Young Employees Pose Increasing Risk to Networks

buzzardsbay writes "Baseline is reporting on an upcoming survey from Symantec and Applied Research-West that confirms many suspicions about the generation gap in the workplace, namely that younger workers will use your corporate network to run most any device, technology or social networking software they can get their hands on. Dubbed "Millenials," these workers born after 1980 are nearly twice as likely to use cell phones and PDAs at work, and half admit to installing unauthorized software on their employer's computers. On the upside, the Millenials are more security aware than their older co-workers."

they need to protect their networks

[k3v0]

isn't it the company's responsibility to control their network?

Re:they need to protect their networks

[SatanicPuppy]

Having a company adequately secure their network would cut into symantec's bottom line, so, from their perspective, no.

Re:they need to protect their networks

[tattood]

isn't it the company's responsibility to control their network?
It's also about educating the employees more than anything IT can do to protect the network. If I can call one of your employees and pretend to be the remote helpdesk, and say that I need your password so I can install some software on your computer, and they give me the password, I am in your network.

It's called social engineering, and if you are good at it, you can get past ANY network or software based systems.

Re:they need to protect their networks

[Verteiron]

And that's a great idea, until you end up with a piece of required software that refuses to run without local admin privileges on the computer...

Re:they need to protect their networks

[bconway]

"software that refuses to run without local admin privileges" = An admin who is too lazy to look up the file and registry permissions required to run the (shoddy) software and would rather put the network at risk than do real work.

Re:they need to protect their networks

[Joe+The+Dragon]

there are some apps that even then still give a hard time. Also some IT departments are under staffed for the work load and don't have the time do that or the have the money to hire more people.

Re:they need to protect their networks

[Verteiron]

Or an admin who has looked up the file and registry permissions required to run the shoddy software (shoddy, yes, but also provided by manufacturer and the only way to do business) and found that said software requires the admin to essentially open up the entire HKLM branch anyway, thus granting local admin privileges available in fact if not in name. Welcome to the wonderful world of car dealerships.

Re:they need to protect their networks

[vertinox]

If I can call one of your employees and pretend to be the remote helpdesk, and say that I need your password so I can install some software on your computer, and they give me the password, I am in your network.

Which is why you mitigate how much damage a single person can do.

So if you do get a password of a normal user in a corporate office, all can do is read their mail and delete their home directory. If their machine was properly locked down, you won't be able to install anything either and if their password expires in 60 days you got that long to harass them.

Yeah... Your employees will complain they can't get anything done because they can't install programs or save files on the network or modify databases as they would like. At the same time, you have to put in procedures that minimize damage if a IT person is socially engineered such as not even let them look at existing password and temp ones have to changed on login.

This technique also is useful for rogue employees who plan on going postal with your companies data.

Re:they need to protect their networks

[Phisbut]

And that's a great idea, until you end up with a piece of required software that refuses to run without local admin privileges on the computer...

If a piece of software needs admin privileges for no obvious reason will have lost me (and all the PCs I control) as a customer, at least until they fix their act.

Re:they need to protect their networks

[OnslaughtQ]

While the parent has been modded offtopic, I really think we need to give this comment more credit into its deeper meaning and how it relates to the article. I think the AC clearly intends for "Fuck the Chinese government!" to mean that there needs to be more penetration testing of networks. I'm not entirely sure what he meant by "Free Tibet!," however. I think it might mean to let our packets go, that they do not need to be mangled anymore. So, clearly the AC was not offtopic, probably just a bored author dying to make a metaphor between novels.

Re:they need to protect their networks

[guy-in-corner]

I'm a C++/C# developer and I've been running in a normal account for over two years now. It's no biggy. I do need to elevate to local admin occasionally: I keep another session open (either with Remote Desktop or Fast User Switching).

Granted, we're specifically discussing locking down the local admin account entirely. My point is that if more developers took the time to run without admin privileges, we'd see a lot more programs that didn't ask for admin rights unnecessarily.

Re:they need to protect their networks

[someme2]

It's also about educating the employees more than anything IT can do to protect the network. If I can call one of your employees and pretend to be the remote helpdesk, and say that I need your password so I can install some software on your computer, and they give me the password, I am in your network.

In other news:

"That's not our problem", says area CIO. "Our problem is educating our helpdesk, that if someone calls and says he's an employee and needs a new password for his account, they shouldn't just give out a password without further identification. "

Seen it happen in three companies in the last 5 years. Each company with more than 2000 employees & one of them a fortune-500 company.

Re:they need to protect their networks

[SoonerSkeene]

I work for a certain convergent outsourcing company which converges with converging technologies to provide a ... okay I've taken this too far: I work for Convergys. Every user on their network is an administrator. Every. Single. One. We have 1200 or so employees at my site alone, and we've got over 70 sites in the US.

They use group policy security to control the network, but you wouldn't believe how little thought goes into it. We had a new team form to provide support for a certain now-defunct pacific-coast city's municipal wifi. Because supporting an internet service sometimes requires tools such as ping/tracert/whatever -- they gave us a command prompt. But because they didn't want us having all kinds of access, what they really gave us was a shortcut to a batch file, which started with a choice prompt, allowing you to 'paste' so-to-speak, several commands, such as it would not let you have a blank prompt. It would always have a command, such as C:\>ping .

Well apparently no one told them that you can concatenate commands. We soon discovered we could just use the batch file to C:\>ping google.com & start cmd and have an unrestricted command prompt. And since we're all administrators, we can use MMC, and control every other part of our access.

I've since moved past my call-taking days, but I still work for them as an analyst. Of course they still won't let me provide any kind of network security device.

Re:they need to protect their networks

[Nimey]

You're assuming there's actual documentation of which files/folders/registry entries a poorly-written program needs to write to.

As someone with experience here, allow me to laugh in your face.

Re:they need to protect their networks

[Nimey]

Fucking brilliant. The batch file idea requires that the password be in the .bat for all the world to see.

Re:they need to protect their networks

[Verteiron]

No need for docs, just a need for regmon and diskmon and a couple hours of time to mess with it. Of course, that's assuming that the software doesn't just cycle through all the HKLM keys until it finds the one it's looking for...

Re:they need to protect their networks

especially the type who can't even pluralize properly.

Re:they need to protect their networks

[Danny+Rathjens]

That's why the ol' security maxim of basing authentication on "something you have and something you know." a.k.a. multi-factor authentication. It's a lot harder to social engineer something they have away from someone.

Re:they need to protect their networks

[The+Spoonman]

but also provided by manufacturer and the only way to do business

Then stop doing business with that manufacturer until they fix their software. Either that, or take it off the network. Or isolate it within a DMZ. Or call the helpdesk day in and day out asking for a resolution to the problem until it's fixed. Or get the higher-ups involved and tell them how they've had money stolen because their network was hacked or....well, you get the idea. Sometimes the only way to get shit fixed is to be a major asshole.

found that said software requires the admin to essentially open up the entire HKLM branch

I find that hard to believe. "Opening up" in terms of this discussion means to grant write access to protected areas of the registry. Are you suggesting that the software from your manufacturer needs to write to, say, the keys for Winzip? I can understand software needing to write to their own HKLM keys (I can understand it, I didn't say I agree with it), but not others. Granting users the ability to write to just those keys and subkeys is no big deal, but granting the ability to write to all of HKLM is a lazy admin not doing his job. Hell, the simplest solution is to fire up regmon, then launch the app and see what it starts poking around in and grant writes to do so. There's absolutely no reason this couldn't be done in less than half an hour, and that's with the person being REALLY thorough.

Re:they need to protect their networks

[Screen404-O]

Try SureTrack, Digger, Or P3. also a lot of old digitizer software.

Re:they need to protect their networks

[jimicus]

If a piece of software needs admin privileges for no obvious reason will have lost me (and all the PCs I control) as a customer, at least until they fix their act.

If you come to an employer which has already invested many man-hours in training to use such software and many thousands on licensing it, then you will have no job.

If your employer comes to you and says "Make this piece of software work, we need it for the business" and you refuse because it needs admin privileges, sooner or later (probably sooner) you will have no job.

The role of IT is to make something work. If that means ugly hacks, firewalled subnets or other measures in order to mitigate the idiocy of some commercial piece of software, 9 times out of 10 that's less work than re-engineering the business around some other piece of software.

Re:they need to protect their networks

I am in your network.

