back to article PC virus forces three London hospitals into computer shutdown

Three London Hospitals shut down their computer systems on Tuesday in response to a computer virus infection. Infection by the Mytob worm sparked the emergency response, involving St Bartholomew's (Barts) the Royal London Hospital in Whitechapel and The London Chest Hospital in Bethnal Green. The three hospitals are members of …

COMMENTS

This topic is closed for new posts.
  1. Gavin
    Thumb Down

    Patients with concerns...

    > Patients with concerns about their appointment are advised to contact the Trust on?

    What about patients with concerns for their Medical Records?

  2. RW
    Gates Horns

    Windows in critical functions?

    Surely you jest.

    MS's attempts to propagandize otherwise notwithstanding, Windows was originally designed for single-user standalone machines (no network connection), with heavy lashings of "home use". The heavy burden of legacy attitudes and design principles at MS means that Windows, even dear Vista, has not, and cannot, break free from these implicit constraints.

    Linux may not be the answer, but Windows is definitely not the answer.

    Old news to El Reg regulars.

  3. Justin Case

    BFOH required

    And the public humiliation of the (l)user who introduced the infection... public stocks or stoning maybe.

  4. Anonymous Coward
    Happy

    Oh my god!!

    What platform is that on? I had better check my systems immediately.

    Thank feck for that. Linux is safe and I can sleep well tonight. My systems can stay online after all.

  5. Anonymous Coward
    Linux

    mission critical should not use windows

    How long must we all put up with such mediocrity in approaches to systems that are important.

    Windows should have no place in a system where any virus is unacceptable.

    This is a case where 'I want it like my computer at home' should have been struck from the specification.

    .... and of course.... linuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinux

    linuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinux

    linuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinux

    linuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinuxlinux

  6. Neil
    Coat

    Great

    Not even the computers are immune to MRSA.

  7. Conrad Longmore
    Black Helicopters

    Mytob? Really?

    Hit by a virus from 2005? Really? They must have some seriously crappy security if they're not protected against something THAT old.

  8. Anonymous Coward
    Unhappy

    Why the hell...

    Are they using Windows in what is basically a critical environment... even Microsoft say that it shouldn't be used.

    Even if they have to because their software can't run on anything else, you have to ask just how a virus got onto their systems and was allowed to spread. And if a virus can get ON to their system then data surely can get OFF which is a bit worrying.... would you trust them with your confidential data?

    I trust there will be a full investigation and their head of IT does the decent thing and falls on their MRSA infected sharp.

  9. Dunstan Vavasour

    Suitability of platforms

    The issue here is not just that they were so badly affected by a virus which was introduced into their network. It's that datacentre systems which are essential to providing services have to run AV software at all.

  10. yeah, right.

    Secure?

    Hospitals and other such institutions should be forced to use systems that can be secured properly. Last I checked, Microsoft systems don't really do well in that department. They're OK for trivial tasks, but to run a hospital with them strikes me as irresponsible.

  11. Sam

    You are kidding me

    Mytob? That's three years old! WTF?

  12. Anonymous Coward
    Jobs Horns

    This just makes me mad...

    If the IT infrastructure is run correctly, it shouldn't be possible for a virus to get in let alone spread. The complete IT department (starting at the top) should be sacked.

    PS, I’m currently looking for work; so if they want a new IT manager, I’ll do the job for £1,000 a year less than they are paying the current Muppet.

  13. Tony W

    Didn't they update their AV?

    This worm is 3 years old.

  14. Anonymous Coward
    Flame

    Why not install a penguin?

    Become secure, stable AND save money on all those license fees!

    Oh, I forgot, the Linux community probably doesn't bung wads of cash to the correct people.

  15. Lee
    IT Angle

    Is this the Mytob worm first found in 2005?

    Seems that they've skipped a virus signature file or 13'000.......

    Glad my health is in someone else's hands...

    Where's the IT angle - because this is just plain dumb.

  16. Peter Jones

    Waaaah Linux....Waaaaah

    Virus writers will code for the platform with high market penetration. Nobody bothers to steal clown shoes, because there is little market for them.

    Until there is a unified, non-tech friendly GUI, Linux will have few non-technical advocates. Nobody wants to have to code their own drivers, unless they are the basement-dwelling furry-toothed zealots such as those above.

