The Calm Before the Calm?

• By Terry Calhoun
• 08/09/07

Journalists have often referred to the "Dog Days of August," meaning a time of the year when the kind of political and national news that makes headlines is less available, and things can seem to be happening slowly. In higher education, August is for many a time to finally get out for a week or two of vacation. In my own office, we have our  peak of activity (with SCUP's annual conference), followed by a wave of time off that stretches through the month.

But in this period of slowdown for us, our students, returning and new, are out there interfacing with the virtual and physical worlds, getting ready to bring all sorts of things back to our campuses. Are we ready? Is this the calm before the storm or the calm before the calm?

Do you remember "Cloner," the first feral computer virus, created by Richard Skrenta in 1982? It didn't even need the Internet or a local area network.

That was an amazing 25 years ago. It was the first virus to get into the "wild," meaning outside the closed network or system within which it was created. Until I researched this story, I didn't know that in the early '70s, when I was working at the Defense Special Research & Planning Group (DSRPG), a division of ARPA, that there had been a "Creeper" virus within the ARPANET system, and then the "Reaper" virus that appeared to have been written to hunt down and destroy "Creeper" virus clones.

We've come a long way in 25 or so years, with the biggest shift happening at the beginning of this new millennium. The intent and the power of various viruses and worms, "malware," changed tremendously. Even as recently as 2002, the virus protection company McAfee was learning of something like 100 new viruses every week. Now they find more than 100 new ones every single day. And our students, those who are juniors this fall at least, have always lived with computers that are susceptible to viruses.

If you work in higher education IT, I know that you remember the beginning of the 2003 school year. That was the year of "Blaster," which came on the heels of major budget cuts and caused tremendous discomfort for IT staffers on nearly every campus. Remember that "Perfect Storm?" Maybe these story synopses will bring back some memories for you:

• At Auburn University, lines of students wrapped around support offices two weeks after the Blaster worm first struck, initially downing the residential network.
• Temple University provided students with free anti-virus software, which--along with 90,000 warning e-mails and 27,00 paper flyers--is probably why only 400 of 35,000 student computers appear to have been infected.
• Duke University was set up to filter out virus-laden e-mail (successfully filtering 2.5 million), and only a handful of machines on campus got infected.
• Harvard University puts incoming e-mail through a virus filter: In its arts and sciences department, 36,000 infected messages were stopped in the first nine hours of the software's implementation.
• Brown University's network registration tool scanned newly connected machines and instructed the owners without needed patches and updates to go get them; that was about half of all students.
• George Mason University cut off all residence hall access to 3,600 students for a while after many students failed to sign statements that they had run anti-virus software and placed patches.
• At Columbia University a system-wide spam filter protected computers from viruses; even so consultants were also busy working in the dorms with student machines on site. Owing to strong rules on computer user rights, however, student computers at Columbia and Barnard were not quarantined from the network.
• At the University of Maryland, returning students going into the network were directed to a website telling them to apply patches for the Blaster worm; those who did not do so within a fixed period of time were kicked off the network.
• At the University of Virginia, about 800 student-owned machines were kicked out of the network by security "bots" and were not allowed back in until obtaining CDs and loading up on protection.
• Oberlin College suffered "near meltdown" Aug. 21 owing to students returning to campus with infected computers: Nine out of 10 Windows machines were infected.
• University of North Texas was cleaning off 16 computers every hour and a half ... and charging students $30 to do it. Students were not permitted to log into the network without first proving they had clean computers.
• Vanderbilt University shut down connections to 1,200 computers after finding out that as many as one-fourth of all student computers were infected. It took days to get service to them all turned back on.
• Salisbury University shut its residential network completely down for a day, this after a two-week period spent cleaning off 500 university computers.
• MIT shut off service to infected computers and blocks traffic to and from suspected machines.
• At the University of Illinois, a team of 30-plus network technicians worked on students' desks to patch and check student computers in the residence halls. Some students faced a week's delay in getting permission to get connected.

Sorry to alarm you, if I did, or if I brought back some bad memories. But the question is, "Are we ready this year?" Now is a good time to ask it. I think the answer is yes. I predict a calm August, September, and October for campus IT staff. We learned the lessons from our perfect storm of 2003. Our students are better prepared, and so are we.