Managing Malware in Higher Education: Why Colby–Sawyer College Switched to NOD32
Managing Malware in Higher Education: Why Colby–Sawyer College switched to NOD32
Complete Transcript of Interview on Let’s Talk Computers September 23rd 2006
Alan: We all know that corporations must protect themselves from all kinds of unknown threats, but what about educational institutions? What kind of unique challenges do they fight? Our guest today, is Scott Brown, Information Security Analyst from Colby-Sawyer College in New Hampshire. Welcome to Let’s Talk Computers, Scott.
Scott: Thanks, Alan.
Alan: When it comes Internet threats, colleges and universities face challenges that corporations can’t even begin to understand. What are some of those challenges that you face?
Scott: I was at a Gartner Conference a while back. Most everybody there was from a corporate environment and I stood up and I said, “If you can imagine that your institution has 750 computers and in a 24-hour period another 1000 can enter your network, loaded with Viruses and they are unprotected.” And the whole room went silent. These corporate guys just couldn’t even fathom, how you deal with that.
Because in their world, they deploy a computer that’s protected from the get-go and they control what gets installed on that computer and they’ve locked that computer down that is very hard for any sort of viruses or any other malware to exist on that computer.
In our environment, even our own computers a lot of the faculty and staff, are local admins on their computer, (which is a great way to get yourself infected). And then we have the thousand student computers – and they are not ours to manage. We kind of set some guidelines to get on our network, but they own the computer. They have the final say on what goes on with it.
Alan: In a corporation, any time you add a new computer to a network, it’s usually going to be a clean computer, because an admin has already set it up. But on a college or university system, you have no idea what’s on that computer. That computer can already have a virus on it, before it even attaches itself to the campus.
Scott: We’ve seen sections that numbered in the thousands. We’ve seen up to 600 processes, running on a single computer. So, we built the added challenge of not just getting an anti-virus that does the job, but getting one that will install in that kind of hostile environment. Most anti-viruses are designed to go onto a “clean” system and then keep that machine protected.
Alan: Pus the fact that you have no control over what they’re going to be downloading, what websites they’re going to be going to and are they going to be putting software onto their computers? Because usually in a corporation, they usually limit what you can do as far as installations.
Scott: That another thing we looked at when we chose our current anti-virus solution. We wanted to find a product that work well with all other products, because we simply don’t know what each student is going to have on their machine.
Alan: In the past, we had to protect you from viruses. A virus is just small part of what you need to protect from, isn’t it?
Scott: Most of what we see and most of what we spend our time and energy on is dealing with spyware related things, like browser hijackers and ip stack hijackers and trojans. Roughly 76% of all the threats detected so far this year are spyware, bots and down loaders and viruses are less than 10%, probably closer than 5% of the threats that are currently being detected.
Alan: I know you have libraries that have computers in it; and I know you have labs. I know that classrooms have computers. Are you wireless, also?
Scott: We’ve got about 1,000 students. We have about 300 employees, 750 college-owned computers. (Somewhere around 1,600 or 1,700 computers) This is our first year of going wireless, which we have implemented a totally 802.1x, specifically 802.11i, wireless environment and we’re actually just gearing up to do it on the wired, as well.
Alan: If you get a virus, it gets loose on campus, and it can shut everything down. And the students depend on these computers, don’t they?
Scott: Our college is set up so that all students have personal drives, where they access all their files, their papers that they are currently working on. We have learning systems like Black Board, not to mention, just the Internet, in general. We have e-mail and then we have where students can check their grades. We’re an incredibly technology based college and we rely on it very heavily.
Alan: About 2 years ago, you said, “enough is enough”. You got rid of your old anti-virus, anti-threat company. What was giving you problems back then? What made you change?
Scott: For starters, we actually got devastated by a virus , just prior to my position’s being created. My first six months’ here I really didn’t do much of anything, other than trying to get our current virus solution working and updating correctly and doing its job. And after six months, I just plumped down one day and I felt defeated. It wasn’t doing the job. I would say we got less than 50% of the student computers of our old solution to even install.
