Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

German Ministry of Education Throws Away PCs For 190,000 € Due To Infection

Unknown Lamer posted about a year and a half ago | from the burn-it-with-fire dept.

Education 347

An anonymous reader writes "German IT magazine Heise reports (original in German) that the Ministry of Education in Schwerin had a Conficker virus infection on 170 machines, that was dealt with by simply throwing them on the trash. Other German authorities have now decided that 'the approach taken is not up to the principle of efficiency and economy' and that the 187,300 Euro invested in this radical form of virus removal were inappropriate. The ministry had earlier estimated the cost of cleaning their desktops and servers by more conventional means to 130,000 Euro."

Sorry! There are no comments related to the filter you selected.

Far cheaper options (4, Insightful)

Anonymous Coward | about a year and a half ago | (#43588541)

Install Linux. Cost $0 + admins' time -- almost certainly less than trying to remove and clean infected systems.

Forget about virus infections for the near future.

Re:Far cheaper options (-1, Troll)

Anonymous Coward | about a year and a half ago | (#43588587)

There a more than 1200 Linux viruses. That notion of yours is bullshit.

And you are forgetting costs to teach your average secretary how to use Linux + New Software licenses + migration costs.

You must be a teenager in Mom's basement if you think for a second that large scale environments can be migrated to Linux for free and everyone know how to use it. Bollocks.

Supported Linux like Red Hat actually costs money.

Re:Far cheaper options (-1, Troll)

Anonymous Coward | about a year and a half ago | (#43588655)

Troll bait successfully taken.

All 1200 don't work. (1)

Anonymous Coward | about a year and a half ago | (#43588721)

Most don't work because the vulnerability has been fixed... years ago.

The most of the rest don't work because they are specialty items...

I think the rest of them are based on the "honor virus"...

Re:Far cheaper options (5, Informative)

Anonymous Coward | about a year and a half ago | (#43588737)

There a more than 1200 Linux viruses

Liar. There's something like < 100 viruses of which maybe 5 have ever been seen in the wild...

ps. I doubt your secretary can tell which OS they're running in the first place. And it's completely irrelevant too since the workflow is the same.

Re:Far cheaper options (3, Funny)

Anonymous Coward | about a year and a half ago | (#43588885)

ps. I doubt your secretary can tell which OS they're running in the first place

Then you're an idiot. Just because someone doesn't understand technology doesn't mean they don't know when their menu items are in different places or when the nice obvious icon they had becomes some in-joke about Klingons.

Re:Far cheaper options (5, Insightful)

RabidReindeer (2625839) | about a year and a half ago | (#43589093)

ps. I doubt your secretary can tell which OS they're running in the first place

Then you're an idiot. Just because someone doesn't understand technology doesn't mean they don't know when their menu items are in different places or when the nice obvious icon they had becomes some in-joke about Klingons.

secretary: OK. so what do you mean that "this new ribbon bar is all you need"? Where'd my "print" menu go???

Re:Far cheaper options (-1, Troll)

Anonymous Coward | about a year and a half ago | (#43589023)

Linux has had some root escalation bugs that took more than 5 years to fix and all that was required was a local shell.

Another reason to not sell a Linux VPS.

Re:Far cheaper options (2)

AmiMoJo (196126) | about a year and a half ago | (#43589083)

Depends how you count. Do you include worms that target software like Apache or SQL servers? Most people count worms that target the Windows Server equivalents as Windows viruses.

1200 is still high but there are plenty of viruses that affect Linux systems, even if they are not targeting the OS itself.

Re:Far cheaper options (3, Insightful)

longk (2637033) | about a year and a half ago | (#43588747)

It really depends on the situation. Being Germany it's possible that all the average worker needs is SAPGUI, which doesn't really differently on Linux than it does on Windows.

Re:Far cheaper options (4, Insightful)

JaredOfEuropa (526365) | about a year and a half ago | (#43588847)

It's equally crap on both, you mean. SAP's UI is Satan's sick joke on humanity.

Re:Far cheaper options (0)

Anonymous Coward | about a year and a half ago | (#43588915)

There a more than 1200 Linux viruses. That notion of yours is bullshit.

And you are forgetting costs to teach your average secretary how to use Linux + New Software licenses + migration costs.

You must be a teenager in Mom's basement if you think for a second that large scale environments can be migrated to Linux for free and everyone know how to use it. Bollocks.

Supported Linux like Red Hat actually costs money.

Please. Don't make today's office worker needs seem so damn dramatic. With the "cloud" emerging, the average user won't need to know much more than how to use a browser anyway (or whatever Facebook deems appropriate for business by then). They're already tuned to the idea of "apps" being downloaded and installed in seconds from a centralized store.

And that teenager in Mom's basement is now your secretary.

Re:Far cheaper options (4, Insightful)

Cenan (1892902) | about a year and a half ago | (#43588599)

Install Linux. Cost $0 + admins' time -- almost certainly less than trying to remove and clean infected systems.

Forget about virus infections for the near future.

They already had licenses to the Windows installations so the cost equation would be the same, it only differs if you assume they would try to clean the infection and not simply install Windows after format c:

What the [admin's time] factor expands to is another thing, and hardly favors the GNU/Linux approach. If the idiots are dumb enough to throw out new PCs because of a virus infection, they most certainly are too dumb to install anything but Windows.