    If, by some sheer miracle, Linux was widely adopted, then it would be plagued by the same propensity for viruses and malicious attacks. (Success/failure rates would then come down to better/worse coding, rather than market share/attack rates)

    Wipe that smug grin off your face, nobody wants your clown shoes. Go make it usable for the majority of the computer-using population of the planet, then we'll talk.

  17. Neil Greatorex
    Stop

    Windows for Warships

    In the light of this, would it not be prudent for the MoD to reconsider the use of this toy O/S also?

    Windows, networking aside, in all its incarnations, is as stable as a two-legged cow. To use it in "mission critical" situations should be a criminal offence.

  18. Nic Brough
    Thumb Down

    and as a sidebar

    this is absolute proof that there are too many managers with too many dumb ideas running hospitals.

    Unlike many, I honestly don't care if a home, or even office user wants to use Windows for their own stuff, as long as that stuff can't hurt me. But there is no way on this planet that I can trust anyone who thinks that Windows is acceptable in hospitals with my medical information, let alone running the place.

    When are the managers being sacked? And the manager/director/minister who bought Windows?

  19. A J Stiles
    Flame

    Bloody typical and inexcusable

    How much taxpayer's money is being pissed up against some wall in Redmond, buying Microsoft software for NHS computers? Why the fuck isn't **our** hard-earned being spent on developing Open Source solutions for the NHS?

    This would create local jobs for local programmers, who in turn pay local taxes, shop at local stores, eat in local restaurants, visit local tourist attractions with their friends and families, and contribute to local good causes; thus ensuring that money remains within the local economy.

    And we could have the default paper size being A4, the time in VCR notation, and words such as "colour", "sulphate", "labour" and "manoeuvre" spelt properly as well :)

  20. Flocke Kroes Silver badge

    What is a PC virus?

    A computer virus is a modification to a program that among other things modifies other programs to include the virus. Viruses are spread when infected programs are moved from one computer to another such as by removable media or a shared filesystem.

    A PC virus would be one that can infect any PC. The software common to all PC's would be the BIOS. A boot sector virus could potentially infect any PC. In practice, people rarely boot from removable media, and it is not difficult to spot or prevent changes to the boot sector of a fixed disk.

    Mytob is a worm - it does not spread by modifying programs. Instead, it emails itself to vulnerable machines. The list of vulnerable systems is: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP.

    Can the register please call this thing a Windows Worm. It will be accurate, irritate some iTards, please the Penguinistas and annoy the Windozians.

  21. Anonymous John
    Coat

    The infection at Barts and London Trust was reportedly caused by the Mytob worm,

    Click on that link in that sentence, and the story has a link back to The Register story.

    We seem to be stuck in a temporal loop here. With no idea who first reported the story.

    Mine's the Dr Who outfit.

  22. robert
    Gates Horns

    When will people learn...

    If you have a critical system, you simply cannot afford to use windows - In fact, I would go so far as to say you really need a custom OS - It doesn't have to be built from scratch as there are plenty of good kernels available, but it should be lightweight and it should be designed to do the task at hand, not general purpose.

  23. Anonymous Coward
    Coat

    Call me picky here but

    faced with the conflicting priorities of "fixing the NHS computer systems so they can avoid or withstand significant DDoS or virus attack" or "investing in a National ID Database" Einstein's and Rocket Scientist should not need to be asked, I feel.

    But, then again, what do I know? I'm only a taxpaying NHS patient who's personal information is daily put at risk by Numpties and other un-civil servants who have "New Technologies" thrust upon them by cretins who evidently couldn't implement a system when paid very handsomely to do so.

    Mine's the one with the empty wallet.

  24. Anonymous Coward
    Linux

    Windaz Monkeys

    Point,click, point, click, click EBOLA !

    The dummies should have used SELinux, as a tax payer why am I being charged the earth to stick a heap of crap OS in my local hospital when there are better free alternatives at lazy and incompetent MCSE IT managers disposal ?

    Oh and before any Windaz zombies flame me, nananana !

    PS Bills' boys are you surfing with full admin rights ? Look out syphilis at 10 o'cock !

  25. Anonymous Coward
    Coat

    And could you say *why* Linux is not the answer?!?!

