Colleges Toughen Rules To Prevent Internet Infections

Students returning to classes are finding themselves summarily unplugged if their computers are infected. Oberlin College in Ohio is threatening to fine students $25 for inadvertently spreading a virus.

"When you're drowning you try to do something quick," said John Bucher, Oberlin's director of information technology. "We're really stressed by this whole thing." Bucher said the network suffered "near meltdown" on Aug. 21, when the first returning students arrived on campus with badly infected computers.

Back-to-back waves of devastating infections that spread quickly across the Internet during August crippled some college and high school networks just before the start of the fall semester. The attacks overwhelmed many technology departments already starved for employees and money.

At the University of North Texas, technicians are removing viruses from roughly 16 computers every 90 minutes -- plus assessing a mandatory $30 cleaning fee. Students who have infections cleaned from their computers off campus must show proof before they're allowed to log back onto the school network.

Vanderbilt University found infections in computers of roughly one-fourth its returning 5,000 students. Stunned technicians shut off connections to nearly 1,200 computers they determined were infected and gradually restored service over the next several days after ensuring each machine was clean.

Salisbury University in Maryland shut down its entire network for students in residence halls for one day, even after employees spent two weeks cleaning 500 school computers. The shutdown stranded students who use the network to check class schedules and order meal tickets.

"It just starts firing all this traffic across your network so it slows everybody down," said Jerry Waldron, the school's chief information officer. "If we didn't do anything at all, it would slow our entire network down to a crawl."

It's never been a more challenging time to run a computer network on campus. Unlike managers in corporations, college officials provide Internet connections for student computers over which they have little direct control. These high-speed networks are powerful, widely distributed across campuses and purposely left open to help in the sharing of data.

"Universities don't own a number of the systems that are attached to their networks," said Ryan McGee of Network Associates Inc., a leading antivirus vendor. "They don't have as much control as corporate America."

Technology departments complain they aren't given enough employees, money or respect -- yet they're the first ones called when the networks fail. Many rely on student volunteers, because federal or state money available to buy equipment often can't be spent to pay employees to maintain it.

"They really have their work cut out for them," said Rich Harpel of the National Association of State University and Land Grant Colleges. "There are so many issues that go along with being the steward of some of the most powerful computers and networks."

The Massachusetts Institute of Technology shuts off Internet service to computers it determines are infected, said Kirky DeLong, a manager at one of MIT's research labs. In extreme cases, officials will block all traffic to and from a suspect computer based on its digital fingerprint.

Oberlin, which began requiring all students to have their computers checked for viruses when they arrive on campus, found infections in nine out of every 10 running Windows software, Bucher said.

The wait at the school's computer lab stretched one hour, and scans of some computers loaded with music files took 90 minutes. But students largely took the delay in stride, Bucher said.

In Palm Beach County, the nation's 14th-largest school district shut down its computers for more than two days last week, said Larry Padgett, its director of network services. The district had to delay a head count that helps assign teachers based on school population.

Schools in Cleveland cautioned parents and students that the summer's infections might delay the opening of classes, but the district mobilized 120 employees to scrub viruses from nearly 8,000 computers and schools opened on schedule.

Employees worked overtime so school personnel could finalize student schedules, set up assignments and prepare payroll.

"Everything got done, but it did not make for a pleasant opening," said Peter Robertson, the district's chief information officer.

Some schools managed to avoid disaster. Duke University filtered out 2.5 million infected e-mails, said Christopher Cramer, the school's computer security officer. Only two or three student computers were hit and only a dozen or so campus machines have been affected.

At Temple University, officials sent 90,000 e-mails and 27,000 flyers over the past two weeks warning students and teachers about threats from the latest virus attacks and instructing them how to secure their computers.

Temple's network ensures students' PCs are protected by antivirus software from Symantec Corp. -- which the school provides free -- before it allows them to surf the Web or check e-mail. Officials credit that with keeping infections down to about 400 computers out of 35,000 students.

"If it had been 10-fold, it would have crashed the network," said Ariel Silverstone, the chief information security officer. "This could have been a catastrophe."

Copyright © 2002 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.