Re:Far cheaper options (2)

Pav (4298) | about a year and a half ago | (#43588677)

Eh? For imaging use PXE with Partimage, or FAI (if you want a non-imaging solution better suited to non-standardised hardware). With Linux on the server side you can manage Windows AND Linux deployments, plus lots of other stuff (groupware, dns, dhcp, phone, netfiltering, filesharing, kerberos along with HEAPS of other stuff not as relevant to an educational context). If you want a GUI integrating all that just use GOsa or FusionDirectory or any number of other LDAP + service management front-ends. It's not like Germany and europe in general is short of that expertise - I know GOsa and FD are projects based in Germany and Belgium respectively.

Re:Far cheaper options (1)

Pav (4298) | about a year and a half ago | (#43588685)

OPSI for windows deployments... forgot to mention that. It's also LDAP-integrated, though its own webUI is nice too.

They ain't dumb (5, Insightful)

Taco Cowboy (5327) | about a year and a half ago | (#43588727)

If the idiots are dumb enough to throw out new PCs because of a virus infection, they most certainly are too dumb to install anything but Windows

I don't think that they are dumb

Actually, they are smart

1. It ain't their money --- the money is from the gummint

2. By throwing the thing away they save all the effort to reformat the disk and to re-install the Windows OS, plus softwares

3. With the computer dumped, they will get to enjoy newer computers --- again, the money came from the gummint

Re:They ain't dumb (3, Insightful)

bfandreas (603438) | about a year and a half ago | (#43588923)

Actually this is a story about stupidity.
They didn't have virus protection or anything security related. So the taxoffice watchdog told them to come forward with a security plan.

This is just as stupid as it sounds. I've not heard if they were close to a Windows 7 induced hardware upgrade cycle anyway. But there is absolutely no excuse for having no security whatsoever.

Re:They ain't dumb (1)

StoneyMahoney (1488261) | about a year and a half ago | (#43588931)

Not to mention that the 130k probably includes the cost of preventative action to stop this happening again. Much easier and quicker (therefore cheaper) to start from scratch with a new security baseline than try to impose one after the fact.

Got a client at the moment discovering the very same home truth right now with something rather less virulent that Conficker running wild on their network. That'll teach them how "optional" AV update subscriptions are.

Re:They ain't dumb (0)

Anonymous Coward | about a year and a half ago | (#43589021)

So they don't need to install any software to the new machines?

Re:Far cheaper options (2)

BasilBrush (643681) | about a year and a half ago | (#43588687)

Munich decided to do that in 2003. 10 years later, they're still working on the transition.

Re:Far cheaper options (4, Insightful)

Nerdfest (867930) | about a year and a half ago | (#43588743)

Apparently the Ministry of Education in Schwerin did not, and they're still dealing with the consequences.

Re:Far cheaper options (5, Interesting)

Pav (4298) | about a year and a half ago | (#43588789)

Have you seen the work that came out of that? The GUI frontend to it all is called GOsa (although there's a fork called FusionDirectory which I prefer). The whole infrastructure is managed via LDAP plus RPC, and allows deployment of Linux and Windows (via FAI and OPSI respectively). There are also a multitude of plugins for managing a multitude of network services and LDAP stored info. I use it for managing DNS, DHCP, groupware (SOGo), web proxy + filtering (Squid), Samba, windows OS + software deployment (OPSI), Linux + software deployment (FAI), Debian/Ubuntu repo management, centralised logging (rSyslog)... and I'm currently looking into connecting it to Asterisk. There are TONS more plugins.

Re:Far cheaper options (4, Insightful)

Drakonblayde (871676) | about a year and a half ago | (#43588759)

I'm sure a large part of the decision to toss em in the garbage was because someone wanted new gear. Can't forget about the political element to an IT infrastructure.

Re:Far cheaper options (4, Insightful)

Ash Vince (602485) | about a year and a half ago | (#43589081)

Install Linux. Cost $0 + admins' time -- almost certainly less than trying to remove and clean infected systems.

Forget about virus infections for the near future.

Of course the admins time probably adds up to about $300 per machine.

Seriously, I can completely believe this story because it would probably take someone at least an hour to clean the PC. It is also quite easy to believe that a government department or big company who outsourced their IT would be paying more per hour for technical staff than they would for a new PC.

This is especially true if you asked the IT outsourcing company to provide a cast iron assurance that the virus was removed with some sort of penalty clause if their was a reinfection. The quote you would get back would be prohibitively expensive because the any company with any sense would run a mile from providing such a ridiculous guarantee.

All of sudden what sounds like a 5 minute job to someone with some technical skills and has a 99% success rate has become such a headache to the bean counters that demanded a 100% success rate that they decide throwing the machines in the bin is actually cheaper. Of course this is ridiculous, but I have heard of things far more ridiculous when government middle management gets involved in IT decisions.

In public sector management you hardly ever get rewarded for things coming in under budget like you do in the private sector but you get torn to shreds if anything ever goes wrong so the whole thing ends up being ridiculously risk averse in the extreme.

Germany? (1)

Anonymous Coward | about a year and a half ago | (#43588543)

I thought their government ran on Linux. What happen?

Re:Germany? (2)

DarkRat (1302849) | about a year and a half ago | (#43588583)

only in very few part of germany. Munich for example

Re:Germany? (1)

Luckyo (1726890) | about a year and a half ago | (#43588739)

A few cities. "Government" is not a single solid entity.

