip about retraining this is a environment that should be under tight control but obviously is not.

    Think, linux thin client architecture, you only get what the admin gives you. You want to issue a license you click the license icon on the

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...