Slashdot Mirror
Desktop Linux Sliding in Under the Radar?
Paul Johnson asks: "This article at ComputerWorld describes a sysadmin's discovery that many people in his company are installing Linux on their desktops without consulting IT. The writer is concerned with the security implications, but there is a wider issue. At present the 'official' penetration of Linux into the desktop market is something around 1%. The writer of this article doesn't give figures, but it sounds like he may have stumbled on several times that percentage of desktop Linux installations. If so then this is an important trend. Linux got its foot in the datacentre door in exactly the same way a few years ago, with unofficial installations doing odd server jobs.
If you are a sysadmin, in an organization that runs Windows on the desktop, have you stumbled on many unofficial Linux installations?"
I work at the comptuer science department of a major universtiy, we've got runaway LINUX everywhere. We've gone so far as to restrict our switches by MAC address and no longer allow anyone in our network unless they tell us what OS they are running and have installed all the security updates.
In a previous job I've found Linux and BeOS
desktop installations. While I was pro alternatives to Microsoft, there was the concern about security - e.g. open e-mail relays, unpatched servers. The company ended up with a policy of permitting Linux on the desktop, but not supporting it. If you had an application issue - you were on your own. The only users that ran it had a clue and we didn't run into issues. Being a research environment, Linux ended up replacing SGI systems as the scientific workstation standard.
Aside from my laptop and my desktop, we have no Linux desktops. I do network scans and such monthly, and aside from a few Linux-powered embeded devices, I've seen nothing interesting. Mind you, I work at a hospital. There are not very many technically inclined folks here.
Never eat more than you can lift -- Miss Piggy
I wouldn't dare reformat a work machine with another OS. The feasibility isn't the problem - it's the wrath of an angry sysadmin that is. I would like to keep my job in this economy.
I DO, however, frequently boot my machine with knoppix. Most corporate IT environments prevent users from installing their own software - but Knoppix has pretty much every app I need. I sacrifice local file storage and some embedded data like PIM stuff, but its just more comfortable and doesn't raise the ire of the lesser IT geeks.
In the last infrastructure upgrade we did, all 60 machines were identical:
FreeBSD 4.7, autostart XFree86,
full-screen RDesktop to central Win2k Terminal Servers.
User's still think they have a windows
box(windows splash screen on boot).
Does this count?
they almost certainly would have no antivirus software
:)
Oh, for the miniscule number of Linux viruses?
no agents for our desktop license management
Since *most* software that requires license management is either Windows-only or hard for Joe User to come by, I don't see this as a huge problem either.
and almost certainly wouldn't be keeping up with security updates.
Ah, now this is a real concern. I would hope that your company has firewalls, but I can certainly understand not wanting them to be your *only* line of defense.
the users don't own their machines - the company does. if they want to piss around with _any_ os, let them do it on their own time, on their own network, and on their own equipment.
I can certainly understand this. When you're responsible for eleventy jillion desktops, you can't have people going rogue on you. At least not without knowing that if you have to come fix their PC, it's getting reimaged.
Now, I personally happen to run a stealth RH install, dual-booting to Win2K for when I just have to do something in Windows. My workstation, however, is well-secured, and has updates applied regularly. I have *never* had to bug the IT department, and my workstation is exceedingly well-behaved on the network. If the IT department decide to be real hard-asses about it and reimage me, I'll understand. Doesn't mean I won't be cranky, though.
49 20 68 61 76 65 20 74 6F 6F 20 6D 75 63 68 20 66 72 65 65 20 74 69 6D 65 2E
I can see where there might be some security concerns, but I think the real concern for IS (IT, whatever) is being in control.
I work for a company that was heavily Unix (and X-terms) until the LAN somehow became all MS PCs. Now people and projects are insisting on replacing not only MS but Sun and SGI stuff with Linux. We are meeting heavy resistance from IS.
They are claiming that it costs more to administer a Linux box, even though we've been in meetings and showed that it wasn't true, based on recent experience. They refuse to give even knowledgeable users superuser privileges on their own machines, although Windows users can install anything or delete everything on their boxes at will.
To me it appears that some of the people in IS are afraid of being made less powerful, less needed, and less relied upon.
I work at one mega-monolithich US international -- though we're mostly nerds here (R&D).
.....
I'm not a sysadmin, but I'm one of the people that has installed Linux (I didn't blow away the corporate windows install, for accounting sakes) on his own at work.
How did I get the corporate mail client (MS only) and other ends to work? I downloaded custom-wrapped wine rpms created (on their spare time) by other coworkers on the other side of the country at another research facility. This was hosted on a un-official internal "Go Linux!" website, for all of the company's employees to see (we're allowed to have personal and "club" websites) and download (they have all of MS Office 2K running smoothly, along with Notes, the corporate e-mail client).
I got a couple of coworkers excited about Linux -- mind you, we're not just another corporate center, this is a hardware R&D filled with geeks (the sort of people that aren't sysadmins, but might play them on slashdot!) so I imagine we're at one end of the scale in the corporate world. But, thanks to Knoppix (try out a recent Linux distribution with zero liability on the company's computer to see if all your stuff is recognized! What a sale!) I've managed to get even some of the "old crusties" excited about Linux.
Anyways, my sneaking suspicion (and my hope! so this probably biases my "suspicion") is that there is a large number of uncounted Linux installs, and growing.
I was concerned about security, but who are we kidding? I know to not rest on laurels and all that (keep this RH73 as up to date as possible), but the alternative for my machine is Win2K, and we've been through the wringer with updates, worms, reboots and virus infected computers on *that* platform
assuming for a second that the person involved is actually able to install Linux(not stuffing a CD-Rom and/or floppy drive into a machine does wonders) and has sufficient rights under Win2k/XP the answer would be to reduce the main partition a bit in size using for example partition magic, and then happily installing mandrake on the side. Red hat might be an option too, but that'd require installing NTFS "support" separately, which, otoh, isn't all that hard to do either...
From a personal perspective, my previous employer didn't give a rat's ass what OS I ran, as long as it ran the software we used. The reply I got when I asked if I could was something like "oh sure, but you do it on your own time, and if it breaks, don't come whining to us..."
People replying to my sig annoy me. That's why I change it all the time.
Very few large corporations have the time or the tools to patch hundreds of MS desktops. As a result in every corporation there are hundreds if not thousands of vulnarable windows desktops and cluless IE users merrily surfing the web and getting hacked by script kiddies.
War is necrophilia.
Well, my employer allows virtually any os that a given user might need to run (we're a research facility). The IT people do regular vulnerability scans of the network and the linux users that I know (myself included) have never failed to pass the scan. The same can't be said for most of the MS users, or event the Solaris users for that matter. I don't hear much from the MAC users.
I guess my point is that it is not so much what os a person runs as it is the IT policies and how well they're enforced. Keep up with security patches, don't install untrusted software, good password policy, etc. These things aren't unique to any particular desktop OS and any user could potentially violate them. However, any user that depends on their system for everyday tasks isn't going to intentionally munge it up since they lose the use of it while you may be inconvenienced with rebuilding it. There is always the danger of the 'malicious insider' and we risk it every summer with an influx of student help that always includes some idiot that will try 'bad things'. Deal with them swiftly and harshly and make sure everyone knows about it and you can keep it to a minimum, but you can never eliminate the risks completely.