back to article German govt DUMPS 170 NEW PCs riddled with Conficker

The German education ministry has binned new computers infected by the infamous Conficker worm - and bought replacements - rather than attempting to disinfect the machines. It emerged this week that a grand total of 170 PCs and servers at German teacher training institutes in Schwerin, Rostock and Greifswald were dumped soon …

COMMENTS

This topic is closed for new posts.
  1. This post has been deleted by its author

    1. Erwin Hofmann
      IT Angle

      Re: reformat & reinstall ... TERMINATE ...

      ... as the German financial Auditor notes, in its 2012 report, the Ministry of Education had no IT security concept and justified the new purchase with "faulty IT equipment" ... "faulty IT equipment" ... hmm ... they mean teachers ... right ???

    2. Goldmember

      Re: reformat & reinstall

      They don't even need reinstallation media. Create ghost images, plug into the network and you can format and rebuild as many PC's as you can plug in at once.

      Where the fuck do they pluck these figures from? One guy could do this task in a couple of days. The mind boggles, it really does.

    3. tmTM

      Data recovery costs?

      Sure from a couple of servers, but no workstation should have any data worth recovering on.

      Format and shove a fresh Image on the workstations and worry about a couple of servers later.

      Good to see even the efficient Germans can manage to employ time and money wasting morons in the government.

      1. Danny 14
        Thumb Down

        Re: Data recovery costs?

        FOG is even free. And works brilliantly over PXE. Set the machines to network boot and each machine will even see if the server has told the PC it has a new image to roll out. Combine with a proper sysprep'd image complete with domain join, driverpack and the end user will go from switch on to fresh newly imaged PC within 20 minutes.

        shocking waste of money.

      2. 123465789

        Re: Data recovery costs?

        ... and even if there was valuable data on those workstations, this data recovery work would probably be about the same, whether you recover the data to a new machine or to the same machine after re-installation.

  2. Tom 260

    Overkill?

    Ok it's not clear from the article whether they went as far as binning the monitors etc., but I'd have thought the simplest thing to chuck away would be the hard drives...

    1. Yet Another Anonymous coward Silver badge

      Re: Overkill?

      In other news - the city council have ordered 100 new BMW's after the old ones ran out of petrol

    2. Fatman
      WTF?

      Re: Overkill?...simplest thing to chuck away would be the hard drives...

      My thought exactly, or if they were that cheap, get a Linux Live CD and nuke the $DIETY-dammed thing, and be done with it.

      I think someone needed a justification for more new shiny-shiny kit!!!!!!

  3. Destroy All Monsters Silver badge
    Facepalm

    Buy new harddisks. Install Eadon, I mean Linux....

    "Simply cleaning up the malware would have cost €130,000"

    Sounds like someone budgeted a final solution here.

    But these are bureaucrats who have a taxpayer spigot on hand and are not too sure about the tech details in their consultant's offering...

    1. Vladimir Plouzhnikov

      Re: Buy new harddisks. Install Eadon, I mean Linux....

      The really interesting question is who got the machines after they've been written off? I bet he was even paid for "disposal"... Also quite sure he is a relative of some senior bureaucrat from the department in question.

    2. Comments are attributed to your handle
      Trollface

      Re: Install Eadon

      That's GNU/Eadon to you!

  4. Christian Berger

    Well, you need to be consistent.

    You can either spend money on education and first educate your users then give them cheaper and more productive systems to use, or you can keep your users ignorant and solve problems by buying newer and more expensive systems.

    Those people could probably work way more efficiently on an old early 1990s UNIX box with a bunch of terminals, but uneducated users don't accept that any more. I mean I learned word processing on a Microsoft Xenix system. It even had Microsoft Works for Xenix installed. It worked, and it wasn't harder to use than modern versions of Offices. The main difference was that menus were accessed by hitting Esc twice, then you could scroll through them. However to be fair, that 386/50 we had was quite slow for 20 users.

  5. Gordon Pryra

    This sounds like shit to me

    This figure is just massive, even with the normal corruption you can throw into anything any Gov buys.

