Slashdot Mirror

← Back to Stories (view on slashdot.org)

Longhorn Will Have Ability to Ban External Storage Devices

Posted by michael on from the no-ipod-for-you dept.

slashdotbs writes "CNET is reporting that Microsoft will allow IT managers to block devices such as USB memory keys and - shockingly! - iPods. The article refers to 'the threat posed by digital storage devices'."

14 of 721 comments (clear)

  1. ban in sp2 by Davak · · Score: 5, Informative

    Block access to USB keys?

    Hell, we can do that now!

    Remember that SP2 has several new longhorn "features" that were rushed into the service pack in the name of security.

    Davak

    1. Re:ban in sp2 by kikta · · Score: 4, Informative
      From the article:

      Microsoft did include a workaround in Windows XP Service Pack 2 that lets users change an internal Windows setting to prevent data from being written to USB devices. But the features planned for Longhorn will be more comprehensive.

      Reading is fun. ;-)
    2. Re:ban in sp2 by Krelnik · · Score: 4, Informative
      >> Reading is fun

      That text about SP2 was NOT in the CNET article when it was first posted. They revised it as the result of comments on their own message board.

  2. What is the big deal? by kidventus · · Score: 5, Informative


    Microsoft since 2000 has always had Group Policy definitions to restrict CD burning and Floppy use on certain PCs, why is this such a big deal? Because it has the word "iPod" in the article?
    It's not like every IT department is going to start locking down USB keys.. it takes one employee complaining to their manager they can't take their uber-important files home to work on at night to get things like this reversed anyway.
    Nail biters don't bother.. it's just a slow news day for Slashdot :-)

    --
    There is a rage in me to defy the order of the stars, despite their pretty patterns.
  3. Somewhat of a good idea by TheRealMindChild · · Score: 4, Informative

    While I personally believe this is a good thing, often these things can be circumvented easily by... booting a knoppix CD. Of course a modern BIOS will allow you to restrict booting from a floppy (yes I know... I am the only person who still uses these), or a CDRom, but all can be undone with 30 seconds and enough balls to open your case. Even then, Im sure there is some trick to purge the CMOS without ever cracking the case.

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  4. HIPAA by charnov · · Score: 4, Informative

    I worked on a project where we had to remove every USB, firewire, CDROM, and floppy drive along with sheathing all the plugs and sealing all the connections on hundreds of computers to satisfy some of the more stringent controls required in HIPAA (HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996) that no unauthorised persons be able to access restricted documents. It was cheaper than using control software (trusted computing platforms and certification is wicked expensive).

    --
    [RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.
  5. Re:They've got their priorities wrong by xxxJonBoyxxx · · Score: 4, Informative

    You can already block IE using an outbound HTTP proxy server which can screen out requests based on the Agent tag. You can also block execution of IE using NTFS permissions. You can also set other browsers to be the default browser on a particular desktop. So...what's the problem?

  6. Very Necessary by SrJsignal · · Score: 5, Informative

    I see a lot of comments talking about "anal sysadmins" and such. In a commercial environment that may be true. But there's an area where it is even MORE important to be able to lock these devices out: The government / sensitive info computers of the world. Think about all of the work that goes on in these places and the number of computers, many of which are on Solaris and Windows (some Linux is approved, but not much) They have to implement these features to keep national-security type information from walking out on someones keychain. (course those items cannot be in secured areas anyway, but I digress).

  7. Whatever by temojen · · Score: 5, Informative

    Linux has had this since 1991.

    Seriously, it's called fstab.

    It's also a handy way of keeping confidential information from leaking.

    1. Re:Whatever by superpulpsicle · · Score: 4, Informative

      That's at the filesystem level. I think they mean at the device driver level.

    2. Re:Whatever by temojen · · Score: 5, Informative

      Does it matter?

      If it really matters to you that the drivers not be present, you can also turn off module autoloading and not put the USB mass storage drivers in your modules.conf

  8. Re:mount: only root can do that by Minwee · · Score: 4, Informative

    You may want to read the formatted man-page for fstab some time.

    I think that you may find the "user" and "noauto" options interesting.

  9. Re:What about banning booting Knoppix CD? by John_Booty · · Score: 3, Informative

    Can Windows also prevent me from booting a Knoppix CD to copy files to my USB device?

    Not sure if you're joking or not, but that would be a BIOS setting, not an OS setting... of course, you'd think that a "secure" workstation probably wouldn't even include a CDROM drive for most users since software would be installed by an admin over the network...

    --

    OtakuBooty.com: Smart, funny, sexy nerds.
  10. Re:What about banning booting Knoppix CD? by ReelOddeeo · · Score: 3, Informative

    If you're going to open the computer's case, it is easier to remove the HD and use a jury-rigged "external usb enclosure" canabalized guts to connect it to your laptop, then steal the data onto your laptop.

    --

    Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!