Slashdot Mirror
Desktop Linux Sliding in Under the Radar?
Paul Johnson asks: "This article at ComputerWorld describes a sysadmin's discovery that many people in his company are installing Linux on their desktops without consulting IT. The writer is concerned with the security implications, but there is a wider issue. At present the 'official' penetration of Linux into the desktop market is something around 1%. The writer of this article doesn't give figures, but it sounds like he may have stumbled on several times that percentage of desktop Linux installations. If so then this is an important trend. Linux got its foot in the datacentre door in exactly the same way a few years ago, with unofficial installations doing odd server jobs.
If you are a sysadmin, in an organization that runs Windows on the desktop, have you stumbled on many unofficial Linux installations?"
I tripped over my mail server last week. Does that count?
Is the sysadmin sure he wasn't dreaming?
Wow, a lucrative publishing contract! I don't have to be evil anymore. --Meteor
"This article at ComputerWorld describes a sysadmin's discovery that many people in his company are installing Linux on their desktops without consulting IT. The writer is concerned with the security implications,..."
This could make the case for desktop Linux look worse, if people are not securing their dektops and/or keeping up with security updates.
but rather a network guy but I have 3 Linux boxen that MIS does not know about and the dept laptop is booted with a Knoppix CD about %90 of the time.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
I work at the comptuer science department of a major universtiy, we've got runaway LINUX everywhere. We've gone so far as to restrict our switches by MAC address and no longer allow anyone in our network unless they tell us what OS they are running and have installed all the security updates.
In a previous job I've found Linux and BeOS
desktop installations. While I was pro alternatives to Microsoft, there was the concern about security - e.g. open e-mail relays, unpatched servers. The company ended up with a policy of permitting Linux on the desktop, but not supporting it. If you had an application issue - you were on your own. The only users that ran it had a clue and we didn't run into issues. Being a research environment, Linux ended up replacing SGI systems as the scientific workstation standard.
Aside from my laptop and my desktop, we have no Linux desktops. I do network scans and such monthly, and aside from a few Linux-powered embeded devices, I've seen nothing interesting. Mind you, I work at a hospital. There are not very many technically inclined folks here.
Never eat more than you can lift -- Miss Piggy
I wouldn't dare reformat a work machine with another OS. The feasibility isn't the problem - it's the wrath of an angry sysadmin that is. I would like to keep my job in this economy.
I DO, however, frequently boot my machine with knoppix. Most corporate IT environments prevent users from installing their own software - but Knoppix has pretty much every app I need. I sacrifice local file storage and some embedded data like PIM stuff, but its just more comfortable and doesn't raise the ire of the lesser IT geeks.
In the last infrastructure upgrade we did, all 60 machines were identical:
FreeBSD 4.7, autostart XFree86,
full-screen RDesktop to central Win2k Terminal Servers.
User's still think they have a windows
box(windows splash screen on boot).
Does this count?
i dont have you worry bout this. the people at my organisation aren't clever enough to send an email, let alone install Linux
I have a hard time getting my company to purchase anything beyond the minimum tools I need (NuMega and similar were out of my pocket, since I didn't mind owning them myself). VMWare's been on the wish list - but only as a wish.
I write code.
..now how much would you pay for VMWare?
But wait! There's more! The first Karma-whore to post about VMWare on Slashdot will receive some moderation points... absolutely FREE!
Order your copy now, while there's still time!
---
Sheesh.
I *wish* I had to time to make obnoxious posts to slashdot all day.
Er.. wait a minute...
In truth beyond the server farms ive worked with at said companies the only person possessing any *nix varient has been myself (including mac os X...) While i can see this as being an occasional happening in dorkier companies... even then i find it not very likely.
mainly because buisness use predominataly revolves around outlook exchange's shared meetings and various other stupid stuff.... in addition to the baseline ease of use (overall managerialy) network administration of an all windows environment.
I would NEVER support a linux desktop distro amongst my users.... MAC OS X ... yes.... but not Linux for any reason on gods green earth... can you say nightmare? I love Linux.... but it just is NOWHERE near as streamlined as windows or macintosh... especialy from a support stance.