Re:Germany? (2, Informative)

Anonymous Coward | about a year and a half ago | (#43588761)

There a very few local municipals using Linux. Some are even moving away from Linux and back to Windows.
OSS is officially endorsed and favoured. But most of the stuff is still Windows.

Re:Germany? (2)

multi io (640409) | about a year and a half ago | (#43588819)

This "incident" happened in a state government (in the state of Mecklenburg-Vorpommern), not in the federal government.

Re:Germany? (4, Informative)

prefec2 (875483) | about a year and a half ago | (#43589065)

The original article is on the German federal state Mecklenburg-Vorpommern, which is a small state in the north east of Germany. It is not the central government in Berlin. I can understand if people find that confusing. However, there are 16 federal states. Every one of them has a ministry of education.

Furthermore, the German government replaced Windows for Linux in the Ministry of Foreign Affairs, but after the election of the present government, they changed it back, because they are conservative and neo-liberal and do not like this commie Linux stuff. Officially, they determined that the other Ministries were not able to share documentation, because the Ministry of Foreign Affairs used ODT and they used DOC. The fun fact here, ODT is mandatory for all government documentation (but obviously only on paper not in reality).

The Google translated article (4, Informative)

SternisheFan (2529412) | about a year and a half ago | (#43588553)

Schwerin: virus-infested computer? From the waste so ...

What would be the mountains of garbage and how empty the purse in this country, if that would make anyone like that? Schwerin Ministry of Education made with 170 virus-infected computers, leaving them short shrift unceremoniously throw in the trash. The State Court of Mecklenburg-Vorpommern has carried out the initial purchase of 170 computers now reprimanded. "The approach taken is not up to the principle of efficiency and economy." € 187,300 cost of the new equipment and installation services to taxpayers.

The seemingly insurmountable pest, the computer of the teacher training institute (IQMV) in Schwerin, Rostock, Neubrandenburg and Greifswald was seized in September 2010, was the Conficker worm . In addition, the computer should have been more affected by some other viruses, such as the Ostsee-Zeitung reported first.

As the Court in its report criticizes for 2012, the Ministry of Education have had "no IT security concept" and established the new purchase with "faulty IT equipment". Further explanation and evidence remained the Ministry guilty. It "could [...] not state whether the IT systems of the IQMV were actually affected the extent mentioned above. Protocols of anti-virus software could only be provided for the location of Greifswald, despite repeated requests, which, however, no massive fund of was to remove viruses at the relevant time. "

In addition, the Department did not properly consider how costly cleaning the computer had actually been. The Ministry of Education guess the cost of cleaning initially to around 130,000 euros. The cost of 152,300 euros for an already registered for the fiscal years 2010/2011 published by new acquisition in a different light. The additional costs for installation were estimated at around 35,000 euros. Thus, the Ministry decided only to clean the affected server and otherwise replace all systems.

As the Court points out the country, the Ministry has now committed an IT security concept and develop "its supervisory task perceive so that an efficient and goal-oriented control and monitoring will be necessary." For since the Ministry has provided no "evidence of the actual damage and the causes for the occurrence of the damage," "should [...] be left open whether carried out by the complete replacement of the [computer] is a repetition of the damage is excluded http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&eotf=1&u=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fmeldung%2FSchwerin-Virus-verseuchter-Rechner-Ab-auf-den-Muell-damit-1851718.html [google.com]

Re:The Google translated article (5, Funny)

stepdown (1352479) | about a year and a half ago | (#43588769)

That actually reads pretty well, we should pass Timothy's posts through Google Translate in future.

Money well spent (5, Insightful)

Anonymous Coward | about a year and a half ago | (#43588571)

If its 130,000 euros to fix a virus infection and 187300 to upgrade AND fix the virus infection, then you may as well upgrade.

The real problem here is the 130,000 euros to fix a virus infection.

Re:Money well spent (1)

gl4ss (559668) | about a year and a half ago | (#43588617)

If its 130,000 euros to fix a virus infection and 187300 to upgrade AND fix the virus infection, then you may as well upgrade.

The real problem here is the 130,000 euros to fix a virus infection.

yeah.. 130 000 for 170 computers. could have bought new computers with the "fix" money too.

Re:Money well spent (5, Interesting)

gbjbaanb (229885) | about a year and a half ago | (#43588735)

Conficker.... suddenly it becomes clear. I know an organisation that was infected, and they ended up spending 2 weeks with a Microsoft consultant to clear everything up. The problem is that it spreads too quickly, so when you clear a PC and move on to the next, it re-infects the first one. Silly old Microsoft.

So, if they upgraded their PCs too.... makes perfect sense. I wouldn't have binned the old ones though, I'd have wiped the HDDs and sold them or given them away.

Re:Money well spent (3, Interesting)

AdmV0rl0n (98366) | about a year and a half ago | (#43588785)

This thread is disappointing. So much hate. Hate leads to fear, and fear leads to the dark side.

Anyway. Conflicker. Nasty. Simple. Old. A clean up is not easy, but conflicker requires some bad baselines to be operating for it to get through and thrive. If you fix the baseline issues, the clean up can follow. A clean susyem thats updated properly isn't infectable via conflicker. So frankly a system sorted put back in should be fine. You'll obviously have to do this step by step and yes, there is a price. Most orgs this size have IT staff so I don't know how the figures are drawn up.

