Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Education Government Worms

German Ministry of Education Throws Away PCs For 190,000 € Due To Infection 347

An anonymous reader writes "German IT magazine Heise reports (original in German) that the Ministry of Education in Schwerin had a Conficker virus infection on 170 machines, that was dealt with by simply throwing them on the trash. Other German authorities have now decided that 'the approach taken is not up to the principle of efficiency and economy' and that the 187,300 Euro invested in this radical form of virus removal were inappropriate. The ministry had earlier estimated the cost of cleaning their desktops and servers by more conventional means to 130,000 Euro."
This discussion has been archived. No new comments can be posted.

German Ministry of Education Throws Away PCs For 190,000 € Due To Infection

Comments Filter:
  • by Anonymous Coward on Tuesday April 30, 2013 @04:12AM (#43588541)

    Install Linux. Cost $0 + admins' time -- almost certainly less than trying to remove and clean infected systems.

    Forget about virus infections for the near future.

    • by Cenan ( 1892902 ) on Tuesday April 30, 2013 @04:25AM (#43588599)

      Install Linux. Cost $0 + admins' time -- almost certainly less than trying to remove and clean infected systems.

      Forget about virus infections for the near future.

      They already had licenses to the Windows installations so the cost equation would be the same, it only differs if you assume they would try to clean the infection and not simply install Windows after format c:

      What the [admin's time] factor expands to is another thing, and hardly favors the GNU/Linux approach. If the idiots are dumb enough to throw out new PCs because of a virus infection, they most certainly are too dumb to install anything but Windows.

      • by Pav ( 4298 )
        Eh? For imaging use PXE with Partimage, or FAI (if you want a non-imaging solution better suited to non-standardised hardware). With Linux on the server side you can manage Windows AND Linux deployments, plus lots of other stuff (groupware, dns, dhcp, phone, netfiltering, filesharing, kerberos along with HEAPS of other stuff not as relevant to an educational context). If you want a GUI integrating all that just use GOsa or FusionDirectory or any number of other LDAP + service management front-ends. It's
        • by Pav ( 4298 )
          OPSI for windows deployments... forgot to mention that. It's also LDAP-integrated, though its own webUI is nice too.
      • They ain't dumb (Score:5, Insightful)

        by Taco Cowboy ( 5327 ) on Tuesday April 30, 2013 @05:01AM (#43588727) Journal

        If the idiots are dumb enough to throw out new PCs because of a virus infection, they most certainly are too dumb to install anything but Windows

        I don't think that they are dumb

        Actually, they are smart

        1. It ain't their money --- the money is from the gummint

        2. By throwing the thing away they save all the effort to reformat the disk and to re-install the Windows OS, plus softwares

        3. With the computer dumped, they will get to enjoy newer computers --- again, the money came from the gummint

        • Re:They ain't dumb (Score:4, Insightful)

          by bfandreas ( 603438 ) on Tuesday April 30, 2013 @05:53AM (#43588923)
          Actually this is a story about stupidity.
          They didn't have virus protection or anything security related. So the taxoffice watchdog told them to come forward with a security plan.

          This is just as stupid as it sounds. I've not heard if they were close to a Windows 7 induced hardware upgrade cycle anyway. But there is absolutely no excuse for having no security whatsoever.
          • So the taxoffice watchdog told them to come forward with a security plan.

            Zey voz just obeyink orders?

        • Not to mention that the 130k probably includes the cost of preventative action to stop this happening again. Much easier and quicker (therefore cheaper) to start from scratch with a new security baseline than try to impose one after the fact.

          Got a client at the moment discovering the very same home truth right now with something rather less virulent that Conficker running wild on their network. That'll teach them how "optional" AV update subscriptions are.

        • Re:They ain't dumb (Score:4, Insightful)

          by Culture20 ( 968837 ) on Tuesday April 30, 2013 @07:16AM (#43589301)
          If they wanted new computers, they could have dumped or wiped the HDDs then auctioned the computers instead of just throwing them away.
        • 3. With the computer dumped, they will get to enjoy newer computers --- again, the money came from the gummint

          And, more importantly, they'll be fully using their budget this year, allowing them to make an argument to have a budget increase next year. If they save money, their budget will be cut.

      • Weird thought: If you're going to take the time put Linux on the machine why not just get a clean image of Windows and re-image each drive. Just make a boot CD and image old drives.
    • Munich decided to do that in 2003. 10 years later, they're still working on the transition.

      • by Nerdfest ( 867930 ) on Tuesday April 30, 2013 @05:03AM (#43588743)

        Apparently the Ministry of Education in Schwerin did not, and they're still dealing with the consequences.

      • by Pav ( 4298 ) on Tuesday April 30, 2013 @05:17AM (#43588789)
        Have you seen the work that came out of that? The GUI frontend to it all is called GOsa (although there's a fork called FusionDirectory which I prefer). The whole infrastructure is managed via LDAP plus RPC, and allows deployment of Linux and Windows (via FAI and OPSI respectively). There are also a multitude of plugins for managing a multitude of network services and LDAP stored info. I use it for managing DNS, DHCP, groupware (SOGo), web proxy + filtering (Squid), Samba, windows OS + software deployment (OPSI), Linux + software deployment (FAI), Debian/Ubuntu repo management, centralised logging (rSyslog)... and I'm currently looking into connecting it to Asterisk. There are TONS more plugins.
    • by Drakonblayde ( 871676 ) on Tuesday April 30, 2013 @05:09AM (#43588759)

      I'm sure a large part of the decision to toss em in the garbage was because someone wanted new gear. Can't forget about the political element to an IT infrastructure.

    • by Ash Vince ( 602485 ) * on Tuesday April 30, 2013 @06:29AM (#43589081) Journal

      Install Linux. Cost $0 + admins' time -- almost certainly less than trying to remove and clean infected systems.

      Forget about virus infections for the near future.

      Of course the admins time probably adds up to about $300 per machine.

      Seriously, I can completely believe this story because it would probably take someone at least an hour to clean the PC. It is also quite easy to believe that a government department or big company who outsourced their IT would be paying more per hour for technical staff than they would for a new PC.

      This is especially true if you asked the IT outsourcing company to provide a cast iron assurance that the virus was removed with some sort of penalty clause if their was a reinfection. The quote you would get back would be prohibitively expensive because the any company with any sense would run a mile from providing such a ridiculous guarantee.

      All of sudden what sounds like a 5 minute job to someone with some technical skills and has a 99% success rate has become such a headache to the bean counters that demanded a 100% success rate that they decide throwing the machines in the bin is actually cheaper. Of course this is ridiculous, but I have heard of things far more ridiculous when government middle management gets involved in IT decisions.

      In public sector management you hardly ever get rewarded for things coming in under budget like you do in the private sector but you get torn to shreds if anything ever goes wrong so the whole thing ends up being ridiculously risk averse in the extreme.

      • by omnichad ( 1198475 ) on Tuesday April 30, 2013 @08:28AM (#43589851) Homepage

        Why would you sit and stare at a computer while running virus removal tools. Move on to the next computer. This is a very common virus with pre-made tools available to remove it from several vendors. Just start it running on 100 computers at a time - just as fast as you can run and type.

        All you have to do is get one computer fixed reliably. Then just make sure you do the same thing to the others. It's not like you have hundreds of totally unique infections.

        • Why would you sit and stare at a computer while running virus removal tools.

          Because they are paid by hour, duh. ;)

  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Tuesday April 30, 2013 @04:16AM (#43588553)
    Comment removed based on user account deletion
  • Money well spent (Score:5, Insightful)

    by Anonymous Coward on Tuesday April 30, 2013 @04:22AM (#43588571)

    If its 130,000 euros to fix a virus infection and 187300 to upgrade AND fix the virus infection, then you may as well upgrade.

    The real problem here is the 130,000 euros to fix a virus infection.

    • by gl4ss ( 559668 )

      If its 130,000 euros to fix a virus infection and 187300 to upgrade AND fix the virus infection, then you may as well upgrade.

      The real problem here is the 130,000 euros to fix a virus infection.

      yeah.. 130 000 for 170 computers. could have bought new computers with the "fix" money too.

