[ back ]
09.05.03

Keeping ahead of viruses

A Q&A with Paul Scheib, director of ISD Operations

Can you provide a little background on the recent virus attacks?
Over the past few weeks we’ve been hit by at least three different viruses that took advantage of security vulnerabilities in Microsoft’s Windows operating systems. A virus is a piece of software code usually transmitted as an attachment to an e-mail or hidden in something downloaded from the Internet. When a user executes it (i.e. opens the attachment), it causes an unexpected and often malicious effect. A worm is a self-replicating virus that first tries to duplicate itself and then usually executes a program to create some type of subsequent effect. For example, the Blaster worm we just experienced was trying to attack one of Microsoft’s sites. In trying to randomly infect as many other machines as possible, a worm can create enough network traffic to overwhelm a computer network, which results in a slow down of all traffic.

What safeguards does the hospital have in place to prevent such attacks?
We have a number of them, though it is extremely difficult to make us completely immune from attack. For example, we can detect and filter e-mail messages that contain specific types of attachments known to carry viruses before they enter our network. And we have virus protection software on our Windows machines to detect and remove viruses should they get into our network. We also proactively patch ITRAC Windows machines and ISD servers to remove the vulnerabilities these viruses and worms exploit.

Unfortunately, the more proactive we are in trying to minimize the risk of getting viruses, the greater the potential inconvenience to the user. Examples of this include limiting the types of file attachments that can be e-mailed, or patching systems more frequently, resulting in a need for more frequent restarts of all PCs.

What has ISD been doing to repair the system after the attacks?
It has been a significant effort to rid Children’s of these worms and viruses, as over 800 PCs have been infected. To "clean" the computers, the latest Windows patches were installed, antivirus files were updated and a virus scan was run. Our technicians went to many of the infected PCs and did this process manually to bring as many users back up as quickly as possible. We also automated the process and updated the majority of the institution’s ITRAC PCs remotely.

Why has this latest round caused so many difficulties (both here and elsewhere)?
There are several reasons. First, the attacks are becoming more frequent, and occur in sooner after a Windows vulnerability is identified, so there is less time to prepare our systems for possible attack. Logistically, it’s difficult to ensure that all Windows machines are up to date with patches and antivirus software. Even if a small percentage of an institution’s systems become infected, the effect can be felt by the entire organization since these viruses and worms usually create enormous network loads that eventually affect all users. Lastly, the impact has continually become greater since we are all becoming more dependent on computers and networks.

What people can do to safeguard their computers (both at work and home)?
At work there are a couple of things you can do. First, be tolerant of some of the inconveniences that may occur as we try to be more proactive against these threats. If you do not have an ITRAC PC or have your own server, you need to keep current with patches and antivirus updates. Be on guard for unusual e-mails and attachments. In particular, attachments that end with file names that you typically don’t receive, such as .exe. The same practices should safeguard you at home. If for some reason you suspect your home PC may be infected, don’t connect to the Children’s network because you can inadvertently infect systems here at Children’s.