    Running Linux, FreeBSD and OpenBSD (different distributions) on all machines at home. Never had an issue with malware, viruses or such. Why should a hospital, that deals with patient data (privacy, security, right?) have to *pay money* to get a crappy product that is a big hassle to maintain?!? A poor friend who is a Windows sysadmin confessed once that it him longer to install and patch Windows that it took malware to infect the OS :-)) System installed "out there in the open" - big mistake he never repeated! Not an issue with Unix-es, that come secure, with mostly all turned off... Doctors, pack and go!

  26. David Eddleman
    Thumb Up

    Re: Peter Jones

    Gee, didn't *I* say the same thing about the iPhone before it came out? Hyped and hyped and hyped...and HOLY SH*T IT'S BEEN HACKED.

    If you're going to deliberately do damage, you're going to cluster-bomb, not make surgical strikes.

  27. Anonymous Coward
    Flame

    Common all over the NHS

    Sadly my local trust (cough *tayside* cough) use XP and write usernames and below "no password required" on whiteboards above said networked machines in areas visible to patients, cleaners, contractors etc.

    Also they still use paper for outpatient appointments despite having implemented electronic records in GP practices. Which they regularly lose, and claim there is a "known issue" which is being "evaluated" for over 2 years now since I first complained.

    But then again what do I know? I'm only an IT grad, unlike their entire IT staff who seem to be made up of relocated cleaners, receptionists, back to work mums who claim to "know a lot about computers" and other assorted untrained twits.

    If it wasnt so likely to cause serious harm to patients it would be laughable, as it stands its bloody dangerous as is the refusal of senior medics to use a product called soap! they all seem to think a few drops of water on the finger tips works just as well *rolls eyes*

  28. Anonymous Coward
    Alert

    Sterile environment

    How about not allowing any internet access on the hospital intranet and limiting disk access for usb mass storage/cd/dvd/floppies, I mean these guys should know how to keep things sterile it's thier damn job to.

  29. alain williams Silver badge

    The muppets who put up MS Windows should be named

    just to ensure that no other organisation suffers the misfortune of employing them. Add Peter Jones above to the list - he is touting MS inspired FUD. Just how anyone could put something that is life critical on top of MS Windows beggars belief - it is not fit for anything critical.

    This sort of thing is entirely predictable, pretending that it is unfortunate is not an acceptable excuse.

    Do you think that they will have a case for financial redress from Redmond ? - Not a chance!

  30. Chris C

    Idiots and retards

    Idiots and retards...

    And no, I'm not talking about the hospital workers. I'm talking about most of you posting comments. I do so love it when clueless morons try to push their religion, political agenda, choice of OS, whatever onto other people for no reason other than to make themselves feel superior.

    Let's play a game, boys and girls...Don't worry, it's a real quick one.

    1. Windows should not be used in mission-critical, life-and-death situations? OK, I'll accept that, and I'll agree with it. But what would you suggest? You'll see the same exact disclaimer on virtually any product, from your precious Linux all the way down to your APC UPS. So what desktop operating system *IS* allowed for use in mission-critical, life-and-death situations?

    2. What medical software is available for your preferred OS? Did you think that maybe, just maybe, hospitals use Windows for most of the their desktop systems because that's what the software is written for? And don't even try the "but if they used Linux, then people would write the software for Linux!" argument, because the software needs to be in place (and stable) *BEFORE* they switch. Otherwise the switch is kind of pointless, isn't it?

    Game over. Those who passed can go to the next round. The rest of you can go back down to your Mom's basement and wonder why nobody likes you (except, of course, your friends in Sadville).

    And for those who think I'm trolling, I'm not. I hate Microsoft as much as the rest of you. I think it's an extremely bad decision to use it in critical situations. Hell, most of the time, I think it's a bad decision to use it at all, in any situation. But I live in reality where choices have to be made and you have to select the best tool for the job. Like it or not, at the present moment for most companies, that's Windows, simply because the industry-specific software hasn't been made available yet for other OSes.

  31. Stuart

    Single Point of Failure

    Hospitals should be the first to realise that diversity is a great (the only real) protection against a virus. If the desktop is merely the client - then why is there not a mix of Linux & Windows? Neither is perfect but they are not going to fail at the same time. Too many eggs methinks.

