No More Unrestricted Internet At Work

Schlemphfer writes: "You can forget about using private email or surfing the web while at work if these bozos have their way. And judging by the Reuters article, it looks like they might. Basically what they're doing is trying to scare senior management into thinking that allowing employees unrestricted use of the net will cripple a company with viruses and lawsuits."

It's about control...

[Magus311X]

At work we have somewhat of an answer to viruses. 20 file extensions including exe, pif, scr, com, bat, vbs, vbe, and others are filtered at the server into a "Quarantine" folder and reports are generated every few hours on it and piped to a line printer for our review. We deal with them from there by either giving them to the employee, or by responding to who sent it with an automagically generated email.

Additionally, all mail is screened against the server's pattern file, which tries to update itself hourly. If sometimes passes through mail, it'll be found if on a server, and the client software, which updates its pattern file upon logon, will find things as they're opened.

All with unnoticable performance difference. We haven't had a virus infection in a LONG time now.

Worms like Nimda are a bit more annoying, but we take things like this seriously, and by doing so, avoided Nimda and others completely.

=====

As for net access, we do run reports on the proxy logs occasionally. Employees understand that they have little privacy in the workplace and that if we see them goofing off (except for after hours or at lunch), they do get an email regarding it. But we haven't had to do that in years. They more or less behave, because we trust them and they trust us.

-----

Re:It's about control...

[smnolde]

And I have control without having to be in the IT department. This is where OpenSSH shines for me. I can set up port forwarding and proxy off my home machine with a cable connection and IT can't see shit for what I'm doing. It all looks like a bunch of telnet and ftp to them, all to one place. So if they are actually monitoring usage by port I'm coming up extremely low on the usage.

At home I use junkbuster and watch all the unlogged internet there is without ads, too. OpenSSH also gives me access to nntp, smtp, and pop over a secured connection between my office and home.

So before you go off yelling about office proxies and you have dsl or cable connections at home, set something like this up and go the distance.

Not true for everyone

[JoshuaDFranklin]

I'm the guy with the passwords to the routers
connected to the T1 lines.

There are already a few hundred routes in the
tables... who's going to notice everything from
my workstation misses the filtering appliance?
Oh that's right, it's my job to make sure no one
*else* does this, too. ;)

what's wrong with these guys...

[bje2]

what's wrong with these guys...my computer at home is way too slow to download all that porn...

seriously though, i'd go crazy if i had to work 8 hours straight without any distractions...so, what if i shoot over to Hotmail to check my personal e-mail, or over to ESPN to check out the latest sports news, or even here to post my thoughts on the latest tech news topics...and that doesn't even count the numerous times i use the internet to look up java related things on Sun's website or trouble shoot my Websphere problems over at IBM...

what's the point of having all that information available at our finger tips if we can't use it...

Re:what's wrong with these guys...

[Skyshadow]

This sort of thing is a sure-fire symptom of inept management.

Ideally, employees should be gauged on performance items: do they do the work they're given, does their work reflect a high level of quality, does the employee both fill their job description and give that extra 10% (participating in meetings, giving a shit about the product, etc) you expect from employees, etc.

Things like monitoring web access are on the other end of that. This is more on the level of companies that rate their employees by how many hours a week they spend at their desk or who eats lunch in the office. These things are quantifiable, but in the end are a lot less meaningful (for example, at my last job there were people who'd spend 14 hours a day at work, but who couldn't make a deadline to save their souls).

But hey, it's tough find good managers. And even when you find them, they tend to be expensive. It's much cheaper to hire people with degrees in business from state colleges and experience bossing their dog around. I'm looking at you, Nadir.

FUD FUD FUD!!!!!!!!

[GMontag]

Here is the CLOSEST quote to identifying a firm that is contemplating cutoff of access:

"As a result, companies are considering dramatically curtailing, or even abolishing completely the freedoms, on which employees have grown increasingly reliant over the past few years. "

Companies? What "companies"? The only firms named in the article are firewall and security companies that are spewing the fear used in this marketing spewing article.

No real management is going to take this seriously.

Re:Wasn't yours to begin with....

[gilroy]

Blockquoth the poster:

They don't pay people to do that stuff.

Sounds fair. Now, of course, I'll just stop doing any sort of work outside the contracted time. Inspirational idea in the shower? Too bad. Clever way to save the company money thought up during the commute? Guess someone else will have to think it up during approved times.

This is part of the insane attitude that one's workers are one's worst enemies. Letting people do these little things is far from bad for business. It is most likely actually good as it creates an environment where people feel invested and where they have the wild concept that maybe their employer sees them as more than "production units".

But of course that assumes there's actually value in labor, and that's anathema to the modern capitalist.

