Slashdot Mirror
No More Unrestricted Internet At Work
Schlemphfer writes: "You can forget about using private email or surfing the web while at work if these bozos have their way. And judging by the Reuters article, it looks like they might. Basically what they're doing is trying to scare senior management into thinking that allowing employees unrestricted use of the net will cripple a company with viruses and lawsuits."
At work we have somewhat of an answer to viruses. 20 file extensions including exe, pif, scr, com, bat, vbs, vbe, and others are filtered at the server into a "Quarantine" folder and reports are generated every few hours on it and piped to a line printer for our review. We deal with them from there by either giving them to the employee, or by responding to who sent it with an automagically generated email.
Additionally, all mail is screened against the server's pattern file, which tries to update itself hourly. If sometimes passes through mail, it'll be found if on a server, and the client software, which updates its pattern file upon logon, will find things as they're opened.
All with unnoticable performance difference. We haven't had a virus infection in a LONG time now.
Worms like Nimda are a bit more annoying, but we take things like this seriously, and by doing so, avoided Nimda and others completely.
=====
As for net access, we do run reports on the proxy logs occasionally. Employees understand that they have little privacy in the workplace and that if we see them goofing off (except for after hours or at lunch), they do get an email regarding it. But we haven't had to do that in years. They more or less behave, because we trust them and they trust us.
-----
I'm the guy with the passwords to the routers
;)
connected to the T1 lines.
There are already a few hundred routes in the
tables... who's going to notice everything from
my workstation misses the filtering appliance?
Oh that's right, it's my job to make sure no one
*else* does this, too.
what's wrong with these guys...my computer at home is way too slow to download all that porn...
seriously though, i'd go crazy if i had to work 8 hours straight without any distractions...so, what if i shoot over to Hotmail to check my personal e-mail, or over to ESPN to check out the latest sports news, or even here to post my thoughts on the latest tech news topics...and that doesn't even count the numerous times i use the internet to look up java related things on Sun's website or trouble shoot my Websphere problems over at IBM...
what's the point of having all that information available at our finger tips if we can't use it...
"Facts are meaningless. You could use facts to prove anything that's even remotely true." - Homer Simpson
Crippling access to anything often denies legitimate uses of things and forces the employees to come up with outrageous work-arounds if they're smart enough. If they're not, then they just bother the IT staff to death with a million questions as to why they can't do the research needed, or recieve the .exe file that they need to complete their work.
I remember being in a school that had open internet access, then going to another school that had limited internet access and constantly being frustrated by the limitations imposed. I couldn't download the application I was working on and test it on a new machine, I couldn't go to a website talking about Middlesex county. There were a lot of legitimate things that I wished to do that I was blocked from, yet I could go to satanic websites, pro-life websites with all sorts of horrid imagery, and more.
Most attempts at controlling content end up being failures. Bring this to the attention of those seeking to control the information you recieve and you'll get a confused look, they'll pause and say "I don't know why you couldn't access that site. You should be able to."
I think it would be better to leave things open and dock the pay of any employee who violates "Guidelines". Let 'em hang themselves. Set up the "filters" not as filters that block the person but as flags that flag the IT staff regarding potential illegal use. The IT staff could then investiage and initiate a "three strikes" scenario. Strike one- warning, strike 2- docked pay, strike 3- no more internet access no way no how.
-Sara
We went the other route: 100% Mac on the desktop. Immune to the overwhelming majority of virii (about the same as Linux, I think), we can Netboot from OSX Server, and the engineers get OSX for its Unix-y goodness.
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
Here is the CLOSEST quote to identifying a firm that is contemplating cutoff of access:
"As a result, companies are considering dramatically curtailing, or even abolishing completely the freedoms, on which employees have grown increasingly reliant over the past few years. "
Companies? What "companies"? The only firms named in the article are firewall and security companies that are spewing the fear used in this marketing spewing article.
No real management is going to take this seriously.
