Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Reducing The Negative Impact of Laptops

Zonk posted more than 8 years ago | from the but-bonzer-buddy-was-so-cute dept.

Security 221

Mark Brunelli wrote to mention a SearchEnterpriseLinux column about reducing the negative impact laptops can have on a network's security. From the article: "Portable computers often become an extension of the person using them. It is no surprise that laptop users are inclined to be rather autonomously minded. Many users don't realize that the power they have to install software and change settings is risk prone. Fortunately, larger corporations that install Microsoft Windows XP Professional usually don't grant the laptop user full administrative rights. The same cannot be said of smaller businesses, many of which simply purchase laptops from the local store -- laptops pre-installed with Windows XP Home Edition. "

cancel ×

221 comments

Sorry! There are no comments related to the filter you selected.

fp (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13582707)

fp for great justice!

Windows security (4, Insightful)

CDMA_Demo (841347) | more than 8 years ago | (#13582802)


From the top of the article: In any network setting, laptop and notebook PCs can pose special security risks, particularly those running Microsoft Windows XP Home Edition...

Like I mentioned once before [slashdot.org] , the default setting for users on windows always administrator which automatically lowers your armour. After that, using internet explorer, you visit a greek jokes website that installs an ActiveX control on your system. The activex then downloads its friendly spyware and adware, and they in turn continue feeding on your bandwidth and cpu power by repeating the process. While they are doing this, these programs discover they are able to modify the registry and are also able to change settings so they run as soon as windows boots up!! How exciting. You are fucked, my friend!

From usenet: The primary shortcoming in Linux is that it retains the concept of a "superuser". If someone can manage to get themselves logged on as "root", then they have the keys to the kingdom. Now imagine what a malicious demon will feel when it finds itself running under Administrator inside a Windows machine!!!

Re:Windows security (1, Informative)

Anonymous Coward | more than 8 years ago | (#13582963)

Like I mentioned once before...

Damnit!

As I mentioned once before...

Didn't you guys have English class in middle school?

Love,
The Grammar Nazi

I hate Linux (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13582710)

I'm running Suse 9.3 and have experienced so many bugs and problems. Flash doesn't work at all within Konqueror. Sound doesn't work with Flash within Firefox or Mozilla. Things crash. Even Vim crashes when I try to use it with SVN. There are performance problems. It ships with a beta version of OpenOffice.org which is not stable. This is all with a stock installation of 9.3. I've been using Suse since version 9.0 and 9.3 is the least stable I have ever used. Anyone who tries this out is going to be disappointed.

I have just now downloaded OpenSuse 10. I'll install it and hope to see some improvements.

If Novell / Suse wants to get real desktop adoption, these are the things they need to do:

      1. The system needs to be more stable. Take a deep breath, slow down on the new features, and make it stable.
      2. THERE SHOULD BE ONLY ONE APPLICATION FOR EVERY TASK! This is so obvious and people have been saying it for years. On my Suse 9.3, if I want to control the volume, I go to Multimedia -> Volume control and I see NINE DIFFERENT VOLUME CONTROL APPLICATIONS, all of which work or don't work to varying degrees, and none of which are simple and easy to use and understand. That's crazy. That's on drugs. That's lame. Say whatever you want about how great Linux is but if my desktop has NINE DIFFERENT VOLUME CONTROL APPLICATIONS that is horrific. I bring up volume control, but the same problem exists in all the other application categories, but volume control is by far the worst offender. If users want to go crazy and install a dozen different word processors, fine, let them do it, but the default installation should have ONE and exactly ONE application in every category.
      3. There needs to be a good media player that is well-integrated and WORKS. I should be able to pop in a DVD which I got from Blockbuster and play it, with GUI controls, subtitles, everything, with no messing around. I should be able to go to CNN.com and look at video, with no messing around.

The first two items are not rocket science. They're not technology problems. They are management problems. Someone who is a technical manager high up in Novell should lay down the law on these two issues and make them happen. Say to the dev team, "If you think that such-and-such should be the ONE application for such-and-such task, make your case, and we'll have a decision process and at the end we'll pick one, and go with it."

The media player part is more difficult because it's wrapped up in all kinds of legal licensing problems. They need to solve these problems. They are solvable with money, lawyers and time. Guess what, time to do it Novell!

Linux (4, Informative)

mysqlrocks (783488) | more than 8 years ago | (#13582719)

Better still, use the truly secure Linux operating system. Six months after making the change, you will not use Windows again. The cost of Linux is also much less than the cost of upgrading Windows XP Home Edition to Windows XP Professional.

Unfortunately Linux isn't as easy to use for most people. How about suggesting that they use a Mac? Macs are secure and are easy to use.

Re:Linux (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#13582735)

Macs, despite the railings of their pundits, are expensive.

Linux is only free if you don't value your time. Installation has become easier but there are still byzantine details which require a CS degree for something running as smoothly as OSX or the reviled Windows.

Re:Linux (0, Flamebait)

Anonymous Coward | more than 8 years ago | (#13582792)

Did you think of that post all by yourself?

Good Gawd... "Linux is only free if you don't value your time" is about the most repulsive mantra to date.
Fucken cop-out in place of a technical argument.

Re:Linux (0)

Anonymous Coward | more than 8 years ago | (#13582848)

He didn't say "Linux is only free if you don't value your time". He did offer valid arguments - that Linux is hard for the average user to install and maintain. It is, unless you don't plan on ever changing anything after you install it (and assuming the default install works).

Windows or Mac isn't perfet either, but for the average user, those are both far better solutions. Maybe in a few years Linux will be more appropriate for the typical end user, but right now, it isn't.

I always reccomend Macs to my friends and family that are not computer literate.

Re:Linux (1)

Mechcozmo (871146) | more than 8 years ago | (#13582919)

Only problem with that is when you try to do something under Linux and then NOBODY HELPS YOU. I tried to install WINE under Ubuntu. It took a week to learn that I needed to add a repository (which was confusing, seeing as the repository was added but needed some extra checkmarks that nobody bothered to tell me). Then WINE downloaded, great. I like the whole package system where it automagically gets the packages for you. That is a good idea, honestly. Only one problem. I couldn't figure out how to start up WINE! And nobody would help!

So in conclusion, Linux is great for what it is designed to do. But if you begin to stray outside of the bounds of the distro it quickly becomes an exercise in futility. Ever seen a help system for a Linux distro? At least Windows has one, although it is broken. Someone want to get people to switch to Linux? Get a freakin' help system in place so that I don't have to waste time clicking at stuff, getting annoyed, and then decide to give up altogether because it didn't work.

This is where you find a support solution. (2, Informative)

Agarax (864558) | more than 8 years ago | (#13582986)

Get a freakin' help system in place so that I don't have to waste time clicking at stuff, getting annoyed, and then decide to give up altogether because it didn't work.