I also have to say, the clean up tools and detection tools mean attacking conflicker infection is on the easier end of security clean up. The story is sad because it seems to indicate ever present stupidity in public services. Advocates and supporters of public services need to understand that its not a ob creation scheme. If someone has a role or job, they must be competant. Trained. Skilled. People who are not have no place in it.

Re:Money well spent (0)

Anonymous Coward | about a year and a half ago | (#43588841)

Anyway. Conflicker. Nasty. Simple. Old. A clean up is not easy

Are you saying that Conficker is one of those nasty bios-viruses that survive step one of any serious virus cleaning?

1. format or fdisk. If you're using MS standard tools, don't forget fdisk /mbr.
2. reinstall.
Each step of course has to be done from clean media (e.g. a bootable cd).

Re:Money well spent (3, Interesting)

AdmV0rl0n (98366) | about a year and a half ago | (#43588879)

No, conflicker has worm elements. So, the hard part of the clean up is not per se an individual machine. Its that you need to solve the baseline problems that allow conflicker to do its thing.

Re-installing 'stuff' won't make this go away. Doing it wrong just reinfects the machine.
So, as I said, what has to be done is the cause and baselines that allow conflicker to replicate have to be solved (harder part) - and then machines with good baselines go through clean up and go back on the network (easier part..)

http://support.microsoft.com/kb/962007 [microsoft.com]
Any tech learning about conflicker can read about it, and start to understand what needs to be fixed. Patch, correct password weakenesses, stop autorun etc etc. Today, this is somewhat simple as a lot of tools and detection tools exist.

People in threat waving around Fdisk and re-install media saying 'they could fix this' - probably in fact are clueless and need to understand the problems involved. Conflicker breeds off poor security and bad baselines. Thats how it gets in. Thats how it replicates. Thats how it hangs around and re-infects.

Re:Money well spent (0)

Anonymous Coward | about a year and a half ago | (#43589049)

So you say those 130k euro include reeducation and all? Hope those 187k to buy new includes those too.

Anyways, WTF? "You clean one machine, and then it immediately reinfects from another, oooooh!" - reimaging several machines at once is such an advanced concept?

Re:Money well spent (0)

Anonymous Coward | about a year and a half ago | (#43588957)

And if you cannot do that (because of lack of time/skills/...) you can always wipe and reinstall.

Re:Money well spent (1)

AdmV0rl0n (98366) | about a year and a half ago | (#43589007)

And how would that fix the problem - exactly?
Wipe - reinstall - re-infect. Well done. Do you like wasting your time and everyone else's?

Re:Money well spent (0)

Anonymous Coward | about a year and a half ago | (#43588809)

If you have time to wipe HDDs, you have time to reimage them.

Re:Money well spent (4, Informative)

AmiMoJo (196126) | about a year and a half ago | (#43589063)

The problem is that it spreads too quickly, so when you clear a PC and move on to the next, it re-infects the first one.

Then the first one wasn't really fixed, was it? Microsoft released a patch that blocks re-infection so all you have to do download that and their Malicious Software Removal Tool to a CD, disconnect each machine from the network and run them in order. Problem solved.

The high cost is probably due the cost of certifying that the infection was removed and the PCs are safe to use with sensitive data again. Removal is trivial if somewhat time consuming.

Re:Money well spent (0)

Anonymous Coward | about a year and a half ago | (#43589089)

What part of remove infected PCs from the network don't you little dweebs understand? You fucking newbies suck at all things IT. It is impossible to [re-infect the first one] if you properly removed it and applied the patch. 5 minutes per PC, 4 years ago. That's right it was 4 years ago. 2 weeks... pfff... go fuck yourself. You are just milking the whole situation. What's next? Are you going to claim that the Monkey.b virus is taking over your network. "Yes sir, it will take at least 200,000 to remove it! But we could do it for the same amount if you buy these fancy new computers from my friend! These shiny new computers can't be infected!" Corruption at it's finest. Nothing like a kick-back to make the day go by faster.

Re:Money well spent (1)

Peter Simpson (112887) | about a year and a half ago | (#43589073)

Well, you could recycle the machines and get some kind of payment if they're subsequently sold. This is what the IT guys at my company do with old machines. The disks are wiped, reformatted and reloaded with a fresh copy of Windows (by the recycler), then the machines are cleaned up and resold in a storefront. We get a portion of the selling price (wither to keep or to donate) and the folks in the community get low cost machines.

Happens more often than you think (1)

aepervius (535155) | about a year and a half ago | (#43588573)

In various school / university I was in the virus infection were dealt in either way :
1) ignore it
OR 2) buy a new machine give the old to the trash

I am not kidding you , I saw back in my day 12 PC desktop being sent to the trash because they had a variation of PONG virus on their HDD (that was DOS time).

Conficker???? (1)

miknix (1047580) | about a year and a half ago | (#43588591)

What is this? 2008?

Re:Conficker???? (4, Interesting)

symbolset (646467) | about a year and a half ago | (#43588755)

Yesterday the Conficker Working Group [confickerw...ggroup.org] saw 634 million HTTP hits on Conficker domains from 1.7 million unique IP addresses. This is seems to be a fairly static figure going on three years now.