Sniffin ur packitz?

Re:they need to protect their networks

[lgw]

Oh, trust me, if I'm doing dev work on a machine assigned to me, I *will* be local admin, it's just a matter of (not much)time. You can't actually lock down a Windows box (or any normal consumer OS) against anyone who has long-term physical access to that box. Without full disk encryption, "resetting" the local admin password is nearly trvial in Windows.
    Heck, if I understood this attack better, I could become the admin in a few seconds even with full disk encryption.

OTOH, any company that I've heard of that really locks down their dsktops and still employs developers gives them a second box on a different network to actually get work done, and the locked-down box becomes just an email and intranet app terminal.

Re:they need to protect their networks

[lgw]

Sure, until you discover too late that some rarely-used option needs additional access, and so every so often the app just crashes in the field, and 3% of your user base ends up calling the helpdesk every day. Oops.

Re:they need to protect their networks

[mysidia]

I find that hard to believe. "Opening up" in terms of this discussion means to grant write access to protected areas of the registry. Are you suggesting that the software from your manufacturer needs to write to, say, the keys for Winzip?

This appears as if it will work fine, until you realize the application makes a direct call to GetTokenInformation and verifies that the application thread possesses certain security privileges including SE_TCB_NAME before proceeding.

Naturally, there are many privileges only open to programs that run with administrative privileges. You break the application, by not running it with the intended permissions.

It's fairly naive to think the set of permissions MS assigns to admin users is exactly the set of permissions non-admins won't need.

There are many special features like RAW sockets that are restricted to apps running as admin. The assumption that only designated apps for administering that workstation need these features may not be well founded.

Even in the UNIX world there are apps which must have root privileges, and there's a fairly elegant setuid scheme I might add, to permit software to run an agent as root, so that only the parts of the application that _need_ special privileges have special privileges.

This is much better than conferring special privileges to the USER. Now you see, letting Winzip edit its HKEY_LOCAL_MACHINE\Software\Winzip folder when run as a regular user may open a hole that allows user A to compromise user B's account when user B logs into the workstation and runs Winzip -- which reads settings from that shared place: perhaps a setting including commands to execute while starting winzip.

What about the other half?

[ccguy]

half admit to installing unauthorized software

I assume the other half:
- Do it but don't admit it
- Or don't it but are way less productive than their peers

I don't know how it is for the rest of the slashdot crowd but almost everywhere I've worked it's impossible to be (decently) productive using only authorized software.

The sad thing is not a matter of cost, but a matter of paperwork. Something as basic as winrar (no, let's not go into why would I want to use winanything) is impossible to get by the official channels.

Re:What about the other half?

[Smidge204]

Interesting how you say that "installing unauthorized software" = "more productive"

I'm willing to bet that the vast majority of "unauthorized software" are things like chat clients, media players, RSS/Weather update notifiers, games and software for personal devices (iTunes etc).
=Smidge=

Re:What about the other half?

[digitig]

I assume the other half:
- Do it but don't admit it
- Or don't it but are way less productive than their peers

I don't know how it is for the rest of the slashdot crowd but almost everywhere I've worked it's impossible to be (decently) productive using only authorized software. Quite. I remember being employed to do software development when there were no programming languages included in the approved software, because the people who drew up the approved software list had never bothered to ask the business areas what they did with their computers. I never did get any languages approved, but I did get them to lift my authorisation level so I could run executables that weren't on their heavily locked-down desktop, which was all it took. The company bought the C++ compiler I asked for, and I installed and used it -- unauthorised.

Re:What about the other half?

[plague3106]

Why do you assume that? Never crossed your mind that the other half don't, but are just as productive (or more so)? Maybe the other half can learn to use the authorized software instead of being so tied to one particular program and can't be bothered to learn something new.

Re:What about the other half?

[Compholio]

Firefox, SSH, VNC, .... Not to mention that a lot of tech support happens over IRC and IM.

Re:What about the other half?

[poetmatt]

You know, they were pretty darn accurate.

At my work, the things I install "unauthorized" for myself and my coworkers which are 100% productivity:

Firefox
Phrase Express (text macro program)
Stardock
Microsoft Powertools/toys (the one that gives you a screenshot of each app when you alt+tab).

None are "approved" but all the techs approve of it, because they know better.

None of them use any of what you mentioned. No RSS readers, no games, no funky screensavers, no weather spyware shit. Work is laid back enough to not care (many people just browse the web all day, I mean cmon I'm replying on slashdot), but most people don't push the slacking that far. Also, we're an enormous multibillion $ nonprofit corporation and what I am telling you is like...hmm, well its a worldwide company with thousands of employees. I've talked to the CEO and even he has admitted to having a preference for firefox over IE for example, even though the CIO hasn't officially or formally approved it.

I don't mean it to be ad hominem on this, but I will say you are making a pretty general bias here that is pretty generally not accurate.

Re:What about the other half?

[SatanicPuppy]

Firefox: If places don't allow multiple browsers, thats their own fault. Just stupid.

VNC: If it's needed for the job, I'd have it installed, or some other similar remote management program...VNC isn't all that feature rich. You'd probably need NAT for that as well, and you ought to run it through a tunnel. Otherwise, I am the firewall gestapo. I open ports for no one, and if you try to local proxy all your traffic out through 80 I will notice.

SSH: See above, except for the tunnel part.

The worst type of user is the tech guy who doesn't work in IT. They always think they know better, they have a massive attitude, and a huge superiority complex. If you can prove to me you know your shit, I'll give you some leeway, but that leeway is probably just having your box dumped out into the DMZ, and you screw it up, you fix it.

Re:What about the other half?

[ccguy]

Never crossed your mind that the other half don't, but are just as productive (or more so)?

No.

Maybe the other half can learn to use the authorized software instead of being so tied to one particular program and can't be bothered to learn something new.

OK OK, I'll give notepad another chance for my code editing, and I'm sure I can come up with two decent .bat script to launch the compiler and so on... More good ideas? Email them all to ccguysboss@gmail.com :-)

Re:What about the other half?

[Guspaz]

and software for personal devices (iTunes etc).

I'm more productive when listening to music (blocks out outside noise). I've worked at places where my bosses have SUGGESTED that I get a pair of headphones and listen to music at work. If anything, iTunes should make an employee MORE productive by helping them get into the zone, and less prone to distractions.

The same thing applies to media players, assuming they're used for audio and not video. Anyone suggesting that such things makes employees less productive has obviously never worked for a software development company/department.

Re:What about the other half?

[haystor]

"They always think they know better, they have a massive attitude, and a huge superiority complex."

They?

Re:What about the other half?

[plague3106]

No.

Ahh, a self important ass that believes his world view is the only correct one. Gotcha.

OK OK, I'll give notepad another chance for my code editing, and I'm sure I can come up with two decent .bat script to launch the compiler and so on... More good ideas? Email them all to ccguysboss@gmail.com :-)

Ya... because it's either VIM or notepad. Well have fun installing all the crap you think you need, I need to get back to doing actual work.

Re:What about the other half?

[aclarke]

If you can prove to me you know your shit, I'll give you some leeway, but that leeway is probably just having your box dumped out into the DMZ, and you screw it up, you fix it.

Yeah, way to go. Great idea. So when your "clueless user's" box in the DMZ is pwned and your boss' boss' boss and the company lawyers are wondering how the competition knows the quarter's sales number before they're announced, you can complain about how stupid the user was for not being able to secure the box that you put out in the DMZ.

Good luck with your job.

Re:What about the other half?

[lwsimon]

And then you have the ones like me. I work in HR, not IT, but more than half of my IMs are probably with the sysadmins talking about Linux news. If someone in my department needs support, they generally come to me first. I only forward them to PC Support if its something other than user error (which is rare). Then again, by the same token, I keep PC Support in the loop on things. If there is a common issue, I'll call them up and tell them about it. If I need to install software (such as Apache, which I needed to install a while ago), I tell them. I'm also savvy enough to only have it turned on when I need it, so its not a real attack vector. Powerusers can make your jobs easier if you let us. The trick is to tell know-it-alls from true powerusers, as they can look a lot alike from a distance. The ones that call and ask narrowly-defined questions are the ones you'er looking for.

Re:What about the other half?

[hobo+sapiens]

"installing unauthorized software" = "more productive"

False dichotomy.

