Computerworld - Like just about every other IT department, mine spent the week before April Fools' Day preparing for the onslaught of the Conficker worm.
This bit of malware got a lot of attention in the press, and I decided that it would be best to do everything possible to alleviate its effects, even if that meant overreacting. After all, there was no way to know for sure just what could transpire if our systems were infested with the worm come April 1, the date Conficker was scheduled to "receive new commands" from whoever had devised it and sent it into the world.
At Issue: It appears possible that the Conficker worm could wreak more havoc than usual.
Action Plan: Keep it out of the network to the extent possible, by focusing on updating antivirus software and Microsoft patches.
During the last week of March, I started arranging meetings and gathering data. I decided to focus our efforts on virus signatures and patch management. I figured that if we made sure every machine in our current inventory was up to date with the latest antivirus pattern file and Microsoft security patches, then we would have a good shot at being protected against any Conficker variant.
In analyzing our patch status, I was especially interested in Microsoft Security Bulletin MS08-067, for a vulnerability in the Windows Server service that could allow the Conficker worm to propagate. I had our Windows Server team run a Microsoft Systems Center Configuration Manager report to find out whether all our servers and desktops had the proper patch.
I also contacted Trend Micro, our vendor for desktop and server virus protection, to ensure that it would have the proper signatures to detect Conficker. Trend Micro responded that the then-current pattern file would be sufficient to protect us, so I found it interesting that we received two or three updated pattern files from Trend Micro in the last days of the month, all seeming to focus on Conficker variants.
Finally, I had the team do a last-minute push to ensure the most comprehensive level of compliance.
On March 30, two days prior to Armageddon, we had a 98% compliance rate with antivirus and a 95% compliance rate for the Microsoft patch. We have over 9,000 devices running a Windows operating system, so 2% and 5% noncompliance could be big problems, but I was fairly content.
I've never been able to achieve 100% compliance for a variety of reasons: Some engineering computers can't be patched, a segment of our workforce is highly mobile and doesn't connect to the network on a regular basis, and we have a global footprint and therefore encounter many problems related to time zones.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