So, it was really a number of different things. On top of that, every Zero day, a threat that was coming out, was getting by our current solution. Every week, it was a new challenge and new infection. So, I just thought, “Life can’t be this difficult. There’s got to be a better way”.
Alan: Scott, when you changed from your existing anti-virus company to NOD32, what were the main criteria you were looking for?
Scott: As I would love to take the credit for it, it was really our Director, Bill Bitzer. I never even considered looking at another product because everybody uses one of the top #2 in the Industry and being in a new position, we were already making a bunch of security changes. It was kind of rocking the boat, if you will. And I came into our Director’s office and said, “The product, I just don’t believe it’s doing the job.” His response amazed me, but it was, “Find something better.”
We did some testing on detection and NOD32 was just leaps and bounds against everybody else. And I started to do some homework and I realized that they’ve won more VB100 awards since 1998 than any other company. And they’re probably the most highly decorated anti-virus company in the world. So we got a quote from the folks and they were actually priced more competitively than the product we were using. It was getting to be very clear that this was going to be the solution for us.
One of the neat things with NOD32 is you can actually copy their on-demand on to a CD and take it on the road for you and we were finding computers that had our current solution up to date with virus definitions, who we found 384 viruses on it. We scanned it with the NOD32 CD, gave it a reboot. The computer’s been fine every since. By the time we actually got around to switching to NOD32, we had already had a taste of it to know that this is the product for us. This thing is incredible!
Alan: Do you find it reassuring that you’re dealing with a company that the only product they have is Anti-Threat software, instead of a company where these anti-threat software is just one of the many products that they produce?
Scott: Yes, without a doubt. One of the things that we’ve done here at Colby-Sawyer, is we have purposely gotten rid of all these gigantic vendors and gone with smaller companies, like ESET. And we’ve found that you get much better support and you get a much better product and I think things are happening, vs., bigger companies tend not to because it takes 3 or 4 board meetings to arrive at the same thing, because a smaller company can just get the job done.
Alan: Scott, what really stood out to you when you started working with the ESET Support Staff?
Scott: One of the problems that we had with our old anti-virus company was that you would call in and you’d wait in the queue and I think we had a Silver or Gold Plan or whatever, which we spent extra for. And we’d wait on hold, not only to talk to a technician that really didn’t know much about the product.
With NOD32, you call the folks over at ESET. There is hardly ever a wait and they know what they’re talking about. Even when we first started using the program, we just didn’t have the issues that we’d ever really need to call them with. With our previous product, we would call in at least weekly.
Alan: With your previous anti-virus, you had to depend more on “virus definitions” and if they didn’t get pushed out to you immediately, you could be vulnerable. And I know, with NOD32, with “heuristics”, you don’t have to worry about that problem, do you?
Scott: We’re guessing, we’re getting about 90% of new viruses with heuristics, alone. Heuristics are something that is looking for virus-like behavior or virus-like activity. When the definitions get released, they’re actually looking for a specific virus. Our old product would only release the definitions once a week, which I just found to be unacceptable. NOD32 has days where they will release 3 or 4 different definitions.
The other problem we had is that, that one day a week, and I believe it was Wednesday, when they got released, half the campus wouldn’t update, for no apparent reason. So, we would go out and we’d try to figure out why they weren’t updating and so every week we were kind of back in this vicious cycle.
Alan: I’m hearing from a lot of students and one of the biggest complaints they have about any kind of anti-threat software is that “If it gets in the way, I’m going to turn it off, because it’s not my problem.”
Scott: It’s true. When we first launched, NOD32, we did not launch it in Silent Mode. And when the first few students got it, they were calling in and they said, “Get this thing off my machine.” I said, “What’s the matter?” And they said, “The thing just pops up all the time. It’s driving me crazy!” And I said, “When you say, ‘pop up’, what it’s saying?” And she said, “I don’t know, it’s a red screen that says something about a ‘Trojan’”. We kind of laughed at it, but we saw that machine, and it was just going insane.