Where I work, the company standard IDEs for web development are Dreamweaver or Eclipse. Both are completely unacceptable. Yet, a F/OSS text editor like jEdit is nonstandard but allows me to be much more productive. Why? Because it allows me to work quickly. I have all of the powerful text editing tools of an IDE without the extreme overhead.

Also, as someone else replied, Firefox and certain plugins like Firebug and the Tidy validator are critical. I am a web developer, you see, and IE's ultracrappy javascript debugging capabilities are not even worth considering (even with the insanely useless MSFT Dev Toolbar installed). Profiling AJAX calls, or ANY HTTP request, is impossible without a tool like Firebug. And they are all nonstandard, but without them it would be more time consuming if not practically impossible for me to debug or optimize web pages.

I am not trying to install iTunes or GAIM or games. Stupid people install that stuff at work. I just want to use tools that will allow me to get the job done. The web and its technologies are rapidly changing. Company Standard Software committees do not seem to be able to keep up, at least where I work. So, you can either 1) fight the establishment and risk looking like an "OSS hippie troublemaker" and still never get what you need, 2) work with approved but ineffective and usually expensive tools, or 3) just install what you need and produce good work. Within reason, I go with option number 3.

So...unauthorized software isn't always better; authorized software isn't always better.

Re:What about the other half?

[0100010001010011]

Izarc (because the 'authorized' WinZip sucks)
Firefox (One internal website went as far as to redirect you to 'this doesn't work with FF' even though changing the user agent made it work just fine).
WinAmp because yes, I am more productive when I'm listening to music.

Sametime 7.5 (Company only 'authorizes' up to 6.5, but the difference is amazing), but I guess that's a 'chat' client.
Foxit instead of Adobe
DVAssist because I type on Dvorak and sometimes other people want to use my computer. Heck I even edited the registry (GHASP) so that Dvorak was the login keymap instead of QWERTY.
Some stuff from Yokogawa so that I can remotely control a scope that I got off of their website
WinDirStat because we kept getting e-mails about our shared drive filling up and I wanted to visually see wtf was going on.
Launchy because I love launching all my programs from my keyboard (I'm a Mac user and used Spotlight/Quicksilver at home)
4T Tray Minimizer so I can move stuff off of my screen and still have it running like Matlab or Excel. ...
Oh and Angry IP scanner (which my virus software deleted until I downloaded the beta which has a different name) because I work with XPC boxes, Yokogawa scopes and other devices that I have to change my IP for and I want to see if the cable is working so I ping them. And sometimes they don't have the IP address written on the side of the box, so I have to ping the whole subnet.

Re:What about the other half?

[lena_10326]

Tech support happens over a dedicated phone number... useful if your computer can't get online :P

Not all tech support is for the LAN. It's becoming quite common for tech support to offer support over IM. We often got colo and database support through IM. It's easier to message someone rather than play phone tag. They also appreciate not being interrupted constantly by ringing phones.

Re:What about the other half?

[SatanicPuppy]

It's not my job to convince you, it's your job to convince me. If you can't convince me, that's not my problem.

Case in point, Instant Messenger. I get people trying to sell me on instant messenger all day long...They want to use it for inter-departmental discussion. Okay. So I set up an internal IM server, and gave everyone access. No, it's not enough. We need to talk to people in other business units. Ok. Fine. I set it up corporate wide, and route all the traffic through secure tunnels. No, it's not enough, we need to talk to customers. Too bad, use email.

Really, people want to talk to their friends in other locations. So I should open up my network to the sort of vulnerabilities that come with AIM and the other big services, just so they can goof off? I bend over backwards to provide the functionality they say they need, until it becomes obvious that they just want a toy. Not my responsibility to provide this. Learn to use email.

I know a lot of places are run by paranoid morons who are afraid of web browsers and Open Office; I get it. But that doesn't mean that there are no real security concerns, and it doesn't mean that all rules are arbitrary.

Re:What about the other half?

[the_rev_matt]

I'm on a government project. None of the software we need to use is approved. IDE, debugger, sql optimizer, photoshop, etc etc. The network administrators aren't allowed to have PuTTY, nmap, etc. If the branch chief's secretary doesn't need it, they don't see why we would.

Re:What about the other half?

[serviscope_minor]

The worst type of user is the tech guy who doesn't work in IT. They always think they know better, they have a massive attitude, and a huge superiority complex. If you can prove to me you know your shit, I'll give you some leeway, but that leeway is probably just having your box dumped out into the DMZ, and you screw it up, you fix it.

And if the guy is an engineer, then they probably do know better. Especially in their area. And then we engineers have to fight against guys like you who have a chip on their shoulder and insist that our knowledge and need to work is a "massive attitude" or "superiority complex".

Re:What about the other half?

[hobo+sapiens]

One internal website went as far as to redirect you to 'this doesn't work with FF'

If there's one thing I hate more than company standard software boards who chronically Don't Get It, it's the self-proclaimed Intranet Hall Monitor buttholes. Show me someone who goes out of his way to intentionally deny users access to a site simply because he dislikes the user-agent...and I'll show you someone who just doesn't get the medium he is working with. "Internet? Shucks no, boy, I use that there big ole blue E! The one right there on my compooter screen!"

Re:What about the other half?

[penguin_dance]

I'm willing to bet that the vast majority of "unauthorized software" are things like chat clients, media players, RSS/Weather update notifiers, games and software for personal devices (iTunes etc).

I'll bet I'm not the only one that carries a flash drive filled with very useful, PORTABLE APPS (and bless the people that create them!) I can run them without any permission because they don't need to install. How about things like Gimp and KompoZer so I can get my job done better and faster? The only "legitimate" graphics editor I can have installed is a very old version of Photoshop which costs $$$ and FrontPage is the only "official" HTML editor.

That's part of the problem when they really tighten things down. Sometimes it's about what software is allowed even if you pay for it. The smaller companies can have the advantage over the larger ones as they are usually more flexible--so you can get the tools you need, as long as you have the budget. The large ones tend to get a set of standard software (i.e., MS Office) and getting anything else (including MS Access) is like pulling teeth. They forget not everyone does the "stadand" type work of spreadsheets and memos.

Also none of the companies I've contracted for have gone to Firefox as an alternative (or IE7 for that matter). Even when they have a web site that's undoubtably being viewed by others using something besides IE6 (and I'm part of the team responsible for the web site.) So it's nice when I can use my browser to view pages...if the network allows.

Re:What about the other half?

[SatanicPuppy]

The first school I went to was a joke. Terrible network policies, crappy equipment, mediocre connections in the dorms. The systems were weak and poorly secured...The servers were hilarious; you could take 'em down with any resource-hogging program, just as a lark. The admins were clueless and therefore rigid and authoritarian.

The next school I went to was the exact opposite: huge network, sexy unix mainframes, fibre to the dorms, effectively unlimited bandwidth. I still managed to crash a mainframe every now and then, but it took a lot more work (stupidity), and it always got a response from the admins...Not a bad response either; I got access to the code-test mainframes my freshman year. A quick and easy approval for a privilege I didn't even know existed, and one which they were not required to offer me. The admins were well paid; they were there to support the student systems and to support the research labs from which the grant money flowed like wine.

I always try to be more like the latter than the former. You should always try and help well-intentioned people whenever possible, especially when they're working toward a goal that you're supposed to support. But there is a limit.

Re:What about the other half?

[hobo+sapiens]

Have you ever used IETab? It's a Firefox extension that brings up pages in a tab that uses IE. Our intranet is such that many sites that I have to use require IE6 but I use Firefox for most dev work. Most of the time, that extension gets me in just fine. Don't remember which user-agent string it supplies, though, but you might find it helpful if you don't already have it.

Re:What about the other half?

[Sylver+Dragon]

I think most techs, and even admins are going to fall into the, "as long as it doesn't break anything, I don't really care." camp. As an admin, I couldn't care less which browser people use. We do have a few in house applications which are IE only, but as long as people are willing to deal with their own browser issues, if they want to use Firefox, Safari, Lynx, go for it. Just don't bug me when your browser of choice doesn't display correctly. Mind you, I work for a small research group at a University; so, YMMV.