Re:Conficker???? (5, Informative)

RogueyWon (735973) | about a year and a half ago | (#43588827)

Unfortunately, it's still very much alive and out there. The parents PC contracts it regularly (my dad has appalling security and browsing habits). A friend of mine (who I generally regard as more IT literate than I am) just spent a weekend cleaning an infection of it off his (fully-updated, Macafee-profected) Windows machine.

And now for a gratuitous side-rant:

The source of my friend's infection was apparently a minor video-hosting site carrying game-walkthroughs. On balance, I believe him on this, because I'd had warnings from AVG about such sites myself in the past.

The trend over the last few years has been for game-walkthroughs to shift from text-format to long sequences of videos. Personally, I hate, loathe and despise this trend from a convenience point of view (try searching 30 videos for how to find that pesky item you're missing, compared to doing a quick search on a text file). But it's had some other unpleasant side effects.

See by default, these videos go on youtube. Thing is, however, game publishers sometimes object to complete video walkthroughs of their games being hosted there and do DMCA takedowns. So the videos then crop up on less notable video-hosting sites. Many of which appear to be malware infested hellholes.

So the moral of my (horribly off-topic) side rant: video walkthroughs suck. They're difficult to search, they're inevitably narrated by some idiot called "Tad" who feels the need to say how stoned he is roughly every 30 seconds and - they're turning into a really horrible malware vector.

Re:Conficker???? (1)

SgtChaireBourne (457691) | about a year and a half ago | (#43588929)

Look at the stats. The old ones never really go away. They just get overshadowed by the newer ones. A little bit of trickery is also done with counting variants as separate malware. Anything to keep the stats down.

They can't rei-mage them with windows? (1)

MichaelSmith (789609) | about a year and a half ago | (#43588595)

How much does that cost? One worker should be able to do a machine in ten minutes or so.

Re:They can't rei-mage them with windows? (0)

Anonymous Coward | about a year and a half ago | (#43588641)

More like 170 machines in 10 minutes...

Give me a few grand and I'll fucking do it for you.

760 Euros per PC (3, Insightful)

Anonymous Coward | about a year and a half ago | (#43588663)

Yet the 'conventional' estimate was 760 euros per PC to fix it...

I think its one of these cases where they're locked into a service contract for the PC they bought, and its easier to bring forward an upgrade than let the service company rip them off. The translation says they'd almost fully depreciated the PCs anyway, so they were several years old anyway.

So now some party (no doubt connected to the service company) is kicking up a stink because they didn't get to rip them off.

But it looks like the right thing to do, if the alternative was to spend 130k euros and next year spend 190k euros to replace them, and you've only got 30k left of right off, then better to save the 100k and move the upgrade forward.

Oh, and warn your fellow government agencies against signing the rip-off maintenance contract.

Re:760 Euros per PC (3, Interesting)

tibit (1762298) | about a year and a half ago | (#43588767)

For half of that money I'd fucking take a first class plane trip to Germany, pay for my own hotel, and be done reimaging their PCs over a workweek. That includes deploying whatever they need deployed on those PCs, and leaving a solution in place to reimage them at will. And that's all being quite green when it comes to Windows administration. At work I really only do the minimum needed not to need to muck with it.

Re:760 Euros per PC (0)

Anonymous Coward | about a year and a half ago | (#43588781)

Or maybe it's one of those cases where computer seller is in nice relations with someone there and so "cleaning infection" magically gets too expensive (just pretend you need to buy new licenses for everything and you're set!), or where thrown away computers pop up somewhere near their relatives and not as depreciated as they make it out.

We don't know for sure either way, but it's either them being incompetent morons when buying into that maintenance contract, or them being embezzling assholes.

Re:They can't rei-mage them with windows? (4, Funny)

flyingfsck (986395) | about a year and a half ago | (#43588799)

Yeah, but it is Germany. In order to do IT work on a PC, you need to have a plumber and an electrician on standby and you are not allowed to do more than one PC at the same time...

Re:They can't rei-mage them with windows? (0)

Anonymous Coward | about a year and a half ago | (#43589075)

And then you'll reinstall all the other applications, configure it for the user, restore their local files, etc. All in 10 minutes? Very impressive. Remember, you're not working in some sort of "single system image" thin client boot from the network nirvana. There's 170 machines, all with different configurations and applications installed, etc.

Really ? (0)

Anonymous Coward | about a year and a half ago | (#43588605)

Throwing the whole PC away ? What about simply replacing the harddisk ?

If that was not considered it sounds to me they need to "throw away" their IT department.

Either that, or there is more to the story. Like them throwing away old hardware and OS, to be replaced by something more current.

Small correction (5, Informative)

Sique (173459) | about a year and a half ago | (#43588611)

It's not the Ministry of Education of whole Germany, but of the german State of Mecklenburg, which threw away the PCs after a virus infection.

And there is more to the story: It was estimated, that the cleaning of the PCs would cost ~135,000 €, and a replacement, which was planned anyway, would be 190,000 €, thus they decided to replace early instead of spending the 135,000 € on the clean-up and throw the PCs away a year later.

Oh that's all right then (1)

Eunuchswear (210685) | about a year and a half ago | (#43588645)

Tell us again about those naughty spendthrift PIGS?

Re:Oh that's all right then (1)

Luckyo (1726890) | about a year and a half ago | (#43588751)

Okay. They'd spend 1.350.000€ on cleaning, because the contractor cleaning those would happen to be a son-in-law of the chief of the agency and successfully charge for ten times the work. Then they'd spend the 190.000€ on new hardware a year later and throw the cleaned PCs out anyway, and pay another 1.000.000€ on consulting fees on how to buy these to the same company.

