Andrew Fairchild’s computer is infected with so many viruses, worms and malicious programs that it can’t even run a word processor. To Fairchild, his Dell laptop, barely a year old, is all but dead.
When Fairchild turns on his computer, “There’s probably about 150 processes that are going,” the Weinberg sophomore said. “I don’t know what they are. I look in my programs and there all these ad-type programs running. Then there’s this annoying buzzing noise going on. When I turn on the Internet it directs me to this ad site — and I can’t stop the ads.
“I’m pretty lazy, so I haven’t gotten around to (repairing it),” he confessed.
Fairchild said his residential networking consultant slowly is bringing his computer back from the dead. But in the meantime, when Fairchild needs to write a paper or surf the Web, he borrows his friends’ computers.
Although Fairchild’s computer troubles may be extreme — he estimates that his computer has contracted as many as 20 viruses or other malicious programs — he certainly is not the only student at Northwestern agonizing over the plague of computer ailments in recent months.
A New Strategy
“This growth of viruses is not letting up,” said Wendy Woodward, director of Technology Support Services. “It’s definitely happening more. I think that this is the way things are going to be for a long time.”
To fight back, Northwestern University Information Technology recently rolled out a new threat response plan that streamlines NUIT’s response to network threats such as viruses and worms, Woodward said.
“What’s frustrating from the university’s perspective is that these outbreaks are burning university resources,” Woodward said, referring to the series of virus and worm outbreaks this year, from Bugbear in September to a malicious new version of MyDoom that started making news Wednesday. “The more these outbreaks happen, the less resources we have to do other things.”
NUIT began drafting the response plan after the Bugbear outbreak. It was then, Woodward said, that NUIT decided it was time to revamp its defense against threats like worms and viruses, which have become increasingly widespread both on campus and nationwide.
The latest response plan goes into effect when a threat, such as MyDoom, hits the network. Technology support staff — res cons, server administrators and network administrators — act first to notify their colleagues when they detect a threat. Then each staff member assumes a special “response mode” role, which makes the fight more efficient.
Blocking Bugs
The first line of defense is at the “border level,” Woodward said, where e-mails carrying malicious programs are blocked before entering the network and funneling into inboxes.
If malicious e-mails still manage to get through, the community could be notified via e-mail. And in some circumstances, NUIT shuts off students’ Internet ports — such as when Novarg, or MyDoom.B., muscled its way into e-mail boxes in January, confounding students with garbled e-mail messages that appeared to come from familiar addresses.
Hundreds of students who contracted MyDoom had their Internet access severed, Woodward said — a common defense when students acquire a worm that infects computers and uses them as weapons for churning out spam.
“What we’ve found is that by telling students that they are about to be turned off, they have a very high compliance rate,” Woodward said.
McCormick sophomore Purav Jesrani was one of these students: NUIT slammed shut Jesrani’s port after he acquired a mass-mailing worm in an e-mail at the beginning of the quarter.
“It was from people I knew,” Jesrani said. “I even knew about it (being a virus). I just wasn’t thinking.”
The process of cleaning his computer after it was infected was mostly painless, Jesrani said. After NUIT sent him an e-mail explaining the Internet shut-off, Jesrani said completed a series of steps to uproot MyDoom from his computer’s hard drive.
“Overall, it was pretty easy,” he said. “I got it back up and running that same day.”
A Growing Threat
The volume and strength of computer worms and viruses over the past six months has skyrocketed, said Bryson Gordon, a senior manager at computer security firm McAfee Security, based in Santa Clara, Calif. He called MyDoom the “largest, fastest-spreading virus ever.”
Worse, the nature of recent viruses and mass-mailing worms such as MyDoom make college campuses especially vulnerable, Gordon said.
Unlike earlier mass-mailing worms such as Blaster, which hit campuses across the country in the fall, MyDoom uses a “dictionary attack method” to find e-mail addresses to attack, Gordon said. This means that when MyDoom infects a computer, it not only sends itself to the e-mail addresses it finds on a hard drive but also generates e-mail addresses based on domain names of the addresses it finds.
On college campuses, “You have thousands of people on the same domain name, and you have lots of people with contacts on that domain name,” Gordon said, making the potential enormous for a virus to spread.
Staying Safe
Students should be updating their anti-virus definitions at least once a week, Woodward said. They should also regularly check NUIT’s “Get Control” Web site, which is linked to NUIT’s homepage, for the most recent computer threats, she added.
But the best piece of advice, she said, is one she regularly repeats to those who come to her with virus problems.
“Quit opening the attachments, people,” Woodward said. “Don’t click on them, hit delete and they’ll go away.”
One possibility she raised was computer safety seminars for students.
“If people actually went to it, I’m sure that would be a big help,” said McCormick junior Bryan Macrie, who was a res con last year. “I think making people more aware of the problems and aware of the resources that are out there once they get affected by (computer problems) is very important.”
