[unisog] zotob and returning students, what are you going to do?

Matt Ashfield mda at unb.ca
Thu Aug 18 18:12:55 GMT 2005

Hey All

Well, with this new worm out, and students returning in the next couple of
weeks, we're starting to wonder what impact this is going to have on our
network when thousands of student home computers show up on campus and
connect to our network. Most of these are uneducated users who are running a
mélange of outdated and unpatched versions of Windows.

<insert Blaster Worm flashbacks here>

We have a system in place to scan for and apply windows updates as well as
do some other scans (spyware and virus) before a user is fully connected to
the network. But we have noticed a serious flaw. With some versions of
Zotob, it prevents you from properly applying Microsoft patches. You could
scan for and remove zotob, THEN apply the patches, but in that short period
of time between the scan and the patching, will users (we're thinking
Residence users here mainly) get infected so quick (more blaster
flashbacks...) that they won't be able to apply the necessary patches in
time and run into more problems?

I guess I’m just floating this out here for discussion and am wondering what
others are doing. We block 445 at the perimeter, but once students are in
Residence, they pretty much do what they want within that network.

Matt Ashfield
Network Analyst
Integrated Technology Services
University of New Brunswick
(506) 447-3033
mda at unb.ca 

More information about the unisog mailing list