My personal feelings are *nix for network devices.... Windows server/client for data sharing email and so on.... and Mac os X for end users who are more inclined towards media production (basicly people who arent finance/sales).
This setup puts the *nix boxes in my realm... and id be greatfull that no unwitting user *accidently* installs another DHCP, DNS, SMTP, etc... server on my network. Id also be thankfull not to be asked how to make packages work correctly between KDE, gnome, X, or whatever else joe moron decides to use.... or how to fix their freakin window manager because KDE offers 5 different programs just to change the layout/widgets.... no thank you.
Of course this poster assumes that the people who do so, do so knowing people like myself wont support them... and more than likely will be highly un-happy with their network being potentialy compromised...
not trying to spread FUD.... but ill wait for a tighter distro before i promote *nix on the desktop.... only one so far (with flying colors) is OSX.
--Idiots, Every single one of YOU, A flaming mass of conglomerated morons, hey wait a second, isnt that how RAID works?
not only that, but my unoffical linux install is a good way for me to know that the corp doesn't have any spyware on my boxen. That and I stopped hitting my monitor so much after I installed linux.
Yes, and that is exactly why they are asking for other sysadmin's experiences. Got it?
Signature deleted by lameness filter.
"anti-virus software", "desktop license management agents"
Apparently you've confused Linux for a version of Windows.
This kind of sysadmin crap is why I prefer working for a small company.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
I can see how security might be lax. When I was new to Linux I enabled everything whether I needed it or not. I figured I'd get around to playing with bind, sendmail and ftpd sooner or later. Everyone I know who's tried Linux has only dipped his toe in, so to speak.
Now I know more and have played enough that I disable everything except what I need, make sure it's secure and then put up a firewall just to be sure. But heck, just the other day I realized I hadn't apt-get update'd and apt-get upgrade'd in a couple of months. Oops. I also had weak passwords until about a month ago.
I'm in a non-tech company, and the Linux penetration is well below 1%. Only one desktop--a dual-boot laptop--as far as I know (except when I boot up KNOPPIX), but I have three rouge servers of my own. (Squid, Nessus, nmap and Snort are my friends.)
I also have two Cygwin installs, but they're my workstations, not user PCs. Anyone seeing those on desktops yet?
In this article the guy chose RedHat. If you don't care for commercial support, why would you choose RedHat over Debian or Slackware? Especially if security is a concern.
they almost certainly would have no antivirus software
:)
Oh, for the miniscule number of Linux viruses?
no agents for our desktop license management
Since *most* software that requires license management is either Windows-only or hard for Joe User to come by, I don't see this as a huge problem either.
and almost certainly wouldn't be keeping up with security updates.
Ah, now this is a real concern. I would hope that your company has firewalls, but I can certainly understand not wanting them to be your *only* line of defense.
the users don't own their machines - the company does. if they want to piss around with _any_ os, let them do it on their own time, on their own network, and on their own equipment.
I can certainly understand this. When you're responsible for eleventy jillion desktops, you can't have people going rogue on you. At least not without knowing that if you have to come fix their PC, it's getting reimaged.
Now, I personally happen to run a stealth RH install, dual-booting to Win2K for when I just have to do something in Windows. My workstation, however, is well-secured, and has updates applied regularly. I have *never* had to bug the IT department, and my workstation is exceedingly well-behaved on the network. If the IT department decide to be real hard-asses about it and reimage me, I'll understand. Doesn't mean I won't be cranky, though.
49 20 68 61 76 65 20 74 6F 6F 20 6D 75 63 68 20 66 72 65 65 20 74 69 6D 65 2E
and all our systems have rouge linux installs. Its true! ;)
New year Resolution: Don't change sig this year
Well, it's redundant because it's not a troll, it's not flamebait, and it's not offtopic. I suppose it could be overrated instead, but the point of the article was to hear experiences from people who have found desktop installations at work, not hear 600,000 "No" answers from people who haven't. If there was a "-1 Pointless Comment" mod, you'd have gotten that, but there isn't.
