Hate… ITS… So… Much

I won’t even start on the rant that I don’t need a virus scanner because I have a Mac. They don’t require any virus scanning for Linux, and the vulnerabilities in OS X and Linux are roughly equivalent.

First of all, the method used by Campus Manager to detect your computer and allow it/quarantine it from the network requires that the OS X firewall be off. It took me over an hour of trying to make netreg happy before I realized that that was the problem. That’s just great! Let’s make the campus more secure by preventing people from taking their own security measures! Hopefully, this will be fixed at some point, but for now it sounds like I’ll just need to run without the firewall.

On top of that, when I installed Virex 7.5, it installed with read-only permissions and not belonging to me. So not cool, and in my opinion, a complete violation of my control over the data on my own computer. I have also been unable to prevent Virex from automatically starting all of its scan daemons at startup, although I can manually turn each of them off by using sudo and the /usr/local/vscanx/VShieldStatus utility. I’ll probably write a little script to run at login that will kill all of them as soon as Virex starts them.

I’m tempted to uninstall Virex just to see if I get quarantined; I don’t know of anyway that they can see (a) what processes I have running, or (b) what I do/do not have on my hard drive, unless one of the Virex daemon’s only job is to regularly tell Campus Manager that it is installed. If the latter is the case, that is yet another unacceptable reallocation of my system’s resources.

I fully realize that the security of the campus network requires extreme measures, especially given all of the problems last year. There’s a simple policy solution to both: don’t use Windows, and don’t use P2P software. I fully realize that the former is unfeasible, since the vast majority of students are getting cheap PCs and wouldn’t be comfortable (and, in fact, might be a greater security threat) running Linux on their personal machine. The latter, which is at least half the problem as a source of infected files, spyware, and heavy network traffic, would be easy to discourage or even prevent.

Here’s hoping that M. Dumic (no… that’s too obvious… let’s call him Mark D.) and his associates pull their collective head out of their collective ass. I know that there are a lot of smart people who work over at ITS, but it sure seems like they’re inexplicably producing some phenomenally stupid ideas.

16 comments on “Hate… ITS… So… Much
  1. metaplasmus says:

    And to think I was so complacent last year, as I’m sure so many of us were, about having a Mac and thus not having to deal with silly security issues. This is idiocy above and beyond anything I’d expected. I mean, most of the OS X exploits that make any sort of headlines these days aren’t exactly viruses. Egad.

    Regarding Virex, have you checked in /Library/StartupItems for a startup script? That’d be the easiest way to get rid of it, or at least prevent it from launching specific daemons.

    Regarding the firewall, have you tried re-enabling it now that you’ve netregged? If it still doesn’t work, a moderately angry email to ITS, or continued persistent emailing, might do the trick.

  2. sikonawt says:

    ITS is utterly incompetent. While their requirements are annoying (especially for mac users), they majorly screwed the pooch with windows users. Why? Because the virus scan installer that they provide (both online and on the discs) is NON FUNCTIONAL. The executable does not install the virus scan and if you try to do it manually you get dll errors out the wazoo. Of course, I already had virus scan installed, but for some reason my comp got quarantined anyway. I tried reinstalling, and it didn’t work. So I figured that due to the unorthodox install method, I might need to uninstall my previous version. Of course, that didn’t help at all and now I have no virus scan. However, I rescanned my comp anyway and it unquarantined me after a few tries!

    Y’know, for a school with such a bright student population, ITS sure treats us like idiots. Too bad they can’t be bothered to TEST their strategies before the school year =P

  3. Nicolas Ward says:

    Didn’t think to look in StartupItems, because the starter was running as my user but wasn’t listed under the Startup Items tab in the Accounts pane. I will strongly consider uninstalling Virex soon.

    I know that turning my firewall back on won’t work, because Campus Manager scans you every time you renew your DHCP lease. For example, when I wake Chronos from sleep.

    The moderately angry e-mail has already been sent. The whiny persistent e-mails will probably start tomorrow.

  4. blaketh says:

    ps ax |grep irex
    sudo kill …

    Watch yourself enter quarantine. Joy.
    Note that the Virex scanner’s background scans can be easily disabled, leaving its sole purpose to report its continued existence to Campus Manager. Joy.

  5. tamias says:

    I’ve been twitching like mad remotely watching this whole thing. I agree that ITS has some smart people who come up with thoroughly bizarre methods of doing their jobs.

    I also just can’t believe that they didn’t bother testing _any_ of this–and I suspect that, if you’re getting the same emails I am, you’re as amazed as I.

  6. Nicolas Ward says:

    I unchecked all of the background scanning options in the Virex preferences, but that didn’t seem to do it. Virex definitely runs a process that constantly reports that it’s installed? That is ricockulous.

  7. sildra says:

    All that stuff you describe? They were doing it to Windows users last spring. And I run Windows 98, which, first of all, none of the major viruses last year threatened, and second of all, the anti-virus program they had us install didn’t work for (I had to take my laptop to Beardsley to get it unquarantined, even though I did, in fact, have the virus software installed). When I graduated, uninstalled McAffey, and installed Norton instead, it was amazing how much faster my computer ran now that it didn’t have to constantly send messages to ITS anymore.

  8. Nicolas Ward says:

    I believe the current version of Campus Manager is now capable of distinguishing between different versions of Windows. The software is still under active development here on Swat’s production servers, so all bets are off.

    We both have valid complaints: the policy is too broad, in that it is being imposed on users whose computers cannot threaten the network in the same way that unsecured versions of Windows can.

  9. irilyth says:

    This really seems like the wildly wrong approach to me, at a basic philosophical level: What they should really be focusing on is containment rather than prevention. Why do they care in the first place if my computer has a virus? Especially if their first response to any malicious activity is that they shut off my port / turn off my account / whatever, and leave me a voice mail asking me to stop by for a chat. People who are clueless come downtown and leave with shiny virus/firewall software, and people who can take care of themselves get left alone. Treating everyone like idiots just makes everyone into idiots.

  10. Disable firewall.
    Turn on some kind of filesharing in the control panel. The first one (afp) is a good choice. This opens up the ports you need.
    Ignore Virex.

    Basically, your issue isn’t that Virex is required. It’s that you need some open ports for it to scan. The firewall being off isn’t enough because your OS is designed not to open any connections unless there’s a reason to regardless.

  11. tamias says:

    How hard would it be to get a tcpdump of the network traffic being produced by your machine, isolate the Virex messages, and write a shell script to send them periodically to ITS?

    I imagine there might be a market for this sort of thing, even though it’s probably a violation of TOS for ITS.

  12. rose_garden says:

    users whose computers cannot threaten the network in the same way that unsecured versions of Windows can.

    I don’t really know much about the minds of virus writers, but it seems like there might be some satisfaction to be gained from writing a virus for Macs.

    In the meantime, I’ll continue running Software Update and installing Security Updates, as well as running the ITSware.

  13. Nicolas Ward says:

    So basically they’re trying to increase security by having me reduce and/or remove my own security measures? Whaaa?????

  14. Basically they’re afraid that you’re a firewalled SP2 box, which is rather insecure altogether but looks like a dead brick. So anything that looks like a dead brick (which is usually the secure stuff) has to be tweaked to be visible. Ports 8083 and 8084 are the ones we use for the policy agent, I think.

    As far as I can tell, personal filesharing is just some sort of AppleTalk-y thing, so it’s not a security hazard.

Nurd Up!