T alk to most IT folks and they will tell you that managing a network full of Windows boxes is no picnic. With new viruses and worms appearing regularly, and the associated patches and updates to combat them following close behind, the only thing Windows administrators are sure of is that theyill always have something to do.
The insecurity of Windows has become legendary; more schools are putting offerings from Apple in bookstore this year, and students are snapping them up, partially to combat the pain associated with maintaining a Windows PC in a campus environment. Just how much of a problem Windows users on campus face came glaringly to light for new and returning students at the University of Chicago this year, when they were greeted by a note titled "Policy on Windows Networking in the dorms" from the schoolis Networking Services & Information Technologies department. The letter starts off by describing the enormity of the problem facing students and the IT department:
As you may be aware, computers running Microsoft Windows are being broken into at a higher rate with each passing year. This is very much the case on corporate networks, but it can be an even larger problem for university networks, which tend to be more open to attack. The University of Chicagois network is no exception. At Chicago, over 3,200 computers running some version of Microsoft Windows were broken into last year, and we estimate that the 2004-2005 school year will be even worse. Last year the most frequently compromised computers belonged to students in the Universityis housing system, even though the computers in the housing system are a minority of the Microsoft Windows computers on the Universityis network.
Networking Services & Information Technologies (NSIT) has done several things to try to mitigate the damage caused by worms and viruses that target Microsoft Windows, including blocking some traffic at the edge of the campus network. Unfortunately, in a network as large and as open as the Universityis, this does little good. Once a single computer infected with a worm is brought inside the Universityis network, the worm will run unchecked within the campus network. One compromised computer will turn into hundreds within a few hours.
The note then goes on to offer some solutions for Windows using students, part of which is to provide firewall software and requiring its use on all PCs. Further, the letter states:
Starting with the 2004-2005 school year, for both your protection and that of the rest of the campus network, we no longer permit computers running remotely accessible Windows Networking services to use the networks in the housing system.1 Since the University has made this software available at no cost to all students, a firewall which blocks Windows Networking traffic will now be required on all hosts in the housing system This applies to computers running all versions of Microsoft Windows, and some systems running Mac OS X (those explicitly configured to share files with Windows computers).
You can read the full letter to the students at the University of Chicagois Web site.
What the IT guys at the U of C are effectively telling students is that there will be no file sharing in the dorms, which effectively isolates each studentis computer, thus slowing the spread of any digital contagion. (The U of C is blocking ports 135, 137, 139, and 445, which are used by Windows to allow file sharing and other network tasks.)
Apparently, students will still have access to other ports that allow Internet access, which could allow web-based file access. Also, Mac users can still share files between each other since AppleShare uses other ports, and lets you make secure connections through SSH (Secure Shell) ports.
Special thanks to Dan, a student at the University of Chicago, for alerting us to this story.