Eve Fairbanks says I drive a hybrid!LOL
Sounds fair. Now, of course, I'll just stop doing any sort of work outside the contracted time. Inspirational idea in the shower? Too bad. Clever way to save the company money thought up during the commute? Guess someone else will have to think it up during approved times.
This is part of the insane attitude that one's workers are one's worst enemies. Letting people do these little things is far from bad for business. It is most likely actually good as it creates an environment where people feel invested and where they have the wild concept that maybe their employer sees them as more than "production units".
But of course that assumes there's actually value in labor, and that's anathema to the modern capitalist.
The Mongrel Dogs Who Teach
Aim and the rest have their legitimate uses too. We save hundreds of dollars in communication costs with our overseas factories, and the response time is better than with the telephone (even if they are on a call, they can still answer an IM).
Additionally, the occasional personal use tends to reduce the number of personal phone calls coming in dramaticly, so as long as it isn't excessive, we tend to let it slide.
Have you read the Moderator Guidelines yet?
I've read quite a few comments on here saying "the internet is not a right, you should be working". Well, that isn't the issue really. It's not like we are talking about a law, but a company choice. Now granted, it is within a companies right to restrict internet access, but a company has to factor in all the results of the restriction, not just the lost time and virus threats.
The fact of the matter is right now Americans are required to work way too much as is. Many jobs onyl allow you two weeks of vaction for several years after you start, and even then you might not get that "benefit" for a year after your start date. People getting burnt out at work happens all the time, and that hurts business in terms of productivity. Sure they enact short term solutions like fire the employees and hire new ones, but the new ones get burnt out faster trying to catch up. Allowing someone some time to spend checking up on their personal email and sending an ICQ to their wife is not to much to give up when it means your employees will be happier, and therefor more productive.
But I imagine the suits along with all the "you are paid to work" zealots on this site will only see the one dimension picture of lost email due to "personal" activities. At what point did we become slaves anyway?
Where I work (5000+ people company), this is what we do:
Honestly, I think that is about the best you can do. IT needs the internet extensively; other departments not so much. Hell, my boss has said to me on more than one occasion that if
I must say that I don't think its a good idea to totally remove internet access though for entire departments. I mean, if you work 8-5, that's the largest portion of your day spent at the office. You do have a life outside of work, and sometimes you have to do something online during those hours. Same goes for the phone, you are going to need it for a personal call every now & again. Of course, if you abuse the privileges, then you should have them revoked, plain & simple. But basic access should be allowed, after proper training, etc. However, giving everyone in the company unrestricted access is just flat-out stupid.
Gads, a tad bit reactionary, aren't we???
First, any company that doesn't take, at least, modest precautions in blocking certain types of e-mail attachments, or abusive downloadable web content is foolish, and, IMHO, acting negligently towards their own fiduciary responsibility, or toward their Internet neighbors.
I've been long sickened by the number of automated attacks that my IDS picks up. How long has CodeRed and Nimda been around??? Too many of these are comprimised hosts supported by corporate networks of some sort.
Second, there's little "right" involved in your use of corporate assets such as personal computers and networks. It's a kindergarten mentality to expect a company to be required to provide you with resources to order the latest teen-pop drivel, or whatever it is you just _have_ to buy during work hours.
That said, I (and many of those within my company) couldn't do our jobs as developers without net access. Any company which starts arbitrarily blocking access to the Internet without properly judging the necessary impact to their workers is also foolish.
If your company manufactures pencils, then OK, they can probably get away without providing unrestricted access to the Internet without any negative impact on their workforce. On the other hand, if your company develops software, etc... the impact would be substantial.
It's all a matter of degree, and like most things on this planet, the right solution lies in moderation.
Was this REALLY worth a Slashdot news item? I do not see how this is news in that a) it's not anything new, or hasn't been bandied about ad nausem; and b) common sense tells me that the submission itself is borderline troll. Seriously, timothy, did you think this was news???
It'd be nice to be able to moderate story submissions in addition to comments.
