If your computers become infected by malware, do you simply chuck them on the garbage heap and buy a new one?
I hope your answer would be no. After all, most malware infections can either be removed by decent anti-virus tools, or infected drives can be wiped clean and restored from a recent backup.
There really should be no need to dump the hardware entirely.
And yet, it has come to light that after computers at German teacher training institutes in Schwerin, Rostock and Greifswald became infected with the notorious Conficker worm in September 2010, 170 of them were disposed of and replaced with new equipment at the taxpayers’ expense.
In all, the replacement of the infected computers (some of which were considered brand new), and subsequent restoration of data, cost 187,300 Euros.
The vast bulk of the cost was not spent resinstalling the hard drive images, but on purchasing new PCs. Ouch! I just hope that they securely wiped the computers they were chucking away.
An official report has revealed that the affected organisations did not have an up-to-date IT security policy, and that the the teacher training insitutes were not following it anyway.
More details are revealed on page 154 of a report [PDF] by auditors at the State of Mecklenburg Vorpommern.
According to the report, “it remains unclear if the anti-virus product had some issues, or if the outbreak was caused by technical or human failure”.
Just one employee at the Ministry of Education in Schwerin, Germany, was dealing with the Conficker outbreak, and there was heavy reliance upon external companies to backup and restore data, and install software on the new computers.
In my opinion, it seems likely that a decent anti-virus and backup protocol could have reduced the chances of German taxpayers being stung with this unnecessary bill.
After all, there are numerous free anti-virus tools available which can disinfect the Conficker malware, and even if there were difficulties their friendly anti-virus vendor (if they were using a product at all) would surely have assisted.Follow @gcluley
Thanks to SophosLabs expert Dirk Kollberg for his assistance with this article.