--That's the point of being root, you can do anything you want, even if it's stupid.
I used to be a manager at Dell, and I can tell you that if you had presumed to format one of my or my developers machines without first getting authorization from me, you'd be fired and "walked out of the building" the following day.
Maybe the authorization got misrouted.
Maybe you are wrong about either the authorization or the requirement for it.
Maybe it was an experiment on a dept. system.
Maybe it wasn't hooked to the network.
Maybe we were testing the system's Linux compatibility at the end of the day and left it 'till the morning to finish.
In my tenure at Dell, all these things were true at some point or another, and no one formatted our systems. We were too busy to get in the pissing matches that would have started.
Certainly you should quit abusing your very limited power and try to help rather than simply jumping to conclusions.
This is why IT is not consulted. Extreme prejudice indeed!
If end users are not supposed to do something it's your job to configure the gear so they can't. Rules forbidding something are a failure in IT.
If the user has no agent for the desktop license management how is that a problem exactly? Either they are not using any licensed software our your management software is not to hot on the managing front.
If you're running round playing tattle tale who do you think the finger is really pointing at? Go back to your sever room and lock the door.
Bill is that you? I didn't know you had a puppet on slashdot!
Where I work (part of Harvard University), Linux is definitely growing, but is a distant third behind Windows and MacOS. The IT department here is pretty strict about what they say you can and cannot do (kind of odd in an academic environment, if you ask me); as an example, one is not supposed to deploy ethernet hubs without seeking permission first. This just to give you an idea about them.
I've been here 3 years. Last year and the year previous to that, all of the IT web pages said that the only officially supported OSes were Windows and MacOS, with a stern implication that that was it (and don't you think about using anything else, grrr!). This year, they've acknowledged that Linux exists, and are giving some support for it. The IT folks are at least aware of Linux now, a change for the better.
Why is this happening? Because there are a few researchers (including me) who have installed Linux on their desktop/analysis machines, and are doing their own system administration. But, these users still need to fit into the global IT picture, for example, communicating with the email servers. As we have migrated from one email system to another recently, the IT folk have visited every single user (no, not kidding) to move their email system over. The fact that I was running Linux was not only no big deal, but they even correctly guessed which mail client I was using, given that I was running Linux. We are, slowly, winning.
Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
}
}
}
} In the matter of SCO
} vs.
} Electric Cloud
}
}
}
Said defendent is alleged to have been running an unlicensed version of Lie-nucks, violating vaguely alluded to (but impossible to produce) 'intellectual property' alleged to belong to litigant, by virtue of having been written independently to superficially resemble an unpopular operating system the litigant overpayed to acquaire the rights of (c.f. UNIX), said litigant thusly excersizing their Constitutional Rights (tm) to sue uppity upstarts who dare make use of a legally engineered and freely provided system that competes with their abysmally unsuccessful, outdated, and buggy commercial offering.
Said litigant cites as prima facia evidence of infringement "a post to slashdot that indicated a successful deployment of the demonic system."
Defendents declined to comment, but did point out to the court that the daemon was a mascott for another, competing free operating system, and that perhaps counsel for the plaintiff would be so kind as to wipe the froth from his mouth and clarify.
The Future of Human Evolution: Autonomy
It may come as a shock to you - but the IT guys don't actually own the PCs either.
It may be suprising to you that his job depends on ensuring corporate standards are in place and enforced on IT infrestructure.
I understand a user wanting to run thier own show on the workstation assigned to them, but if a major problem with Linux surfaces and the sysadmin didn't do anything about a non-standard installation that they knew about, that's akin to dereliction of duty, and they should be fired. A corporate environment requires stringent management, or it spirals into a huge, black, money sucking pit.