    The line "The bill, which also included data restoration costs" givers it away.

    basically someone gave a plum order for new kit to their mates on the back of this virus. They added some techno-babble to make it sound like their quote was plausible (the techno-babble in question is about as technical as the people who can sign off 150 k worth of kit get)

    In the real world we know full well that its a weeks work for 2 people to clear down the virus from 150 computers. Even top whack for this kind of thing you would be hard pushed to find someone offering over 1k Sterling for someone for a week.

    So that's 2k (Sterling)

    Restoring what from backup? If we are talking about home drives/department shares then surely that's either going to have to be done anyway or its just not required.

    Restoring some files that were local? Then they will need to be restored anyway onto the new machines.

    1. TheVogon
      Facepalm

      Re: This sounds like shit to me

      This is the country that has wasted tens of millions migrating Munich council to Linux so hardly a great shock. Said migration has still not been completed ten years later, and when they want to do any real work, they access Windows systems via Citrix!

      1. Anonymous Coward
        Anonymous Coward

        Re: This sounds like shit to me

        "they access Windows systems via Citrix"

        Just like increasing numbers of corporates are doing. And Munich council don't have the MS costs associated with MS clients (they have different ones).

        Btw, how many Windows installations (or indeed IT projects in general) are ever "finished"?

        1. Anonymous Coward
          Anonymous Coward

          Re: This sounds like shit to me

          "Just like increasing numbers of corporates are doing"

          But generally from Windows, or thin clients. Not another flavour of Fat client, which generally gains nothing in terms of costs, and looses in terms of functionality compared to Windows and it's vast application base.

          "And Munich council don't have the MS costs associated with MS clients (they have different ones)."

          Quite - tens of millions was spent by IBM, etc that will never be regained by any license savings.

          Btw, how many Windows installations (or indeed IT projects in general) are ever "finished"?

          Plenty of large migration projects are finished. I have managed many such changes to completion. Maybe you work in local governement or something?

          1. Anonymous Coward
            Anonymous Coward

            @AC 12:45GMT - Re: This sounds like shit to me

            Please put that chair down, Mr. Ballmer! There's no need to get nervous!

        2. mmeier

          Re: This sounds like shit to me

          "Linux" Munich has double the PERMANENT IT staff per computer of any compareable city. And in germany permanent staff is something you hire if you plan to keep him for years because once past the 6month "trial" period (Probezeit) it is hard / costly to fire him. Even more so for a city that have the OTV<<<Verdi "trade union parody" to deal with.

          There is a lot of smelly stuff in Munich and it's not last years Oktoberfest-Chicken

          1. Anonymous Coward
            Anonymous Coward

            @mmeier - Re: This sounds like shit to me

            Are you a Windows consultant/vendor in Munich, per chance ? You seem to be very upset.

            1. mmeier

              Re: @mmeier - This sounds like shit to me

              Nope. Last time I worked for or with"the man" was in the 1980s when I was an armed typist [60 character or 900 rounds per minute] Last time I wrote Windows only stuff was 1993 to 1999 and even than that was only part of the work. l prefer Windows as a client and getting it to run there is prime due to the market share but l use Java and used C and C++ in the past. ServerS are Unix. SCO in the old days, Solaris now.

              1. eulampios

                @mmeier

                This is an enigma then really. A Unix admin to be fond of Windows and Microsoft and hating Linux at the same time somehow?

                1. mmeier

                  Re: @mmeier

                  Simple. I use what is best for the job and/or has the widest installed base and the software I want/need. And that is Windows on the client and Unix on the server for most of the stuff I have done the last 15 years(3). Linux is not good enough on either platform.

                  Servers: Long term (10+ years) stability is a must have for APIs, Drivers, Libraries etc. Availability of certified hardware from a big vendor is as well. Not having "Distribution wars" makes hiring Admins(1) easier and installing commercial software like RDBMS as well(2)

                  Clients: Support for all hardware our customers use. That includes notebooks and tablet pc since the early 2000s. Also central software delivery, company wide policies etc. In some cases (not all) our clients also use software that simply requires Windows.

