printable versionThe BigFix is in: Software helps protect PCs from viruses
In early August 2003, a particularly nasty computer worm known as "Blaster" began attacking PC systems located on the Stanford University network. More than 8,000 computers were infected and rendered unusable. Repairing each system was a very labor-intensive activity, taking about four hours per system. The overall cost of getting Blaster off all Stanford computers was approximately $1.6 million. The Information Security Office and Information Technology Systems and Services were determined to put up a better defense before the next Internet worm attacked.
The approach Stanford chose was to purchase a commercial product called "BigFix" in the spring of 2004, and to get this software installed on as many university PCs as possible. The BigFix environment allows administrators to quickly distribute security patches to all computer systems that have the BigFix client software installed. In recent years, the ability to rapidly distribute these patches has become extremely important because virus and worm writers are now able to create and release new attack programs within a few days of new vulnerabilities being announced.
More than a year has passed since Stanford first deployed BigFix and about 12,000 PC users have installed the BigFix client software. No new worms as severe as Blaster had circulated on the Internet—until the weekend of Aug. 13, 2005. Less than a week after Microsoft had announced a half-dozen critical security patches, some dangerous new worms began to appear. On Monday, Aug. 15, it became clear that some of these worms were attacking systems on Stanford's network, and the question became, "Is this going to be like Blaster—very disruptive and expensive to clean up—or will BigFix provide an effective defense?"
Within three days, Stanford had its answer. Only about 2 percent of the more than 12,000 PCs running BigFix were compromised by these new worms—worms with names like "Zotob." Because the PCs were running BigFix, the infected systems were quickly and automatically repaired at minimal inconvenience to their owners. (These systems would very likely have not been infected at all if their owners had rebooted as requested after their most recent patching by BigFix.) The other 8,000 PCs that were not running BigFix, however, did not fare so well. More than 1,230 of them, or 15 percent, became infected and required a great deal of work to repair.
Stanford had survived the major Internet worm outbreak, which attacked the networks of organizations such as CNN, the New York Times, Caterpillar Inc., SBC, DaimlerChrysler AG and General Electric Co. But because of BigFix, the Blaster experience did not repeat itself at Stanford.
BigFix already has been installed on about 60 percent of Stanford's networked PCs, and that alone saved the university an estimated $300,000 in cleanup costs.
BigFix is free to all Stanford University students, faculty and staff and may be downloaded at http://patching.stanford.edu. For assistance, you may file a help ticket at http://helpsu.stanford.edu or dial 5-HELP from any campus phone. Every PC user in the Stanford community not already running BigFix is strongly encouraged to install it. You'll be protecting your own computer and helping keep the Stanford network safe.
This article was written by Information Security Office staff.