Slashdot Mirror
Should Colleges Monitor Students' PCs?
dancedance asks: "I am a CS student at a small Liberal Arts college. Like most academic institutions, we have to deal with worm-infested computers being brought into the network from the outside. In the past the school's response has been to require all windows computers to install the virus software provided by the school. Although this helped protect the network, it was certainly not a complete solution, especially at the beginning of the school year. This year computing services is taking a more proactive approach to network security: it is requiring all Windows-based computers to install software which will allow the school to automatically update virus software, apply windows patches, install software 'deemed necessary' for network security, and 'report on the status of your computer'. This seems like a 'one step foreword, two steps backward,' approach to network safety as I fear that, under this system, a malicious user would only have to break into one central system to wreak havoc on the entire network. Are my concerns about this system well founded, or is this less of a problem than I make it out to be? Are similar policies getting implemented at other academic institutions?"
Perhaps you might want to (anonymously) remind them that by assuming management of individuals computers (not uni. owned) like that, they are also assuming some liability. Who gets sued, if they miss a virus or something, and it eats your term paper... theoretically you could sue them... I bet they haven't thought of that.
next step:
request a hard drive scan for copyright owner's works.
I'm not sure where the happy medium is between total computer intrusion and none at all. It's hard to trust anyone else messing around with my computer with software i MUST install.
MAC banning is ineffective since nearly every card these days can have it's MAC address reprogramed. Real solutions are tied to the student's university login account which is associated with their other student records.
Having gone to a liberal (in all senses of the word) arts college, and now being an IT manager responsible for a few hundred machines I can understand both sides.
Yes. There is a more central location for someone to attack. However, the average user doesn't take care of their system. In this case, you have to defend a single, actively malicious individual targetting your environment, rather than having to deal with the after effects of the bzillions of non-targetted attacks.
Unfortunately, as usually happens in situations like this, it is the conscientious user that has their system's security lowered. While, on average, the general security of the population is improved.
In my new position I can completely understand it.
When I was in college, I would have despised the very concept.
Overall, I think that this is probably better for the system. But I can sure understand why the "good" ones would feel like they are being punished for someone elses actions.
Side note: The people who are truly technical will probably be running some flavor of Linux/Unix so they won't be affected by this.
Ok, I give up, why you?
If it were my school, I think I'd find it easier to make my computer not be a Windows machine. Which begs the question: how is this outfit going to handle non-Windows systems? Are they going to force a similar level of compliance on Mac or Linux users? Personally I wouldn't want to have my machine subject to such regulations: I don't know as I would trust an IT department to ... well, let's just say I don't know as I would trust an IT department. I particularly wouldn't trust them with unfettered remote access to my personal property. I would also want to know what criteria were used in the selection of the software suite to be installed: if it's just because they got a good deal from Symantec I would have a problem with that too.
The higher the technology, the sharper that two-edged sword.
If you know how to reprogram your MAC address, you probably also know how to keep your computer virus-free, so banning by MAC address is a perfectly good reactive solution to viruses until they start randomly changing MAC addresses. And then you could ban unregistered MAC addresses, which is fine until viruses sniff and copy other MAC addresses, which isn't always possible.
Why must a college campus be treated any differently from other organizations? If you're an employee, grad student, or are otherwise obligated to connect to their network, then they should supply you with the computer, just like an employer. My employer does NOT come to my home and tell me what software must be on my personally owned computer. They have the right to prevent me from accessing their network from home, but no further.
If campuses are providing internet access as a benefit to students, then they're acting like ISPs. If a small mom-n-pop ISP can handle issues like this, then so can a college or university.
Most campuses seem to be a combination of both. They have their local network(s) with gateways to the internet. So they have to act like both businesses and ISPs. Both the campus AND the students need to realize this.
Don't blame me, I didn't vote for either of them!
Generally, though, the set of people who know how to change their MAC address and the set of people who keep their computer virus/worm-free intersect pretty well.
As part of Microsoft's Strategic Technology Protection Program, and in response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA). MBSA Version 1.2 includes a graphical and command line interface that can perform local or remote scans of Windows systems.
It's a backdoor, they can do anything they want to your system. It can scan, read and write files. It's like giving them root, so they own your computer.
With abilities like that, do you think they will bother to ask you when it comes time to satisfy some big power? RIAA requests to eliminate your music collection will be honored. CIA/FBI requests to search and monitor suspicious characters will be carried out. Anyone who would require such powers will abuse them.
It's as unAmerican as all hell. Such scans would obviously violate your fourth amendment right to be secure in your personal papers. At State schools, the network is public and at many it has been paid for by special student fees, so this is an abuse of a public network, comparable to wholesale wiretaping, post violation and even bugging, if your computer has a microphone they can turn on. At private schools, ownership of the network depends on the amount of public money paid to build it and is encumbered by the fact that they will want to connect it to other public networks. That desire to connect to public networks should be used to enforce the kind decent behavior.
All of the other services mentioned can and should be required of Windows machines but Winblows itself should be optional. Up to date virus definitions are helpful but generally too difficult for the end user to keep up with. All the services besides system monitoring are helpful to the user and the school. If the user chooses to be rooted as a condition of running Winblows, that's their choice.
Operating systems that don't have problems should be encouraged by the University. Not being rooted can be one more reason to run Linux, Mac and other OS. Traffic should still be monitored. If my computer starts belching spam, I'd be happy if my ISP sent me a message and chopped the line. There's a big difference between that and requiring read write to my computer.
Friends don't help friends install M$ junk.