                  With a 90+ percent market share on the desktop and a useable platform for tablets Windows is the easiest target with the best chance of sales. Add in that it is also the easiest target to develop rich / fat clients that work on Macs and Unix as well and our customers demand those client type for certain tasks. Oh and most use it as an internal platform (the rest uses Macs)

                  Running J2EE stuff is bette, faster and with less hassle on Solaris same for stuff like Oracle RAC. And most of our customers use that (or AIX) anyway on servers so Linux is a non starter

                  I don't hate Linux. It was evaluated (and is basically once a year) and found lacking for the needs of my employer so it is not used there. And for my privat use I see no benefit(server) or can not use it (Client - no penable support(4))

                  (1) I am not an admin by trade. I can do the job if needed (and did) but my specialities and certifications are in software, mainly Java

                  (2) With Linux the only "will work" platforms are those that come with commercial priced licences for support negating the last Linux benefit

                  (3) Before that is also included stuff like Step5, ORG/M, QNX, RTOS/UH. Also worked with Win/CE and Android.

                  (4) Or one not good enough compared to Win7 / Win8 if I count the Samsung Note as a Linux

                  1. This post has been deleted by its author

                  2. eulampios
                    Linux

                    Re: @mmeier

                    Your 2nd paragraph:

                    Servers: Long term (10+ years) stability is a must have for APIs, Drivers, Libraries etc.

                    GNU Linux distros have them all. Moreover, there is only one platform that might have an advantage with Solaris is Sparc, which is also a supported arch by Linux, not by any version or type of Windows. Compare as well the number of supported archs on both Windows and Linux.

                    Availability of certified hardware from a big vendor is as well.

                    Linux beats Solaris with both hands, if HP, Dell, Lenovo are not good enough, I don't know

                    Not having "Distribution wars" makes hiring Admins(1) easier and installing commercial software like RDBMS as well(2)

                    This war is more in your mind. What is the problem with RDBMS on Linux? Maybe Oracle's db s a problem, not a problem with the rest for me, I prefer PostgreSQL.

                    You probably realize that with a free market and opens source Linux is a winner in Servers, embedded devices and now in mobile devices over all of its nix brethren, be *BSD, Solaris or even big brothers like AIX. Some were never free, some became proprietary just recently (Solaris). It would easily kill off Windows in desktops as well, if it were allowed given a fair competition. MS Windows is always declared a winner in desktops, since there is no free market and a lot of collusion between OEMs and MS.

                    Still your anti-Linux sentiments are fairly strange. The pro Microsoft, the Unix antagonist attitude is even more surprising. Nor did I see any kind of animosity towards Linux shared by non-Linux *nix people. Even Oracle that makes big bucks on stripping off Red Hat systems. Except for some *BSD, more of FreeBSD, it's rather jealousy, politics and their engagement with Apple.

                    1. mmeier

                      Re: @mmeier

                      @eulampios

                      10+ years of support for a Linux? Where? LTS versions are 5years, a joke compared to what Solaris offers even for a single major version. And drivers are often compatible over two major versions

                      Solaris has better file system, better clustering, better thread handling and as of late 2012 better performance on the same hardware as Linux for J2EE based software. AND it is the set OS for most of our customers

                      A Linux Admin is "for distribution X using parts a, b, c". If that is your distribution, fine. If not - problem. A Solaris admin is for Solaris.

                      PostgresSQL is nice. But it is not capabel of keeping up with ORACLE (or DB/2) when it comes to clusters, high available systems and other stuff. Stuff some of our customers need. And Oracle performance on Solaris is better on the same hardware as of late 2012.

                      Three of our bigger customers use penable tablet pcs in the 500+ number with one planning penable convertibles for the next "replace notebooks" round. Linux won't work there since it lacks the necessary software and drivers

                      Other customers have a tools chain that is based on MS products. Not ours (we are a Java shop) but we need to integrate with that. Linux can't do that. And we are talking BIG (10.000+ clients) customers here

      2. eulampios

        @TheVogon

        According to Microsoft? They are really good at assessment. Their figures are usually encrypted as reciprocals of actual numbers.

        1. TheVogon
          Mushroom

          Re: @TheVogon

          Nope, from here: http://www.geek.com/news/munich-linux-migration-hits-serious-snags-555131/

          There are also more recent articles that calculate the current cost at over €50 million more than if they had stayed with Microsoft...