Well, for a Unbuntu end user there is always just paying [ubuntu.com] for real techsupport. I know Redhat can help out with getting Wine to work (saw it happen), dont know about Canonical.

For a business I would never even consider using a specific distro unless there was a live person on the other end of a phone line. It just wouldn't happen otherwise.

Redhat, Canonical, and Novell all offer excellent support for Linux, you cant go wrong.

Re:Linux (0)

Anonymous Coward | more than 8 years ago | (#13583057)

This must be a troll. Either that or you aren't real bright. Nobody helps you? Did you actually ask for help anywhere or did you expect someone to tap you on the shoulder and say "Excuse me, but would you like me to help you start WINE?"
Let me see, just off the top of my head I can think of these sources of help, all of which I've found to be quite useful in the past: Man pages, READMEs and other docs included with the software package, FAQs and forums and online docs at the relevant website, the distro builders users forums, any number of other online forums, the Linux oriented newsgroups, IRC, Google fer chissakes... How many sources do you need?
Yes I have seen Windows help system, and I'm not impressed...

Re:Linux (3, Insightful)

ozmanjusri (601766) | more than 8 years ago | (#13583082)

Ever seen a help system for a Linux distro?

Well, there's that little red-and-white lifesaver icon. That'll bring up the help system in Gnome or KDE. Then there's the speech bubble with the ? in it, that'll give you context-sensitive help. Or you could just start the KDE help center app and search in that. Or maybe you could open a terminal and type "apropos " and Linux would tell you which commands are relevant. Then you could type "man " or "info " and get some compact reading material. If you're still stuck, you could look into whichever distro you're using's forums. People there are almost always ready to assist. Or you could pay for commercial support - plenty of people willing to take money for tech support. Then there's http://www.linuxhelp.net/ [linuxhelp.net] , which seems quite, umm, helpful. Typing "linux help" into a search engine will give you just under two hundred million hits to look into too - maybe one of those might be useful, do you think? Of course, for the traditionalists, there's always usenet. If you log onto any of the several hundred groups devoted to the various flavours of Linux, there just might be something to look at perhaps? Or maybe there's a local Linux User Group you could phone and talk to a real geek.

Apart from that, you're right. Linux does really leave you high and dry.

Re:Linux (1)

Mechcozmo (871146) | more than 8 years ago | (#13583119)

So what it boils down to is, Linux comprises of a half-dozen different help systems that don't work with each other.

Pay for support? Whatever happened to "free as in beer"?

And the forums I found tended to be: "Do this and then try some and then if that doesn't work, just start recompiling things."

In short, Linux was a great OS. But I couldn't get help for it without paying, or without giving myself a headache.

Re:Linux (1)

ozmanjusri (601766) | more than 8 years ago | (#13583199)

So what it boils down to is, Linux comprises of a half-dozen different help systems that don't work with each other.

No, what it boils down to is that you've never used Linux, or you'd know the KDE/Gnome help systems bring the man and info pages into the same interface.

Look, it was a good try at an astroturf, so well done for effort - but face facts - you've failed. Give it up.

Re:Linux (1)

Tesral (630142) | more than 8 years ago | (#13582828)

I'm a classic end user. I installed Linux myself, use it myself with the occasional question to "tech support", my friends. It isn't rocket science. And no, not one machine. I have three installs on three different computers and one is a laptop. No that is not much compared to a pro. But once it was working, I stopped installing it. Installs are not my idea of fun. Installing Linux can be as hard as you make it, or as easy as you make it. That said.

The main cause of secure problems is stupid people. Laptops should be so locked down there users can barely do e-mail, or the user should be trained to not be stupid. Laptops must be treated as what they are, a door into your business. Businesses would not leave the physical doors unlocked, and they shouldn't leave the virtual doors unlocked.

Re:Linux (0)

Anonymous Coward | more than 8 years ago | (#13582876)

The main cause of secure problems is stupid people.

*Sigh*. This is the sort of attitude that gives us Microsoft Bob.

Laptops should be so locked down there users can barely do e-mail, or the user should be trained to not be stupid.

If you can barely do email, what's the point of having a computer?

If it requires special training for people "to not be stupid", doesn't that automatically make the problem *untrained* users, not *stupid* ones? Or do you actually think that these are the same thing?

Re:Linux (1)

SoloFlyer2 (872483) | more than 8 years ago | (#13582856)

Pfft I dont know when the last time you installed Linux was but I can install Debian in less time that it takes to install Windows. Not to mention that when I install Windows I then have to go and install Office and all the associated patches etc...

Insert Debian CD answer a few simple questions and you end up with a useable OS you want office?
apt-get install openoffice.org
and your done!

The only time you start getting complicated is when you try to install on hardware that isnt supported without recompiling the kernel with extra modules... like brand new laptops :)

Re:Linux (0, Offtopic)

benna (614220) | more than 8 years ago | (#13582884)

The last time I tried to install debian the install went reletivly quicly, but afterwards it took me 2 hours to get X work with my video card, and I still can't get the sound working. I'm sure an expert would have been able to do this much faster, and maybe even get my sound working, but most computer users aren't expererts, and believe it or not, most don't even know linux experts. Linux is just not a viable desktop option for the vast majority of the users out there, and I'm not sure it ever will be.

Re:Linux (1)

No Salvation (914727) | more than 8 years ago | (#13582928)

When was the last time you tried to install Debian? I can't get Windows XP to install on ANY of my new computers without having to search and find drivers for my hardware (my SATA controller etc.), and even then it is a pain in the ass because I don't have a floppy disk drive.

On the other hand SuSE will install in less than 30 minutes if I pop the CD in and hit enter a few times.

Of course YMMV, but of the 9 computers I have heating my apartment none had any problem installing Linux.

Re:Linux (4, Insightful)

MellerTime (915490) | more than 8 years ago | (#13582756)

I have to agree... Everyone always brings up 'switch to Linux instead!' when you mention Windows security problems. That's great in theory, and I'm sure your network admin might actually do that. Then again, he's probably not the one bringing the virus onto your network in the first place.

The real world situation is that people are idiots. They can't even use the big pretty blue buttons in Windows XP, much less Linux. If they don't know that the big Novell login screen with the buttons saying 'Press Ctrl + Alt + Del to begin.' is telling them they should press those keys to get started, what chance is there they'll know what to do with one of the somewhat useless messages Gnome generates when an application crashes? (And yes, that most certainly was a 100% true story... I shit you not!)

Besides, I know our company builds their applications from scratch. While we are moving more to a web-based application model, we still have 95% of our programs written in Delphi, and even support a legacy DOS-based system. There's no way we'd get all that ported to Linux any time in the next 2 years, even if we dropped everything until it was done.