      • by Anonymous Coward on Tuesday April 30, 2013 @07:45AM (#43589499)

        No matter what OS you use (considering the OS licence is already paid)... How can the format of the drive + reinstall for 170 machines cost 130k$

        Quick estimate: IT guy is paid 100$/h (gross overestimate) and can reinstall 1 machine per hour (gross overestimate)... Total: 17k$

        How the fuck do they estimate 10x that???

    • Re:Money well spent (Score:5, Interesting)

      by gbjbaanb ( 229885 ) on Tuesday April 30, 2013 @05:02AM (#43588735)

      Conficker.... suddenly it becomes clear. I know an organisation that was infected, and they ended up spending 2 weeks with a Microsoft consultant to clear everything up. The problem is that it spreads too quickly, so when you clear a PC and move on to the next, it re-infects the first one. Silly old Microsoft.

      So, if they upgraded their PCs too.... makes perfect sense. I wouldn't have binned the old ones though, I'd have wiped the HDDs and sold them or given them away.

      • Re:Money well spent (Score:4, Interesting)

        by AdmV0rl0n ( 98366 ) on Tuesday April 30, 2013 @05:15AM (#43588785) Homepage Journal

        This thread is disappointing. So much hate. Hate leads to fear, and fear leads to the dark side.

        Anyway. Conflicker. Nasty. Simple. Old. A clean up is not easy, but conflicker requires some bad baselines to be operating for it to get through and thrive. If you fix the baseline issues, the clean up can follow. A clean susyem thats updated properly isn't infectable via conflicker. So frankly a system sorted put back in should be fine. You'll obviously have to do this step by step and yes, there is a price. Most orgs this size have IT staff so I don't know how the figures are drawn up.

        I also have to say, the clean up tools and detection tools mean attacking conflicker infection is on the easier end of security clean up. The story is sad because it seems to indicate ever present stupidity in public services. Advocates and supporters of public services need to understand that its not a ob creation scheme. If someone has a role or job, they must be competant. Trained. Skilled. People who are not have no place in it.

      • Re:Money well spent (Score:5, Informative)

        by AmiMoJo ( 196126 ) * on Tuesday April 30, 2013 @06:25AM (#43589063) Homepage Journal

        The problem is that it spreads too quickly, so when you clear a PC and move on to the next, it re-infects the first one.

        Then the first one wasn't really fixed, was it? Microsoft released a patch that blocks re-infection so all you have to do download that and their Malicious Software Removal Tool to a CD, disconnect each machine from the network and run them in order. Problem solved.

        The high cost is probably due the cost of certifying that the infection was removed and the PCs are safe to use with sensitive data again. Removal is trivial if somewhat time consuming.

    • Well, you could recycle the machines and get some kind of payment if they're subsequently sold. This is what the IT guys at my company do with old machines. The disks are wiped, reformatted and reloaded with a fresh copy of Windows (by the recycler), then the machines are cleaned up and resold in a storefront. We get a portion of the selling price (wither to keep or to donate) and the folks in the community get low cost machines.
      • I've been trying to get my company to do this. Most of the machines we throw out are higher end Core 2 Duos that just need Windows reinstalled (if that) to bring them back to optimal. Unfortunately, the Powers that Be have decreed they have to go in the bin for a recycling company to pick them up. The end result is that we pay someone to resell our PCs that we've already wiped and don't see a dime of.

  • In various school / university I was in the virus infection were dealt in either way :
    1) ignore it
    OR 2) buy a new machine give the old to the trash

    I am not kidding you , I saw back in my day 12 PC desktop being sent to the trash because they had a variation of PONG virus on their HDD (that was DOS time).
  • What is this? 2008?

    • Re:Conficker???? (Score:5, Interesting)

      by symbolset ( 646467 ) * on Tuesday April 30, 2013 @05:08AM (#43588755) Journal
      Yesterday the Conficker Working Group [confickerw...ggroup.org] saw 634 million HTTP hits on Conficker domains from 1.7 million unique IP addresses. This is seems to be a fairly static figure going on three years now.
    • Re:Conficker???? (Score:5, Informative)

      by RogueyWon ( 735973 ) * on Tuesday April 30, 2013 @05:29AM (#43588827) Journal

      Unfortunately, it's still very much alive and out there. The parents PC contracts it regularly (my dad has appalling security and browsing habits). A friend of mine (who I generally regard as more IT literate than I am) just spent a weekend cleaning an infection of it off his (fully-updated, Macafee-profected) Windows machine.

