Leave for Change Mandate
Warning: Long post, no pictures and some technical information.
Leave for Change volunteers have a mandate in their host countries. Mine is to address some of the technical issues at TOCaDI. Also, I am attempting to pass along some of what I’m doing in order for a member of the local staff (or the next volunteer) to have a better understanding of their infrastructure and what I’ve done to address some of the concerns.
From the looks of it, TOCaDI is actually an amalgamation of a number of NGO’s. There are workstations used by people in the field, in partner organizations and personally. The mandate originally stated around 10-12 workstations but it is nearing 20 and more are popping-up every day. Not only that, as resident IT person, I am also involved in troubleshooting internet connectivity issues, printing, DVD/media playback, document scanning and user training.
I’m not complaining as the work is not terribly complicated (except for some of the viruses) and it is what I’m here for. My main concern is that It is a lot to handle in such a short time frame and still meet the existing mandate.
Internet
Unless you came abundantly prepared, without access to the internet this would be a near herculean task. Thankfully, the organization has satellite internet. However, it is still nowhere near the speeds available in North America (specifically Humber) and there is an antenna alignment issue which makes connectivity a bit spotty in the afternoons.
Downloading a single service pack takes about 2 days with stops and starts. I haven’t even bothered trying to download anything larger.
Updating Windows takes the longest amount of time. The size of Windows updates has always bothered me but, without access to a much faster internet connection, it is not just a frustration but nearly impossible. Out of the 20 workstations, I have only managed to update 4 of them completely. I’ve resorted to simply bringing them up to SP3 for XP and SP2 for Vista and leave it at that.
As for the office, there are only three cable drops and the staff require them as part of their job. I have been working a lot at night and on weekends in order to update these workstations. It is not fun walking back and forth to the office at night as it comes early (around 6pm) and gets very dark quickly (did I mention the Black Mambas?).
Hardware
As I mentioned, this is an amalgamated office environment. There are a lot of different hardware models (in fact, only two of the workstations are the same model) which have all been purchased at different times with different operating systems. There are Home, Basic and Professional versions of both Vista and XP.
Microsoft, why do you have to make this so complicated? I had to write up three different ways of disabling autorun since it is slightly different across XP flavours and entirely different in Vista.
The organization also has no locally stored physical media. I brought a few copies of Windows but I cannot even use them to replace core system files that have been overwritten by viruses as the, for instance, an XP Professional disk cannot be used on an XP Home installation. Also, without access to some of their custom applications like ArcGIS and Pastel, re-building the workstations (which would have been faster) is out of the question.
To all you hardware vendors out there (Acer and HP specifically): Stop pre-loading your workstations with so much crappy software. A lot of the workstations are using the base OS installation (as most computers do) and are so much slower than necessary due to all these pointless add-ons.
Viruses and Malware
I imagine that some of what I’ve described (and more) is felt throughout most of the developed world who lack some of the infrastructure and services that companies like Microsoft increasingly rely on. I can’t even imagine the lost time associated with some of these challenges in the developing world and I haven’t even touched on virus developers.
I just don’t get it. I’ve seen things here that we would never encounter at Humber and I imagine most large organizations have the necessary infrastructure and security to side-step it as well.
You malware developers are hurting smaller organizations like TOCaDI to a much larger extent than you might realize. For instance, the recent spate of autorun viruses that target USB drives has seriously impacted the organization. They lack any kind of centralized storage or even shared printers so they have to move a lot data (particularly documents) around through USB drives. Even if one of the machines is infected it will most likely spread to the rest in a matter of days.
I guess my point is that in the struggle for necessary security, both the good side (OS and anti-malware developers) and bad side (malware/virus developers) are not battling it out in the developed world. They’ve teamed-up to make an already desperate situation much worse.
Wow, maybe this doesn’t qualify as irony, but it sure is messed up that places that likely neither the good guys or bad guys could care less about is where the worst of the battle is faught!!
Hope you’re doing ok dude and the bo stink subsides soon… What an adventure!
HW??
Kevin
Hey, me again,
Since the bandwidth there is limited and intermittant and there are many varied OS products, I wonder if a better strategy is to not bother with OS updates, and rather put efforts into a consistant anti-viral/spyware product, make sure a firewall is in place and enabled and make other changes like turning off autolaunch, etc. Maybe if all the other things are done consistently huge service packs are less important.
… or maybe I’m talking crazy…
Kevin
No, you’re not talking crazy at all. There was a lot of Norton, BitDefender, Avast and AVG spread across the machines. They now have AVG on all of them with consistent settings for scanning/updates etc.
1. I also installed Malwarebytes on each computer and I’m leaving instructions for how to install, configure each application so they can hopefully keep the consistency with each new workstation.
2. Autorun/Autoplay has been disabled on all the workstations and I’ve included those instructions as well.
3. Firewalls are now all enabled and I’ve reset (where applicable) the exceptions list as some viruses found their way into them. I don’t know all of the applications in use on site, so I’ve made some basic assumptions. So far I haven’t heard of any issues related to the changes.
4. Finally, I’ve included some key recommendations in the documentation as possible next steps (stuff like internet access for all workstations, locally stored copies of all software etc.) so that any future volunteer or staff member will have a few more tools at their disposal.