The point is, stop suggesting the supposedly "ideal" scenario that no one will ever be able to obtain. We're stuck with Windows (at least for the time being anyway), so we may as well focus on THAT problem and try to do the best we can with the tools we have. Let's worry about keeping Billy the marketing Intern from bringing Klez onto our network first, and THEN worry about changing the world later...

Re:Linux (0)

Anonymous Coward | more than 8 years ago | (#13582795)

Novell makes a version of Windows now? Sign me up.

Re:Linux (2)

LDoggg_ (659725) | more than 8 years ago | (#13582849)

The point is, stop suggesting the supposedly "ideal" scenario that no one will ever be able to obtain.

Because everyone is using a collection of software comprised of 95% home grown Delphi apps?

So you're stuck with windows. Fine.
Some people aren't, and the suggestion of using Linux is legitimate.

Let's worry about keeping Billy the marketing Intern from bringing Klez onto our network first, and THEN worry about changing the world later...

You worry about your network. No need to try discourage others willing to try to change things now.

Re:Linux (1)

Greyfox (87712) | more than 8 years ago | (#13582947)

That doesn't keep them from switching over to OSX does it? No user friendliness issues in OSX. No virus issues either. And you would think that the 17" powerbook would be the perfect way for upper management to prove they've got the biggest dicks in town at those sales meetings and trade shows. But even bring up Apple gear to your local IT department and they'll fall over themselves to get you out of their office, going on about not supported blah blah blah. Of course, without virusses on the network and with an ultra friendly OS not interfering with users, they'd all be out of a job. Keep an eye out for the telltale signs of panic in their eyes when anyone so much as mentions it. You'll see what I'm talking about...

Re:Linux (1)

TelJanin (784836) | more than 8 years ago | (#13582996)

I think that if the user can't figure out how to use ctrl+alt+del, it's not a problem with the software.

Re:Linux (1)

Lord Kano (13027) | more than 8 years ago | (#13582991)

While we are moving more to a web-based application model, we still have 95% of our programs written in Delphi, and even support a legacy DOS-based system. There's no way we'd get all that ported to Linux any time in the next 2 years, even if we dropped everything until it was done.

There's WINE and DOSEMU. You don't have to worry about porting them.

You may not want to and that's your right, but let's not pretend that you can't.

LK

Re:Linux (1)

wfberg (24378) | more than 8 years ago | (#13583129)

If they don't know that the big Novell login screen with the buttons saying 'Press Ctrl + Alt + Del to begin.' is telling them they should press those keys to get started, what chance is there they'll know what to do with one of the somewhat useless messages Gnome generates when an application crashes?

These days, the login screen for windows show a little animation of three buttons being pressed simultaneously. Which prevents people from misinterpreting the message to "press ctrl+alt+del" to mean to press the keys in sequence, to press ctrl, then the plus key, then alt, etc. Having to press three keys simultaneously (or rather, depressing them simultaneously) to make something extremely ordinary happen just isn't intuitive.

It's quite possible for some one to be of (above) average intelligence, diligently following instructions such as "don't download silly cursor changing or weather reporting programs, don't open suspicious attachments" and knowing why; but to still misinterpret the "ctrl+alt+del" instruction.

Microsoft had the chance to make the windows-flag-logo key the Secure Attention Key (which would leave ctrl+alt+del for resetting, yay) but they passed it up.

Re:Linux (2, Informative)

nukem996 (624036) | more than 8 years ago | (#13582789)

ummmm maybe if they only use the command line. Have your users use KDE, my 90 year old grandfather uses it just fine. Infact I think KDE would be much easier to switch to then Mac. Many of the features such as Start, file browsing, and look are the same.

Re:Linux (0)

Anonymous Coward | more than 8 years ago | (#13582811)

and the troll wins again

Still this complete and utter shit argument? (1)

SmallFurryCreature (593017) | more than 8 years ago | (#13582854)

At the place I currently work they need to produce an awfull lot of documentation and other paperwork, so they got a couple of big xerox machines. These machines are of such calibre that they need a complete PC to control them. Guess the OS that runs them? No not linux, Solaris an unix that is way way harder to use.

And it is isn't Solaris in the background, it is the desktop from wich you control the machine.

Have the people working with it got any problems with using a real OS instead of the pretty button Windows/KDE/Gnome crap? No. In fact when some outsiders come in and ask why they don't insist on windows XP for the controlling software the general attitude is what the fuck for?

People will learn to work with the tools they are given. Long before XP, long before KDE yes even long before Gnome even way way before Xerox itself came up with the idea of the modern desktop people have used computers and machines wich were far more difficult to use.

Frankly I think that when someone is incapable of learning to deal with another OS you should seriously question wether that person is capable at all. Would you hire a truck driver who can only drive DAF trucks? A fork lift operator who instantly crashes when he is put on a machine wich uses different peddles instead of a switch to choose direction?

If you ever switch between companies you are likely going to switch a lot of software tools. It is rare to see the same solution in 2 companies, how come people somehow seem able to cope learning an entire new warehouse management system but are unable to learn a new login screen?

Re:Still this complete and utter shit argument? (1)

amdotaku (909214) | more than 8 years ago | (#13583449)

Computers are tools, and that's the way a good admin needs to view them as. The fact is, a nailgun is easier to use and often better to use than a hammer, yet they still aren't quite as popular. Productive users should be given tools they are comfortable with and that also get the job done. They should not be expected to adapt beyond their wishes without good reason(usually no other choice or irresistible savings/benefits), as productive users often have better things to do than play with software. Why do you think that computer engineering firms still have IT departments when most engineering types know MUCH more about the machines they're on than the people they call on for issues? Productivity users simply do not have time and more over shouldn't be allowed to worry about the computing systems they use, because this is unproductive use of company time! The issue here isn't as simple as intellect or usability but is giving clients what they want to use, because ultimately that's the whole point of an IT/IS system: increased productivity. The other main issue to address is software migration. Again, you may think that for things as simple as corporate databases or productivity suites migration shouldn't be a huge deal, but a lot of industries employ software tools that have code where the main understandability issue isn't a software engineering type issue, but a more technical/scientific one. For example, a Biotech firm may have software that their biochemists worked with programmers to create. Should these biochemists be taken off their current assignments just to redevelop the same software they have for a different OS due to a security issue? This could result in a loss of millions of dollars in productivity. And, to respond to your last claim, new warehouse management systems can result in thousands of dollars in productivity gains, while learning a new login screen usually can't do a company much good. The fact is, until portability becomes a big issue in initial internal development, support for old and often insecure OSes and software is a necessary evil.

Re:Linux (1)

MikeFM (12491) | more than 8 years ago | (#13583397)

Linux is perfectly easy to use as a desktop when someone else sets it up for your needs. Easier than Windows or OSX usually.