  32. Ron Eve

    @Flocke Kroes

    "Can the register please call this thing a Windows Worm. It will be accurate, irritate some iTards, please the Penguinistas and annoy the Windozians."

    Nice one....All three.

  33. Anonymous Coward
    Paris Hilton

    @Mike JVX

    Strangely, the last major virus outbreak I witnessed (it happened while I was on a client's site, and no it wasn't my fault) was presided over by an IT department filled with highly qualified IT graduates who knew jack sh*t about computers in the real world but had excellent CVs. They had to employ an outside consultant to find and fix the problems.

    Still, the university education ensured they could make the report look lovely with loads of very nice diagrams and buzz words like 'best practice'. As a bonus, some of it was even spelled correctly.

  34. Andy Capp

    Virus Protection

    How is it that this hospital is not protected from risk that are 3 years old?

  35. Anonymous Coward
    Alert

    You can't really blame MS for this one

    I'm no Windows fanboi, but you can't blame Windows for this (at least not totally) Didn't anyone hear of PATCHING these systems? AV software? There's no reason that a several-years-old virus infection should turn into an 'epidemic' like this. Probably the affected hospitals either have lazy IT staff or perhaps they got rid of most of them for budget reasons? After all, everything's running and IT staff is just sitting around looking bored--they must not do anything--get rid of them! I hope they follow better procedures medically at least...

  36. Geoff Mackenzie

    @Peter Jones

    "Virus writers will code for the platform with high market penetration. Nobody bothers to steal clown shoes, because there is little market for them."

    Ancient myth. There are plenty of Linux boxes out there (Apache is the majority web server platform after all, and has been for some time, often on Linux). The fact that there are more Windows machines (and certainly more with incompetent administrators) is only part of the reason Windows is more prone to this sort of thing.

    "Until there is a unified, non-tech friendly GUI, Linux will have few non-technical advocates. Nobody wants to have to code their own drivers, unless they are the basement-dwelling furry-toothed zealots such as those above."

    I have never coded my own driver - and haven't you heard of GNOME?

    "Wipe that smug grin off your face, nobody wants your clown shoes. Go make it usable for the majority of the computer-using population of the planet, then we'll talk."

    The way you talk makes it plain that you haven't tried Linux in a while. I suggest you have a play with Ubuntu's latest release - you can boot it from a Live CD without installing - and then we'll talk.

  37. Anonymous Coward
    Stop

    Admin equivalent rights

    If you give users admin equivalent rights then these infections will always happen. This worm copies itself to system32 on an NT/2K/XP machine BUT only if you have admin rights.

  38. Jason DePriest
    Unhappy

    I have your title right here

    If only they had been running OS/2 Warp, this wouldn't have happened.

  39. Anonymous Coward
    Anonymous Coward

    Virus writers do write for the target

    some can create polymorphic as well, but it is harder to pull off.

    Yeah, the ramen worm-virus was one of the early nods that RedHat had a number of server installations - which got some home users as well :)

    But, I notice some have been using this idea to try and claim that unix is somehow not more secure than windows, to that I just chortle. Unix systems are attacked all the time, and primarily because most of the source code is available, but the attacks tend to be done by benevolent people who will release the exploit along with notification to upstream who patch or update appropriately.

    The windows lot keep their exploits and use them for commercial cracking far more than the unix groups, and unix has far better security tools in place. And, the user base tend to upgrade all the time, most use a rolling release distro.

    As the to the netbook linux lot, well a lot don't upgrade and if they grow in size you will see more unix style viruses.

    The myth was that unix is inherently secure, no one in the know ever says that, they just say unix is more secure than windows and there are hardly any viruses.

    And even if Linux say got 50% market share, the systems tend to be more diverse each kernel is different in many cases, so unlike windows where due to conformity it offers more compromises for your buck. So windows at 40%, Llinux 50% you will still be looking at the Linux split, say 30% Ubuntu the aim would go there.

    Oh and virus, worm, trojan definitions don't go there - it is just malware there are no rules.

    Anti-virus was just a better marketing term than anti-malware. Each definition sort of identifies a subset of operation but it is never clear cut, primarily because data can be made into code and vice versa.