The biggest developments are around email prevention, experts say. Elaborate content filtering software, which can run upwards of $30,000 to install, can block all but the tamest incoming emails, and most attachments, said Trend Micro's Genes.
Corporations, particularly those that were stung hard by the wave of virus and worm attacks during the past two years, are considering it a top priority.
Here's a free clue: QUIT USING MICROSOFT SOFTWARE.
Sheesh, how stupid can you be? And what a stupid solution to the problem, cutting your nose off to spite your face.
Seriously, damned near all the email viruses are targeted directly at Outlook. So the solution is to ban email? Why not just, ya know, not use Outlook?
Myopic. Utterly myopic.
If you are root...
Here at my company, as a sysadmin, I've been suggesting a policy of completely unfiltered web access *and* completely unfiltered proxy log access.
From the CEO all the way down to the temps.
(Except for *me* of course...)
We already filter out dangerous attachments from email and have good virus software. We really don't have a problem in that respect.
The thing is, once you take something like this away from your staff, you are saying "We don't trust you. We think you're slacking."
In my office, people work damn hard and are pretty happy in their work. We have a good atmosphere and no real division between workers and management. Once a company starts doing this kind of thing, the mood changes and people get resentful.
How many people in how many companies have said "This place really started to go downhill when they took away the free soft drinks..."?
Just my 2 yen,
Jim in Tokyo
-- My Weblog.
Really. Because there's times I'm very, very, happy not to be using Windows, such as when the latest Outlook or Word infection is going around.
Sig: What Happened To The Censorware Project (censorware.org)
External regulation should not be needed. If the employees are spending all their time on the web, then clearly their work is unrewarding. If I am enjoying the code I am working on, than I can go for hours with no breaks. Employees should also be smart enough to realize that if they squander these perks, they are going to get the boot. blocking porn sites at work is acceptable. but not blocking IM ports, especially as most of my team communicated with IM. it saved a ton of time, and provided checksums on file transmissions that windows file sharing does not always do.
A draconian attitude regarding squeezing every last second of work out of an employee is pointless! all it does is breed resentment in the employees. when I was working in an environment where 5pm counterstrike matches were commonplace, we tended to do more work after the match. however, the work was interesting enough we did not mind.
the moment the management is against the workers is the moment production starts to fall. everyone should be working toward the goal.
also I highly doubt that ANYONE here could go 8 hours without a slashdot fix. dream on.
I used to work for Bellsouth DSL's tech support. Well, a day after signing up for their DSL, I had like 5 or 10 spam messages. Now, the address I used wasn't at all common. I've not given it out to anyone, nor have I signed up for anything under it. I post to DSL Reports from home that it does seem like Bellsouth is selling email addresses (under a topic that was already posted). I got fired from Bellsouth for posting that message. Apparently they traced down the sender and crossreferenced the IP with my address, and then found out I was employed by them. I was promptly fired.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
But that point aside, that's fine I'm getting paid to work, 40 hours a week. The main reason I can work 60-70 hours is because I can deal with my real life issues while at work quickly and easily through net use. Not to mention that my work is greatly facilitated by the fact that if I need software or information I can quickly and easily obtain it from my desktop.
I see your point, but (tech) companies thrive on a particular type of employee, who if he can't read
I'm the big fish in the big pond bitch.
" While I agree that Admins need to keep on top of patches, Nimda can still spread even with patched servers. It self-propagates through Outlook "
If you're using Outlook, you deserve all you get.
I am the web orientated guy out of a two man IT server admin team. Frankly, I think time would be much better spent upgrading company policy and used programs such that a simple virus such as Nimda CANNOT propergate.
No, not everyone can move away from Windows, but you can't tell me anyone needs to use Outlook or Internet Explorer, or any of the other arse security-bug ridden apps MS releases.
Rather than paying for Microsoft's mistakes with employee moral and wasting IT's time, simply think before making any software purchasing decisions.
Looks can be deceiving. Or CAN they?