      And now for a gratuitous side-rant:

      The source of my friend's infection was apparently a minor video-hosting site carrying game-walkthroughs. On balance, I believe him on this, because I'd had warnings from AVG about such sites myself in the past.

      The trend over the last few years has been for game-walkthroughs to shift from text-format to long sequences of videos. Personally, I hate, loathe and despise this trend from a convenience point of view (try searching 30 videos for how to find that pesky item you're missing, compared to doing a quick search on a text file). But it's had some other unpleasant side effects.

      See by default, these videos go on youtube. Thing is, however, game publishers sometimes object to complete video walkthroughs of their games being hosted there and do DMCA takedowns. So the videos then crop up on less notable video-hosting sites. Many of which appear to be malware infested hellholes.

      So the moral of my (horribly off-topic) side rant: video walkthroughs suck. They're difficult to search, they're inevitably narrated by some idiot called "Tad" who feels the need to say how stoned he is roughly every 30 seconds and - they're turning into a really horrible malware vector.

      • by ildon ( 413912 )

        People do video walkthroughs because they're easily monetizable. I can make a video for a game and put it up on Youtube and get ad partner money. If I write a text walkthrough and put it on GameFAQs I'm pretty sure I get exactly $0 forever. If I try to host it myself and put ads on my site, it's likely no one will ever read it because people will just go to Youtube, GameFAQs, or the game's wikia site if it's popular enough to have one.

        It sucks, but that's how it is. Expect more video walkthroughs in the fut

    • Look at the stats. The old ones never really go away. They just get overshadowed by the newer ones. A little bit of trickery is also done with counting variants as separate malware. Anything to keep the stats down.
  • How much does that cost? One worker should be able to do a machine in ten minutes or so.

    • 760 Euros per PC (Score:3, Insightful)

      by Anonymous Coward

      Yet the 'conventional' estimate was 760 euros per PC to fix it...

      I think its one of these cases where they're locked into a service contract for the PC they bought, and its easier to bring forward an upgrade than let the service company rip them off. The translation says they'd almost fully depreciated the PCs anyway, so they were several years old anyway.

      So now some party (no doubt connected to the service company) is kicking up a stink because they didn't get to rip them off.

      But it looks like the right th

      • Re:760 Euros per PC (Score:4, Interesting)

        by tibit ( 1762298 ) on Tuesday April 30, 2013 @05:11AM (#43588767)

        For half of that money I'd fucking take a first class plane trip to Germany, pay for my own hotel, and be done reimaging their PCs over a workweek. That includes deploying whatever they need deployed on those PCs, and leaving a solution in place to reimage them at will. And that's all being quite green when it comes to Windows administration. At work I really only do the minimum needed not to need to muck with it.

      • by Bengie ( 1121981 )
        I wonder how the estimated 760 euros when I've done similar things, which has taken less than 15min of my time. When I was in IT, an all out infection just meant a computer getting re-imaged, which I could start remotely.

        Process to re-image a computer

        1) Call end user, ask when they won't need their computer for 1 hour
        2) Start re-image remotely
        3) Restore data/setting/installed software, which was all automated and part of the re-image process

        Most of my time was playing phone-tag with the end user t
    • by flyingfsck ( 986395 ) on Tuesday April 30, 2013 @05:20AM (#43588799)
      Yeah, but it is Germany. In order to do IT work on a PC, you need to have a plumber and an electrician on standby and you are not allowed to do more than one PC at the same time...
  • Small correction (Score:5, Informative)

    by Sique ( 173459 ) on Tuesday April 30, 2013 @04:29AM (#43588611) Homepage
    It's not the Ministry of Education of whole Germany, but of the german State of Mecklenburg, which threw away the PCs after a virus infection.

    And there is more to the story: It was estimated, that the cleaning of the PCs would cost ~135,000 €, and a replacement, which was planned anyway, would be 190,000 €, thus they decided to replace early instead of spending the 135,000 € on the clean-up and throw the PCs away a year later.