On the other side of the coin, I do understand why IT departments can be heavy handed about the software on client systems. It's tough to support $diety knows what on a system that has a million different applications installed. While it's simple to tell people that we won't support anything which is not on the "approved" list, it's much harder in practice to tell someone that they have lost all of their data to a bug in a program that helps them in their work. As an example of this, part of my mission is to support certain masters level students and their computers. I had one poor lady who's entire master's thesis was nearly lost because of a third party application which helps with adding and managing endnotes. The official answer would have been, "we don't support that, sorry." But it takes a certain level of heartlessness to actually say that to someone. So, I spent a few hours figuring out how to get the document back out of the program.

And none of this considers the poor bastards who have to deal with HIPPA and/or Sarbanes-Oxley. With the security requirements mandated by both of those, I can kinda understand the BOFH approach and using mafia style tactics to enforce desktop policy. There are just some environments where security is a must, and the IT guys suddenly have to be the bad guys about it. Again, by way of example, my last job was setting up systems for physical security and access control systems. A guard level login to the system presented the user with a blank desktop, no taskbar, and a small application with a couple buttons on it to launch the required applications. Beyond that, they had nothing. The Start Menu was disabled, right clicking on the desktop was disabled, sticky keys and other accessibility options were disabled, autorun was disabled, the BIOS had a password, the system would only boot to the primary drive, etc. There was also the expectation that the system itself was going to be locked up to prevent physical access. It worked pretty well for what it was meant to do, which was prevent a bored guard from installing something at 3am.

Re:What about the other half?

[adrenalinekick]

You're assuming that the functionality required is included in the functionality set of the authorized software.

In my experience that rarely happens.

I for one, along with the majority of my coworkers in my specific business area, would find a massive productivity slowdown without or so-called 'power-tools' which are all unauthorized. Tabs and plugins in firefox, shell access with putty (this functionality plain out doesn't EXIST in authorized software, yet my job requires me to be able to use ssh), a notepad replacement (are you serious, you want me to use notepad? come on now), GIMP (Paint? Ya, sure, that will work just fine...ha), WinSCP, a Print-to-PDF driver, and the list goes on.

Can't be bothered to learn something new? Hardly. I don't care if you learn every pixel of the notepad interface, it is still not going to be a very good program for text editing. MS Paint sucks, and many companies don't provide the pricey Photoshop as an option, yet still want the colorful marketing pictures. Blame the IT department, or blame procurement if you want. I don't care who is to blame, the end result is that there is functionality that I need to accomplish my job within the time constraints expected of me which does not exist within the authorized software catalog. So I largely turn to OSS to avoid licensing issues.

Besides... most of the alternative software I use is because MS provides free junk software which the IT department expects you to use like a good little soldier.

Re:What about the other half?

[djdavetrouble]

I don't think it is fair to make such a broad generalization.
It depends on the person. I have had plenty of very technical people
in non technical positions. It is the halfway ones that give me a problem.
Someone that is savvy will already know how to gain
administrative rights on a Mac Laptop, and won't have to ask. The truly savvy ones
almost never call for support unless a piece of hardware has failed.

Tales from the trenches:
I was working desktop for an advertising agency around the time that p2p was
becoming VERY popular (edonkey, kazaa, etc). Each summer we would get a new
batch of college interns. You could bet on 2 things, the girls were cute, and the
boys would barely even pause to call their moms before installing their favorite
p2p platform.

At my next company we discovered a guy running around after 6 pm starting edonkey
on every computer in his department.

It wasn't long before hair trigger p2p client detection was installed.

Re:What about the other half?

[SatanicPuppy]

Don't get me started. Bunch of damn photographers didn't want to have to keep plugging their laptops in. We set up wireless for all the salespeople, but the photo people were too far away to get it (and didn't have the budget clout to get the corporate-mandated cisco hardware), so they try to set up their own without telling anyone.

First thing I know of it, I come in and see that there is another DHCP server on my network, and that it's running a 192 subnet, AND that there are damn 15 users...The router was sitting on a window ledge and the people at the coffee shop three doors down were logging on to it because the bandwidth was better.

To say I lost my shit would be an understatement. I'd locked down all the "public" ports, so someone couldn't just sneak into the building and plug something in in a conference room, but I hadn't locked them all down because it was too much of a p.i.t.a. After that I had to, and register every MAC address, which pisses people off of course, because it adds a big headache for everyone who brings a laptop into the building and just needs internet access, but if you can't trust people to obey the rules...

I tout it as a proactive security measure, but it's really just another headache with little benefit. I tried setting up an internet only subnet for all the ports that people only used occasionally, but it was more trouble than it was worth.

Re:What about the other half?

[gmack]

You can thank some of the "power users" I've cleaned up after for some of the more restrictive IT policies. Most of my customers go from trusting all of their users to trusting none of them and demanding I lock down all machines. Why? Because (and it's usually the younger crowd) go nuts installing all of their own crap.

They call me demanding to know why the internet is so slow and I find Limewire running on three PCs and now theres no b/w left for anything else.

Why is the PC throwing up so many ad windows? Could it be that button bar they thought was cool was actually spyware?

The best was the office that called me complaining "outlook is broken" Only for me to discover a 1 GIG game install file in the outgoing mail folder that was causing the whole thing to freeze while it processed the file.

And then worse yet... if I ask them if they did anything lately they outright LIE to me until I spend the time needed to find out and show them exactly what they told me they didn't do. At least the older crowd is likely to be more honest and a lot less likely to intentionally install something.

Re:What about the other half?

[Ritchie70]

I agree completely. Corporate IT is a roadblock, not an enabler.

Here's an example. The "software download" area has WinZip 8. Some more modern version of WinZip has a new compression method, but we still have 8.

One of our business partners sent a report compressed with a more modern WinZip.

I finally downloaded the latest WinZip demo version, unzipped the file, then uninstalled it and reinstalled WinZip 8.

I then contacted our corporate IT about getting an updated version out there. The bottom line appeared to be that, as a practical matter, it is impossible for me to make that happen. There was some noise about buying the new software (through the proper software buying channel, of course) and submitting it for certification by corporate IT.

Yeah right. I'm not doing that, it isn't my job. Assholes.

Also...

[Mickyfin613]

They are more likely to play on your lawn. Make sure you yell at them from your front window. Damn kids.

I'm surprised how high the risk is anyway

[Chrisq]

only 25% of pre-1980 employees install rogue software on corporate PCs compared to 46% post 1980. If that happened in the bank I worked for there would be hell to pay!

Re:I'm surprised how high the risk is anyway

[revlayle]

can you pay hell via a wire transfer?

Re:I'm surprised how high the risk is anyway

[Naosuke]

Of course you can, their routing number is 666, but you still run into the problem of getting the account number of whoever you are sending the money to. Also the dollar is incredibly weak against souls right now, so it's pretty expensive.

Re:I'm surprised how high the risk is anyway

[trolltalk.com]

If that happened in the bank I worked for there would be hell to pay!

I guess you didn't get the memo - The fed is now bailing out the banks, no matter how much bad shit they did. Just ask Bear Sterns.

Contradiction?

[eggman9713]

They pose a greater risk because of unauthorized software, yet they are more security aware. Am I missing something that would otherwise make this sensical?

Re:Contradiction?

[Kozar_The_Malignant]

They are more aware. They just don't give a shit. :-)

Funny that

[damburger]

Most people born after 1980 are treated like shit in the IT industry. You are taken on for pitiful wages with vague promises of future riches, squeezed for every bit of knowledge you have, then booted out when the project(s) you are working on are finished. So it is hardly surprising that people treated so shabbily don't have a particular commitment to their workplace.

Most of the highly technical and well paid jobs (system admins and the like) seem to be already taken by well established old folk, and nobody is really interested in training anybody for when they retire. Managers take IT systems completely for granted, consider IT professionals to be lowly peons, and are in for a nasty shock when the handful of people keeping their systems running leave.

Re:Funny that

[pastpolls]

You sound bitter that you have to start at the bottom like everyone else. Then again, maybe that is the problem some of us have with your generation.

Re:Funny that

[damburger]

Fine, fine, I'll get off your lawn.

The myth that young people are spoilt and have an undue sense of entitlement is starting to wear a bit fucking thin though. In what way do we have more than previous generations? Tax burdens have been moved down to lower incomes in the UK, and I believe this is also the case in the US. Public services have been gutted by privatisation. Yet because we can buy iPods these days apparently we are spoilt. Fuck you. I'd rather be able to find an NHS dentist and get free higher education than have an mp3 player. Of course, now all you old fucks have no more need of public education and have fat wage packets to pay for private healthcare, you want such things scrapped so you don't have to pay for them. That is called 'kicking away the ladder'. Then you have the fucking nerve to complain about an undue sense of entitlement in the younger generation. You simply don't want to pay now for the things you were given to help you out when you were young.

