Minutes of Smathers
Middle Manager's Meeting
September 4, 2003
Present: Denise Bennett, Rich Bennett, Denise Bogart-Caballero, Robena Cornwell, Trudi DiTrolio, Lori Driscoll, Carol Drum, Leilani Freund, David Fuller, Iona Malunchuk, Tom Minton, Cathy Mook, Richard Phillips, Colleen Seale, Betsy Simpson, Jan Swanbeck, Carol Turner, Carl Van NessVOIP
- No VOIP in East at the moment. May institute massive cell deployment to free up phones.
- Dale relayed her phone call from Chuck Frasier (Senior Vice Provost) inquiring why our corrupt machines had not yet been updated.
- Net Services is scanning, listing and knocking off the network any workstations that are not updated. For the Library, in order to cut off a workstation, it would mean cutting off the building. This is not acceptable.
- MS put the update out on July 16th. We had a liaison meeting on August 4th – two weeks later there were dozens of machines that had still not been patched.
- It is not acceptable to wait for student helpers to do the job. We have to get serious about this. Get word out to the liaisons that if they need help, ask.
- Public updates are usually difficult. We may want to think over the number of public workstations we make available.
- Microsoft came out with four critical updates today. They have been averaging over one per week.
- Info Swamp II – will increase our vulnerabilities and work to update.
- MS updates today have to do with the Office Suite.
- In summary, we can’t tolerate the “leave it until later” attitude with updates. We need to think about how much work we are giving ourselves when we make the computer lab commitment. We may have to invest the necessary cash and FTE. We may need to take machines off the network until they are updated. It’s simple stuff; malware is getting worse. Four of the last five viruses came from the same source. One guy manipulated the SoBig worm – he modified the original - no breakthrough.
- SPAM – putting out viruses that can relay it. At home – get the latest virus updates; scan your machine weekly, keep it up to date and active at all times.
- CIRCA – what do they do to keep their labs updated? They only allow GatorLink access, so they know everyone coming in. We have to serve the public, so identification does not help us. CIRCA probably updates on a regular basis. They buy all of their equipment in a clump and can perform all the updates in the same fashion. If we could hold off and buy our computers in batches – but we continually update the old ones. There is nothing we can do to solve the virus situation – no technological breakthrough.
- Web browsers – MS 6.1 is the last – no new browser will be made available unless you buy a new operating system. We may have to upgrade.
- Why did the patches not stick on public machines? In some cases, liaisons tried short cuts to work around. You have to do all of the steps – if you don’t make the low-level changes, the next group of updates will not go in. If you reformat and install from the ground up, all of the updates will take. Sometimes the patch itself is flawed, but the threat overrides – we can’t afford the risk.
- Blaster – 2 weeks notice before the exploit was posted. Twenty seconds after machines are turned on - they can be infected. It is very labor intensive to prevent this from spreading.
- Net Services is starting at the top level and working down when reporting on vulnerable machines. Hence the call to Dale.
- Departmental laptops also have to be kept updated. Even if you have ones that no one uses, they need to be kept up-to-date.
- Liaisons should update them at the time of check out.
- Systems checkout laptops – we’ll need at least 6 hours notice to verify updates and virus scans before releasing them. No more reserving 15 minutes prior to check out. Systems is a bit behind on routine matters due to the latest plague, but orders are starting to move again.
Back to the Systems Homepage
Last updated September 12, 2003
by Debra Fetzer