A Q&A with Paul Scheib, director of ISD Operations
Can you provide a little background
on the recent virus attacks?
Over the past few weeks weíve been hit by at least three different
viruses that took advantage of security vulnerabilities in Microsoftís
Windows operating systems. A virus is a piece of software code usually
transmitted as an attachment to an e-mail or hidden in something
downloaded from the Internet. When a user executes it (i.e. opens
the attachment), it causes an unexpected and often malicious effect.
A worm is a self-replicating virus that first tries to duplicate
itself and then usually executes a program to create some type of
subsequent effect. For example, the Blaster worm we just experienced
was trying to attack one of Microsoftís sites. In trying to randomly
infect as many other machines as possible, a worm can create enough
network traffic to overwhelm a computer network, which results in
a slow down of all traffic.
What safeguards does the hospital
have in place to prevent such attacks?
We have a number of them, though it is extremely difficult to make
us completely immune from attack. For example, we can detect and
filter e-mail messages that contain specific types of attachments
known to carry viruses before they enter our network. And we have
virus protection software on our Windows machines to detect and
remove viruses should they get into our network. We also proactively
patch ITRAC Windows machines and ISD servers to remove the vulnerabilities
these viruses and worms exploit.
Unfortunately, the more proactive we are in trying to minimize
the risk of getting viruses, the greater the potential inconvenience
to the user. Examples of this include limiting the types of file
attachments that can be e-mailed, or patching systems more frequently,
resulting in a need for more frequent restarts of all PCs.
What has ISD been doing to repair
the system after the attacks?
It has been a significant effort to rid Childrenís of these worms
and viruses, as over 800 PCs have been infected. To "clean" the
computers, the latest Windows patches were installed, antivirus
files were updated and a virus scan was run. Our technicians went
to many of the infected PCs and did this process manually to bring
as many users back up as quickly as possible. We also automated
the process and updated the majority of the institutionís ITRAC
Why has this latest round caused
so many difficulties (both here and elsewhere)?
There are several reasons. First, the attacks are becoming more
frequent, and occur in sooner after a Windows vulnerability is identified,
so there is less time to prepare our systems for possible attack.
Logistically, itís difficult to ensure that all Windows machines
are up to date with patches and antivirus software. Even if a small
percentage of an institutionís systems become infected, the effect
can be felt by the entire organization since these viruses and worms
usually create enormous network loads that eventually affect all
users. Lastly, the impact has continually become greater since we
are all becoming more dependent on computers and networks.
What people can do to safeguard
their computers (both at work and home)?
At work there are a couple of things you can do. First, be tolerant
of some of the inconveniences that may occur as we try to be more
proactive against these threats. If you do not have an ITRAC PC
or have your own server, you need to keep current with patches and
antivirus updates. Be on guard for unusual e-mails and attachments.
In particular, attachments that end with file names that you typically
donít receive, such as .exe. The same practices should safeguard
you at home. If for some reason you suspect your home PC may be
infected, donít connect to the Childrenís network because you can
inadvertently infect systems here at Childrenís.