    • by gl4ss ( 559668 )

      well duh, the more to the story is that they got a quote for 800 euros / computer to fix the issue, an issue their admins/cio should have fixed while on the payroll..

      800 would have been enough to buy new computers.

      • That's making the assumption that they have the man-hour resources to clean up the infection themselves. Likely, they aren't well enough staffed to just divert the number of people needed to cleaning up the PCs in a reasonable amount of time.
        • by Sique ( 173459 )
          This. And they didn't have any disaster recovery planning or any kind of security concept in place. And this was the main reason why the Board of Audit chastised them: Not even after a big failure of IT infrastructure any planning to avoid similar situations in the future.
        • by gl4ss ( 559668 )

          That's making the assumption that they have the man-hour resources to clean up the infection themselves. Likely, they aren't well enough staffed to just divert the number of people needed to cleaning up the PCs in a reasonable amount of time.

          they got some sort of cio on payroll. he's got all week for this. if he's unresourced for this, he could have bought the resources for a lot less than 800 euros per hour - even in germany. their staff is going to be spending the same time setting up the new computers as well.

    • Still, 135K€ for cleaning a bunch of PCs...what did they do, piss off the resident BOFH? Did someone make a lewd comment to IT about their jobs being outsourced to the 'cloud' that week? 'Tis the kind of prices you pay after you insinuate that someone's parents were blood relations...to their face...and then proceed to draw them a diagram outlining family relationships to ensure that there's no chance of a misunderstanding.

    • Well considering their coat of arms [wikipedia.org] they are probably used to getting trolled....
  • by Mad-Bassist ( 944409 ) on Tuesday April 30, 2013 @04:31AM (#43588613) Homepage

    Why not use this as a way to teach the kids how to install the OS from scratch?

  • by Hentes ( 2461350 ) on Tuesday April 30, 2013 @04:34AM (#43588631)

    I guess they simply multiplied the cost of virus removal with the number of machines. But it only takes once to find the source of the problem, the remaining 169 machines could've been fixed at minimal cost after that. And of course, it doesn't cost a cent to just wipe them all clean.

  • Where are all the machines they threw away?

    The traditional art of Dumpster diving plus a Windows or a Linux install would have saved these machines from their fate. If they were scheduled for replacement, then I'm sure some charity or educational establishment could have benefited.

    • Where are all the machines they threw away?

      The traditional art of Dumpster diving plus a Windows or a Linux install would have saved these machines from their fate. If they were scheduled for replacement, then I'm sure some charity or educational establishment could have benefited.

      There are many establishments which could have benefited here, but there are two issues with that - first, the machines would have to be sanitized so there is a guarantee that no confidential information is stored on them (90% of government IT disposals ignore that rule, but the Germans are actually among the best at following it); and second, I am pretty sure that the majority of recipient organisations would say "no thanks, we cannot handle the clean-up" if an organisation said "here you go, have 170 PCs

      • It only takes a few minutes to wipe a hard drive. No organization is going to donate machines with a working OS install anyway.
  • by imsabbel ( 611519 ) on Tuesday April 30, 2013 @04:59AM (#43588715)

    This happened in 2010.
    Those were old computers.
    They already had the money to buy replacements budgeted in their 2010/2011 budget.

    So they had to decide to pull the effort the reimage everything for a couple of months, or just buy the new ones early. Buying the new ones early did cost a bit more (30k for all of them), but less then a cleaning would have cost.

    The servers, who where not sheduled for replacement, were reimaged just fine.

    • by tibit ( 1762298 )

      I can't quite imagine a business of that size not having a system in place to reimage machines at will. At one place I work we have two dozen machines and I'm well underway in having them all PXE boot into an imager which then either boots the existing image from the hard drive or updates it prior to booting. Once I finish shaking down the test deployment on a few machines, it should be ready to go. Users have had roaming profiles for years now so that's not an issue.

    • by Registered Coward v2 ( 447531 ) on Tuesday April 30, 2013 @05:53AM (#43588921)

      This happened in 2010. Those were old computers. They already had the money to buy replacements budgeted in their 2010/2011 budget.