These policies wouldn't have stopped Nimda getting on to our corporate network. That was tracked down to a couple of notebooks belonging to sales and marketing guys. They'd connected those machines to the internet at home, and when they were on the road. That's when they got infected. Then they infected and re-infected the corporate network several times when they plugged in at the office.
With increasing numbers of portable devices, and wireless networking, including 3G phones, it's going to be harder and harder to plug all the gaps. Instead of listening to the sales pitch of the anti-virus and firewall manufacturers, we should use some commonsense: ditch products like Outlook.
Employees excessively surfing the web is a *symptom* of, not the *reason*, too much free time at work. If they're goofing off, it's not because they have unrestricted internet access; it's because they either don't have enough work to do or they're not doing the work they've been given.
That means it's a problem their managers need to address; not something for the IT department. If someone is surfing six hours a day, then it's the manager's fault that they're not properly supervising them and giving them tasks or disciplining them for not getting their work done.
That said, a company would have to be foolish not to employ some basic filtering measures(porno, gambling, gaming sites, file sharing services, e-mail attachments) to keep network traffic and the more obvious time wasters in check.
However, if an employee is doing all their work and checking Yahoo Mail or ESPN.com, what is the harm? It keeps them happy and the company's work is getting done.
wow, the average age of the /. user must be much greater than i expected ... so many people who have resigned themselves to working the standard 8 hours a day tedium with no outlet for any sort of relief ... "work is for WORKING", "its not your time its the COMPANIES TIMES" etc etc etc ...
... but even having said that i would go crazy without the ability to access the internet or play small games at work ... to be anything else is to surely be some sort of mindless machine ... and my boss realises that that is not what i am ... we have a ADSL line that can access the net, and unless ppl were to spend all day on it or have dodgy stuff obviously displayed on their computers, they are free to do as they please, so long as in the end the work gets done, its that easy ...
.exe attachment not once BUT TWICE i am one of the ppl that has to clean up the mess, but there is no way known that i would want to restrict them to sitting in their cubes staring at the walls when there are no support calls coming in ... it would get to the point that i would worry each day that they are going to come in with an automatic weapon and wipe half of us out screaming "I JUST WANTED TO CHECK MY HOTMAIL!!!" ... we solve these types of problems by TEACHING our people that .exe and .com files shouldnt be touched unless they are obviously from something they are expecting, and as a result anyone that notices one of these will now run it by me to make sure that its a virus or something obviously bad ...
... all you ppl who let work rule your lives scare the hell out of me, your life isnt meant to be spent working, and i think that some of you need to take a load off for a while ... go jerk off somewhere or something ...
... anyway, id better get back to work :)
... what it is like to have your spririt broken like that??? to have resigned that 8 hours of your life a day - AN ENTIRE THIRD - of it is surrendered so completely to someone else just because they give you some money for it. has your life become so shallow and money obsessed that you are prepared to resign the greater part of your waking day to someone else just for money?
i am working in a job i like (computer programmer), and its something that i will even do at home after hours on a different level (i write commercial apps at work, and i fiddle with games/graphics programming at home)
... sure, when one of the plebs in support double clicks on a
... and on the flipside, if i think of something outside of work - when im not *GASP* actually getting paid for it - that is useful or may relate to my work, i may still actually spend a bit or a lot of time (whatever may be required) working it over or writing it down or something AND I DONT ASK FOR MONEY THE NEXT MORNING
... i just hope to that i never EVER become as depressing and inert as half the ppl who have replied to this posting
If my company took away net access, would I continue to work, well yeah, would I be any more productive definitely not. Would I be looking for a new job, count on it.
I'm the big fish in the big pond bitch.
An aspect that I haven't seen brought up, however, is the productivity that comes from keeping salaried employees at work. Being able to handle personal business online and not having to take long lunches or leave early before the stores/banks/etc. close is a benefit to employees, employers and even the environment.
We should shut down employee cafeterias because food can bring harmful bacteria into the company and we might get sued.
--Blair