IOW, it's up to the SA to ensure that everyone plays nice on the network. If you want to use Desktop Linux at work, ask . Maybe the sysadmin be a lot more friendly towards the idea - I know I would.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
localhost / # format c:
-bash: format: command not found
localhost / # fdisk c:
Unable to open c:
localhost / # deltree *.*
-bash: deltree: command not found
localhost / # del *.*
-bash: del: command not found
localhost / # sys c:
-bash: sys: command not found
localhost / # help
GNU bash, version 2.05b.0(1)-release (i686-pc-linux-gnu)
<snip>
</snip>
{ COMMANDS ; }
localhost / # fsda;lkjafdjl;kwfoied
-bash: fsda: command not found
-bash: lkjasdjl: command not found
-bash: kwfoied: command not found
localhost / # <insert_vcr_led>
Sobbing....I HATE LINUX....
Somewhere a penguin smiles.
(B) + (D) + (B) + (D) = (K) + (&)
would kind of count as a security risk in itself, wouldn't it?
> --- All Of The Above --- >
"If I had real work to do, then I would use XP"
But you don't because you're an unemployed has been MSCE. haha
-- search the web
As a developer, this is why I hate IT departments. They are very often stupid, irrational people who follow "policy" insteading of *thinking*. Fact is, the only time I need their "help" is when they have something locked up and I don't have the password or the access rights, or know the IP address of the proxy server, etc. I just had a run in with some dolt who first accused me of using a personal laptop on the company network (its a company laptop) and who then tells me that I can't have the laptop on the network at all because it is not allowed. Why? Its a Macintosh PowerBook running OS 10.2. My job here: write software for the Macintosh. Yet, I'm not supposed to have a Mac on the network. (It has to be on the network to get to the source repository at the bare minimum.) (My solution was to lie to her and tell her it wasn't attached to the network and I was "doing tests" with the Mac. She left me alone.) Why was this dolt at my desk? Some glitch in their system caused my Windows machine to be removed from the domain and I didn't have the admin password to re-add it. I've dealt with lots of IT people - some are better than others. Generally in small companies you get people who are okay. They will at least think and respond realistically to a situation. In larger companies, I've mostly dealt with power tripping dolts. I would really prefer these folks keep their shit working and leave the responsibility of keeping my machine running correctly to me.
Avoid Missing Ball for High Score
>> Last time I checked, there weren't any imminent linux virus threats.
.... and linux and BSD run about 50% of the mid-range servers....)
> That attitude works up until the world gets surprised by the first real nasty one.
should i even bother explaining why it is damn near the most unlikely thing to happen in IT ? or should i just point out that _if_ a virus ever hits a unix there would be open source anti-virus software within a few days ? (few months max) or point out that the unix type of OS is about 30 years old. and to date there havent been any virus's in the "wild". (and dont give me that "not attractive target" for virus writers crap either, unix still runs mainframes, bank computers, ATM's etc
se the wonderful thing about linux is you dont have to run a damn thing as root, and the few things you do have to run as root can be chroot'd so the virus/worm can't do diddley. some linux distros come like this by default.
>> Desktop license management? I thought linux was free.
> Perhaps, if your time is worthless. But anyhow, he was refering to license management for any potential commercial software they may have
> illicitly installed.
oh please. take your gartner studies (microsoft funded BTW) and shove em'. the amount of time it takes to install and optimally config a std. linux system is in the hours worth of time. admining that same install MIGHT take 30minutes per month. windows ? yeah friggin right, pick one of their OS's if you spend less than two hours per month admining that box its vulnerable. this argument is moot. since anyone who is going to install linux by choice obviously wasnt bugging the IT guys and hence didnt need to be trained, so there is no time lost their.
Linux is FREE to any person who knows what they are doing, simply because spending the few hours it takes to install free's them of the years of misery that lies behind them, and the years that would have laid ahead of them if they had still been running windows.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
You need to find a good surgeon to remove the stick from your ass...
Basically, what you're saying is that you aren't confident enough with your security measures that anyone inside your network can wreak havok? In a big company, that's pretty fuckin' pathetic; a rogue user had better not be that big of a security concern!
the users don't own their machines - the company does. if they want to piss around with _any_ os, let them do it on their own time, on their own network, and on their own equipment.