          This also ignores the tens of million that IBM spent producing a version of Linux for this project ('Limux') that actually worked well enough on the desktop to be usable....

          Other articles note that there has been a large increase in IT support costs due to the migration...

          1. mmeier

            Re: @TheVogon

            Actually from the german forums of "Fosstard research" aka Heise. Quite a "pro Linux" publication but even they had to admit the massively swollen permanent IT stuff and the costs that result from that.

            Remember in Germany even IF you can fire an employee (the unions often have a word to say, state is typically VERDI(1)) it will cost you money AND will typically take 3 month in the "state service" from the day you hand him the "pink slip" to the day he is off your payrole. Separation pay typically is "half a month pay before taxes per year in company". And employees can (and often do) sue.

            (1) A joke compared to a real union like IG Metall but they love to make waves.

  6. mark l 2 Silver badge

    I would have happily offered my services to clean 170 PCs for 130000 Euro, heck i for that money i wouldn't just cleaned the virus off the PCs i would scrub the toilets with a tooth brush after i had finished.

  7. DrXym

    No way it would cost that much to disinfect

    There is obviously some cost and time to reformatting and reimaging a PC. But if they couldn't contract it out for a cost of $150 per machine (representing the perhaps 1/2 day it might cost a contractor to fix it), there is something wrong with them.

    1. Otto von Humpenstumpf
      Flame

      Re: No way it would cost that much to disinfect

      Unfortunately, there's more than just 'something' wrong with the state of IT in Germany.

      Source: I'm German.

    2. Mephistro
      Thumb Up

      Re: No way it would cost that much to disinfect

      " for a cost of $150 per machine (representing the perhaps 1/2 day it might cost a contractor to fix it)"

      And that is without taking in account the fact that many of those machines were grouped in the same location, so a contractor could fix several of them at the same time.

    3. Anonymous Coward
      Anonymous Coward

      @DrXym - Re: No way it would cost that much to disinfect

      You don't know how a government works! Their slogan is "Let's save money no matter how much would that cost us". You will have to factor in the costs incurred by involving an IT architect, a project manager, senior analysts and technicians. Add to this the fact that usually the IT is outsourced, this would be a request outside the regular outsourcing contract so there will be some extra charging.

      You will be shocked to discover that there are large organizations where plugging a server into a switch port takes 2 weeks and costs something in excess of 2000USD. And this is not in government or public sector.

      1. Fatman

        RE: Re: @DrXym - No way it would cost that much to disinfect

        You forgot something:

        the bribes under the table incentives to steer the solution to a problem in a specific direction.

  8. Piro

    I thought Germans were efficient?

    Tossing new machines because they have a virus is hideously inefficient.

    As someone above said, for €130,000, I would re-image 170 PCs.. shit, I would do it through the night and get the whole thing done in a couple of days. For that kind of money, I'm sure anyone reading this would have done it. I'd do it for half that! Special offer!

    1. Vladimir Plouzhnikov

      Re: I thought Germans were efficient?

      Inefficient? How?

      You see a small budget surplus your department stands to lose, as it has underspent slightly this quarter. You see a bunch of new computers which can be replaced for roughly the same amount. You arrange them become "accidentally" infected with the most fashionable virus/worm/trojan of the day. You write them off, arrange your nephew to "remove" them, which he does for a small fee. He then spends a month cleaning them up in the evenings, using free tools available on the internets, sells them for, say, 100k, you split the money half and half, your department buys the replacement machines, the budget is secure, everyone's happy.

      Very efficient!

      1. Lamont Cranston
        Unhappy

        @ Vlad

        I'd like to read your post as a satire, but experience tells me that it's far nearer the truth than any of us would like to admit.

        1. mmeier

          Re: @ Vlad

          Oh, the germans are even very efficient with computers. The problem is the german GOVERNMENT. Back in 1918 we went cheap and used one train to the netherlands to get rid of the Emperor. Would have been cheaper in the long run to use 10 and get rid of the politicks.

        2. Vladimir Plouzhnikov

          @Lamont Cranston

          No-o-o! How can that be?!

          Corruption only ever happens in Russia or in Nigeria - I know that for sure, because that's what they always say in the news...

    2. Anonymous Coward
      Anonymous Coward

      Re: I thought Germans were efficient?