Welcome to corrupted as hell Southern Europe. This is pretty tame to stuff that actually happens there. Worth noting that Ireland is NOT in that basket.

Re:Oh that's all right then (0)

Anonymous Coward | about a year and a half ago | (#43588783)

Oh ya!!!!! or not.
Corruption in southern countries: True. Corrupters: from northern countries.
One example: Greece and Portugal brought new submarines a few years ago. Billions wasted. Someone in those countries decided to buy them by being gifted large amounts. Who gifted them?!! Germans!!!!
Corruption exists everywhere. In southern countries people openly talk about it. Northern countries either it gets to court (now and then) or noone risks talking about it. It exists everywhere!!!!

Re:Small correction (1)

gl4ss (559668) | about a year and a half ago | (#43588671)

well duh, the more to the story is that they got a quote for 800 euros / computer to fix the issue, an issue their admins/cio should have fixed while on the payroll..

800 would have been enough to buy new computers.

Re:Small correction (2)

blackraven14250 (902843) | about a year and a half ago | (#43588771)

That's making the assumption that they have the man-hour resources to clean up the infection themselves. Likely, they aren't well enough staffed to just divert the number of people needed to cleaning up the PCs in a reasonable amount of time.

Re:Small correction (1)

Sique (173459) | about a year and a half ago | (#43588953)

This. And they didn't have any disaster recovery planning or any kind of security concept in place. And this was the main reason why the Board of Audit chastised them: Not even after a big failure of IT infrastructure any planning to avoid similar situations in the future.

Re:Small correction (1)

gl4ss (559668) | about a year and a half ago | (#43589031)

That's making the assumption that they have the man-hour resources to clean up the infection themselves. Likely, they aren't well enough staffed to just divert the number of people needed to cleaning up the PCs in a reasonable amount of time.

they got some sort of cio on payroll. he's got all week for this. if he's unresourced for this, he could have bought the resources for a lot less than 800 euros per hour - even in germany. their staff is going to be spending the same time setting up the new computers as well.

Re:Small correction (1)

aliquis (678370) | about a year and a half ago | (#43588959)

And if the admins couldn't do it / couldn't do their work / sucked at it they could at least had done it once and then asked some pupils to do it for 10 euro / machine.

Re:Small correction (1)

lightknight (213164) | about a year and a half ago | (#43588821)

Still, 135K€ for cleaning a bunch of PCs...what did they do, piss off the resident BOFH? Did someone make a lewd comment to IT about their jobs being outsourced to the 'cloud' that week? 'Tis the kind of prices you pay after you insinuate that someone's parents were blood relations...to their face...and then proceed to draw them a diagram outlining family relationships to ensure that there's no chance of a misunderstanding.

Re:Small correction (1)

aliquis (678370) | about a year and a half ago | (#43588949)

Back when I was at school we had this thing called Ghost ..

Re:Small correction (1)

aliquis (678370) | about a year and a half ago | (#43589011)

And also back when I was at school it was needed because they got this thing called pupils ;D

Re:Small correction (1)

antifoidulus (807088) | about a year and a half ago | (#43588965)

Well considering their coat of arms [wikipedia.org] they are probably used to getting trolled....

The cheap solution? (4, Insightful)

Mad-Bassist (944409) | about a year and a half ago | (#43588613)

Why not use this as a way to teach the kids how to install the OS from scratch?

It costs them over 750 Euros to reimage a PC? (1)

Chris Mattern (191822) | about a year and a half ago | (#43588615)

Really?

Re:It costs them over 750 Euros to reimage a PC? (0)

Anonymous Coward | about a year and a half ago | (#43588899)

If you "reimage a PC" and hook it back on the network, it will become infected again. So what you need to do is to disconnect all machines, reimage them, and the connect them again. This takes time, time during which the users cannot work. On top of that, when the system is back up, they are still stuck with their old PCs.

Depends on the age of the computers (1)

Anonymous Coward | about a year and a half ago | (#43588621)

If the infected computers were nearing their end of life, and the investment in cleaning them was not going to be paid back in the remaining lifespan, then disposing of them was probably a good decision.

You can't estimate this linearly (2)

Hentes (2461350) | about a year and a half ago | (#43588631)

I guess they simply multiplied the cost of virus removal with the number of machines. But it only takes once to find the source of the problem, the remaining 169 machines could've been fixed at minimal cost after that. And of course, it doesn't cost a cent to just wipe them all clean.

Re:You can't estimate this linearly (0)

Anonymous Coward | about a year and a half ago | (#43588659)

Funny, I sitll get a paycheck. I guess it does cost them something. Assuming generic medium skilled German IT guy's fully burdened cost is $168,000 USD/yr and that this level of effort will require a staffing change (both very good assumptions) then it's quite believable that the effort will take over 1 man-year. Assume 44 usable weeks a year, or 220 useable days, that's roughly 1 machine a day. Assuming they do some sort of configuration control, and that you can't actually push and provision a machine remotely, and that the worker has to go through both government and corporate training for the first 3 weeks and accession costs, you're starting to get pretty close to their $130,000 USD estimate. But that's okay, they work for free and don't have any other work to do, so it doesn't cost a cent. Oh yeah, the $168K/yr is within 2%

Re:You can't estimate this linearly (0)

Anonymous Coward | about a year and a half ago | (#43588733)

Lets assume they have a proper IT environment with an SOE.
Even if we assume the accounts were run as Administrator or Conflicker could get escalated privs without the user having them.
That would require someone at the remote end to give them the ID tags of each machine. Then select EACH.... AND ... EVERY one of those machines to the reimage... ask the end user to reboot and done.
Calculate those costs... I'd say 10's of thousands at most for IT, and about the same for the users.
If they didn't have a setup where an SoE was used and a reimage was trivial, WHAT THE FUCK ARE THEY DOING?!?!

