BOFH: The case of the suspicious red icon
Could it be a virus? Why, user, you should be head of IT. Yes, I said behead
Episode 11 So I'm in the office by myself while the PFY is out doing... something... I guess... when one of our atypical difficult users comes in.
"Just one question," he starts, interrupting the thought I started when he walked in on potential loopholes in the gun laws. "My browser has an icon which is red."
"What's the icon?" I ask, feigning... well everything. Interest, professionalism, the will to live, you name it.
There are three very broad categories of user in my vast experience:
- People who don't know what they're doing
- People who don't know what they're doing but think they do.
- People who know what they're doing but need a hand every now and then.
Group 2 has two subcategories
and b. People who will never admit they don't know what they're doing. Ever. Because they have a degree and are much smarter than you. And computers. And the people on The Chase. And everyone they socialise with.
The only people worse than a 2b is a 1b - People who don't know what they are doing but don't want to take any risks - who will come and ask you about EVERY BLOODY MESSAGE BOX, WINDOW, WARNING, UNUSUAL BROWSER PAGE, TASKBAR BALLOON, ETC that comes their way.
EVERY. SINGLE. ONE.
"I'm just concerned it might be a virus," he murmurs.
And EVERYTHING is probably potential virus...
"Did you take a picture of it?" I ask, trying to buy myself some time to send a text message to the PFY telling him the Swedish Volleyball Team is in Mission Control looking for him before making myself scarce...
"Yes I did!" he says, showing me a blurred picture on his phone.
"That's just an icon to tell you your browser needs updating," I say. “Nothing to be worried about at all."
"Well yes, but the internet has been running a bit slowly recently."
"Did you call Vint Cerf?" I ask.
"Nothing. When we update your browser it'll go away."
"Oh. And when can you do that? I've got a meeting in 5 minutes so I'll be away from my desk for an hour or so."
"Oh I'm sorry, I have some other installs that have become urgent," I lie.
"After lunch then?"
"Hmmm, I'll just check the Helpdesk Queue and see if there's anything else urgent."
"Oh, look," I say, pointing at the screen. “There’s about 100 urgent jobs stacked up in there."
"That one's from 2008!" he gasps, almost discovering the secret of my outstanding urgent-job queue - Never, EVER close a job.
"Well it must be REALLY urgent by now," I reply. "Better get right on it!"
"Not looking great."
"Mmmmmmm," I sigh doubtfully.
"Next Week?!" he gasps.
"We'll give it a crack - but no promises.
"Partly this is my own fault for isolating him from the update cycle as he did tend to go heavily 1b every time an automatic update was rolled out and his box told him it had rebooted to complete the install - Because it's probably a virus. Or a "hacker".
The other vexing thing about 1bs - and this guy in particular - is that he'll dash up to tell you that the Google picture has changed and "it's probably a website virus" yet he'll still spend his lunchtimes browsing an obscure hobby discussion board which is about 95 per cent zero-day exploits and 5 per cent content on his work desktop.
I realise that it's probably time to update the image that gets flashed to his box every Monday and maybe verify that the scanning software that filters his file-sharing is up to date. Meantime, though, I just need him out of the office.
“You say the internet was slow – was it faster or slower than your personal laptop?” I ask, putting a crowbar in the lid of Pandora’s Box and pushing real hard.
I recall he once asked me to give his personal laptop a once-over to see if it needed more memory and I recall that the memory and cpu consumption was about 30 per cent browser toolbars, 30 per cent malware and 40 per cent virus scanners, all playing a massive game of Last Man Standing.
He asked if we could plug it into our work network to do some updates because his home network seemed rather slow, but I didn’t want our mail gateway to implode from the influx of IPS warnings so accidentally nudged his machine out the office window that hadn’t been open about 30 seconds earlier.
“Oh, and can you check my desktop clock – I think it’s two minutes slow,” he asks.
“You... have a watch, right?”
“And a cell phone with a clock on the start screen?”
“And a desk phone with the time on it?”
“And isn’t there a clock on your office wall?”
“YES, but as I said...”
“And don’t you have a little clock built into that multifunction keyboard?”
“Yes, but the clock on my computer isn’t right.”
“You know addition, right?”
“That’s not the point. What happens if my outgoing mail is sent too late?”
“In actual fact, if your clock was slow it would appear as if your mail was early.”
“It may do, but you know this has happened before.”
“Yes, clocks deviate in time. Some machines don’t track time well when they are off. Some don’t sync with the server properly, some are just standalone – it all depends on how it was configured.”
“So you don’t think it was a virus?”
“Hmmm, I’ve never considered that. Perhaps I should check the big dictionary of viruses.”
“You have a big dictionary of viruses?”
“Sure, it’s over there on the bookcase.”
“And you don’t have an online version?”
“Oh, that’s just what they like us to do. So they could infect it.”
“So you’ll look it up?”
“No time like the present."
"Ah HA! There is a clock virus - you’re right.”
“Can I see?”
“Yes, but the light’s a bit crap over here. Come over to the window, it’ll be much clearer there...”
Sponsored: Becoming a Pragmatic Security Leader