Yeah, I'm bitter. I was treated like crap and told to suck it up and that I was spoilt by a generation that had it a fuck load easier than I did. That is why I turned my back on the entire industry, although I don't hold out much chance of getting away from selfish middle-aged wankers any time soon.

Re:Funny that

[Compholio]

Sounded to me like he was pissed that there was no chance for promotion since young people get let go when their project is complete. That's not "starting at the bottom", that's "temporary slave".

Re:Funny that

[damburger]

No, its selling these things off to make a profit for the already rich. We can afford them, contrary to the propaganda that you have clearly bought into hook line and sinker - its simply that the rich would rather have the money required for themselves and let us suffer. Stop reading the Daily Mail and pay attention to reality.

Re:Funny that

[3waygeek]

Most people born after 1980 are treated like shit in the IT industry. So are most people born before 1980.

Re:Funny that

[damburger]

I'm in a different country - try to keep up grandad. I have £15,000 of debt that someone graduating even 10 years ago would not have (they would've received a grant rather than a loan). I cannot find an NHS dentist, whilst 10 years ago it was fairly easy. People in my country have less these days, yet we are told the young are spoilt. From the Americans I know the story there isn't quite the same, but it is similar - it was easier in the past to get off the bottom rung, and now the people who have done that are gleefully demanding it be made harder in order for themselves to pay less tax.

And you wonder why young people don't give a shit about your workplaces.

Re:Funny that

[fredrated]

I went to UC Berkeley in the 60's: $100 a quarter books not included.
It is considerably more today, a shame of the baby boom generation.

Re:Funny that

[SatanicPuppy]

One of my first jobs out of college was being hired into a situation where they had downsized everyone who had 10+ years of experience and replaced them all with kids straight out of college. You can imagine how the managers and supervisors, all of whose friends we were replacing, treated us.

It definitely goes both ways. Sucks for him that he took it in the ass, but it happens. I remember showing up for work during the dot bomb and finding the doors chained shut. Yee haw. Had my 20 months of "freelancing" (e.g. scrabbling for consulting gigs and contract work in an economy saturated with out of work professionals). Tons of fun.

Now I'm in my 30's and am probably one of the "middle aged" bastards he was talking about since he's a gen y kid and "middle age" can usually be calculated by adding 10 years to your current age. I remember being a know-it-all kid, and thinking I was better than people who'd worked their way up. Sometimes I was, but that doesn't change the fact that not everyone gets to start at the top.

Re:Funny that

[damburger]

Same old shit. "You are new, just accept your shitty pay and conditions and one day you will get the good job". I heard that before, and actually believed it for a few years. Then I saw the lack of progress me and all those around me were actually making. What you are saying is bullshit.

It isn't about greed, it is about respect and being paid your due. The amount you are paid for applying your knowledge has less to do with the quality of your knowledge than how long you have been with the company - and young people are rarely with a company for long because we are treated as disposable tools. In such an environment where what you produce is compensated for by a pittance just because you are young, there is no incentive to work hard. There is a significant incentive to run off half-arsed work, spend the rest of the time playing with your gadgets, and bullshit your supervisor with technical jargon - so after 4-5 years being bounced around the industry that is what I did. Doing so made me feel slightly better about my shit jobs, and made no difference to the rate at which I was turned over.

But like I said, I'm out now. I'm going into physics and hopefully a job where I can actually be respected for what I know.

Re:Funny that

You have an anger problem. That's why no one respects you. Or maybe it's your inability to defend a point of view without using foul language. Or possibly your lack of a sence of empathy. In any case, you are your problem; your age is not. I work in IT with several younger people (and am one myself) who get treated just fine. It's all due to the magic of "not being a whiny asshole who blames everyone else for his own problems". You know, like the stereotype.

PS: Being a whiny physics asshole is even worse than being the jerk in IT that everyone hates. Congratulations on your step down.

Re:Funny that

[postbigbang]

I'll say that there are some organizations that are bereft of basic civility, including basic respect and cogent compensation. And I've seen a ton of impatient, fed-on-a-platter screw-offs. It's your job to deeply research an organization's ability to satisfy your goals. If they don't, get out of there. In the meantime, there's no such thing as a free lunch. Work hard because it's the right thing to do. If you can't get respect for it, move on. Apparently you did. Good for you. Don't expect technical excellence, rather, US business holds executive, then shareholder compensation first, all others can eat the rest of the crumbs.

Re:Funny that

[IRGlover]

What about people, like me, born IN 1980. Should I maintain a chip on my shoulder or a smug sense of my own superiority? Should I install unauthorised software or not? AAARGH! The duality is tearing me apart...

Re:Funny that

[damburger]

Research won't help, because it isn't like there is a surplus of jobs. There is a consensus amongst the few employers hiring that young, qualified IT people should be treated like cattle. Yes, I got out, but I'm still pissed off that I wasted years of my life in an industry that frankly didn't deserve what I was putting into it.

Don't expect technical excellence, rather, US business holds executive, then shareholder compensation first, all others can eat the rest of the crumbs.

I'm hoping to go into research where hopefully scientific results matter more than what looks like it might make some money. I know its a longshot, but there is little else I can do given the circumstances.

Re:Funny that

[mpiktas]

You have an anger problem. That's why no one respects you. Or maybe it's your inability to defend a point of view without using foul language. Oh come on, I respect him. Natural pure anger at current situation. I sure can relate a lot. Ocasional fuck just makes more interesting reading :)

Re:Funny that

[DM9290]

Fine, fine, I'll get off your lawn.

The myth that young people are spoilt and have an undue sense of entitlement is starting to wear a bit fucking thin though. In what way do we have more than previous generations? Tax burdens have been moved down to lower incomes in the UK, and I believe this is also the case in the US. Public services have been gutted by privatisation. Yet because we can buy iPods these days apparently we are spoilt. Fuck you. I'd rather be able to find an NHS dentist and get free higher education than have an mp3 player. Of course, now all you old fucks have no more need of public education and have fat wage packets to pay for private healthcare, you want such things scrapped so you don't have to pay for them. That is called 'kicking away the ladder'. Then you have the fucking nerve to complain about an undue sense of entitlement in the younger generation. You simply don't want to pay now for the things you were given to help you out when you were young.

You are confused son. Its a class struggle, not an age struggle. Stop attacking people on the basis of age; you're just making yourself into a useless annoyance to everyone and not accomplishing anything at all. You are also advertising the fact that you are basically an ignorant thug.

Just because you see someone criticizing youth as if it were a collective sentience (an absolutely absurd position: they are all individuals with seperate aims and ambitions), that doesn't make your attack against another collective age category meaningful. If all you are good for is to engage in moronic knee jerk reactions, you will continue to be part of the problem going forward, and in 15 years you'll be part of the 'blame kids for everything' crowd. It also explains why no one wants to put you in charge of anything or give you the money you think you deserve because all the "old fucks" have "kicked away" your poor little ladder.

Yeah, I'm bitter. I was treated like crap and told to suck it up and that I was spoilt by a generation that had it a fuck load easier than I did. That is why I turned my back on the entire industry, although I don't hold out much chance of getting away from selfish middle-aged wankers any time soon.

spoken like a true brat.

Re:Funny that

[damburger]

You have my sympathy certainly (although not that much - you still live in a semi-democracy and vote in the fuckers who create such conditions) but the harshness of conditions elsewhere does not justify the baby boomers over here demolishing the social programmes they took advantage of and subjecting our generations to deteriorating conditions.

Re:Funny that

[musides]

  What you are reflecting is interesting: the erosion of social programs by the people who benefited the most from them. In the US, we don't really have social programs in any meaningful way that would make sense to the Social Democracies of Europe, so our young people aren't seeing the same thing. In fact, the closest we get to that is the push to close down public education itself -- so you could say we are on a very different place on the curve of the erosion of social cohesion. :)

  In the US, I think you have to go back around 100 years before you can seriously start talking about a generation that has had a hard time in life. The boomers, Gen X, and millenials all have had roughly similar experiences in the US. I imagine boomers in Europe, however, generally had extremely difficult circumstances: whether a firebombed London or a pillaged France, it isn't exactly conducive to an upbringing of opportunities. Our millenials, on the whole, are considered spoiled simply because they are pretty far removed, from a historical perspective, of knowing hardship.