It's a lie to say any computer is secure though. Even if it runs Linux or OSX a laptop is more of a security risk for the network simply because it's had more chance to be outside the control of any and all security policy. Never trust that the user's computer is secure.

Of course Windows is so insecure that I would never allow any employee of mine to connect to my corporate network with a computer running Windows. The probability that they could be sending out login information and other sensitive corporate data through some sort of spyware is just to high.

Be paranoid! :)

Re:Linux (0)

Anonymous Coward | more than 8 years ago | (#13583418)

Better still, use the truly secure Linux operating system. Six months after making the change, you will not use Windows again. The cost of Linux is also much less than the cost of upgrading Windows XP Home Edition to Windows XP Professional.

What a crock of shit. I used Linux for 3 years until I upgraded to Windows XP Professional. Linux only costs less on a workstation if your time is completely worthless. The amount of time I spent getting simple stupid things in Linux to work like sound and printing equates to thousands of dollars of unrecoverable time. I decided to give Ubuntu Linux a try a few weeks ago with one of those live CDs. Guess what: it won't boot on a PCI-E graphics card. Even in 2005 Linux is still the operating system that only runs on outdated hardware used by unemployed people whose time is worth nothing.

Some standard security items.. (2, Informative)

knightinshiningarmor (653332) | more than 8 years ago | (#13582721)

It's very true that laptops are a higher risk than desktops.

1) Most laptops now have wireless cards. If this is the case, use an encrypted connection to an AP.

2) Even then, use as many encrypted streams as you can (ssh, https, pop3s/imaps, etc.).

3) Physical security. It's easy for anyone to run off with your computer. So keep track of it... don't leave it on the table at the library.

Re:Some standard security items.. (1)

No Salvation (914727) | more than 8 years ago | (#13582797)

use an encrypted connection to an AP
And for $DEITY's sake don't use WEP, my 9 year old cousin knows how to capture and crack WEP passwords. At least use AES or something similar.

Re:Some standard security items.. (0)

Anonymous Coward | more than 8 years ago | (#13582875)

If the data is anything of value they should be using some sort of VPN or equivalent system anyway.

Good for your cousin (1)

Eunuch (844280) | more than 8 years ago | (#13582878)

In the real world, WEP is much better than free access, in that in this real world most people don't bother once they see that WEP is active.

Re:Some standard security items.. (1)

JeanBaptiste (537955) | more than 8 years ago | (#13582841)

I think this article is (supposed) to be more about a laptops negative effect on the securty of a local area network rather than security problems with laptops themselves.

Mostly just that laptop users get viruses on their out-of-office connections, which they then bring into the office, in effect bypassing the firewall.

Thats the idea, I think. The article seems to be more of an anti-windows fluff piece, rather than going into any depth regarding how laptops are the problem. Comments like this make me think that: "Last, but not least, how many businesses count the true cost of owning the Microsoft Windows operating system on laptops?" In most if not all cases, the answer is that there are still business critical applications which do not have a linux equivelent, such as... I'll be able to switch my users over once there is a GIS application like Arcview. Doubt its going to happen in my lifetime.

No, I'm not a MS fanboy. I dual boot xp/ubuntu at home. world of warcraft is about the only reason i keep windows. /end rant

Re:Some standard security items.. (0)

Anonymous Coward | more than 8 years ago | (#13582857)

world of warcraft is about the only reason i keep windows
Cedega. [transgaming.org] That is all.

Moronic... (0)

Anonymous Coward | more than 8 years ago | (#13582728)

This is moronic. If I have to carry a laptop to which I don't have admin rights to, I'd quit.

In fact, I got my employer to unlock my desktop box (so, you know, one can configure it to make it comfortable to use...)

Re:Moronic... (0)

Anonymous Coward | more than 8 years ago | (#13582771)

The problem is that many programs are stupidly designed. Windows is one of the worst. Some time ago I was using a computer at the computer lab (every student gets his own account), and I wanted to change the background. I couldn't. Since allowing access to that setting also allows changing screen configuration and a few other things. That's plain stupid. And there are a million things like that (after a while of getting the same answer, I just stopped asking, since they weren't willing to switch to linux or anything else that's decent...).

Re:Moronic... (1)

2 (226117) | more than 8 years ago | (#13582869)

The problem is that many programs are stupidly designed. Windows is one of the worst. Some time ago I was using a computer at the computer lab (every student gets his own account), and I wanted to change the background. I couldn't. Since allowing access to that setting also allows changing screen configuration and a few other things. That's plain stupid. And there are a million things like that (after a while of getting the same answer, I just stopped asking, since they weren't willing to switch to linux or anything else that's decent...).

I agree completely. I've become accustomed to using the built-in calender in Windows under the "Date and Time Properties". Its not much, but this calendar is very simple and easy to access--just double-click on the clock on the taskbar. But on a non-admin user, you can't do this. Instead of showing the calendar and making it read-only, Windows refuses to show the calendar at all. (The Date and Time Properties applet also shows an analog clock.) I know there are other, probably better ways, to get a calendar (ssh into my box at home and run ncal, or look online) but the point is that a non-admin user on Windows is restricted too much, so much that they have to change their work habits. I'm sure there is a way to give non-admin users access to the time, but it is not the default behavior. And I doubt you can have fine-grain control to allow users to view the time settings without changing them.

Even worse is that none of these problems will be fixed until, at best, a very long time. (I'm not waiting for Vista.) Thankfully we have open source...

Re:Moronic... (2, Insightful)

flatass (866368) | more than 8 years ago | (#13583000)

You are both missing the point here a bit. The discussion should be focused on business machines. IMHO employees workstations should be configured to allow them to do their job. (thats a period at the end there) Anything else in Windows invites time wasted by the employee screwing with things they ought not be screwing with, and time wasted by admins cleaing up after them.

Re:Moronic... (1)

cybertears (778765) | more than 8 years ago | (#13583276)

but at the same time these users are allowed internet access. i'm almost positive that more time would be wasted on the internet than changing the background or checking the calendar.

Re:Moronic... (1)

MikeURL (890801) | more than 8 years ago | (#13582980)

If you make it claer to your IT guys that you have a clue they will usually "work with you" on stuff like this.

Re:Moronic... (1)

TuomasK (631731) | more than 8 years ago | (#13583148)

It's not your laptop, it's the company's laptop and one can't just do anything he wants with company's property. Average user shouldn't have admin rights to his laptop, that's just plain stupid. Of course there are exceptions, I and I imagine that most who read slashdot are exceptions on this case :)

is'nt it mandatory (2, Insightful)

muzik4machines (834892) | more than 8 years ago | (#13582731)

to install XP Pro on any buisness machine? seems silly to let the user install his/her softwares on the COMPANY laptop

Re:is'nt it mandatory (1)

Trillan (597339) | more than 8 years ago | (#13582814)

If my company requires me to work outside of core hours and off the site, it seems silly to require I not allow myself to be comfortable on that laptop.