Re:You can't estimate this linearly (0)

Anonymous Coward | about a year and a half ago | (#43588803)

German IT guys are able to clean an entire machine a day? No wonder they're worth $170k a year.

Re:You can't estimate this linearly (1)

MtHuurne (602934) | about a year and a half ago | (#43588831)

Assuming generic medium skilled German IT guy's fully burdened cost is $168,000 USD/yr and that this level of effort will require a staffing change (both very good assumptions)

Let's say this medium skilled IT guy gets a €3000/month salary, that's €36,000/year. There will be other costs, but it won't come anywhere near the number you assumed. Also, dealing with malware is a standard task when managing Windows desktop PCs, no matter whether you blame it on market share or on Microsoft. So if it requires a staffing change, then they didn't have the right staff to begin with.

Assume 44 usable weeks a year, or 220 useable days, that's roughly 1 machine a day.

An admin responsible for over 100 desktops should have set up an infrastructure for re-imaging so that it doesn't take 1 day per machine. It's not exactly zero effort like the GP said: you'll still have to warn people that anything they saved on the local hard disk will be lost, for example, but the required effort is in the order of days, not months.

I wonder where that huge cost estimate came from. Did they need justification to buy the new PCs that they wanted for a while but couldn't get the budget for? Was someone really not looking forward to cleaning the PCs and therefore inflated the cost of doing so? Was it just a made-up number that no-one looked at critically? Because it sounds unlikely to me that the actual costs would be that high.

Re:You can't estimate this linearly (0)

Anonymous Coward | about a year and a half ago | (#43588903)

When i worked at a IT shop, there would be 2 people at any time, to sell, manage stocks, invoices and, do repairs. Cleaning a pc costs 35 euros, and we would do 10 a day while keeping the shop running, so 17 days and 5950 euros and any IT shop could do it. (Doing it bulk, just install fresh one computer with all the software needed and the right configurations and apply that image that to all computers, could cost as low as 2000 euros and be done in 3 days).

Re:You can't estimate this linearly (1)

malkavian (9512) | about a year and a half ago | (#43588849)

$168k for a technician? Fully loaded in Europe, you're probably looking at about $40k for a full loading on tech resource necessary to diagnose and fix this kind of problem.
You don't necessarily need config control to do a fix, though that would likely entail one later on through the sysops and change control processes worked into the standard working day.
There are so many inconsistencies and erroneous assumptions in that post that it really did give me a chuckle.

Damn (2)

maroberts (15852) | about a year and a half ago | (#43588697)

Where are all the machines they threw away?

The traditional art of Dumpster diving plus a Windows or a Linux install would have saved these machines from their fate. If they were scheduled for replacement, then I'm sure some charity or educational establishment could have benefited.

Re:Damn (0)

Anonymous Coward | about a year and a half ago | (#43588857)

That's what I'm wondering. Did they throw them out-out? Or was somebody able to get "ein sehrgutshoendeal fur viele freiboxxen?"

If they were thrown into some backrooms first, hopefully students and staff would have gotten some free pickings first before going into the real trash. Would be a chance to setup a small linux serverfarm on the cheap or get boxes good enough for router duty, XBMC or whatever.

Re:Damn (1)

Stolpskott (2422670) | about a year and a half ago | (#43588943)

Where are all the machines they threw away?

The traditional art of Dumpster diving plus a Windows or a Linux install would have saved these machines from their fate. If they were scheduled for replacement, then I'm sure some charity or educational establishment could have benefited.

There are many establishments which could have benefited here, but there are two issues with that - first, the machines would have to be sanitized so there is a guarantee that no confidential information is stored on them (90% of government IT disposals ignore that rule, but the Germans are actually among the best at following it); and second, I am pretty sure that the majority of recipient organisations would say "no thanks, we cannot handle the clean-up" if an organisation said "here you go, have 170 PCs that are infected with a virus, all you have to do is clean the virus off the system", either because the recipient organisation is lazy or because they are a charity/educational institution with little or no available IT expertise.

Re:Damn (1)

NJRoadfan (1254248) | about a year and a half ago | (#43589077)

It only takes a few minutes to wipe a hard drive. No organization is going to donate machines with a working OS install anyway.

Clarifications (due to rampant bullshit here) (5, Informative)

imsabbel (611519) | about a year and a half ago | (#43588715)

This happened in 2010.
Those were old computers.
They already had the money to buy replacements budgeted in their 2010/2011 budget.

So they had to decide to pull the effort the reimage everything for a couple of months, or just buy the new ones early. Buying the new ones early did cost a bit more (30k for all of them), but less then a cleaning would have cost.

The servers, who where not sheduled for replacement, were reimaged just fine.