  It is good you have a chip on your shoulder, and all that, but part of your attitude is misguided. This notion about how you shouldn't give a shit about where you work needs a change. In other words, you need to start your own business, live off the grid, or find a job where you *do* give a shit. Any other solution, and you just end up being a loser. And this nonsense about your student debt: please, no it is time for you to keep up. My wife and I have twice that much debt, and that is from graduating *12* years ago. Yes, that means 12 years of payments, and we have a long, long way to go.

Re:Funny that

[lysse]

I was treated like crap and told to suck it up and that I was spoilt by a generation that had it a fuck load easier than I did.

Yes, you were. The baby boomers. Us gen-X-ers watched them take over everything on the grounds that youth and social position should not be discriminated against, cement themselves so firmly into positions of power that nothing can dislodge them, and then kick away the ladders they found so useful on the grounds that age and achievement should not be discriminated against. You lot are the second generation they've shat on - they practised on us, and we were so stunned by the sight of our future being flushed down the toilet that we let them get really good at it. Sorry about that... on the other hand, you guys have at least grown up without the memory of hope.

Re:Funny that

[PotatoFarmer]

But like I said, I'm out now. I'm going into physics and hopefully a job where I can actually be respected for what I know.

You're going to love being a research assistant.

Re:Funny that

[Eli+Gottlieb]

You are confused son. Its a class struggle, not an age struggle. Stop attacking people on the basis of age; you're just making yourself into a useless annoyance to everyone and not accomplishing anything at all. You are also advertising the fact that you are basically an ignorant thug. I think damburger's anger is pretty damn stupid, but please read this.

Re:Funny that

[FishWithAHammer]

Oh come on, I respect him. Natural pure anger at current situation. I sure can relate a lot. Ocasional fuck just makes more interesting reading :)

Agreed. He's right, too.

Re:Funny that

[Gideon+Fubar]

Ya know, i always considered state-sponsored healthcare and education to be a really good idea for a country, in the same way that personal hygiene and regular exercise are good for humans.

If a country's strength is measured by the capability of it's populace, then it's in the country's own best interest to keep it's citizens well educated and healthy. Unless, of course, they're looking to run it in to the ground, kill it off and start over.. not, mind you, that i'm suggesting that anyone thinks that's a good idea. I really don't understand addressing this in immediate fiscal terms though, because the long term benefits to everyone (yes, even rich people) vastly outweigh the immediate cost.

Two Cents

[Ethanol-fueled]

disclaimer: I am a "millenial", whatever the hell that means ;)

From the second slide: It's irritatingly true that many millenials can't pry themselves from their damn phones. Nobody should allow their phones to ring in class or during a date -- unless they're dope dealers, pimps, doctors, or on-call IT staff. That's why I prefer the company of mature women: they say a lot less, but what they say actually counts!

From the fourth slide: Not at all surprised to see that 59 % of "millenial" workers think they can install whatever they want, given that more of them are spoiled gimme-gimmes...but to be fair, I'll bet that older people are far more adept at trashing their home computers than millenials are at trashing any computer. How many times have you all had to reinstall your grandpappy's mangled, crapware-infested OS(which shall remain nameless...*wink*)?

From the tenth slide: how does better access to technology improve work/life balance? Does it enable workaholics to work from home during their offtime? Does it enable employees to feel "home" while fuckin' off on Myspace at work? I doubt that a significant percentage of those sampled were full-time telecommuters who truly felt a better work-life balance(read: they weren't "encouraged" to put in mass overtime just because they worked from home).

Re:Two Cents

[MobyDisk]

How many times have you all had to reinstall your grandpappy's mangled, crapware-infested OS(which shall remain nameless...*wink*)? Never. But I've reinstalled my younger brother's computers so many times I can't count it. And doing house calls, it is always the teenage son who downloads questionable applications and trashes the PC. Or the teenage daughter's free music downloading program that does it. But grandma and grandpa's computer still runs whatever version of Office it came with the day they bought it, Pplus the latest Quicken: without flaw.

Security aware?

[morgan_greywolf]

On the upside, the Millenials are more security aware than their older co-workers." Security aware? Security aware, my ass. Half of these kids think it's okay to deploy their own, separate Internet proxy -- running on a desktop PC running Windows Server with no security patches and running M$ Proxy Server -- with an open wireless access point running on it. And then, not tell anyone about it!

Pffft.

No, I'm not making this up. This really happened one place I worked.

Not much to this story

[comet63]

Looks like the title is overblown. The younger works do slightly more risky things than the older workers. However, the older workers (Gen X in this case) still do all the same things, just a little less often. None of the numbers suggest a big change in risk. A lot of the risk factors being described just go from numbers like 47% to 51%. Hardly anything dramatic.
If you want to secure your network, you need to address all the risks that are out there. Adding a little more risky behavior does not really make for any real changes is the risks to the network. Networks are always at risk from the weakest link. A 60 year old employee who happens to do something risky is just as bad for the network as a 20 year old.

There are really two sides to this coin

[jandrese]

On one side letting some random person install any old IRC client is just asking for the office machine to be owned eventually. On the other hand, I hate the idea of being a no good outlaw just because I want to use vim instead of notepad for text editing.

Ug. Terrible article.

[SatanicPuppy]

First off: Worst article ever. Not just one paragraph per page...1 statistic per page? Jesus. Content to page ratio is like .001:11. And what content there is is vapid and uninteresting.

If you're an admin tasked with security, you have to assume all users are evil, so the question should be more along the lines of, "What is the problem with your process that you are allowing these users to install unapproved software?" Symantec obviously has a big stake in convincing people that they need better security (assuming that this will drive business for their crappy products), but the simple truth is that these sorts of problems shouldn't BE problems in an adequately secured network...Even your basic windows AD setup on XP is capable of restricting software installs and such.

If you're a big believer in allowing users to install whatever crap that they think they need to do their jobs, then you'll need to invest in some solid networking gear because you're inevitably going to have more problems. Otherwise, just lock it down, set up an approval process, and be prepared to deal with a zillion complaints from people who think they're experts because they did their own myspace page.

Re:Ug. Terrible article.

[Ethanol-fueled]

The "article" was more like a Powerpoint presentation for retards. You're right, any sane security-minded company would lock their systems down. This usually isn't about approval of certain CAD or automated test software, it's about the damn internet and the gimme-gimmes wanting their fix because they can't go 8 hours without looking at some blinkenlights. Most companies I've seen are either totally locked down or totally open. A good compromise would be for a company to set up a common terminal(with internet access but preventing anything from being installed) in the break room with a 2-minute max for each person. It'd be trivial to set up, even by an MSCE ;)

And old People...

[boris111]

give their passwords on the phone to whoever asks. I've seen it happen. Security is an issue that effects us all. Shouldn't single out the young people on this one.

Re:And old People...

[mcmonkey]

sometimes one has to depend on others' passwords(with the other's consent, of course) to get stuff done

Oh no no no. I can't image a situation where someone else would have some legitimate business reason for knowing my password. Further more, I cannot imagine a situation where I'd want to know someone else's password. That's all I need, "Did ya hear? Bob got called in to the big boss's office this morning--something about 'questionable content' on one of the servers. Rumor is Bob claims someone else had access to his account."

I have some unauthorized software on my computer. Some I really can't do my job without--Oracle client and SQL-Plus. Some are just nice to have--EditPadPro, for example. (Corporate policy was obviously written for business users, not IT or IS.)

But passwords and access are entirely different story. If you don't have the credentials needed to do the job and someone is suggesting by-passing network security, it's time to suggest a meeting with that person, yourself, and that person's boss to get a clear understanding of why the situation requires a disregard for the company's security policy and all the common sense rules of network security.

Now if you don't have the required access because you didn't contact the system/application owner or follow whatever procedure is in place to request access, I suggest you bite the bullet and take the blame. I'm sure whatever consequences follow will not be as bad as if you get caught breaking into someone else's account. (An account on a company system belongs to the company. If anyone in your IT department has any sense, there's a policy against sharing accounts and passwords such that an individual employee is not at liberty to share account information. Just because someone gives you their password does not mean you are authorized by the company to use their account.)

