Reducing The Negative Impact of Laptops

Mark Brunelli wrote to mention a SearchEnterpriseLinux column about reducing the negative impact laptops can have on a network's security. From the article: "Portable computers often become an extension of the person using them. It is no surprise that laptop users are inclined to be rather autonomously minded. Many users don't realize that the power they have to install software and change settings is risk prone. Fortunately, larger corporations that install Microsoft Windows XP Professional usually don't grant the laptop user full administrative rights. The same cannot be said of smaller businesses, many of which simply purchase laptops from the local store -- laptops pre-installed with Windows XP Home Edition. "

Linux

[mysqlrocks]

Better still, use the truly secure Linux operating system. Six months after making the change, you will not use Windows again. The cost of Linux is also much less than the cost of upgrading Windows XP Home Edition to Windows XP Professional.

Unfortunately Linux isn't as easy to use for most people. How about suggesting that they use a Mac? Macs are secure and are easy to use.

Re:Laptops get around too much

[(H)elix1]

Outbreaks were correlated with a particular individual coming back to the office with his laptop after working elsewhere. I think it must be something about the way he uses that system; what sites he goes to, probably; which causes it to be so riddled with viruses.

You would not believe the crap you have to deal with on hotel networks. If anyone is counting on the firewalls keep the network clean, guess again. This has to be at the machine level, each one an island. I keep the shield up on my laptop and (knock on wood) have yet to have an issue - but most of the broad band connections your typical road warrior deals with is a cesspool of worms, viruses, and other such nasties.

I locked my sister's kids out of windows XP Home..

[kesuki]

Just by adding a second account in the control panel, and changing the (default) administrator account to have a relatively secure password.

Since when does having windows XP Home edition prevent you from adding multiple users, some of them restricted users who can't install software? is it because you only know how to use XP pro's tools to manage security? you don't know how to lock down IE with the help of a few simple freeware utilities you can download off the internet ;)

I don't get it :) why do small businesses need to buy XP pro when XP home has enough of the features to do everything that is 'easier' to do in XP Pro?

If I'm missing some big reason please tell me, other than XP pro costs at least $120 more (oem pricing) why someone needs to run Pro to do something i did on XP home just last weekend...

How about 10,000 laptops with XP Home?

[Demerara]

I was recently involved in an international procurement where 10,000 laptops were supplied with XP Home. The mission-critical application on the laptops was highly secure - all data was encrypted to a high degree but the laptops themselves were wide open to attack or, more likely, inadvertent denial of service by ignorant or curious users.

By the time I flagged this appalling oversight, the procurement process was too far advanced. So, a US$44 million procurement went ahead using XP Home on the kits.

The application? Electronic Voter Registration in a large sub-saharan country in Africa.

So it's not just small businesses who drop the ball.

The budget will never be there to upgrade to XP Pro. And they simply don't have the skills to replace XP with a Linux distro and port the application (which is proprietary anyway).

Does anyone have thoughts on what can be done to improve the security of XP Home?