It may not be a right, but a good idea

[Xenopax]

I've read quite a few comments on here saying "the internet is not a right, you should be working". Well, that isn't the issue really. It's not like we are talking about a law, but a company choice. Now granted, it is within a companies right to restrict internet access, but a company has to factor in all the results of the restriction, not just the lost time and virus threats.

The fact of the matter is right now Americans are required to work way too much as is. Many jobs onyl allow you two weeks of vaction for several years after you start, and even then you might not get that "benefit" for a year after your start date. People getting burnt out at work happens all the time, and that hurts business in terms of productivity. Sure they enact short term solutions like fire the employees and hire new ones, but the new ones get burnt out faster trying to catch up. Allowing someone some time to spend checking up on their personal email and sending an ICQ to their wife is not to much to give up when it means your employees will be happier, and therefor more productive.

But I imagine the suits along with all the "you are paid to work" zealots on this site will only see the one dimension picture of lost email due to "personal" activities. At what point did we become slaves anyway?

The way it should be.

[thesolo]

Honestly, people outside of IT simply shouldn't have unrestricted web access. It just makes sense.

Where I work (5000+ people company), this is what we do:

• Developers get unrestricted access. Let's face it, we need it. Everyone in our group is smarter than to launch a .vbs on the Windows machines (and if they aren't, they would never live it down!).
• Everyone else has access, but it is supposed to be restricted to lunch/break time only. Reports are run to show time spent online, and how. The secretary in HR does not need to spend 4 hours on MSN's Game Zone, sorry.
• Obviously, certain sites are blocked based on content for everyone, and rightfully so. No one should be checking out Hustler at work (unless that is your job!! ;).
• Mail is filtered; known problematic attachments such as .scr & .vbs are stripped automatically.
• Ports for P2P apps, AIM, ICQ, etc., are blocked for everyone but IT.

Honestly, I think that is about the best you can do. IT needs the internet extensively; other departments not so much. Hell, my boss has said to me on more than one occasion that if /. keeps me up-to-speed on things going on in the tech world, then he WANTS me browsing it on work time. And everyone in my group does it, with no problems.

I must say that I don't think its a good idea to totally remove internet access though for entire departments. I mean, if you work 8-5, that's the largest portion of your day spent at the office. You do have a life outside of work, and sometimes you have to do something online during those hours. Same goes for the phone, you are going to need it for a personal call every now & again. Of course, if you abuse the privileges, then you should have them revoked, plain & simple. But basic access should be allowed, after proper training, etc. However, giving everyone in the company unrestricted access is just flat-out stupid.

Duh, quit using Outlook

[SideshowBob]

The biggest developments are around email prevention, experts say. Elaborate content filtering software, which can run upwards of $30,000 to install, can block all but the tamest incoming emails, and most attachments, said Trend Micro's Genes.

Corporations, particularly those that were stung hard by the wave of virus and worm attacks during the past two years, are considering it a top priority.


Here's a free clue: QUIT USING MICROSOFT SOFTWARE.

Sheesh, how stupid can you be? And what a stupid solution to the problem, cutting your nose off to spite your face.

Seriously, damned near all the email viruses are targeted directly at Outlook. So the solution is to ban email? Why not just, ya know, not use Outlook?

Myopic. Utterly myopic.

You'll always have access

[wirefarm]

If you are root...
Here at my company, as a sysadmin, I've been suggesting a policy of completely unfiltered web access *and* completely unfiltered proxy log access.
From the CEO all the way down to the temps.
(Except for *me* of course...)

We already filter out dangerous attachments from email and have good virus software. We really don't have a problem in that respect.

The thing is, once you take something like this away from your staff, you are saying "We don't trust you. We think you're slacking."

In my office, people work damn hard and are pretty happy in their work. We have a good atmosphere and no real division between workers and management. Once a company starts doing this kind of thing, the mood changes and people get resentful.

How many people in how many companies have said "This place really started to go downhill when they took away the free soft drinks..."?

Just my 2 yen,
Jim in Tokyo

Re:Yup.

[jgerman]

Number one, your fault for using an easily exploitable system.

But that point aside, that's fine I'm getting paid to work, 40 hours a week. The main reason I can work 60-70 hours is because I can deal with my real life issues while at work quickly and easily through net use. Not to mention that my work is greatly facilitated by the fact that if I need software or information I can quickly and easily obtain it from my desktop.

I see your point, but (tech) companies thrive on a particular type of employee, who if he can't read /. at lunch or pull down a piece of software that he needs is going to experience a decrease in productivity from loss of morale if nothing else.

Analogy

[blair1q]

We should shut down employee cafeterias because food can bring harmful bacteria into the company and we might get sued.

--Blair