Re: Virus? - Disable .EXE, .COM, .LNK and group policy.
From: Richard Urban (richardurbanREMOVETHIS_at_hotmail.com)
Date: Wed, 25 May 2005 22:34:17 -0400
There is no need to punish the students as they aren't in most cases
purposely causing the problems. I am more in th business of preventing the
problems from ocurring rather than applying punishment afterward.
You have to enforce good computing habits on the children - by any means.
Kids click on anything at any time, without thinking of the consequences.
One of the worst category of web sites around today are the sites where the
kids download their "ring tones" from. Many of them will infest a computer
by the act of downloading "free" tones. Your kids do have cell phones -
right! Nothing is FREE! If you can't modify the children's behavior you are
in for a rough ride!
Infected computers MUST be banned from connecting to the school network. If
they connect the infection WILL likely spread to the other computers on the
LAN at that time. How you do it is up to you.
Lots of luck in your constant job of reimaging the machines!
-- Regards, Richard Urban aka Crusty (-: Old B@stard :-) If you knew as much as you think you know, You would realize that you don't know what you thought you knew! "Brian Hoyt" <firstname.lastname@example.org> wrote in message news:DC999CC9-797B-416A-AD34-6D1B9CA637B9@microsoft.com... > > > "Malke" wrote: > >> Cause can be any number of malware programs. This is pretty common >> behavior even with av. A lot of stuff comes in through the kids >> clicking on links sent in AIM, as you suspected. As you well know, the >> user has to practice Safe Hex as well as have current av/antispyware >> protection, and these kids just won't do that. Spend some time looking >> in the forums here: >> >> http://aumha.net >> http://www.wilderssecurity.com/ >> http://forums.tomcoyote.org/ >> http://www.bleepingcomputer.com >> >> You'll get a good idea of how broad your question really is and why I >> can't give you a specific answer. >> >> Prevention? Lock down your workstations completely by using a domain and >> Group Policy, Deep Freeze, etc. If this isn't possible - perhaps the >> students own the laptops and you don't have the control over them you >> would need - then you either have to have a Large Stick (financial >> incentive) with the parents or just do what you've been doing - image >> the boxen and charge the parents for your time. Keep the rest of your >> school's networks isolated from the laptops. >> >> I help the tech god at my kid's school and we have a laptop program for >> 7th & 8th graders. Because we are a private school, we can be pretty >> firm about what happens if the kids install cr*p and get a virus. If >> you are a public school, you probably don't have that ability. The >> public elementary schools here basically do nothing for the kids' >> computers - quite a few of my clients have children with laptops in the >> public schools and that is how I know this. >> >> If you want any more information about how we manage our laptop program, >> do post back. >> >> Good luck, >> >> Malke >> -- >> Elephant Boy Computers >> www.elephantboycomputers.com >> "Don't Panic!" >> MS-MVP Windows - Shell/User > > We are a private school with all students 7-12 having laptops/tablets > about > 450. The students own the machines so I can't lock them down as much as > one > would like. The AV/AS are kept up to date automatically. We also do lock > the machines down quite a bit via group policy. I understand prevention > from > a global perspective, trying to nail down this oen issue though. > > There is no need to punish the students as they aren't in most cases > purposely causing the problems. I am more in th business of preventing > the > problems from > ocurring rather than applying punishment afterward. Imaging takes 20 min > and > is more trouble for the students since they are without their laptop in > class > than it is to the tech staff. Isolating the laptops from the rest of the > network really doesn't help anyone either, what is the point of having the > resources if the students can't get to them. > > I was trying to figure exactly what this one was, since it is far more > damaging than any other we have had. It is affecting a very small group > of > students some repeatedly though. I was hoping if I could narrow the cause > I > could help the students to know what not to do. This is a fairly recent > one > and isn't caught by anything I can find. It also seems to have a very > specific method of attack. However it doesn't make sense since it almost > totally disables the system, which wouldn't help in being able to track or > advertise to the user. > > Thanks for the help and the pointers. I will see if I can find similar > symptoms on those sites.