By Richard Parkinson
Here it is in my words.....
In the later part of may 1999 several PC Support staff were seconded to a project called "Discovery" which was the mammoth task of collecting information about every application and personal file on all of the 1200-1300 or so systems, both at Health Waikato and medical facilities in other, not to distant townships that were part of the Health Waikato network. This was to be done before a massive upgrade of hardware and software was to place. I decided it would be a good idea to write a program to help us get the job done more quickly and efficiently, rather than spending an hour or more at each system visually searching and making notes. The main function of my program was to compare each system to a premade image file, and report on any additional software or files, and their total size. This was especially used to list applications and databases which the IS department had no knowledge of, and wanted to check for licensing, compatibility with the looming NT4 upgrade, and Y2k issues. Once the program was complete, the report was generated on each system in under 5mins, and dumped into an area on the network.
Later in the following month we were finding many systems needed hands on interaction to check out applications and files, due to Health Waikato being a very big, spread out place. I was certainly interested in Netbus, given to me by another employee of Health Waikato. I thought the simple dos telnet function very useful. I took it in to work on Monday, 21 June 1999. I showed this to my work mates and the PC Support Team Leader. We briefly discussed the possibilities of Netbus as a remote access tool and shortly after I showed it to the manager of the PC Support team, Annette Heraghty. At this point she didn't seem happy about the application being used, and cautioned me about any further use of it, but certainly didn't say I could be dismissed for using it, nor that there was a rule of not bringing software onto HWL premises without permission. I honestly don't think she really knew what she was looking at. She is more a manager than technically competent, often getting small things like Mbytes and Kbytes mixed up etc.
Upon returning to the room, which we had made our temporary Discovery HQ, Bruce was leaving with the intention of installing the Remote Access Server part of Netbus on a work mates PC. I cautioned him as he left, but he seemed to think he knew Paul Groves well enough and wanted to play a little joke on him using some of the funny things Netbus can do. At some point either later in the day or the following day, Paul Groves made the discovery of the Netbus Server on his system using a Mcafee Virus scanner. Bruce informed him of the joke that had been played on him, but Paul went straight to a rival manager, Guy Probert, rather than his own, knowing full well, the trouble everyone concerned would get into, even though it was harmless. I was shocked and concerned upon hearing it had been branded by Mcafee as a "Trojan". I promptly did some research on the internet to verify the software didn't have any viral capabilities and that we hadn't inadvertently been using software which could do any harm to any of Health Waikato Systems. All we really turned up was the fact that Health Waikato was, and probably still is, highly insecure through their GroupWise e-mail gateway. A program with purely malicious values could easily be sent as an attachment, and there wasn't any viral protection in place to stop it from happening. I tried to warn them of this to no avail, and following a disciplinary hearing, and suspension, both Bruce and myself were eventually dismissed after being warned we should resign several times.
I had gone out of my way to help them, even writing software which saved them thousands of dollars in man hours, on a PC Technicians Salary, (a measly NZ$32k/year) and they didn't even say thank you. I must say, what Bruce did is exactly the reason Netbus gets a bad name, but then I feel Paul Groves had no sense of humor and had something personal to gain from stirring up the trouble he caused. There was little investigation done at all on the part of the superiors, Brendan Hague and Tony Palmer, who ordered the disciplinary action and our dismissal. Had they spoken with my team leader he would have verified both my intentions and my actions, which were not malicious in any way, and were for the possible benefit of the discovery project. They were also blinded by the words they used wrongly together, " Trojan Virus ", and seemed to be under the impression the program could self replicate and that I had infected the entire network and all the computers on it. In their words " .....loaded a "Trojan Horse" programme (Netbus) into the HWL operating environment through a PC belonging to his line manager......"
In my words.... " What a load of over exadurated crap ". I can offer good reasons as to why this explanation was used, and why our superiors were virtually scarred shitless into sacking us.
Often the root of ALL problems within an organization, and I can barely touch the surface of the politics within the IS department. During the short period which I was employed at Health Waikato I discovered the politics within the organization are like nothing you will find anywhere else. Ultimately everyone is trying to score points, and usually this means getting dirt on the other guy. Everyone has an agenda, often hidden. Guy Probert was often having a go at Annette about this and that, knocking back her ideas, and in fact Annette said he even tried to burn my idea to use a program to scan all the systems etc. In Annette's words, " it would make her team look better than his which he doesn't like.
There was always been tension between the teams known as "Operations", a group under Guy Probert, and the PC Support/Helpdesk team, under Annette, both answering to Brendan Hague, the Information Services manager. (what a mouthful) Even Brendan Hague admitted there was conflict between the two, yet a report from the rival side, no doubt completely biased, was allowed to be presented. I feel a very one sided investigation didn't question relevant people to confirm our side of the story. I imagine Guy jumped at the chance to create a report on the severity and theoretical consequences of someone installing a "Trojan" into the "Network Environment" at Health Waikato. This report, which I never got to see or defend myself from, I believe played a key role in our dismissal. I am told it was created together by Guy and Debby Day, a system administrator for HWL. Debby found me intolerable for reasons I cant comprehend, but I feel she found me a threat. I had on one particular occasion out smarted her Novel/GroupWise knowledge, getting something to work within minutes, which she had told everyone couldn't be done. According to Annette, Debby had also made noises about PC supports access to MCSE material, claiming she was the only one that needed MCSE and that PC Support staff shouldn't have access to it. You can draw your own conclusions from that.
06/19/00
//Begin Editor Rant Mode//
This shows that the Anti-Virus industry definitions are treated like holy scripture by some people and are thumped just as much. Recent events with Netbus Pro being removed from active scanning by Mcafee are reason enough to say that these definitions are not anything that should be treated as writing in stone. If at the time it was a 'trojan', then what is it now? It's the same program, nothing has changed. I'd like to see what would happen now if this situation were to repeat. Makes you think that the Anti-Virus companies judgement may be flawed. You want more evidence? Check out my Chart of non detected 'trojan'ware and decide for yourself.
RenderMan
//End Editor Rant Mode//