[unisog] justification

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Feb 24 18:41:27 GMT 2003


On Mon, 24 Feb 2003 12:29:51 EST, Mike Stanley <mikestanley at utk.edu>  said:

> Sounds like an amazingly short-sighted, almost Microsoftian solution.
> 
> "Oh, your machine isn't working right?  Format, reinstall Windows, and 
> everything is all better again."
> 
> "Oh, your student information server was hacked?  Ah well, wipe, 
> reinstall, apply the patch de jour and hope it doesn't happen again."

I'm not particularly thrilled by that attitude either, but...

A large .EDU site might have 10K-50K Windows boxes, administered by clueless
end users, and just sheer volume prevents any other answer than "format,
reinstall, re-patch, and pray" as long as the users keep re-loading the same
Windows software.  Let's face it - there's not really much you can do to secure
a user-adminned machine that has both Outlook and IE on it.  And in the
university environment it's probably politically inexpedient (possibly spelled
s-u-i-c-i-d-e ;) to suggest a sufficiently fascist deployment of Win2K group
policy to actually secure it.

"Say Hello to the corporate desktop.  You have an extensive list of
customization choices - we now have *6* pre-approved wallpapers to choose from"

Might fly in corporate environments - academia seems to attract people who
refuse to play nice in such situations (I wonder why.. ;).  As a result,
your best bet is to see if you can find some work-study slave^H^H^H^Htudents
to do the format/install/patch lather/rinse/repeat cycle.....

(Yes, it's a crappy security stance.  No, I don't like it.  Yes, it would
be different if I was in charge. No, they never let me be in charge. ;)

On the other hand...

Hopefully your student information server is a small number of machines,
well-hardened by clued administrators.   If not, expect to see a novel
definition of the phrase "Grade Inflation" ;)

(Yes, they let me be in charge of this sort of stuff (or at least make
recommendations), and yes, it's different ;)
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20030224/35308736/attachment-0007.bin


More information about the unisog mailing list