Protecting a university from viruses

With more than 45,000 staff and students, Toronto’s York University faced some unique issues when it implemented and upgraded its antivirus software.

While a similar-sized corporation can dictate what operating systems and platforms its employees use, a university is more of a loosely joined union of educators and researchers. Individual departments choose IT systems based on their particular needs, while students, essentially the university’s employers, can have operating systems suggested to them, but hardly dictated.

York chose Symantec Corp. for two main reasons. First, it needed a solution that would run on Microsoft Corp.’s, Novell Inc.’s and Apple Computer Inc.’s operating systems. And it had to run on older versions of the software as well since administrators could not force their rather autonomous users to upgrade against their will. For example, the present solution needed to run on operating systems as far back as Windows 95.

“Outside of certain admin areas, we have no control over what people do on their desktops,” said Charles Duncan, manager of micro services, which is part of computing and network services (CNS) at the university.

York was also looking for vendor stability. “Our previous antivirus vendor went out of business,” Duncan said. Their ultimate choice had “to be there for the long run.”

Today the university is in the process of upgrading its antivirus solution from Symantec Anti Virus (SAV) 7.61 to SAV 8.0. There are 30 servers that will be upgraded by Duncan and his team. Seventy additional servers will be upgraded by independent departmental IT teams if they choose to do so. Upgrading to SAV 8.0 is not compulsory.

Once a server is upgraded an alert is sent out to those machines that connect to it. If the SAV is in a managed state, the upgrade is automatic. Those computers that are unmanaged (often personal machines) have to be upgraded manually.

“Pretty well all the updates occur off hours so the users don’t even know it,” Duncan said. To go from 7.61 to 8.0 there is just one executable file to run. “It doesn’t even require a reboot.”

Please phone home

To keep up to date, each of the 30-plus servers being upgraded by Duncan’s team (this is also true of many other university servers, whether or not they have been upgraded to SAV 8.0) contacts York’s central Norton Antivirus server which in turn contacts Symantec daily to get the most recent antivirus signature files and then pushes them back to the servers.

A tool Duncan particularly likes is the System Center Console, which allows administrators to monitor all the systems using a managed SAV solution.

“[It] is basically your eyes,” he said.

The main reason to go with the upgrade (students, ever on the techno-cutting edge have been asking about the upgrade since last fall and have been able to upgrade their own machines since Feb. 15) is its support for Novell’s NetWare 6, Duncan said. “We are pushing toward NetWare 6 across the board.”

For example, York’s main student lab, with 32,000 accounts and some 400 workstations logging into a central server, is running on NetWare 6. For obvious reasons, this was one of the SAV 8.0 priority upgrades.

“I would say from the install process…we really haven’t had any support issues. [It] has been going very smoothly,” he said. He and his team ran system tests in December and began the upgrade in the new year.

Though Duncan hopes to have all of the upgrades under his control done by the end of March, each individual technology support group (many faculties and departments have their own) looks after the update of its own servers themselves, he said. For example, the faculty of arts has its own servers, which it manages. It can call Duncan for help but he can’t force the faculty to upgrade.

It is partly for this reason that Duncan cannot predict when the entire university will be using SAV 8.0.

Even with hundreds of disparate departments, users and systems, the York solution works. “There have been no virus breakouts,” Duncan said. In fact, the only area hit recently was a research unit that was doing its own support and had no antivirus software on its machines, he said.

He also remembers a problem about four years ago with several workstations that had not been upgraded, when the System Center Console was a lifesaver, he said.

“You could just log on to that and you would see right away which workstations had recently talked to the server and which ones hadn’t. So [we] knew where the potential problems were.”

Also helping in the antivirus war is the fact the university’s 150,000-plus daily e-mails are scanned as they move through the network, making sure that at least that vector for dessimination is centrally controlled.