Universities try different strategies to cope with growing technology problems

Vulnerabilities in Microsoft software, beginning-of-the-year jitters and student apathy have been the main causes of technology troubles around universities in the region this fall.

Kathleen Cummings, Director of University Information Technology (IT) Support Services at Tufts described the recent "Blaster" worm by likening the Windows operating system to a house. "Microsoft built this house, and one of the windows of the second floor wasn't locked."

To combat the worm, Tufts Computing and Communications Services (TCCS) distributed update CDs and put up posters and fliers to inform students in the beginning of the year.

TCCS also set up a Group Policy Project (GPO) to patch Microsoft machines. A GPO is applied at the back end through the Local Area Network (LAN). The GPO restricts anyone on the LAN from traveling to insecure sites. "It's a type of border control," Cummings said. Because students are not connected to the LAN, GPO did not impact students.

The GPO was lifted after 36 hours even though it was not certain that every computer on campus was patched. The Security Advisory believed, however, that adequate security measures had been taken at the time. "You want to be secure, but you don't want to cripple the [University's] business," Cummings said.

Thanks to these measures, no serious damage was done to the Tufts system by the "Blaster" worm.

The worm enters computers through an unlocked port and enables outside users to "own" other people's computers to send spam mail, to get passwords, or simply to know that they could break in.

According to Kevin Davis, Coordinator of Residential Computers at Harvard, dealing with the "Blaster" worm and other similar IT problems is difficult because academic institutions need to keep the system running continuously for research.

Harvard has a policy against sending e-mails to the entire student body, faculty and staff, making it difficult to alert users of problems with the system.

To inform the community of the virus, Harvard's IT department used posters, websites and fliers, while local e-mail lists in dorms were encouraged. Also, a downloadable tool to patch computers was effective, Davis said.

Jim Stone, Director of Consulting Services for IT at Boston University, said the "Blaster" worm caused difficulties "mostly due to Microsoft vulnerabilities." To maintain security in their resident system with 12,000 independent student users, BU's IT department requires students to register their computers once a semester through an online procedure.

This registration process enables the school to scan computers, and infected or vulnerable computers are quarantined in what they call "net jail." Computers in "net jail" are brought to a webpage where users can clean their machines, after which they can register back into the system.

While the registration system has existed for several years, the online scanning is new this year. "It was a reaction to the situation and belief that the effort was going to be very beneficial. We wanted a mechanism generic enough for future use," Stone said.

Tufts' Coral e-mail server had a series of hardware failures that caused interruptions this year, one of which lasted for six hours. Cummings said that hardware and software companies are struggling in the bad economy and in many technology companies, Quality Assurance (QA) areas have suffered to save money.

Cummings said the need to maintain security can also take time and resources away from keeping up with their regular services. "When you are on the other side of the services, you don't realize what's going on in the back of the room. It's literally an attack -- we are trying to fight the war and keep the services running at the same time," Cummings said.

Christine Kittle, Head of the Information Technology Service (ITS) department at Tisch Library, said Internet Explorer vulnerabilities caused a minimal interruption for one day, making some data unavailable to library staff, but not for Tisch's public computers. "I think the campus is handling world-wide problems pretty well in comparison to other Universities," Kittle said.

TCCS is working on projects to improve computing services on campus, such as creating a new web infrastructure, providing more storage space for the faculty and implementing remote desktop management. Due to limited resources, these projects are pushed back when security incidents occur.

Tufts' technology problems this year came during the university's debate over whether to bring back the position of Technology Dean. The Technology Dean "would be someone focusing more on academic technology, it would not impact other areas such as cable TV or the telephone," said Executive Administrative Dean Wayne Bouchard.

Four years ago, all of the schools within the University decided there should a new approach to technology issues on campus. The School of Arts and Sciences spent $5 million at the time for a desktop support equipment replacement plan and classroom support.

He said the task at hand now is to decide on the right approach to provide support for research and teaching on a similar level of support as that for desktops. "We're looking at specific faculty responses now. The academic deans will be coming up with a strategic plan for our technology agenda," Bouchard said.

Having a Technology Dean is just one of the options for the next strategic step. "We're open to finding ways that'll allow us to be the most responsible to the faculty's needs now," Bouchard said. "I think it's fair to say we're achieving significant progress here, but it's still not good enough. It's more of a resource issue than lack of effort," he added.

Cummings, Davis and Stone all said that the IT departments at their universities were particularly busy this year. According to Cummings, the demand for service is always increasing because technology is becoming more and more central in students' lives.

According to Davis, beginnings of academic years are usually trying times for IT departments. He said the changing technological environment and increasing demand for new services forced an adjustment period.

Stone added that, because changes are not always predictable, "you just have to be prepared to react."

No matter how much effort universities may put in to improve the technology situation on campus, the responsibility ultimately falls on the individual, Stone said. "All of this is avoidable -- you can take care of your own machine. Not everybody takes the time. Running antivirus programs and updates would've made a huge difference," he said.

Money should not be an excuse for neglecting individual computer maintenance, Stone said. "At BU, we have site licensing for free antivirus software."

Davis agreed. "Individuals are ultimately responsible for their computer security."