IMO, this is exactly what is wrong with corporate America. You're not a person, you're a drone, don't try to learn anything.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
how can it be spy-ware when IT IS THEIR BOXEN ? The one thing in our enterprise that MUST be present to access ANY shared resource is the Tivoli agent with the config checksum matching, much with it and you don't get anything from the network. Don't get me wrong I hate the crap too but it IS a place of employment....
errr....umm...*whooosh* *whoosh* Is this thing on ?
After we began shipping a linux version of our main server product, I began to notice more and more linux desktop ( and cygwin ) installation on our staff systems. Now, even my project manager and the company owner have seperate or dual boot linux desktops that see significant use. All it took to get all this going was a few internal howto documents that walked them through a simple secure installation.
This obviously couldn't happen in a more regulated atmosphere, but at small companies like mine you can often get away with anything you want so long as you continue to be productive and do not cut into the IT budget.
BLH
The point is, a sysadmin can patch and update winders machines remotely and en masse. If he doesn't know about the linux machine, then he obviously has a hole in his security plan.
"Faith: Belief without evidence in what is told by one who speaks without knowledge, of things without parallel." - A.B.
I work at one mega-monolithich US international -- though we're mostly nerds here (R&D).
.....
I'm not a sysadmin, but I'm one of the people that has installed Linux (I didn't blow away the corporate windows install, for accounting sakes) on his own at work.
How did I get the corporate mail client (MS only) and other ends to work? I downloaded custom-wrapped wine rpms created (on their spare time) by other coworkers on the other side of the country at another research facility. This was hosted on a un-official internal "Go Linux!" website, for all of the company's employees to see (we're allowed to have personal and "club" websites) and download (they have all of MS Office 2K running smoothly, along with Notes, the corporate e-mail client).
I got a couple of coworkers excited about Linux -- mind you, we're not just another corporate center, this is a hardware R&D filled with geeks (the sort of people that aren't sysadmins, but might play them on slashdot!) so I imagine we're at one end of the scale in the corporate world. But, thanks to Knoppix (try out a recent Linux distribution with zero liability on the company's computer to see if all your stuff is recognized! What a sale!) I've managed to get even some of the "old crusties" excited about Linux.
Anyways, my sneaking suspicion (and my hope! so this probably biases my "suspicion") is that there is a large number of uncounted Linux installs, and growing.
I was concerned about security, but who are we kidding? I know to not rest on laurels and all that (keep this RH73 as up to date as possible), but the alternative for my machine is Win2K, and we've been through the wringer with updates, worms, reboots and virus infected computers on *that* platform
Company shall remain nameless for my protection -
.
The home office has a special network security "swat team". Last year, they did a security audit of our site, which consisted of trying to hack into our network, from the inside.
They found several rogue Linux boxes, and were able to hack into them through ftpd. Holy hell was raised. All Linux was purged from our network. Oddly enough, here it is, 8 months later, and nearly every developer has a second box on his or her desk, with, you guessed it, Linux. However, it's a distribution and configuration, approved and controlled by IT.
It's all about control with these guys. .
You'd think that black leather keyboards with spikes and clamps would be popular with these freaks.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
"And you didn't even spell MCSE right"
I can't spell dinasaur either.
If you were actually any good at your jobs you should be asking why these people (who may or may not be risking their jobs) feel the need to install linux? What is it that the current policy doesn't provide? Why has sysadmin become so unapproachable that they did it without asking (this should be an easy one)?
Actually do something useful rather than wandering around the network marking your territory.
Nerd: Derogatory term typically directed at anybody with a lower Slashdot ID than you.
If you did format my system with extreme prejudice, you had better be sure you have the authority to do so. The computer doesn't belong to you. It belongs to the company. So check with your boss, his boss, and his boss's boss first. Then double check with my boss, his boss, and his boss's boss.
Someone did this in my company to a laptop four years ago. Just last week I noticed he was still sitting funny after the impromptu buttectomy the VP gave him.