  40. Anonymous Coward
    Coat

    Public vs Private Sector

    I used to work in NHS IT, I can tell you what the problem is here.

    Money, or more likely, distinct lack of it. The government puts targets and restrictions on how much they can spend, but the competition with the private sector means the balance of pay is just bollocks.

    They pay their consultants and surgeons shedloads of money, at the expense of the salaries of the staff in the IT department. I know that the IT director of a large chunk of a specific part of the NHS gets paid about 15K less than the same job if he was working in the private sector, for example. And when people realise that they can get better elsewhere, they move on. Staff turnover tended to be rife.

    The other thing is that certain chunks of the NHS get their software for free (or subsidised) - when I worked for a part of the NHS in Scotland we got shedloads of free software from people like Novell and Microsoft, so why would you install Linux when you get Windows and Office for free?

    WIth such a small amount of IT staff supporting a large number of users, you have to install the most common and easily worked OS, and unfortunately for most people that means Windows.

    There is no excuse, though. All the email scanning firms (such as Messagelabs) and web scanning firms (such as Scansafe) are available for use on the NHS Internet, alongside a corporate AV licence (isn't it Sophos inside the NHS?).

    What's the betting that they've outsourced the IT department at these hospitals......??

    Mines the one with the really old Celeron CPU in the Siemens Nixdorf laptop in the pocket.

  41. Anonymous Coward
    Anonymous Coward

    I have...

    This has got fuck all to do with using Windows, but everything to do with using Windows *wrongly*

    1. Not patching it

    2. Clicking on every stupid link and doing whatever the malware tells the user to do

    3. Letting users run as admins.

    If Linux users were routinely left to run as Root, how long do you think it would be before there'd be more Linux bots than you could shake a stick at?

    Plenty of failings here, but frankly they lie at the Hospitals' doors, not MS' this time. And before you assume the IT dept should be sacked, what's the odds that they've been pointing out the above failings, and explaining the possible consequences, for years and been brushed off by senior management, whose mantra is "It Won't Happen Really".

  42. Anonymous Coward
    Anonymous Coward

    Further to my last

    I read on McAfee: "When the attachment is run, the virus copies itself to the WINDOWS SYSTEM directory (typically c:\windows\system32) as wfdmgr.exe . Registry keys are created to load this file at startup:

    * HKEY_CURRENT_USER\Software\Microsoft\Windows\

    CurrentVersion\Run "LSA" = wfdmgr.exe

    * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\

    CurrentVersion\Run "LSA" = wfdmgr.exe

    * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\

    RunServices "LSA" = wfdmgr.exe

    "

    Translation - it can only infect a machine if you're running with elevated rights. Too much clinical software assumes the user has elevated rights. This is why I get so annoyed with useless vendors who make this assumption. I'm glad to say this couldn't happen on a network I administer, not because it's Linux, but because I let users run as admins over my dead body.

  43. Anonymous Coward
    Anonymous Coward

    Open system?

    How did the virus get in? An email attachment? Shouldn't hospital systems be completely closed?

    Perhaps they should treat the computer network as a restricted network and stop attachments being transmitted without being vetted in some way, or use a propriety communications protocol other than email so that it can't propagate viruses.

    It's very worrying when such critical systems are clearly vulnerable to this kind of problem.

    I guess the real issue here is that everybody wants to use solutions based on Windows, the Internet, and standardised communication applications such as email to save cost.

  44. Ray Miles

    rayamailes

    This have nothing to do with the OS and everything to do with the muppets running the system. If the desktops were properly locked down, and the users had the correct level of access none this would not have happend. Over the last ten years or so I have worked on mission critical networks with over 5000 Windows PC and have NEVER had any issues with viruses or malware.

    Yes a Windows based network is easy to setup badly, but its also piss easy to setup well. Using some obscure minority OS which does not work with the mountain of lagacy systems being used out there in the real world is not the solution.

  45. Anonymous Coward
    Anonymous Coward

    Mytob virus

    Mytob may have been around for years, but virus writers update their code too. This is probably a variant of the old code rather than the same one from before. Expecting it to be the same code as three years ago is like saying "You use Windows! But that's 25 years old!". This is the latest generation of the Mytob family. That said a decent AV should still recognise the virus from its behaviour or from the similarity of the code, so more of an explanation than an excuse.