Subsequently, we’ve put all the machines into silent mode, so it just takes care of the problem behind the scenes and the user doesn’t have to be bothered with it.
Alan: Especially being on a campus, you’re going to have viruses. I mean, there’s no if and’s and butts.
Scott: That is true. Most people don’t understand that if your anti-virus program is detecting the virus, everything is doing its job. Getting exposed to them is part of being on the Internet. The silent mode, for us, is a great feature. Plus the fact, that NOD32 has such a wide range of detection. They do everything from Phishing expeditions to Spyware, Adware, Trojans, Root Kits. People have seen a lot more alerts with NOD32 than we did with our previous anti-virus. The nice thing about NOD32 is it is highly configurable. I mean there are options upon options. At first glance, when I first looked at I got a little overwhelmed with the choices. But the bottom line is, if you just use it right out of the box, the way it is with the stock configuration, it does a wonderful job.
Alan: Well, how important was it for you to be able to do administration from one centralized location? And what did you think about the NOD32 Admin Console?
Scott: Their Administration Console is hands-down, the best I’ve ever seen. And we evaluated, I think 12 different companies. Their Console, to me, is everything that the other Console should have been. They have beautiful charts and graphs and all that good stuff which kind of eye-pleasing and fun to look at, but they give you the statistics to help you determine what’s going on and they give you real-time reporting.
Mine is set up so that a half an hour before I come into work every morning, it gives me an e-mail that’s a heartbeat on what’s going on, on the campus. And in those reports that even include the .csv files that you can import it right into Excel, or a database, should you want to manipulate the data any further.
Alan: So, this is something that you can actually make a report and send it to the President of the college, and say, “Hey, look, this is what’s going on?”
Scott: The nice thing about it is that most of their reports are in two sections. The eye-pleasing graphs that the laymen will understand and then below it is all the data and numbers that I need to understand. So it’s very impressive to show that to somebody in an administration or a non-technical job.
Alan: How did you feel when you changed over to NOD32? Knowing that this wasn’t one of the well-known virus companies that you see advertised everywhere?
Scott: That’s a concern, because if for whatever reason, it didn’t work out, I would certainly be held accountable. If I just went from the Industry Standard, what were you thinking? It was encouraging, during my research to find out that these guys have won all these awards and have such an impeccable track record. It’s very reassuring and then in our initial testing, we had such a success for it.
And we’ve had the product now for –it’s almost two years now. It has been everything we thought it could be and more. We’ve really been happy with it. Our network has calmed down as a result. There was a time when our intrusion protection company referred to our network as The Wild, Wild West!
Alan: Well, what would you do if say, one of these Virus companies came to you and said, “I can give you the same solution for half the price - all I need you to do is switch over”?
Scott: I hear that all the time. And every one is so concerned about price, and granted things have to fit into your budget. To me, that is something that something that shouldn’t even be an issue. If the product doesn’t do the job, who cares what it costs? If they were giving square tires, I probably wouldn’t go get any. The same goes here.
The bottom line is, if NOD32 were half again more, we would still buy it. I can’t imagine us ever going back to the way things were before, for any price!
Alan: Scott, if you had one piece of advice for other colleges and universities, what would it be?
Scott: My one piece of advice is, “don’t just do whatever everyone else is doing. Don’t just go with the industry leader, because you think it’s safe and you think that nobody could ever question if you went with the industry standard.” I’m not going to tell you to buy a particular product, but I’m going to tell you to do the testing and I think you’ll find that if you really do some good testing, put a product like NOD32 through its paces, that the choice will be very, very clear. Definitely, think outside the box. It’ll open your mind up to the fact that “There may be a better way to do this. That life doesn’t have to be this difficult.”
Alan: Scott, it’s been our pleasure to have you as our guest here on Let’s Talk Computers, talking about how to protect colleges and universities from all these “nasties” that are coming down the Internet. And we hope to have you back on the air, real soon.
Scott: Well, thanks for having me, Alan.
Edited and corrected. Original article.