To second Steven, if your student don't absolutely have to be admins, move =
their rights back to user. Three years ago, when students brought their ow=
n computers to school, but received support from our tech department, we we=
re plagued with spyware problems.
Once we started our tablet program, the students were given only user right=
s and we have absolutely no problems with spyware or viruses. The downside=
is that if software must be installed, we either must install it at the he=
lp desk or we must package it so that it installs itself under the administ=
rator login without the students needing the password. This extra work is =
more than worth it to avoid the problems caused by viruses and spyware. We=
hear almost no complaints from students.
Jessica Sepke
Director of Technology and Information Systems
Saint Mary's School
Raleigh, NC
-----Original Message-----
From: A forum for independent school educators [mailto:ISED-L@LISTSERV.SYR.=
EDU] On Behalf Of Dickenson, Steven
Sent: Monday, November 19, 2007 11:29 AM
To: ISED-L@LISTSERV.SYR.EDU
Subject: Re: Antivirus
The best suggestion I can give you is to truly evaluate the need for
your students to run as local administrators. Any user running as local
administrator on a Windows PC is going to be subject to such problems.
At Key only IT staff run as local administrators, all other users
(students, faculty, staff) run as regular users. Of course, we're a
desktop school which makes it somewhat easier. Laptop schools have far
more complicated issues to think about when it comes to local admin
access to the PC. So, take a close look at your local admin decisions
and make sure they're necessary. You can get just about any application
to run as a normal user with the right file and registry permissions,
which are easily handled with group policy.
Other mitigating factors you can take:
- Switch your browser to Firefox. My bet is that your problem isn't
with viruses so much as it is with spyware. Firefox is far less prone
to spyware than IE.
- Look into a better AV package. If your current AV package doesn't
handle spyware that well, or is even poor at handling viruses, look at
your alternatives. We run Trend at Key and are generally happy with it.
It has good virus filtering and excellent spyware cleanup, but can be
memory hungry. I recently moved my church to NOD32 by ESET, which has
been working well. It has good spyware handling and some of the best AV
detection rates in the industry. It's also very lite on the client
(about 20MB of RAM).
- Move your users to normal "Users", but give them access to a local
"Administrator" account they can use to install devices or software.
This does introduce problems with running software as a normal user, but
with proper planning these can generally be overcome.
- Use the free antispyware tools to "immunize" your PCs. SpywareBlaster
and Spybot S&D both can load block lists into hosts, IE restricted
sites, and ActiveX KillBit registry keys. These can make a big
difference and, unlike Adware, are truly free for schools.
- Consider segregating your student's computers on to a different VLAN,
and used a policy-based router to allow them access only to the
servers/equipment they NEED to have. Alternatively, if you're a Cisco
shop, you may want to look into NAP.
S
---
Steven Dickenson <sdickenson@keyschool.org>
Computer Network Manager
The Key School, Annapolis Maryland
-----Original Message-----
From: A forum for independent school educators
[mailto:ISED-L@LISTSERV.SYR.EDU] On Behalf Of Manns, Brian
Sent: Sunday, November 18, 2007 11:26 AM
To: ISED-L@LISTSERV.SYR.EDU
Subject: Antivirus
We are struggling with students with Local Admin rights who are
constantly getting viruses/malware. I struggle with it mainly as I know
the potential if they get infected with the right virus/malware we will
or could lose sensitive data. We also struggle with it as our Antivirus
product "Norman" does not delete a lot of viruses. Does anyone have any
recommendations on how to control this issue? Some are recommending we
split the administrative from the academic in terms of Network. All
suggestions are greatly appreciated.
Brian Manns
Network Admin
Culver Academies
[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a creative commons,
attribution, non-commercial, share-alike license.
[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a creative commons, attribution, n=
on-commercial, share-alike license.
[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.