• United States

Why users add to the worm/viruses headache

Sep 11, 20033 mins
Enterprise ApplicationsSecurity

* Patching is one thing, educating users is another

Whenever the talk turns to worms and viruses, such as the recent Sobig outbreak coupled with the Blaster problem, those who run NetWare exclusively tend to feel superior to our colleagues running Windows-based networks. While NetWare is a superior network operating system, only the really foolish would overlook the problems that something like the Sobig virus could cause – even if there are no Windows servers on your network.

That’s right, even those without Windows Servers, without Exchange Servers even without Outlook clients can be in trouble. Yes, I mean you – the ones who think that running GroupWise makes them immune from e-mail viruses.

While it’s true that, by default, GroupWise doesn’t automatically open (and run) e-mail attachments, it’s also true that current versions of Outlook act the same way. You see, there’s one thing both systems do have in common – users.

Network World Fusion’s Adam Gaffin wrote (“Why some people shouldn’t be allowed near computers” recently about a network manager who happened to be in a room where he could hear a user saying, “I keep trying to open it but nothing happens.” When he looked, he found the user kept ignoring the anti-virus warnings on the screen and kept trying to open a Sobig infected attachment to an e-mail. The following conversation ensued.

Network manager: “Why did you open an attachment from someone you don’t know?”

User: “It might have been from a friend! They might have made up a new e-mail address and didn’t tell me!”

Needless to say, the network manager then spent hours cleaning up the infection. This could happen with any of your GroupWise users on a NetWare only network just as easily.

The real lesson to be learned here is that nothing beats user education as a way of ensuring smooth operation of a network. No matter how many services, appliances and automated systems you install what the Old Programmer said is still true: “Software engineering today is a race between programmers striving to build bigger and better idiot-proof programs, and the Universe striving to build bigger and better idiots. So far, the Universe is winning.”

That’s not nice to say, but the concept is true. No matter how hard you try to keep users from inadvertently causing harm, they’ll always find some way around the locks, the fences and the sandbox. It’s simply human nature. You need to take the time to explain what they need to do, why they need to do it and the potential consequences when they ignore you.

Now if anyone knows a failsafe way to ensure that users retain that information, my mailbox is open.