Oregon county dodges viruses

Clackamas County, Ore., had a near miss with some computer viruses a few months ago.

That's when the Sasser virus and a couple of other worms came roaring through the Internet, said Greg Johnson, system administrator for the county.

The county had been using software from LANdesk Software of South Jordan, Utah, for a few years for hardware and software inventory, and had just installed LANdesk Patch Manager 8, Johnson said.

'We had tried Microsoft's patch management service,' Johnson said. 'But we couldn't get a lot of the granular details. And it required a lot of custom Perl scripting,' he said.

With the Microsoft patches, county IT employees had to go on site and fix infected machines, Johnson said. That meant interrupting people's work in the middle of the day to reboot their PCs.

As soon as the county bought the LANdesk patch management tool, the Exploit virus came out.

The virus came out on a Tuesday, Johnson said. By Friday night, the county had about 1,300 machines that needed a patch. 'We caught most of the PCs by early that next week,' he said.

When a user logged into his PC, the policy manager ran a check to see if a patch is installed or not. 'We even caught PCs that weren't turned on,' Johnson said.

When the Sasser virus hit later that same week, Johnson and his team heard grumblings and watched reports on the firewall. 'We found one machine that had tried to be infected, but it was patched, so it got quarantined, with no real infections,' he said.

The county is still working on the process for remote users. 'We have a lot of machines that dial into the county but aren't county maintained,' he said.

Most of the county's PCs run on Microsoft XP and use Microsoft Exchange for e-mail.

A client portion of the LANdesk software sits on the PCs and a server portion sits on the server back end. 'Microsoft released different versions of its patches for different operating systems. We had to figure out which patch was for which machine,' Johnson said. 'The nice part is that LANdesk handles security permissions for us.'

About the Author

Trudy Walsh is a senior writer for GCN.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected