OIT considers new anti-worm plans

After a summer plagued by the spread of numerous computer viruses across the University network, OIT is looking into taking new measures to protect campus machines, which may include the automated installation of security patches to each of the thousands of computers on the network.

The plan would eliminate the need for individual users to visit Microsoft's website to download new patches as security flaws in the Windows operating system are discovered.

As of yesterday afternoon — a day after Wednesday's email from OIT asking the University community to install the latest Windows patch — roughly half of students had updated their computers, The Daily Princetonian determined.

The request came as the University was still recovering from the Stealther, Blaster and Welchia worms. OIT continually removed infected computers from the network as the worms spread, disconnecting hundreds of students until they called OIT to verify they patched their computers.

Within hours of learning of the latest vulnerability, OIT personnel had tested Microsoft's patch on a variety of machines and, deeming it safe and effective, notified the University community to download it.

Typically a lag time of about a week separates the discovery of a "hole" and the spread of a worm through it, said University IT security officer Anthony Scaturro, but this flaw is particularly worrisome because it is so similar to the one exploited by the recent worms.

"There was potentially as much of an opening as the first one," Scaturro said, "and since they'd just be variations of prior worms, we think the turnaround time would be a lot quicker."

Concerned about how worms will affect the University in the future, OIT is considering a plan that would require all networked Windows computers to automatically update themselves as patches are made available.

"Getting an automated approach to patching that's effective will go a long way," Scaturro said.

Though the program, known as Microsoft Software Update Service, is still in its trial phase, early signs are promising, and Scaturro expects it will be implemented in the next two weeks.

Scaturro was not sure whether users would have a choice in accepting new patches. He said that though he would like to allow for as much individual freedom as possible, the updates would likely be mandatory unless a virus did not place other computers on the network at risk.

"My role is to ensure that no one pays for someone else's risky behavior," Scaturro said.

Get the best of the ‘Prince’ delivered straight to your inbox. Subscribe now »

Though the system would be automated, OIT would test the patches before they end up on campus computers.

"Sometimes patches have a negative effect and are called back," Scaturro explained. "If we have it, we can try it on selected systems and check them off as being acceptable."

As a second line of defense, OIT is looking into placing a computer on the perimeter — or "front door" — of the University's network to screen incoming traffic. The computer would be trained to scan for specific worm behavior or "signatures," and could block or quarantine suspicious activity.

The procedure, known as intrusion prevention, requires some level of understanding of the worm's function, however, making it impossible to activate immediately.

Scaturro emphasized that, as with the battle against the earlier trio of worms, protecting against future computer problems requires diligence on the part of every user on campus.

"This is really a team effort across the University," he said. "I believe that the key to having a secure campus is based far more upon community awareness, knowledge and cooperation than technical tools and dictates."