  46. Anonymous Coward
    Anonymous Coward

    I used to write hospital PAS systems

    back in the Netware/DOS days. We got into trouble with other health care centres because updated our systems to new data requirements long before those locked into turnkey systems could get patched up.

    We were just beginning to link up to the separate imaging systems to ward could see digital images (CAT, MRI, etc) through an image viewer and also squirting data into a separate pathology system.

    Further we used thin client PC's usually crammed onto the end of desk, no room for a mouse, had a form of instant messaging and locked down public terminals so staff would need to scan a bar code from their badges to access systems.

    Users were locked into a menu at login and could only access the apps they needed for their jobs. We in IT controlled access to the apps and the app owners applied permissions within the app.

    Oh and the web was only just starting and no access was given to the 'net. We accessed it via a secure link through the attached hospital. General users neither had nor needed it.

  47. Anonymous Coward
    Linux

    @AC

    Quote "This has got fuck all to do with using Windows, but everything to do with using Windows *wrongly*"

    Your talking total rubbish, windows lets you do this out of the box but with Linux it's a no no unless you elevate your privileges by intent. M$ is making some half arsed attempts to copy the Unix security model using UAC, but it's all still underpinned by a lot of poorly written W32 legacy code in the kernel which quite frankly should have been binned. They had long enough to sort it between xp and Vista's release but were more concerned with adding extra DRM and anti-piracy measures than focusing on the OS of tomorrow.

  48. Moss Icely Spaceport
    Dead Vulture

    Infected hospital infection shock

    If an institution IS going to become infected, what better than a hospital?

  49. Anonymous Coward
    Anonymous Coward

    Same old questions, same old answers

    'so why would you install Linux when you get Windows and Office for free?'

    Because a free pig with lipstick is still a pig with lipstick.

    'If Linux users were routinely left to run as Root, how long do you think it would be before there'd be more Linux bots than you could shake a stick at?'

    Thats the whole point, a great deal of care is taken in the design of the OS to make sure that root privileges are not needed to run user software. Unlike MS systems I have managed, when, yes, we had to run as Administrator otherwise the software wouldn't work.

  50. Anonymous Coward
    Stop

    @ AC

    Actually the point I was making wasnt about real world / theoretical knowledge / experience, it was more about zero experience vs any experience.

    Thing is, what I have noticed is that those who can talk the talk and come from "the right background" land on their feet all the time, despite being hopeless; come from any other background and your up against it.

    FYI I didnt do the last year of my course as it was rapidly turning into a joke, 95% of the course was Java as a successor to the domination of C++. Everything else was just a half hearted tack on. This from an "old university"

    So I left and did a lot of travelling and gained knowledge and experience "in the real world" doing a lot of diff jobs.

    Come back here and get told "well its not british experience...so you might as well have not bothered, oh and you dont have a first...or a masters" and this for menial low level IT work.

    Big surprise emigration is going wholesale, companies and public bodies dont have a clue and would rather pay over the head for consultants than train people properly. But then that doesnt seem sophisticated does it?

    *apologies for the rant folks, im sick as hell and work wont let me have the time off so im kinda hacked off*

  51. Anonymous Coward
    Flame

    Follow the money

    Government gateway, connecting for health, you name it, if it's a failed .gov.uk project it'll have had Microsoft or one of their "business partners" right in the middle. One day, people will spot that it's not just correlation, it's cause and effect. But why? Lobbying. Money. Consultancies. Money. Bliar Money. And now Mandelson again. Money.

    Work it out. Follow the money. You know it makes cents.

  52. Anonymous Coward
    Anonymous Coward

    @You can't really blame MS for this one

    Obligatory car equivalent: "but that's just silly! EVERYONE knows you have to buy brakes after you buy a car".

    Yes you can blame MS (and should). The very fact that AV software is needed is an issue. AV is there to paper over the vast structural cracks in Windows that don't exist in other platforms, and the vast resource drain caused by patching ad infinitum and twice daily virus upgrades is something that is always "accidentally" omitted when one talks about true TCO (also license management costs to keep FAST from playing its games rarely feature).

    I'm with you on the need for patching, but that's not enough in the Windows world, and that's why everyone hates it so much.

