Slashdot Mirror
Longhorn Will Have Ability to Ban External Storage Devices
slashdotbs writes "CNET is reporting that Microsoft will allow IT managers to block devices such as USB memory keys and - shockingly! - iPods. The article refers to 'the threat posed by digital storage devices'."
Block access to USB keys?
Hell, we can do that now!
Remember that SP2 has several new longhorn "features" that were rushed into the service pack in the name of security.
Davak
and - shockingly! - iPods.
Shockingly, michael, people use iPods to backup data! Companies don't want their employees leaving the premises with this data and checking through tens of thousands of bags is time consuming and expensive. Perhaps this would be different if iPods weren't easily able to be used for backing up data but that's just not the case.
According to the article this feature is available in XP SP2. See here for more information.
No, it's not some Microsoft conspiracy to end iTMS and the iPod.
They need to give IT people the ability to block IE, it's more dangerous than any removable storage device.
Companies struggle with protecting their confidential and proprietary information. Being able to to do this at a policy level will be a big help to a lot of security folks.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
The device you've attached to your computer is not Microsoft Certified and is therefore potentially dangerous. Please visit microsoft.com to purchase an approved device.
Comment removed based on user account deletion
I was talking to the CIO of a major health organization who had commissioned his engineers to find a solution to the problem of people bringing in their USB flash drives. Since he's worried about patient privacy, there's the fear that somebody would be inside, stick in a USB drive, copy data and walk out.
I know - "but what if they use a notepad, dummy". Yes, there is that problem - but last time I checked, you can steal a ton more data via a USB drive than a piece of paper.
The engineers answer? Epoxy glue in the USB slots. Not the best choice.
So for places that have to deal with security, this is good for two reasons. First, it prevents people from taking data through alternate methods (USB/Firewire drives). Second, it lets people with those devices bring them into the lab.
Take the iPod example. If you're working in one of my secure labs, I might tell you "sorry - leave it outside". But with this technology, I can say "Sure - bring it in and listen to your tunes" with a reasonable level of surety that they're not to go copy data they shouldn't.
So from my mind, this is a Good Thing, and I'd like to see it on my OS X/Linux machines as well.
52 Weeks, 52 Religions with John Hummel
Seriously,
Just because you give IT administrators the power to lock down the computer doesn't mean that Aunt Sallie isn't going to be able to use her iPod.
Imagine you administer a huge corporate network and you've standardized on Longhorn. Now imaging that the single biggest threats your network has seen in the past have originated from customer service reps bringing files from home on their iPods and Thumbdrives. If I were an administrator, I would have no problem locking down those machines to eliminate that threat.
Oh no! You mean people can stop me from attaching devices to computers they own and administrate?? Will microsoft's villany never end?!?
"The price good men pay for indifference to public affairs is to be ruled by evil men." -Plato
Microsoft since 2000 has always had Group Policy definitions to restrict CD burning and Floppy use on certain PCs, why is this such a big deal? Because it has the word "iPod" in the article?
It's not like every IT department is going to start locking down USB keys.. it takes one employee complaining to their manager they can't take their uber-important files home to work on at night to get things like this reversed anyway.
Nail biters don't bother.. it's just a slow news day for Slashdot
There is a rage in me to defy the order of the stars, despite their pretty patterns.
Why is this a bad thing? It just gives more choices for security. Now if a sysadmin blocked these ports they better have an alternative to getting files off the machine (if files need to be copied somtimes...) Also, anyone know how the blocking is done? Can it be on a per device basis, or just all external storage devices?
-You're only as clean as your towel.
$ mount /dev/sda1 /mnt
mount: only root can do that
***Quis custodiet ipsos custodes***
I see a lot of comments talking about "anal sysadmins" and such. In a commercial environment that may be true. But there's an area where it is even MORE important to be able to lock these devices out: The government / sensitive info computers of the world. Think about all of the work that goes on in these places and the number of computers, many of which are on Solaris and Windows (some Linux is approved, but not much) They have to implement these features to keep national-security type information from walking out on someones keychain. (course those items cannot be in secured areas anyway, but I digress).
I believe the /etc/fstab entry would be something like this :
/dev/sda1 /mnt/usb1 auto noauto,user,ro 0 0
Linux has had this since 1991.
Seriously, it's called fstab.
It's also a handy way of keeping confidential information from leaking.
...at least on the part of Microsoft. Microsoft isn't trying to keep you from using USB drives or iPods, silly. You'll be able to use them by default. It simply gives the system administrator the ability to control the computer by giving them the *option* to disable these features.
There are a lot of organizations that don't want people plugging in USB storage devices and walking off with their critical, sensitive data. This gives them the ability to make their computers more secure, so less scrupulous people won't walk away with data.
I would think that on a site full of Linux people, there would actually be celebration about having more control over your computer. I think Microsoft should be commended on this one.
Doors are useless. You're missing the fact that these don't work for folks that know what they're doing, which is who you're trying to control. Everyone else, i.e. the people that are just trying to get in and out of their house are the ones impacted by these doors.
Doorways may be a closeable hole. Are you going to close these too:
1. The windows. People try. But if you can throw a rock, brick, or wield a baseball bat, you can get through a window. You may use double-plated glass, etc. That doesn't close the "hole".
In fact, anyone worth their salt can break a window and go through it.
2. The chimney, say accessed via a ladder or grappling hook.
3. The skylight. Roof access is attainable via ladder or nearby trees if so inclined.
4. The crawl space. You could cut holes up through the bottom all day an nobody would see you.
Given all of this, I'd say it's pointless to try to close all the holes without a ground up redesign of how houses work, and even then, there are ways around it.
In conclusion, I think doors are pointless. They don't keep anyone out that really wants in. For that matter, windows and walls should also be done away with. I see no point in closing off what access we can. It's better just to let those who want access have as easy and fast a go at it as possible.