Re:is'nt it mandatory (1)

MBGMorden (803437) | more than 8 years ago | (#13582832)

Not mandatory. XP Home can be used on any machine if you're willing to live without the features of Pro.

Of course, the admin vs. standard structure is still the same in Home, so even on it you can prevent people from installing software.

That being said, it depends on the user. Not all software the user installs is for fun. A lot of people can use various freeware applications. If I trust a user and they have demonstrated a certain level of computer saviness, I wouldn't have a problem allowing them to install software on a laptop.

Re:is'nt it mandatory (2, Insightful)

boomgopher (627124) | more than 8 years ago | (#13582976)

Oh please, I'm a developer, and there is NO WAY I could function if I was not allowed to install my own software. Nor would I be willing to keep asking Joe IT install something for me.

I'd pull out the harddrive and do my own OS install if it came down to it. And no - I've not gotten a single virus/worm in the past 8 years...

Re:is'nt it mandatory (1)

KronicD (568558) | more than 8 years ago | (#13583130)

Of course developers shouldn't be subject to the same restriction as the average user. We need higher level access in order to do our job, its that simple. On the other hand for the average user non-restricted access can actually hurt their ability to perform their job, as they introduce non-supported software into the enviroment it will lead to speed/reliability issues on their workstation etc.

Re:is'nt it mandatory (1)

muzik4machines (834892) | more than 8 years ago | (#13583252)

i was talking about the average joe user like a lot of office guys i know who have company laptops and are jsut surfing the net at home with, installing kaazaa and shit on it

Good idea here (0, Troll)

Anonymous Cowterd (910764) | more than 8 years ago | (#13582734)

Have everyone install Windows. The world would be a much safer place without the bug-ridden opensource crap that plagues our computers.

Linux on the Enterprise - My experience (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13582740)

As a security consultant for several large companies, I'd always done my work on
Windows. Recently however, a top online investment firm asked us to do
some work using Linux. The concept of having access to source code was
very appealing to us, as we'd be able to modify the kernel to meet our
exacting standards which we're unable to do with Microsoft's products.

Although we met several technical challenges along the way
(specifically, Linux's lack of Token Ring support and the fact that we
were unable to defrag its ext2 file system), all in all the process
went smoothly. Everyone was very pleased with Linux, and we were
considering using it for a great deal of future internal projects.

So you can imagine our suprise when we were informed by a lawyer that
we would be required to publish our source code for others to use. It
was brought to our attention that Linux is copyrighted under something
called the GPL, or the Gnu Protective License. Part of this license
states that any changes to the kernel are to be made freely available.
Unfortunately for us, this meant that the great deal of time and money
we spent "touching up" Linux to work for this investment firm would
now be available at no cost to our competitors.

Furthermore, after reviewing this GPL our lawyers advised us that any
products compiled with GPL'ed tools - such as gcc - would also have to
its source code released. This was simply unacceptable.

Although we had planned for no one outside of this company to ever
use, let alone see the source code, we were now put in a difficult
position. We could either give away our hard work, or come up with
another solution. Although it was tought to do, there really was no
option: We had to rewrite the code, from scratch, for Windows 2000.

I think the biggest thing keeping Linux from being truly competitive
with Microsoft is this GPL. Its draconian requirements virtually
guarentee that no business will ever be able to use it. After my
experience with Linux, I won't be recommending it to any of my
associates. I may reconsider if Linux switches its license to
something a little more fair, such as Microsoft's "Shared Source".
Until then its attempts to socialize the software market will insure
it remains only a bit player.

Thank you for your time.

Please tell me your joking (2, Informative)

nukem996 (624036) | more than 8 years ago | (#13582774)

The GPL does state that any changes made to the kernel has to be open source but if you did everything as a modules(does not touch the kernel source just lets the kernel load this to extend the kernel) you could of kept it closed source and stuck with Linux. Many companies do this such as nvidia and ati. You should of done some research before spending time and money and planned to do this as a module.

Re:Please tell me your joking (1, Informative)

Anonymous Coward | more than 8 years ago | (#13582826)

Wrong. If you release the changes to the GPL'd code to the public THEN you must make the source available. If it's purely in-house, then you can make all the changes you want to without releasing anything.

Re:Linux on the Enterprise - My experience (1, Funny)

Anonymous Coward | more than 8 years ago | (#13583028)

As a security consultant for several large companies, I'd always done my work on Windows. Recently however, a top online investment firm asked us to do some work using Linux. The concept of having access to source code was...
Reading troll messages like this one is alays more entertaining to me if i imagine dave chappelle's white person voice in my head.
try it.

Laptops get around too much (2, Insightful)

MichaelSmith (789609) | more than 8 years ago | (#13582744)

Until recently I was involved in administrating a linux server on a network of windows workstations. The server primarly operated as a gateway to the internet.

Every now and then some horrible worm would get lose on the network and fill the internet connection with crap. I would get the blame for it of course (internet not working).

Outbreaks were correlated with a particular individual coming back to the office with his laptop after working elsewhere. I think it must be something about the way he uses that system; what sites he goes to, probably; which causes it to be so riddled with viruses.

I am not managing that system any more. Good riddance. The versatility of laptops is letting them down in this instance. If the owner is a bit of an idiot no amount of management will keep them out of trouble.

Re:Laptops get around too much (1)

BishonenAngstMagnet (797469) | more than 8 years ago | (#13582767)

That's why you disable all internet usage outside the network. Plugs in at home, no avail.

Re:Laptops get around too much (1)

ChipMonk (711367) | more than 8 years ago | (#13582779)

I think iptables (or some such packet filtering system) would be your friend here. Whatever comes from his wireless NIC has a particular Ethernet address, the first tool of your filtering. After that, whatever matches an infection fingerprint gets rejected. And if you get too many false positives, well, too bad for him, huh?

But I think you took the smarter route here (no pun intended). Dump it onto someone else to deal with.

Re:Laptops get around too much (4, Informative)

(H)elix1 (231155) | more than 8 years ago | (#13582793)

Outbreaks were correlated with a particular individual coming back to the office with his laptop after working elsewhere. I think it must be something about the way he uses that system; what sites he goes to, probably; which causes it to be so riddled with viruses.

You would not believe the crap you have to deal with on hotel networks. If anyone is counting on the firewalls keep the network clean, guess again. This has to be at the machine level, each one an island. I keep the shield up on my laptop and (knock on wood) have yet to have an issue - but most of the broad band connections your typical road warrior deals with is a cesspool of worms, viruses, and other such nasties.