      They are utmost efficient at making real, actual, solid stuff. They're just a bit crap with computers.

    3. MrXavia
      WTF?

      Re: I thought Germans were efficient?

      170 machines? on a network?

      I'd have done it for £30K

      Network boot the machines, have a tiny linux boot image scripted to completely erase the drives, then on 2nd boot install windows, assuming they ran windows...

  9. Ben Rosenthal

    fishy

    Bin the machines and lose everything, then give a repair quote that includes "data recovery" to almost justify it? :/

    That doesn't make sense.

  10. Mephistro

    I wonder...

    ... what happened to the infected machines?. Were they dumped in a land fill? Sold as junk to a company owned by a friend of the fuckos who took this decision? Was some other friendly company charged with the task of recycling them, a task said company performed by reimaging the machines and selling them for a tidy profit? Did the people who made the report try to ascertain the actual whereabouts of the machines?...

    Seriously, if after a blunder like this you don't see any heads rolling, something smells really, really fishy.

    1. Anonymous Coward
      Anonymous Coward

      Re: I wonder what happened to the infected machines

      They will very likely end up on ebay, offered by one of the well known (in Germany) resellers of 2nd hand computing gear.

      What happened with these PCs is nothing new. The level of corruption and 'friendly business' in German state and governments is very high, actually much higher than in many other EU countries (BTST, therefore anonymous coward)..The worst is Bavaria, but most of the other counties are not much better. And al major parties are well versed in the exchange of black suitcases containing money, especially CDU/CSU and FDP have a proven track record here.

      The only 'news' in this story is that it is acutally been reported on.

      1. tempemeaty

        Re: I wonder what happened to the infected machines

        I was just about to say there was something going on here with the Gov not telling the whole story. Then I read your post and I think you filled that in nicely.

      2. mmeier

        Re: I wonder what happened to the infected machines

        Oh believe me ever since Gerhard gutted Auntie SPD before escaping to Russia the "party formerly known as Sozial and Democratic" has stopped being either and handles graft etc. quite nicely. And the Greenies have been looking for their voters pork barrels for a loooong time.

    2. David Pollard

      Re: I wonder...

      Were the replacements identical? If so there might not have been any need to dispose ot the original ones or sell them elsewhere.

  11. Anonymous Coward
    Happy

    The Cornfucker Virus?

    Ummmmmmm legend has it that it resides permanently in the capacitors on the mother board, and in the resistors, and ummm in the switch mode power supplies, and in the DVD lasers, and the controllers on the hard drives - and in the HDD bearings, and ummmm (running out of bullshit to say...) yeah and in the paint on the cases too....

    And in the monitor and power cables as well.

    That is why the entire systems had to be replaced.

    Because there is no known AV that can disinfect mechanical components.

    So my ummm friend I mean ummmm recommended systems constructor Hans will sell them all new computers with the special Cornfucker resistant beige case paint on it, to immunise them permanently against infection again.

    Each case will be fitted with special Cornfucker Aero-Virus magnets to pluck the germs from the air.

    And we will supply ummmmm 5000 litres of Cornfucker Antivirus disinfectant, and cotton wipes, for daily spray and wipes of the entire systems, to prevent infection through human contact with the machines.

    All for a special mark up security price of three times the going rate of a non protected machine.

    1. I ain't Spartacus Gold badge
      Paris Hilton

      Re: The Cornfucker Virus?

      AHA! Now I've found you! You did my company's last server upgrade.

      Have you got any more of those rubber anti-crashing bumpers? I've got a mate who needs some for his data centre, and at only £200 each, they're a bargain!

  12. Schultz

    They should have...

    created a course for those teachers:

    - How to deal with a computer virus

    and, of course, the follow up:

    - How to secure a personal computer in the 21st century

    1. mmeier

      Re: They should have...

      That would have required a teacher that can be taught. Most can't they have THE Knowledge and if politically active THE Truth

  13. Andy Fletcher

    Can we have the location

    of their bins please.

  14. i like crisps

    Silly Bergers

    Instead of binning them they should have flogged them at their local CEX. Would've got a few euros for the Mother Boards, Ram chips etc.