Fair Trade

[multisync]

On the upside, the Millenials are more security aware than their older co-workers

They're also less likely to call IT with problems like "I'm trying to make an Internet on my desktop but I can't get the file to program."

Breaking News:

[jockeys]

This just in... young people are more likely to use iPods and PDAs than old people. Film at 11.

And this is why. . .

[smooth+wombat]

those who manage the networks and PCs get ticked off and impose what seem like draconian rules about installing software and locking people down. All that extra cruft takes its toll on network performance and consumes resources.

If you need a piece of software, yes, we will install it for you. You do not need the Gmail notifier constantly popping up and telling you you have new mail or checking for updates. Nor do you need to have Quicktime continually checking for updates. You most certainly do not need any kind of P2P software installed.

While it's nice these "new" people are more comfortable with technology, the downside is the proverbial, "Just enough knowledge to be dangerous".

Unauthorized software

[wile_e_wonka]

What exactly does "unauthorized software" mean?

My company doesn't give me administrator privilages, but has IE 5.5 installed. They haven't told me exactly what I can or can't do with my computer (except "you can browse the web in your down-time, but don't look at porn"), but I don't think the people that immediately oversee me know enough about computers to understand installing programs and stuff (really, it's pretty amazing--they don't even know that IE 5.5 is different at all from whatever they use at home).

The computer won't let my upgrade IE, so I installed Opera and Firefox. Is this "unauthorized software"?

Now, let's go a step more complicated.

They said I can browse the web in my downtime, right. So I figured I can also download and view MIT physics lectures (yes, Walter Lewin). My computer doesn't have proper codecs to view these videos. So I had to install codecs, but the computer is very resistant to that--it took a lot of trial and error to find a codec that would install and also play the videos.

Did the larger amount of work to avoid the problems associated with a lack of administrator privileges make this "unauthorized"?

I've also tweaked the registry (this is Windows 2000) because there were several programs starting with the computer that I have no use for. "Unauthorized"?

Re:Unauthorized software

[SatanicPuppy]

Yea, the government. 'Nuff said.

Restricting browsers and stuff is amateur hour. I'll let anyone install pretty much any professional-grade software they can convince someone to pay for. I'm OSS friendly, but I'd prefer a heads up, or at least I'd prefer to know that the guy installing the software gets a good binary and checks the hash.

I restrict all my subnets pretty tightly, so I'm not worried about a lot of stuff leaking out if someone installs something bad. We don't really have problems with email viruses. I lock down the network mainly for convenience; most business environments only need a handful of ports available to the outside, and even fewer inbound.

Security aware?

[Oligonicella]

"...namely that younger workers will use your corporate network to run most any device, technology or social networking software they can get their hands on. Dubbed "Millenials," these workers born after 1980 are nearly twice as likely to use cell phones and PDAs at work, and half admit to installing unauthorized software on their employer's computers. On the upside, the Millenials are more security aware than their older co-workers."

Um, no. That they install unverified social software on corporate machines and socialize at work means they are not more security aware. Social access is the number one security breach method.

I'm in my mid-20's

[failedlogic]

I'm in my mid-20's so I think I would fit into this "generation" gap and want to comment on this. And no, I'm not at work presently to post this, in case the inescapable irony strikes some readers.

I know some of my peers feel that simply having access to the Internet means they can use it during the workday either to take a break during the work period, not work at all or use the Internet on breaks. My friends don't do this but I have had co-workers who have and were generally disciplined and eventually fired for not doing their assigned work.

Personally, I feel that I have an obligation to my employer: 1) to do the tasks I am assigned and 2) to protect the information on their networks. I avoid using the Net at work for non-work tasks and social networks for these reasons.

Age, not generation

[khendron]

This article appears to be taking a stupid slant on the statistics that have been gathered. It keeps harping about the "Millenials" (people born after 1980) when really it should say "people in their 20s". My issue is that 20 years from now, the Millenials will be in their 40s, but it will still be the people in their 20s who are the greater risk. The Millenials are not a generation of risk takers, they are currently at the risk taking age.

When I was in my 20s, I was much more risk prone than I am now (in my 40s). Back then I considered it my *right* to be able to install whatever I wanted on a computer, and would be unconditionally annoyed and offended if it was not allowed. Today I am more aware that there are reasons for most restrictions. Yes, some restrictions don't make sense, but a very many do.

This type of thinking was in more aspects of life than just computers. Back in my 20s, I would say that I drove less cautiously than I do today. I drank more heavily, ate poorly, resented having to wear a bike helmet, jay-walked more often, the list goes on. These are all behaviours that I, and most people, grow out of.

Heh

[Xest]

I'll remember this article next time that me, born in 1982 has to go round removing all the shareware games like Kyodai that all the middle age helpdesk women have decided to install on their computers because the 40 yr old manager we have thinks they should be free of security restrictions even if it causes such problems and creates security risks for the network.

Or when I'm dealing with silly amounts of calls because one 40+ yr old colleague is stood outside on their mobile phone arranging with their wife who is doing the cooking and the other is browsing holiday sites deciding where to go on holiday next.

Articles like this are stupid, they're a generalisation and where I work it couldn't be further from the truth. 3 out of 4 of our 1980s+ born workers and 1 out of 12 of our pre 1980s born workers make up our best 4 workers, that's completely out of line with the articles findings and whilst I realise you always get anomalies from statistical samples you should also not try and dress up this kind of bullshit as general fact.

In fact look at TFA, as hard as that is when it insists on jumping to the next stat before you've had chance to check the page properly I don't notice any information how solid a test base they used.

For all I know this could be put together by some disgruntled middle aged worker who actually sucks bad at his job but like many would rather blame someone else and so decided to blame the younger generation for taking his work.

Anyone know how reasonable a test base was used for this study? As it stands I could equally put together a made up study claiming older people are more likely to steal from the work place and pass it off as being fact.

Worst of all, they're 32% more likely...

[dpbsmith]

...to use ten animated web pages to display data that could have been presented better in ten lines of text using old-fashioned print media.

Fuck their networks....

[Simonetta]

I'm not a 'milleniumial', I was born in the first half of the 20th century. When I work for a company, they want two things: productivity and security. Security means that I'm not going to harm the company physical property and co-workers. Productivity means that I produce more of what they sell than it costs them to pay me.

    Two paracitical factors inhibit this arrangement: the IT department and the human resources (legal) department. The cousin ITs believe that they can build a framework according to their training that will make us all be more productive. The HR believe the same with a different framework. But since neither of them are engaged in the primary productive activity that makes the enterprise profitable, the inevitably screw it up. In a million little and not so little ways. So we fight back.

    Case in point, in the USA the politicians and insurance companies have fucked-up the health care industry to the point where most employers will not hire people in order to avoid providing health insurance. They hire people on 'contracts' creating a class of permanent temporary workers. This is especially common in the electronics industry. We work some place for six months, then work another place for six months, etc... If we get sick, we point a gun at the head of some supermarket manager and have him give us the cash in the safe. It's the new American way, it will happen to you, so don't judge me for what I must do. I don't want to hurt anyone.

    Anyway, we bring our own tools to new jobs. Our software programs that we customize and modify that will maximize our productivity. Tools like text editors, spreadsheet macros, graphics and CAD design programs. I'm going to spend forty hours learning CADbozoCAD when most of the industry uses BozoCAD, just because your company got it a 10% discount? Fuck that!

    I'm going to put BozoCAD my computer that I work with. I'm going to create works and convert the results into standard formats. I'm going to ignore as much as possible any previous work done in any non-industry standard format. Is there a risk to your company network and even maybe the BSA Microsoft thugs? Possibly, but...I...don't...give...a...fuck. If you hire us and provide health insurance like all companies do in the rest of the civilized world, then I ( and the millions like me in this situation) would be more sensitive to these concerns. It's one of the unforseen issues that results from using perma-temps as your workforce.

  Most production managers realize this and accept it. Most cousin ITs and dumb-as-shit Human Resources people don't. Because it doesn't fit into the frameworks that they built. But my paycheck depends on the companie's bottom line and as a production worker, I create that.

    So it is a constant three-way battle between the cousin ITs (the information technology department of the company who maintain the company network),the perma-temps, and the HR lawyers. They ALWAYs believe that by firing us, they maintain control and security. But they don't provide the product that keeps the company in business. Their departments are not profit centers for the company.