Re:Laptops get around too much (0)

Anonymous Coward | more than 8 years ago | (#13583108)

Road warrior my ass, your typical laptop "road warrior" would get his ass handed to him by the lowliest minion from the Mad Max movie.

Re:Laptops get around too much (1)

drauh (524358) | more than 8 years ago | (#13582831)

meh. deal with it. people need laptops to be productive outside the office.

Re:Laptops get around too much (2, Insightful)

jkuff (170923) | more than 8 years ago | (#13582871)

Part of the problem is the default settings of Windows XP Home and Professional. I really wish there was a "secure laptop" Local Security Policy profile that a user could select to automatically configure all of the XP services, etc. Whenever I purchase a new laptop, I have to spend a whole day disabling potentially insecure things like UnPNP, Telnet, Remote Desktop, Remote Registry, SSDP discovery, guest account, default file and printer sharing, etc. and setting up IPSec policies.

What I really want is an easy way to automatically configure these things for a laptop that I NEVER want to be accessed (i.e. remotely controlled) from the outside, nor share any files or resources. It is shameful how many ports are opened by default, which makes the naive user even more prone to picking up nasty trojans and viruses.

DMZ (2)

Craig Ringer (302899) | more than 8 years ago | (#13583086)

What really helps for this sort of use is a DMZ configuration. Laptops get put on dedicated network ports on a separate VLAN (if your switch doesn't support 'em, time to get one that does, or build parallel infrastructure), or even on a wireless network. Either way, all laptops go onto a network that arrives at a single dedicated port (physical or vlan'd virtual) on the firewall. The firewall treats that as untrusted as it would a DMZ, and only offers public external services to it.

If your laptop users want to get at internal network services, they use their IMAP+TLS, TLS-secured authenticated SMTP, etc - same as they do on the road. File access - WebDAV with SSL and client certificates.

If you must, then expose some "internal" services - but only the sort, such as TCP/IP database access ports, that won't be affected by most win32 worms.

If you isolate laptops from your network core even when they're on site, you'll be a lot better off. With half decent switches you can even configure things so that laptops *can't* be used on the "standard" ports by MAC-locking each port to its appropriate host. If a user knows enough to change the MAC address on their laptop to match their desktop, then change the plugs, you're probably beyond technical solutions (and into "fire them if they don't understand how to follow rules") anyway.

Re:DMZ (1)

MichaelSmith (789609) | more than 8 years ago | (#13583167)

Thanks for that. There have been a lot of interesting suggestions in this thread.

I was only brought in to do the server and they didn't pay me to run the whole system. They had a few people with just just the right amount of knowledge (enough to be able to change things, not enough to be able to do it properly) and I would never have been able to lock them out of their machines, even if I had been paid to maintain them.

It was too political, nobody was in charge. I am not sorry they decided to go elsewhere for their services. If I do something like this again I will insist on having control over all systems on the network as well as switches, etc.

Re:DMZ (1)

Craig Ringer (302899) | more than 8 years ago | (#13583209)

Yes, it's a difficult situation where your control is limited and those running the other parts of the system aren't concerned about the issues or willing to listen.

As for the network, if you do get the chance then a good stackable managed switch (ie backplane stacking , not connect-the-uplinks) with serial console is your best friend :-)

Re:Laptops get around too much (1)

darkonc (47285) | more than 8 years ago | (#13583311)

Outbreaks were correlated with a particular individual coming back to the office with his laptop after working elsewhere.

Your network had a patchbay, right????

Figure out what port that guy connects his laptop to, and put it on it's own subnet. If you don't have a switch that can vlan, then give him a port direct into a linux/BSD box (of you have to, dedicate an old desktop to him as a firewall. A P75 can handle 10 Mbit without breaking into a sweat. (I only have 10Mbit cards in my BSD box, so I can't test beyond that). Filter it for ONLY the ports that he's supposed to be using within the network and then add the ports that ONLY go to the outside world. That won't be a 100% fix, but it'll probably contain about 75% of the worms that he brings back into the office.

After that you could add a simple IDS system (snort) to to check for signs of contagion on his port.

Once you get that down pat, you can possibly expand that to other users.

Another thing that might be useful is limiting the outbound traffic of any given user. Not much need to limit the inbound traffic. Most of what's going to kill you on viruses is the outbound traffic. Very few viruses suck data.

There might be a couple of ports/addresses that need high-speed outbound, but you can make an exception of those.

Well that solves a pesky problem (2, Funny)

Anonymous Coward | more than 8 years ago | (#13582765)

"...laptop users are inclined to be rather autonomously minded..."

How many people have struggled with the problem of free will. I know I have. The idea of free will is ages old and unresolved until now. Now we know laptop users have free will. Tyranny got you down? Buy a laptop.

A chain is only as strong... (0)

Anonymous Coward | more than 8 years ago | (#13582776)

Why are business networks so fragile in the first place? There should be automatic checks in place so that if a computer starts sending out too much traffic, it gets cut off (in addition to the usual other AV countermeasures). Why is this not enough?

Any network that fails when one node is compromised does not seem very robust to me.

Re:A chain is only as strong... (1)

MikeFM (12491) | more than 8 years ago | (#13583412)

It's because mgmt is cheap, lazy, and uneducated. They poor money into things advertisements tell them will help with security rather than spending money on good admins and the things those admins tell them to buy.

"Good security costs money and means I can't use my spyware infected Windows box to log into highly sensitive data? Phbbt forget that. Norton firewall should be enough!"

Re:A chain is only as strong... (1)

Anne Thwacks (531696) | more than 8 years ago | (#13583474)

Why are business networks so fragile in the first place?

Because PHBs insist on using Windows.

Next question please ...

Damn you XP Home (3, Insightful)

max99ted (192208) | more than 8 years ago | (#13582801)

As a small business IT support guy, I see this all the time. Lawyer X or Dentist Y grabs the latest laptop deal from Dell, brings it to work, and finds out he can't connect to the 'server', which either leads to some kind of limited workaround or an overpriced 'upgrade' to Pro, both costing them money (my time or a sticker, registry fix + more of my time). I'm always telling clients to ASK ME FIRST before buying something but as anyone in the same business will know, that can be rare.

My company is doing this lockdown approach (4, Insightful)

cheezus_es_lard (557559) | more than 8 years ago | (#13582815)

I'm involved in a 'new technology' pilot for the IT department in my company, a Fortune 100 presence, and they're looking to force this down our throats. I'm a consulting network engineer, and I have a distinct need to be able to install a very large suite of custom applications, as well as make changes to network settings, etc. as part of my daily work. I can understand the potential security risks, but if it makes me unable to do my job producing revenue for the company, it's an unacceptable change.

I will fight this, because users need rights too.

