Longhorn Will Have Ability to Ban External Storage Devices
slashdotbs writes "CNET is reporting that Microsoft will allow IT managers to block devices such as USB memory keys and - shockingly! - iPods. The article refers to 'the threat posed by digital storage devices'."
and - shockingly! - iPods.
Shockingly, michael, people use iPods to backup data! Companies don't want their employees leaving the premises with this data and checking through tens of thousands of bags is time consuming and expensive. Perhaps this would be different if iPods weren't easily able to be used for backing up data but that's just not the case.
According to the article this feature is available in XP SP2. See here for more information.
No, it's not some Microsoft conspiracy to end iTMS and the iPod.
They need to give IT people the ability to block IE, it's more dangerous than any removable storage device.
Companies struggle with protecting their confidential and proprietary information. Being able to to do this at a policy level will be a big help to a lot of security folks.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Comment removed based on user account deletion
I was talking to the CIO of a major health organization who had commissioned his engineers to find a solution to the problem of people bringing in their USB flash drives. Since he's worried about patient privacy, there's the fear that somebody would be inside, stick in a USB drive, copy data and walk out.
I know - "but what if they use a notepad, dummy". Yes, there is that problem - but last time I checked, you can steal a ton more data via a USB drive than a piece of paper.
The engineers answer? Epoxy glue in the USB slots. Not the best choice.
So for places that have to deal with security, this is good for two reasons. First, it prevents people from taking data through alternate methods (USB/Firewire drives). Second, it lets people with those devices bring them into the lab.
Take the iPod example. If you're working in one of my secure labs, I might tell you "sorry - leave it outside". But with this technology, I can say "Sure - bring it in and listen to your tunes" with a reasonable level of surety that they're not to go copy data they shouldn't.
So from my mind, this is a Good Thing, and I'd like to see it on my OS X/Linux machines as well.
52 Weeks, 52 Religions with John Hummel
Seriously,
Just because you give IT administrators the power to lock down the computer doesn't mean that Aunt Sallie isn't going to be able to use her iPod.
Imagine you administer a huge corporate network and you've standardized on Longhorn. Now imaging that the single biggest threats your network has seen in the past have originated from customer service reps bringing files from home on their iPods and Thumbdrives. If I were an administrator, I would have no problem locking down those machines to eliminate that threat.
Why is this a bad thing? It just gives more choices for security. Now if a sysadmin blocked these ports they better have an alternative to getting files off the machine (if files need to be copied somtimes...) Also, anyone know how the blocking is done? Can it be on a per device basis, or just all external storage devices?
-You're only as clean as your towel.
$ mount /dev/sda1 /mnt
mount: only root can do that
***Quis custodiet ipsos custodes***
Tut-tut. If you are going to come down on MS over this option, don't distort the issue. MS would love to have more fancy shmancy hipster customers, vis. MSN music store. The option isn't less useful, it is more useful; especially to IT administrators looking for a greater degree of control over their users' digital schpincters. If you are going to flame MS, it should be over the extension of control they can exert over users, not some kind of social pogrom against whomever you are concerned with. And, as it has already been pointed out, there have been tools around to do this for some time.
...at least on the part of Microsoft. Microsoft isn't trying to keep you from using USB drives or iPods, silly. You'll be able to use them by default. It simply gives the system administrator the ability to control the computer by giving them the *option* to disable these features.
There are a lot of organizations that don't want people plugging in USB storage devices and walking off with their critical, sensitive data. This gives them the ability to make their computers more secure, so less scrupulous people won't walk away with data.
I would think that on a site full of Linux people, there would actually be celebration about having more control over your computer. I think Microsoft should be commended on this one.
Doors are useless. You're missing the fact that these don't work for folks that know what they're doing, which is who you're trying to control. Everyone else, i.e. the people that are just trying to get in and out of their house are the ones impacted by these doors.
Doorways may be a closeable hole. Are you going to close these too:
1. The windows. People try. But if you can throw a rock, brick, or wield a baseball bat, you can get through a window. You may use double-plated glass, etc. That doesn't close the "hole".
In fact, anyone worth their salt can break a window and go through it.
2. The chimney, say accessed via a ladder or grappling hook.
3. The skylight. Roof access is attainable via ladder or nearby trees if so inclined.
4. The crawl space. You could cut holes up through the bottom all day an nobody would see you.
Given all of this, I'd say it's pointless to try to close all the holes without a ground up redesign of how houses work, and even then, there are ways around it.
In conclusion, I think doors are pointless. They don't keep anyone out that really wants in. For that matter, windows and walls should also be done away with. I see no point in closing off what access we can. It's better just to let those who want access have as easy and fast a go at it as possible.