Curiosity killed the kilobyte
These situations can vary, but have the common denominator of a user experimenting with something he knows is dangerous … and not watching what he’s doing. P. A. Dunkin relates a situation that, surprisingly, I’ve encountered myself. (Mr. Dunkin declined his family’s donut fortune in favor of becoming a sys admin for a software engineering firm.)
After a recent virus outbreak, a curious engineer decided to crack open a sample of the virus to “see what made it tick.” But instead of doing this on a PC that wasn’t connected to the LAN or even one using an operating system immune to the virus, he did neither and promptly reinfected the network.
Dunkin’s user had the good sense to come forward immediately -- the guy I had experience with didn’t even realize what he’d done so we didn’t detect the new infection until anti-virus software caught it.
Solution: For me, it was multiple areas of virus detection, both server and client. Nowadays you can even get this at the infrastructure layer and I highly recommend it. Just because a virus is killed once doesn’t mean it can’t get resurrected.
Moral: Dunkin says his users learned from the experience -- the advantage of having geek users. For many of us, however, his subsequent strategy is applicable: “I maintain an open-door anti-virus policy: No question about viruses is stupid, ever; and any time I have to send out a warning about an especially dangerous threat, I include an offer to help set up whatever measures are required, reminding them that it takes much less time to prevent an infection than to clean up after one.”
You can clean your server till it sparkles, but users can still find ways to abuse them -- especially on the storage front, as reader Yan Fortin relates. Fortin was having such a boring day, he was actually browsing his firewall logs simply for something to do (I hit Playboy.com in that situation, but to each his own). Suddenly, he received a user call that network file access was being denied. Another call prompted him to put down his fascinating log reading and do a little investigating.
“Lo and behold, I had five e-mails warning me that the free space on the F: network share was getting dangerously low. Unfortunately for me, I had turned off the Windows Messenger Service on my workstation, so I couldn’t receive any warning that way. Shame on me.” Indeed.
Fortin searched the drive for every file bigger than 50MB and stumbled upon a marketing user who was copying approximately 30 150MB TIFF files from a DVD to the network. “I called her to inform her that I would delete all her [expletive deleted] files, and did so right after.” Crisis over.
Solution: Fortin purchased additional hard disk space for the server right after this incident and also had a firm talk with the user about the relatively finite nature of server disk space.
Moral: Explaining things to inexperienced or even tech-phobic users may be a pain in the posterior, but it sure can save you time, trouble, and screaming managers in the long run.