    I wish I could code myself, because I'd start on an API equivalent of Outlook and Exchange. THAT is what ties people to MS. Office 2007 and Vista have done a lot to drag people away from the addiction, but without halfway decent calendaring they'll come back..

  53. Zygote
    IT Angle

    What a disgrace

    This worm is so old and so well known anyone with their eyes open could have seen it squeezing its way down the Hospitals' CAT5 cables.

  54. Gianni Straniero

    Vulnerability from beyond the grave

    Oh dear oh dear. The worm spreads through a backdoor that was closed by MS04-011. So they haven't patched for 4 years? Either that, or every damned medic/nurse in the Trust opened a dodgy email.

  55. Kradorex Xeron

    Windows vs Unix-based

    To everybody advocating $OS_OF_PREFERENCE: You're advocating for the wrong reasons, let's analyse:

    Most Windows software is coded by programmers that assume if it works on their machines in which they have admin privledges, it will work on all environments. Thus users have to have admin privs in order to use that said software.

    It's not Microsoft (or Windows) at fault here, it's the vendors that push programs that force that privliledged access that their programs "need" due to lazy programming.

  56. Simon Neill

    My god....

    There are a lot of weird correlations flying around here. "Software vendors write crappy software that requires administrator access, therefore MS suck" what? no, the vendors suck.

    "Windows is insecure" Well, I've been running a windows domain here for 3 years and the only viruses I have EVER seen are caught in the temporary internet files and never spread. Its simple, no user (other than me) is admin, no user has access to ANY drive other than their user area.

    Strikes me that if you end up NEEDING people to run as admin then let them run attachments from e-mails it really doesn't matter what OS you use. The difference between having to deliberately allow access in *nix and having to deny it in win really is irrelevant. Its not like patching is a hassle, automatic updates and WSUS server, jobs done.

    "....but it's all still underpinned by a lot of poorly written W32 legacy code in the kernel which quite frankly should have been binned." perhaps, but then what would all the apps that rely on that code do?

  57. Anonymous Coward
    Anonymous Coward

    hmm..

    Clearly there is little contemporary knowledge of the NHS in these comments. Many manufacturers of specialist and / or unique medical equipment provide platforms that may not be internet connected, but have very possibily become corrupted through the insertion of infected files / USB's / etc. Often these systems are delibrately off-network to minimise risk : albeit at the risk of infection due to a lack of virus patching.

  58. Anonymous Coward
    Anonymous Coward

    @AC

    I'm not talking rubbish at all (and I know the difference between "your" and "you're", seeing as we're in insult trading mode). A Windows domain, by default, (which is the only configuration you should be considering in this sort of environment) grants ordinary users user rights *only* to workstations. The admins have to go out of their way to make it otherwise, by putting the domain\domain users group into local administrators. Or (and I've seen it done by particularly stupid suppliers), domain\domain admins.

    On a standalone, Vista is the same as Ubuntu - the first user you create has *potentially* elevated permissions, which can be accessed via UAC (windows) or sudo (Ubuntu). Yeah, XP had it wrong there. We all know that.

    Fortunately, the number of apps which require the user to be admin is decreasing, but the cause is lazy coding by developers who don't test their products properly. The NHS could resove its problems in this regard simply by refusing to sign off any such software.

  59. Anonymous Coward
    Anonymous Coward

    erm....

    group policy.

    restricted groups

    right-click, 'new'.

    builtin\administrators

    Add domain admins.

    link to domain.

    no admin rights!

    yeeeeehaaaaaaawwwwww!

  60. Anonymous Coward
    Anonymous Coward

    @AC 1108

    Err, Windows does not come attached to a domain out of the box, therefore this is a configuration error on the part of the person setting up the user account in the domain (or possibly the person who specified how the account should be setup.) If they are logging on locally, it's also a configuration error in a domain environment. Therefore, it's a configuration error and nothing to do with how Windows is installed out of the box.

    As a further note, it is highly unlikely that they are using an out of the box setup for Windows, rather some sort of automated build will be used, again any error is on the part of the people designing the automated build, not Windows itself.

  61. Juillen

    The NHS and computing..

    All these comments running rife about what NHS sysadmins should do, and why they all 'fail'.

    Take into account:

    1) Medical systems (not embedded clinical devices; just the ones you punch info into) are developed externally to the hospitals. These are almost invariably Windows based. So Windows must be brought in. Historically, most of the apps are windows only, so Windows is the primary OS in most hospitals.

    2) Due to the nature of budgeting, and the fact that the whole place is clinically focussed, budget cuts tend to hit IT hard (HR get to make the cull, so don't choose their own, Finance hold the purse strings so they don't get hit, which leaves medical areas, where consultants complain, or IT. Oops).

    3) When everything is not failing, hospitals tend to assume that all is good because it's not failing (or at least not inconveniencing enough people by the failures to really make an impact on them). If all is good, then IT is fully staffed or overstaffed (making IT a big budget cut target again).

    4) You tend to find in a lot of places there are either 1, perhaps 2 sysadmins for a site. This site can be about 4-5000 people all in, with a couple of hundred different servers, including mail, database, firewall, application, web, mix of above, departmental oddities etc. Some of which IT run, some of which IT aren't allowed to touch.

    5) There is no budget for the commercial tools for IDS/IPS, wider management, Database management etc. This means you're running on the 'out of the box' tools only.

    6) Sysadmins are expected to meet vendors and approve/veto apps brought in (unless overriden by the departments when consultants complain), create security tools, create monitoring tools, administer servers, commission servers, handle daily maintenance, monitor servers, create reports, consult with users and departments about the way data can be used, perform and test backups on servers, develop, report, get called into meetings, fix minor issues, test and develop networks.. You get the picture. One or two people handling that level of work? It's a case of pick which of the list you want, the rest will fail. Except nobody will choose as it all needs to happen.

    So, in overview, you have a very few, very overworked people in IT that are ignored largely when all works. When it fails, everyone seems to point that direction and call 'em muppets because they can't do everything with the very limited resources available, and call for sacking, which would result in the exact same number of people hired to do the job that the previous ones didn't have resource to do, and without knowledge of the systems there. Which would be a worse situation.

    Solution? Fund the IT department properly. However, hospitals have limited funds (and the funds for any task are annually shrunk by 3% due to the governmentally imposed "yearly efficiency gains" rules). This means something else has to go. So do you take money from Facilites (which can end in air filters not getting cleaned, resulting in bacterial infections killing people, or not enough cleaners, results as previous), from Clinical (so people are even more rushed, resulting in more problems on the front line), or where?

    Yes, there are solutions, but it really does mean more NHS funds. Which means a bigger tax burden to fund it (or less Gvt. pork spending elsewhere, but more likely a tax increase), and nobody wants a higher tax.

    Reducing the targets culture would go a long way to freeing up money inside the NHS (as the amount of juggling that needs to be done in hospitals to meet these targets is horrendous). But that will mean longer waits, which irritate people.

    Running tech is a fine balancing act between money, keeping users happy and keeping users secure. If any of that is wrong, the rest of it goes to pot very quickly.

  62. Anonymous Coward
    Anonymous Coward

    @Fraser

    What did you expect? The Linux fanbois on here invariably show that they actually know bugger all about Windows in a corporate environment. This is why they don't realise why the lack of Linux equivalents to AD, group policy, SMS, integrated login to e.g. SQL Server and so on which are available for a Windows domain are (a) in many instances more than compensation for Windows' faults, which those of us who manage Windows systems are by nature even more aware of than they are, and (b) absolute show-stoppers for migration.

    I've issued this challenge to the Linux community before on here. Please free me from Redmond. Write a NOS which can do what Windows domains do, including group policy. Write an open source equivalent for SMS which allows me to manage Linux desktops. And make it work without hours spent compiling binaries only to find I've created a new dependency. Give Linux the functionality of Windows _in a domain environment_ and we'll all save £££ by moving to it.

    My suspicion is that these tools don't exist because they're antithetical to the Linux philosophy - Linux users don't _want_ and administrator hiding system tools, pushing software to them, configuring their database connections and so on, so they don't write the tools. But this is the indispensible backbone of a corporate network, and it is why Windows and AD dominate. Not because Windows sysadmins are twerps (the fanboi conclusion), but because there is no alternative.

  63. Anonymous Coward
    Thumb Up

    @ Juillen

    Most informed comment of the thread.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019