Letting users unlock their computers on their own
So, the following scenario:
University dorm network with about 500 hosts, all on wildly divergent OS with varying patch levels and virus scanners. You know, the usual hodgepodge you get if you simply have to let anyone in.
We are locking users under the following conditions:
- They were stupid enough to do file sharing with an easily detected sharing program (e.g. e-mule) which prompted a nasty letter from the copyright holders which is forwarded by the university's admin to us, which means that we have to look like we're doing something about it. Rarely happens, though. One letter per year, roughly.
- They're annoying the DFN (our university's ISP) with a Worm like Sorpiq which prompts a nasty latter and so on and so forth...
- They definitively have an active Trojan which we detect by using Snort and appropriate rules.
If a computer is locked the following rules apply: All packets are dropped save for port 80 and all DNS requests are answered by a small DNS server on our router which redirects them to our web server which serves a status page explaining in detail why they're locked
For half the people it then works like this: They run a virus scanner or reinstall Windows, then talk to us and we unlock them.
The other half works like this: They see the big red letters "Your computer is locked!", they don't see "...because of so and so...", which prompts them to walk to us and ask: "My internet does not work anymore! Why?", with us then having to explain what a virus scanner is and why updates are important...
The cream of that particular crop had a laptop which was crawling with viruses. Which also was very ... sticky (not what you think, 'twas a girl!) I proposed killing it with fire, erm, reinstalling Windows. Only to discover that she did not have the restore DVDs which you needed for that particular laptop. After I managed to get those DVDs, I discovered that it didn't matter since the DVD drive didn't work anyway! No, booting from USB did not work either (which meant that a USB DVD drive was also out). Oh well!
Anyway, we then decided to spare us some hair pulling and invented the temp-lock. Which means that every user who actually read the text can unlock his computer by himself - simply by entering the unlock phrase hidden in the text!
And, no, we still have permanent locks for the hardcore cases.
Which brings me to my question: How do you deal with that clientele? Do you have any additional ideas or suggestions as to what we might do more (and if possible, automated)?
I think you had the right solution, just applied to the wrong object (computer instead of user): @Rhywden said:
I proposed killing it with fire
Seriously, though, some people practically [b]try[/b] to be beyond help. What'd she do, spill a whole can of soft drink through the thing and then figure "well, it still turns on, it must be OK"? In that situation I don't know if there's much you can do beyond "Get your machine fixed, then we'll talk". Unless perhaps you can do the restore over the network (no idea if possible) - I assume that still worked, because she probably would have noticed if she couldn't get to Facebook any more. Could try a virus removal but if it was as bad as you say it probably wouldn't help much.
The combination of temp-locks and permanent locks seems to be a good one. Might be worth looking at whether you can push a virus scan for Windows machines, maybe on your DNS redirect page? No idea if this is possible either but I can't think of much else that might help.
@Scarlet Manuka said:
Seriously, though, some people practically try to be beyond help.
Fights are born of Caring Deeply meeting I Don't Give A Shit, to various degrees.
Option A) Make them care somehow.
Option Make it (more) harmless for them to not care.
Option C) Stop caring yourself.
A and B are potentially energy-consuming for the caring party. Neither is always the better option.
C is sometimes viable but can slowly and insidiously lead to the dark side.
The other half works like this: They see the big red letters "Your computer is locked!", they don't
see "...because of so and so...", which prompts them to walk to us and
ask: "My internet does not work anymore! Why?", with us then having to
explain what a virus scanner is and why updates are important...
How do you deal with that clientele
By adapting my communication style. You need to remind yourself that the Clueless got to be who they are by never reading past the first line, so don't waste time telling them in big red letters that their computer is locked; they will work that out soon enough. What needs to be big and red is what they need to do. After that, as a courtesy to those who can read more than one line of text without becoming fatally confused, go on with an explanation:
<font color="red">GET YOUR COMPUTER REPAIRED</font>
Until you remove the viruses, worms, other malware or unauthorized file sharing programs that are disrupting the University network, your access to it will be restricted.
Here is a list of local computer shops who can do that work for you:
Once your computer is clean again, you can lift the restrictions by visiting http://unlock.example.com. Please note that this will work only once per month, and that if it fails you will need to contact University IT support.