Re:My company is doing this lockdown approach (2, Interesting)

mrbooze (49713) | more than 8 years ago | (#13582846)

What I've heard of some businesses doing is giving developers/consultants/whatever two hard drives per laptop. One hard drive has the "corporate" image on it with full access to the network, email, etc. The second hard drive has the "developer" image, which they can mess with to their heart's content, but that has limited ability to affect the network.

As an long-time IT person myself, I can see the ways in which that would make my job easier, but it also just seemed ridiculously restritictive on the ability of people to do their work. Can't check email or your outlook calendar and write code at the same time?

Re:My company is doing this lockdown approach (1)

KronicD (568558) | more than 8 years ago | (#13583158)

It would seem logical to let them use the developer image most of the time, allow them to use the corporate image if they wish.

However they could have access to a shell on a remote box to check email/use cal etc.

Seems quite logical!

Re:My company is doing this lockdown approach (1)

Aaron_bootiemd (841061) | more than 8 years ago | (#13582902)

Not to mention half-ass attempts to try to lockdown computers (especially ones used by multiple people). Something bad can be installed, but you aren't able to access add/remove programs, the registry, etc. to uninstall/fix the problem. I end up having to call the incompetent support person to fix it or just let it be, porn popups and all. If they left it alone, people with some simple computer skills would be able to fix the problem...

The typical reply to this post: (1)

VeganBob (888165) | more than 8 years ago | (#13582847)

"Just install Linux"

Blah blah....

Laptop Lockdown (5, Interesting)

jcnnghm (538570) | more than 8 years ago | (#13582851)

Laptops that are permitted out of the office have to be setup as untrusted devices. Run separate cables, or make the user login wirelessly allowing limited, if any, local network access, but allowing full Internet access.

Basically, you have your primary LAN of machines that never leave the office, and your wireless lan of laptops that are blocked from the primary lan. Both networks should be able to connect to the Internet, and laptop users would be required to connect to network services just as if they were out of the office.

Good wireless AP's should be able to block laptop to laptop communications, so that all the wireless network provides is internet access. Your network services should be hardened from Internet attacks already, and if they are not that should be addressed before any laptop related issue. /*
  This has worked relatively well for me, might have a huge whole I don't see
*/

Re:Laptop Lockdown (1)

Mr. Arbusto (300950) | more than 8 years ago | (#13582906)

I was thinking of a process similar to this. Simply assume that all road-warriors are worm infested. Any access physically on the premise or while away must be done via a VPN. This give you a physical (such as your WLAN idea) and logical (you can block and edit the data how ever you like) separation from the rest of the network. Sure it would probably be a hassle to setup and slower for the User, but it does provide a good separation for the manage and unmanaged machines.

Re:Laptop Lockdown (0)

Anonymous Coward | more than 8 years ago | (#13583046)

Err, how about the fact that connecting to the Lan and Wireless Lan from the same laptop at the same time effectively bridges the 2 networks together?

lock down your servers (1)

spongman (182339) | more than 8 years ago | (#13582853)

if you're running windows servers, lock them down (both externally and internally), lock down your Active Directory.

If you want XP Home machines to be able to authenticate on the domain, just force them to connect to an internal VPN - their VPN credentials will be used for connections to local services (exchange, file servers, etc...)

It's not the size of your device that matters... (0)

Anonymous Coward | more than 8 years ago | (#13582874)

It's how you use it.

physical security (1)

E8086 (698978) | more than 8 years ago | (#13582929)

I just finished reading the "Stolen U.C. Berkley Laptop Recovered" posting. I'd agree with the biggest threat to and of laptops for corporate use is loss/theft. If it's lost chances are someone's going to try to access the contents. There needs to be required encryption of the hdd, the data is probably worth far more than the cost of a replacement. Also restriction of what data can be copied to a company laptop. Over the last day there has been postings on the U of Miami at Ohio and U.C. Berkley student information getting where it shouldn't be.

What do you mean small company? (0)

Anonymous Coward | more than 8 years ago | (#13582932)

I work for a company with 80,000+ employees. And better than that a defense company. I'm willing to bet that more than one fortune 1xx company still gives laptop users administrative rights. There are far too many applications to support on the road without giving the users the necessary permissions to get the problem fixed. If I didn't know better I would call this flame bait. Then again slashdot has a pretty poor track record lately with s/n...

A slight amendment is in order... (2, Informative)

PetoskeyGuy (648788) | more than 8 years ago | (#13582943)

This should read...

Mark Brunelli, News Editor of searchEnterpriseLinux.com wrote to mention a SearchEnterpriseLinux column about reducing the negative impact laptops can have on a network's security. From the article: "Portable computers often become an extension of the person using them. It is no surprise that laptop users are inclined to be rather autonomously minded. Many users don't realize that the power they have to install software and change set

I don't mind plugging articles for your own site, but at least practice full disclosure.
http://searchenterpriselinux.techtarget.com/meetEd itorial/0,289131,sid39,00.html [techtarget.com]

Direction? (1)

flatass (866368) | more than 8 years ago | (#13582968)

Wow, so far this discussion is heading in about 6 different directions, none of which pertain to the topic. While the article may be a simple anti Windows piece, it brings up some real issues. As a sysadmin for a medium size businesbs, I have faced this issue (not with xp home, but 2000 pro and xp pro) many times. I was hoping to see some insightful posts with approaches I had yet tried. Oh wait, forgot what site I was on for a sec.....

My laptop w/Pro is just fine... (1)

Dankling (596769) | more than 8 years ago | (#13582972)

except sometimes the mouse moves by itself and does weird things with my computer. but all i have to do is restart it and things are better.

oh, thats not even a result of it being a laptop, thats just XP pro...

Hate Laptops with XP Home, eh? (1)

vonFinkelstien (687265) | more than 8 years ago | (#13582992)

For all of you admins that hate when Lawyer X or Dentist Y brings a brand new Dell laptop with XP Home Edition onto your network. How would you react to Teacher ZZZAlpha who brings an iBook or Designer XXX who brings a Powerbook with Tiger?

I'm just curious.

We have XP Prof. with Active Directory logins at our school, but I (Teacher ZZZAlpha) often bring my iBook in with me to play MP3s, audiobooks, or show Simpsons episodes that are not out on DVD (I'm a teacher, so I can't afford an iPod). I can login to the shared directories fine. The admin doesn't care, although he's not in a hurry to get the print server to allow me to print.

I locked my sister's kids out of windows XP Home.. (4, Informative)

kesuki (321456) | more than 8 years ago | (#13583032)

Just by adding a second account in the control panel, and changing the (default) administrator account to have a relatively secure password.

Since when does having windows XP Home edition prevent you from adding multiple users, some of them restricted users who can't install software? is it because you only know how to use XP pro's tools to manage security? you don't know how to lock down IE with the help of a few simple freeware utilities you can download off the internet ;)

I don't get it :) why do small businesses need to buy XP pro when XP home has enough of the features to do everything that is 'easier' to do in XP Pro?