A Government Is a Body of People, Usually Notably Ungoverned
Ummm...actually, in 1988 (fifteen years ago) Robert Morris wrote a worm that attacked UNIX machines via a number of different routes (holes in sendmail, finger, and a few other approaches that I don't recall at the moment). In the space of something like 24 hours, Morris' worm brought thousands of computers to a grinding halt (a fair percentage of the machines that were networked in the US at that time), and those computers were running UNIX.
This is actually the worrisome issue: a *NIX is not inherently more secure than anything else. I think that there are UNIX-based machines out there that are far more secure than anything else you can find, but that's becuase those particular machines are administered by paranoid freaks...paranoid freaks that are extremely good at what they do... :)
I'm guessing that this isn't the case, but if your position is that "'I don't have to run a damn thing as root' and therefore my linux box is by definition going to be secure forever," then going to get screwed -- and screwed hard -- one of these days.
* * *
It is a dada story -- it has no moral.
Because they're doing it behind his back maybe? Methinks you should look up the word spy in the dictionary.
If I ever found out my employers were spying on me, they would probably have my resignation by the end of the day.
The weaknesses from the rogue installs ...come from the installation of third-party applications and utilities, which can leave a desktop or server vulnerable to attack if set up incorrectly.
Huh? What total Microsoft brain washing! What is a "third party application" in the free software world? This dude has his head shoved so deep into the M$ world that he confuses all the crap and spyware that accumulates on windoze boxes and runs as root with free software. I don't know how he's transfered his complete lack of control over Windoze onto software that works. I don't get it.
He goes on, after mentioning that he might be man enough to run Red Hat. He thinks it could do his company good to replace the hideous pile of Word Docs that is their QA tool because it sucks to have to do a "word search" to find information in the 300 reporst/year they generate. So true, just putting those things on a Samba server so you can use grep and find would be really helpful. Imagine how nice his life would be with a nice little mySQL/PHP webform for entry and search instead of a Word template. Progress, forge on brave man!
But, oh no, he shrinks from the fear of vulnerability:
For example, there always seem to be vulnerabilities associated with programs such as file transfer protocol, sendmail and Apache. And other open-source software is vulnerable, especially when the developer hasn't written the program with security in mind.
Poop. Plain and simple poop. Sendmail handles most email. Apache handles most web sites. Who needs ftp when you've got ssh? Well, anonymous ftp is a nice way to share big piles of files and programs like proftp are plenty secure. This is total shit to scare people who don't know what file tranfer protocal is, but like the ease of windoze file sharing. It's ignorant if not intentionally misleading. This line says volumes:
We can't eliminate Linux
No, but some fools wish they could. Other people everywhere are learning all the good things free software can do for them.
Anyone who's worried about security should use Debian's stable distribution. Not only is it all field tested, upgrades can be applied everyday from http://security.debian.org via shell script. Unlike the windows world, these updates install easily and don't break other "third-party" applications.
You say:
This could make the case for desktop Linux look worse, if people are not securing their dektops and/or keeping up with security updates.
That seems to be the intent of the article. Fortunately, only the very ignorant will pay attention to such nonsense and it can easily be deflated. Microsoft is going to have to try much harder than this to keep people away from superior software. Then again, I'm not sure how they can do that. The thing that makes the best case against the Windows desktop is it's record. That now including the author's laborious treck around his company caused by yet another Windows failure. There is not software anywhere with such bad performance.
Friends don't help friends install M$ junk.
I think we are forgetting something fundamental here... the whole idea of policies and security with respect to installing rogue applications stems from the fact that Windows and Windows networks are so damn easy to completely break.
If I install a program as a user on my Linux box, or even in my user space on the departmental server... it has no effect WHATSOEVER on the rest of the server or the other users. Thats what a multi-user OS "is". You can't even TOUCH that with ANY Windows implementation.
This discussion is not about "Oh, I can break into any box and install Linux". Sure you can. There is no way to stop. Lock it up? pick the lock. Remove the floppy and cdrom? install one or do a network install via crossover cable and another box. Blah blah blah.
The idea is that Linux IS in far more places than people know. And it will only grow in the future. Will it supplant MS as the "King of the desktop"? Who the hell cares... but people have a choice now.. and they ARE choosing it.