    1. Eradicate all BB entrants

      Re: Silly Bergers

      A few Euro's would be correct with Cex. When I upgraded my Radeon X850 for a X1950 I took the old card into Cex. After testing they offered me £8 for it. I refused and as I was walking out saw an identical X850 (used) for the same price I had bought the X1950 for.

      Apparently they do the same trick with memory dimms, offer a pound each then slap a £40 sticker on it 2 minutes later.

  15. Tom 35

    Simply cleaning up the malware would have cost €130,000

    I guess I didn't charge enough when I cleaned this up!

  16. dmcq
    FAIL

    Expensive reports

    The PCs seem a bit expensive for that use too. But that report in PDF with its endless list of acronyms, tables dates, costs, footnotes...., yes I now see where all the money went! I could easily have fixed the PCs for far less and made a very tidy profit but I could never have produced such an official looking report. Yes thats the sort of report you send out to people and require them to read and memorize and then they will be very very careful never to do it again!

    1. Mephistro

      Re: Expensive reports

      A new variant of the ChebwaccaDefense virus. :^)

  17. Gordon Fecyk
    Thumb Down

    So this is the "Digital Pearl Harbor" Jesse Hirsh was raving about?

    So the destructive power of Conficker resulted in almost $250k (wild guess US$ value) in loss.

    Jesse Hirsh of the CBC asked if Conficker was a "digital Pearl Harbor." I've read guesses as to the damage, of...

    ...four U.S. Navy battleships (two of which were raised and returned to service late in the war) and damaged four more. The Japanese also sank or damaged three cruisers, three destroyers, and one minelayer, destroyed 188 aircraft, and caused personnel losses of 2,402 killed and 1,282 wounded.

    A single US frigate would cost about US$63million today. I'm too disgusted to do the math.

    And it took three years for the Germans to come up with that cost amount?

    I called it an April Fool's joke in 2009 and got downvoted for it. I was also downvoted for daring to complain about idiots cheapening the memory of Pearl Harbor, September 11th, Armageddon, and a few others with the preface of "cyber."

    On a lighter note, haven't the Germans heard of Sysprep? Ghost? Imagex? System Center? Give me that money and I could transform their IT department. Anyone over there hiring?

  18. BornToWin

    I'm guessing...

    ...that this report was leaked by the data security firm who didn't get the repair work?

  19. circusmole
    Happy

    Why didn't they call me...

    ...I would have "cleaned" them all for half their estimated cost and thrown in a celebratory "We've beaten the virus" BBQ and beerfest.

  20. mmeier

    A side note:

    The ministry that did it was not the (totally use- and powerless) german eductation ministry but one of the 16 state education ministries. More exactly the one in Mecklenburg-Vorpommern, one of the states that came to the BRD during "Kohls big mistake" aka Reunification.

    So the politicks are somewhat excused, as former GDR socialists they where used to "throw away, the worker will provide new" ways of handling problems

  21. ecofeco Silver badge
    WTF?

    Why can't I get contracts like that

    130K? Seriously?

    2 of those and I'd be almost set for life.

    4 of 'em and I'd be retired playing the markets.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why can't I get contracts like that

      "Why can't I get contracts like that?"

      Because you're not on the list of approved suppliers.

      In a typical corporate environment, it's entirely expected that the approved suppliers charge maybe ten times the market rate, whether we're talking about IT services, or air travel, or changing light bulbs, or whatever... Can't imagine why. Nothing at all to do with kickbacks to Purchasing (or differently named identically operated department).

  22. CrysTalK
    IT Angle

    just distribute scripts for cleaning

    would take an average .js programmer just 1 hour to build a cleaner script which could be deployed on all those machines. And conficker will be removed right away. True the startup files and malware binaries might have random characters, but just build a script to check legit file names and delete those random programs not in the list of legit programs inside the script file.

    so yes, just $200 USD for the script and all of those can be cleaned, by even NON-techie teachers after they double click the script.

  23. mark l 2 Silver badge

    Makes me think now that the £20 i charged my neighbour from cleaning virus from his PC a few week ago was way under charging

  24. Anonymous Coward
    Anonymous Coward

    Question is what happens when the next unexpected virus hits?

This topic is closed for new posts.