Re:Clarifications (due to rampant bullshit here) (1)

tibit (1762298) | about a year and a half ago | (#43588793)

I can't quite imagine a business of that size not having a system in place to reimage machines at will. At one place I work we have two dozen machines and I'm well underway in having them all PXE boot into an imager which then either boots the existing image from the hard drive or updates it prior to booting. Once I finish shaking down the test deployment on a few machines, it should be ready to go. Users have had roaming profiles for years now so that's not an issue.

Re:Clarifications (due to rampant bullshit here) (0)

Anonymous Coward | about a year and a half ago | (#43588955)

So all your infected machines are just siting there on the network ready to reinfect the freshly reimaged ones as soon as they reboot? Great plan there.

Re:Clarifications (due to rampant bullshit here) (0)

Anonymous Coward | about a year and a half ago | (#43589067)

So all your infected machines are reimaging at once with a single command from you. Can do that while going away for lunch and have all of them fresh and sparkling by the time you come back.

Re:Clarifications (due to rampant bullshit here) (3, Funny)

Registered Coward v2 (447531) | about a year and a half ago | (#43588921)

This happened in 2010. Those were old computers. They already had the money to buy replacements budgeted in their 2010/2011 budget.

So they had to decide to pull the effort the reimage everything for a couple of months, or just buy the new ones early. Buying the new ones early did cost a bit more (30k for all of them), but less then a cleaning would have cost.

The servers, who where not sheduled for replacement, were reimaged just fine.

This happened in 2010. Those were old computers. They already had the money to buy replacements budgeted in their 2010/2011 budget.

So they had to decide to pull the effort the reimage everything for a couple of months, or just buy the new ones early. Buying the new ones early did cost a bit more (30k for all of them), but less then a cleaning would have cost.

The servers, who where not sheduled for replacement, were reimaged just fine.

How dare you inject reason and facts into a /. arguement? You're supposed to say Windoze Bad Linux Shiney Free and accuse anyone with a different view of being an MS shill or troll. Replacing rather than cleaning is the right thing to do, it would have been more fiscally irresponsible to clean and then replace, and no doubt under German law the old ones were recycled rather than just dumped in the trash.

given that reimaging would involve more than simply pushing out a new image but would need machines to be offline to avoid reinfection, there is also productivity losses and associated costs as well.

Re:Clarifications (due to rampant bullshit here) (1)

gl4ss (559668) | about a year and a half ago | (#43589043)

that's not the problem.

the problem is that they didn't say that the 800 euros for a reimaging fee was bullshit.

conventional means 130,000 Euro (1)

l3v1 (787564) | about a year and a half ago | (#43588725)

"cost of cleaning their desktops and servers by more conventional means to 130,000 Euro"

Whoa, whoa, wait people, I'll clean them for half of that price and still be happy with it.

They'd need to look into more efficient "conventional means".

So thats where they got the idea (1)

Big Hairy Ian (1155547) | about a year and a half ago | (#43588757)

Now I know where our tech support department gets it's strategy from :)

Work NOT Virus (0)

Anonymous Coward | about a year and a half ago | (#43588811)

Dirty fucking frausdster. it is a worm, not a virus.

Imaging + Deep Freeze (0)

Anonymous Coward | about a year and a half ago | (#43588869)

How hard would it be for them to combine some form of SOE imaging with Deep Freeze (Applied via MS' guide to apply same settings via GPO as Deep Freeze is not compatible with 7)? Resilient as fuck to viruses, can run what they need to and if you get a virus just remotely wipe.

Lather, Rinse, Repeat. (2, Interesting)

VortexCortex (1117377) | about a year and a half ago | (#43588961)

There's only so many times you can lather, rinse and repeat in a given time period before someone points out that you're insane.

Some folks might think I'm saying switch to Linux instead of just creating a fresh patch of systems to be virused. Smarter folks would realize that VMs with automated image rollouts would be a much better (and even OS agnostic) investment in the long run.

Is that PC hitting public facing stuff, or does it allow users to bring their own data? Then it should be hosted via VM then unless you're focusing on 3D graphics applications.

Next time they do a Hardware upgrade, you just roll out the VMs again and save virtually all the "support" cost of the rollout. Pays for itself after one or two upgrades. Doubly so if you've got a nasty malware infection since you already have the re-imaging process in place. With hardware supported virtualization standard now, it's kind of dumb to even not be using it...

That's how we treat humans here, so why not... (0)

Anonymous Coward | about a year and a half ago | (#43589035)

computers as well.

We dump people as they don't match certain, arbitrary criteria. So why should we treat machines any better?

Welcome to earth, welcome to reality.

cb

Not the German Ministry of Education (2)

prefec2 (875483) | about a year and a half ago | (#43589037)

The ministry of education of the federal state Mecklenburg-Vorpommern acted in the illustrated way. Mecklenburg-Vorpommern is a small state in the north east of Germany. The central auditing authority of that state (Landesrechnungshof) recalculated the effort and determined that the cost of the early replacement due to a virus infection was too expensive considering the alternatives.

The German ministry of education is placed in Berlin (which is also a federal state having its own minitry of education) and called "Bundersministerium für Bildung und Forschung" (engl. Federal Ministry of Education and Research).

Outrage (0)

Anonymous Coward | about a year and a half ago | (#43589059)

This is the second-wurst thing Germany has ever done!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?