-K.
assuming for a second that the person involved is actually able to install Linux(not stuffing a CD-Rom and/or floppy drive into a machine does wonders) and has sufficient rights under Win2k/XP the answer would be to reduce the main partition a bit in size using for example partition magic, and then happily installing mandrake on the side. Red hat might be an option too, but that'd require installing NTFS "support" separately, which, otoh, isn't all that hard to do either...
From a personal perspective, my previous employer didn't give a rat's ass what OS I ran, as long as it ran the software we used. The reply I got when I asked if I could was something like "oh sure, but you do it on your own time, and if it breaks, don't come whining to us..."
People replying to my sig annoy me. That's why I change it all the time.
So there I am in my cubicle playing my usual rounds of mental foursquare with three other cube-mates. One of them still refers to her desktop wallpaper as a "screensaver." One of the men passes corrupted floppy disks around with the glee of an idiot passing out used condoms; and the other still thinks no one can see him playing Solitaire. As for me, I routinely spill coffee and break the no smoking policy while clogging the email system with idiotic Flash movies...
So who and where the hell are these marauding rogue agents running around installing Linux on office desktops. It can't be IS, they're too busy, and it can't be cube workers, they're afraid of their CDROMs!
1) You have to be kidding. You can use attack software on *any* OS. Linux is no weaker (and actually a bit stronger in that it has some semblance of local security) than Windows here.
2) If you sieze machine and reimage them to fit with some policy you're following, your ass would be heading out of town from mass user complaints at any company I've been at. You are IT. You are present to help workers get their damn work done, not to push some random personal agenda. If you wipe an entire system and kill that employee's work, you are a serious impediment to getting work done. I simply am amazed at the total lack of regard for the employee, and lack of perspective you've displayed. You could disconnect the thing from the network. You could ask the user to move his files to another machine so that you can reformat it, though I think you're already pushing the limits. But when you simply grab a machine and reformat it, you're in a position where you are a liability to your company. When the developer tells his boss that IT wiped out his work, his boss tells his boss, and his boss tells his VP, I guarantee that your boss will not cover for you.
You want him having direct access to the 'net without a proxy?
WTF does this have to do with what OS you're running?
I doubt it, especially not after that email where he asked questions about what type of traffic you monitor and how you do audits.
This is ridiculously paranoid. I've seen the occasional IT type who considers the users he is supporting his enemies, but this is beyond belief.
What if he's okay but his box ended up getting owned because he downloaded bad BitchX source?
What if the same damn thing happened because he downloaded a Word file to his Windows box? Which of the two happens in far greater numbers?
That would mean another three day stint of no sleep doing emergency penetration tests, mirroring HD images, finding the exploits, sitting in meetings and explaining what all was affected hoping you didn't miss something critical.
You've worked in an 8,000 unit shop and you honestly believe you have zero penetrations? And your setup is such that you need to spend three days and nights mirroring HD images *after* an attack?
This brings productivity for the money-making sides of the company to a crawl while sysadmins and security folks work to get things safe again
And again, WTF does the OS have to do with this?
Likely, there will be a news source online with details of how the exploit took place, but completely wrong and now the public and shareholders are going to wonder if credit card numbers were stolen, your ability to properly maintain infrastructure, etc. Then your stock price falls $2/share.
Ridiculous. This is a theoretically possible but completely impractical story of what might happen in an attack.
Sorry to ramble, I just wanted to stress the importance of IT policy and the headaches that can happen when the policy is too lax.
Amazing. God, I'm glad the IT people that support me have different views.
(All those workstations came with an OS you paid for anyway).
The infamous sunk cost fallacy. Which they teach you to avoid in Business 101.
I also think this treatment of unapproved OS's is very common due to thoughts and situations like the one above.
It's not. That kind of behavior from IT would generate serious user complaints where I work. Matter of fact, IT is trying to quickly adapt to support people that want to use Linux here, and has compiled resources for them. That's what I consider doing a good, solid job. Helping the users instead of attacking them.
May we never see th