Virus vigilance in Fermilab computing

While Fermilab’s Computing Sector does not enforce a zero-tolerance policy on computer security incidents, it does take aggressive measures if a virus infects your computer.

Fermilab’s mission to advance particle physics research relies heavily on the secure operation of the lab’s computing resources. In order to enable this mission and ensure that scientific work proceeds smoothly, we do not have zero-tolerance policy on computing security incidents. Restricting computing activities to a level such that we would never have a security incident would prevent the communication and interaction that our science requires.

But this means that when we detect a potential incident, it is critical that we respond rapidly and effectively to make sure that the incident is contained and any damage is localized. There are sets of specific procedures to be followed for different types of incidents. These are designed to provide this containment and damage limitation.

One example that is often visible to users is the case of virus detection. We do not inspect machines at the entrances to the lab, but we do scan systems when they appear on our network. Baseline configurations for Windows, OSX and Linux systems require running regular virus scans using up-to-date virus signatures and reporting the results to the lab’s central virus scanning service. To protect the rest of laboratory computing, detecting certain types of viruses requires mandated responses before an infected machine can be put back into service.

Boot sector or system area viruses require that the machine be wiped and the operating system be reinstalled. These types of viruses are too pernicious and difficult to eradicate with less intrusive measures. The wipes and reinstalls are performed by the Desktop Support Group, and they have no leeway to take other actions. The only other choice available is to permanently retire the offending machine and never again attach it to the laboratory network.

So if your system needs to interact with desktop support, please give them full cooperation. To avoid such potential unpleasantness, use care in visiting non-business websites and downloading software: Even a seemingly innocent browser taskbar can carry malicious content.

Irwin Gaines