If I'm missing some big reason please tell me, other than XP pro costs at least $120 more (oem pricing) why someone needs to run Pro to do something i did on XP home just last weekend...

Re:I locked my sister's kids out of windows XP Hom (0)

Mancat (831487) | more than 8 years ago | (#13583275)

Mainly because XP Home cannot directly join a Windows domain.

Re:I locked my sister's kids out of windows XP Hom (0, Offtopic)

cybertears (778765) | more than 8 years ago | (#13583330)

my understanding is that xp home sucks when it comes to networking. i used it for a short while and it locked up every single time i tried to access another machine via lan.

Pocket Knife (4, Insightful)

Graymalkin (13732) | more than 8 years ago | (#13583151)

Most computer users are not qualified administrators, in fact many of them are borderline computer illiterate. This isn't to say these people are dumb, they're just not very computer savvy. Such users tend to be able to use software they've been trained on or are familiar with but aren't likely to know exactly how it works. They click an icon, type in some values, and things happen. They don't need to know or care that the app is just a VB SOAP client talking to a web service via SSL hosted on the company's server farm. The guy down the hall in accounting needs to know how to do stuff in Excel, not how to write Excel.

That being said, these people aren't necessarily qualified to administer their own equipment. Some might have a bit of technical prowess but a majority of normal users are just that. So why are they put in charge of managing their own equipment and why are they able to take company information and property with them to get stolen or dropped down a flight of stairs? If they've got light communication needs how about Blackberries or Treos or some other connected devices. Quite a bit can be done through secured web interfaces or through web services with lightweight front ends. A little bit of well designed caching and users would be hard pressed to notice the company's database didn't exist on their little handheld device.

This approach isn't going to solve everyone's problems but it works for some in two major ways. The first is any single field employee can't take the sum of a company's data with them somewhere to have it hijacked by either action or omission. They're also not terribly likely to plug into an office machine and infect the whole network with some new Windows worm. A lost PDA might mean the company is out a few hundred dollars worth of equipment and maybe some confidential documents. A PDA that runs only application/web service front end software is really only out the value of the lost hardware.

If you've got responsible users you can probably trust them with full fledged laptops. For those that are almost more trouble than they're worth, give them cool gadgets they can work on but do limited amounts of damage with. This is of course in addition to better network security in and out of the office. If you've giving even advanced users a laptop to take home let them only take with them the data they absolutely need to get their job done. You don't want a laptop with 98,000 personal records [sfgate.com] on it stolen or something.

dear god (1, Interesting)

Anonymous Coward | more than 8 years ago | (#13583220)

don't you dare lock down the one fucking machine i have access to that isnt crippled by office manager paranoia. Every time i want to install something I have to explain it to our office manager. "activeperl...huh?" "why the fuck you need java?" Sure, maybe if you're IT laptops suck, but i'm a the lone nerd in a company that does mostly net based research. For me having access to the unlocked travel laptops is the difference between weeks of data entry and spending a couple hours surfing /. while a script does all the work.
As an aside, our laptops have XP home, but our desktops have 2000. I have to ssh into my home computer (Mac), ftp the data file, process, and then ftp the results back. f..kin pain in the ass. nough rambling.

Re:dear god (1)

Mancat (831487) | more than 8 years ago | (#13583283)

Nine out of ten software installation programs will let you install do your home directory. Unfortunately, some still want to do dumb things like write to global keys in the registry.

Hmm.. Ballmer was right with the developers thing. Developers, fix your install wizards!

Another data point (1)

sd_diamond (839492) | more than 8 years ago | (#13583279)

I work at a DoE National Lab, and many of the people there (including myself) have a laptop as their primary work machine. These machines are generally set up to give us full administrative access -- i.e., we can do whatever we want with them. Furthermore, we are allowed to take these machines home with us when we leave the office, and many of us (again, including myself) do so. I often work from home, and if I ever went on business trips I'm sure I would make frequent use of network access in hotels or other locations -- many other employees do this on a regular basis.

In spite of all of these facts, which I am sure are enough to curdle the blood of many IT managers, our site has had very few cases of intrusion by malicious software. And when it has happened, it has been dealt with swiftly.

I'm not sure how the IT guys here run their shop -- that's not my specialty. But clearly they're doing something right, and they would seem to disprove any claim that strict lockdowns on company laptops are necessary to keep the network secure.

hay guys what's going on in this slashdot (1)

beckett (27524) | more than 8 years ago | (#13583299)

One of my friends mentioned recently that his company no longer repairs damaged Windows operating systems on laptop computers. They estimated the cost of recovery of virus-infected laptops at $420 per incident. Since the cost of complete replacement is only $500, it does not make sense to attempt recovery.

I offer to take your company's garbage out for free!

It happened where I used to work (5, Interesting)

R3d M3rcury (871886) | more than 8 years ago | (#13583374)

Actually, the last large corporation I worked for caught Code Red from a salesman's laptop. This salesman was in Australia, far away from the IT Department.

Even better: It was a security company.

Best of all: It was the Mac team that brought it to the IT Department's attention.

Well, go and set up the Computer correctly (2, Informative)

dzafez (897002) | more than 8 years ago | (#13583380)


Make your checklist and go through it with any Notebook that is introduced to the Company.

# encrypted /home (I don't remember what it is called on Windows) prevents a lot of ugly
things we see from stolen Notebooks nowadays.

# /home (he did it again) must be mirrored (possibly unencrypted) on a Server, (I think
you got to check for the term server side
profiles)

# No Administrative rights! I mean absolutely no administrative rights on the standard
working User!

# The Notebook needs to go back to IT-Department on sporatic calls once or twice
a year to check if the user breached the security rules of the Company (...pr0n, fun tools...)

# automatic windows updates, asap ! (Hell yea I know we like to know what is beeing installed,
but this notebook is not allway available for the Admin)

# Centralized AV-Updates (this puts the power back to the Admin, we like that)

# All connections to the LAN from anywhere go through a VPN, even WLAN.

# Once you have done the whole setup, you may want to use dd (or ghost or ...) to take a
image of the notebooks Harddrive. So you never need to so this for this Notebook again.

# YES, please document what you did, so the next Notebook will not be such a pain. This
also gives you the possibility to review the security every now and then.


I surely forgot something, but this is a starter! Feel free to put more on the lis /. folks!

Negative? All positive here... (1)

LFS.Morpheus (596173) | more than 8 years ago | (#13583451)

But that's because we don't use that "Windows" software on our notebooks [apple.com] .

It is my first Mac (and certainly won't be my last) have had it for two years... PCs and Windows just can't compare.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>