      So they had to decide to pull the effort the reimage everything for a couple of months, or just buy the new ones early. Buying the new ones early did cost a bit more (30k for all of them), but less then a cleaning would have cost.

      The servers, who where not sheduled for replacement, were reimaged just fine.

      This happened in 2010. Those were old computers. They already had the money to buy replacements budgeted in their 2010/2011 budget.

      So they had to decide to pull the effort the reimage everything for a couple of months, or just buy the new ones early. Buying the new ones early did cost a bit more (30k for all of them), but less then a cleaning would have cost.

      The servers, who where not sheduled for replacement, were reimaged just fine.

      How dare you inject reason and facts into a /. arguement? You're supposed to say Windoze Bad Linux Shiney Free and accuse anyone with a different view of being an MS shill or troll. Replacing rather than cleaning is the right thing to do, it would have been more fiscally irresponsible to clean and then replace, and no doubt under German law the old ones were recycled rather than just dumped in the trash.

      given that reimaging would involve more than simply pushing out a new image but would need machines to be offline to avoid reinfection, there is also productivity losses and associated costs as well.

    • by gl4ss ( 559668 )

      that's not the problem.

      the problem is that they didn't say that the 800 euros for a reimaging fee was bullshit.

  • "cost of cleaning their desktops and servers by more conventional means to 130,000 Euro"

    Whoa, whoa, wait people, I'll clean them for half of that price and still be happy with it.

    They'd need to look into more efficient "conventional means".
  • Now I know where our tech support department gets it's strategy from :)
  • by VortexCortex ( 1117377 ) <VortexCortex AT ... trograde DOT com> on Tuesday April 30, 2013 @06:00AM (#43588961)

    There's only so many times you can lather, rinse and repeat in a given time period before someone points out that you're insane.

    Some folks might think I'm saying switch to Linux instead of just creating a fresh patch of systems to be virused. Smarter folks would realize that VMs with automated image rollouts would be a much better (and even OS agnostic) investment in the long run.

    Is that PC hitting public facing stuff, or does it allow users to bring their own data? Then it should be hosted via VM then unless you're focusing on 3D graphics applications.

    Next time they do a Hardware upgrade, you just roll out the VMs again and save virtually all the "support" cost of the rollout. Pays for itself after one or two upgrades. Doubly so if you've got a nasty malware infection since you already have the re-imaging process in place. With hardware supported virtualization standard now, it's kind of dumb to even not be using it...

  • by prefec2 ( 875483 ) on Tuesday April 30, 2013 @06:17AM (#43589037)

    The ministry of education of the federal state Mecklenburg-Vorpommern acted in the illustrated way. Mecklenburg-Vorpommern is a small state in the north east of Germany. The central auditing authority of that state (Landesrechnungshof) recalculated the effort and determined that the cost of the early replacement due to a virus infection was too expensive considering the alternatives.

    The German ministry of education is placed in Berlin (which is also a federal state having its own minitry of education) and called "Bundersministerium für Bildung und Forschung" (engl. Federal Ministry of Education and Research).

  • by Mystakaphoros ( 2664209 ) on Tuesday April 30, 2013 @06:40AM (#43589141) Homepage
    ...how often do we get to make fun of Germany for making a boneheaded decision regarding technology? I say we savor this one for years to come, as stories like this are a dime a dozen over in the States.
  • Its school right? They have students right? While I don't think it would be good to go down the path of using what should be instructional hours to do maintenance on the school this one seems like there would be ways.

    I have to assume there are some computer science, computing for business, personal business type courses where doing some operating system installs would be defensible as providing "useful background." So a couple class periods from those courses the students could be borrowed for the purpose

  • 1. Dig trench
    2. Dump infected computers in trench
    3. Shoot computers with machine guns
    4. Cover computers with dirt

    Problem solved.
  • Actually given the IT admin at the school I went to, throwing out the computers would of been the better option. This guy was pretty clueless, it took him three months to figure out how to reload command.com on a machine and install Windows, someone did a del *.*

Heard that the next Space Shuttle is supposed to carry several Guernsey cows? It's gonna be the herd shot 'round the world.

Working...