    So the game just goes around and around. This is why I have come to hate the IT department in any company. HR people are too stupid to be concerned with, and lawyers aren't human so don't waste emotional cycles on them.

Re:Fuck their networks....

[v3lut]

Why do people in this country feel so obligated to work for companies that treat them like crap?

Somewhere along the line here is some element of choice, and it's an element that people have somehow been taught that they don't really have anymore. "It's the best job I can get" or "that's how this industry works."

I don't accept that, and I don't think anyone else should. Once you're working at a certain level, probably just above the poverty line, you make a choice what you're going to do to earn money, and who you're going to work for. We all make these choices based on supporting the kind of lifestyle we want. If your entire industry works this way, and you hate it so badly, you should work in ways that don't make you miserable. That might mean adjusting your lifestyle. But seriously, find something that makes you happy and do it. Don't spend your life working for people that treat you like crap. I won't, even if it means living in a tent. I'm not for sale.

Re:Fuck their networks....

[King_TJ]

I don't really find the parent post all that "insightful". It may, indeed, be his previous experiences with employment - but it doesn't speak for everyone.

I've worked in computer support AND in a management capacity with I.T. for several smaller companies, and things never really played out like his description claims.

In fact, I can't remember working in an environment where an employee flat-out wasn't allowed to install a piece of software that he/she found aided him/her in doing their job. If you want to use "BozoCAD" and the company officially has "CoolCAD" installed everywhere, ok. A little COMMUNICATION with people in I.T. would get you approved to load a copy of BozoCAD on your PC. (It's cheaper to have you use a product you're efficient using than to waste company time and money training you on an alternative.)

The only problem comes about when someone just assumes they know better than anyone else what should be on their PC, and they take it upon themselves to install and use unofficial software without informing anyone.

And to be totally honest, *I* have always taken the stance of "If I'm familiar with the software I find out you've installed on your own, and I'm fairly confident it's not harmful to the network, I'll opt to leave it alone." This might bend the "letter of the law" a little bit with H.R. people and their policy handbooks .... but we all know they're like lawyers. They write policies to cover ALL possible scenarios, just in case they need to enforce something. They're not even smart enough about matters like I.T. to KNOW you're in violation, if someone in I.T. doesn't take the issue to them and ASK for enforcement.

I think the original point of this whole Slashdot article was more about younger employees insisting on installing "entertainment" type software, though ... social networking and chat apps, etc. If you want a chat client on your company PC, you should be prepared to justify its existence to management. (I've worked with software developers who really did use IRC clients and IM because they needed to bounce problems and potential solutions off of other like-minded people over the Internet. But if you just want to talk to your girlfriend while you work, hey --- too bad, so sad.)

Re:Fuck their networks....

[Linux_ho]

But my paycheck depends on the companie's bottom line and as a production worker, I create that.

When you're not reading Slashdot, that is...

Re:Fuck their networks....

[dissy]

Security means that I'm not going to harm the company physical property and co-workers. Productivity means that I produce more of what they sell than it costs them to pay me I just wanted to point out one detail.
Security is not limited to their physical property. Security includes their digital assets as well.

As an example, if your company makes widget, and the staff uses computers to design said widget, to send those designs to the part of the company (or another company) who actually builds said widget, then the designs for that widget are digital assets, and are no doubt quite valuable to them.

If I as a hacker, working for another company, or even for myself, got access to your company computers and copied those designs, I could then either give them to my company to give them an advantage over yours, or if working alone, I could offer to sell them to every company that competes with yours, giving them all a leg up on your company, plus making a tidy profit for myself.

While I agree that a lot of times the things put in place by IT to stop this are poor, i'm sure they would feel you do not have the right to do things that would aid me in copying those designs. To some IT departments, this includes you installing software on their computers. The fact they may be wrong is still not your task to covet and single handedly choose for them. If you think their methods are wrong, try telling them why, and suggesting a more correct approach. If they still choose to go about it wrong, then let them (and look for another job, since that company most likely wont be in business long, thus needing you.)

You may disagree with their policy, and may even be perfectly right in your reasons for it, but the fact remains it is still their hardware, their network, and their digital assets, not yours.

Taking your attitude is akin to me visiting you, sitting at your computer, deciding that the way you set it up is 'wrong', and changing that against your will.

You have every right to make wrong choices with your own property. So does the company you work for.

And if you really honestly believe it is perfectly ok for someone (you) to come in and tell someone else (the company) what they can and can not do with their own property, well, by that exact logic, you have no right to complain still, because someone (me) has by your own argument the right to come in and tell someone else (you) what YOU can and cant do with your own computer. Thusly, I say you arn't allowed to reply and complain, and thankfully, you would agree ;}

Re:Fuck their networks....

[Kamel+Jockey]

I'm going to spend forty hours learning CADbozoCAD when most of the industry uses BozoCAD, just because your company got it a 10% discount?

We had such a maverick at my place of employment. He insisted on using software tools and other items that were not "standard" for our organization. Guess what happened when he decided to leave? We now have someone else having to learn the way that person did things so that we can convert them back to the way we normally do things so that we can get said things done.

Re:Fuck their networks....

[CodeBuster]

I won't, even if it means living in a tent. I'm not for sale. A noble sentiment, but sentiment does not put food on the family table. Not all of us are able to make decisions secure in the knowledge that only we ourselves will suffer the consequences if our decisions turn out to be wrong or even just-sub optimal. Some of us have families and other people who's fortunes depend upon our success. Real life is, unfortunately, rarely as simple as our high minded principles lead us to believe.

Re:Fuck their networks....

[Red+Flayer]

Is there a risk to your company network and even maybe the BSA Microsoft thugs? Possibly, but...I...don't...give...a...fuck.

Which is why I'd never in a million years hire you.

You think that exposing your employer to risk is laughable? You think that the circumstances of your hiring justify you exposing them to risk?

You've agreed to a employment contract, and likely in that contract there is a clause about adherence to corporate policy, and there may even be a specific clause related to use of unauthorized or unlicensed software.

By saying that you don't care, simply because youre not happy with your employment contract, would suggest to me that the best solution is to terminate your employment contract.

In short, there's a time and place for everything, including employment negotiations, and blithely ignoring the risks you bring to your employer is just plain stupid.

It's very simple, really. Add the expected value of the risk you bring to the company to what you produce (note that the expected value will be negative). Realize that you're worth less if you add risk exposure. Reduce risk exposure to help justify a request for permanent employee status. Or, buy your own benefits and deal with it. You agreed to work for what they offered... and now you're doing something that harms the company. Why shouldn't they be upset?

Re:Fuck their networks....

[cgenman]

Not all of us are able to make decisions secure in the knowledge that only we ourselves will suffer the consequences if our decisions turn out to be wrong or even just-sub optimal.

Many families in this country make due with much less financially than we currently make. Would your kids be better off with 10k less per year, if in exchange they got a father that didn't hate his life (and had healthcare)? If you're making 20k per year, probably not. If you're making 60k per year, most people will remember their father's disposition more fondly than the 20% increase in family wealth.

By having a job that you complain about endlessly, you're basically teaching your kids that they too should put up with bad jobs in bad working conditions. That's hardly the message most people want their kids to learn.

Unless you're a factory worker in Michagin, you should have enough financial flexibility to trade a little income for a lot of job satisfaction and self-respect.

Re:Fuck their networks....

[triffid_98]

I can certainly appreciate this position. For the last several years I've traded around $10k in potential income for the ability to come home and spend time with my family instead of playing at being a workaholic.

Unfortunately this is a bad year to be preaching that particular message. My costs went up easily 20% last year, so I'll be looking to convert this potential income into something that spends in the near future.

I'll miss seeing my baby daughter at lunch, but I'll take some consolation in her not having to pole dance to pay for college.

Many families in this country make due with much less financially than we currently make. Would your kids be better off with 10k less per year, if in exchange they got a father that didn't hate his life (and had healthcare)? If you're making 20k per year, probably not. If you're making 60k per year, most people will remember their father's disposition more fondly than the 20% increase in family wealth.

I agree

[Simonetta]

I agree with your position. In an electronics production lab or factory floor it is insane to be tied to the same network as the rest of the company. And it is unreasonable to expect us to follow the same rules for the omnipresent company network.

    Each department or workgroup needs to have a private network so people can load their own WinAmp, personal text editors and productivity-enhancing macros, MP3s, and oscilloscope controllers without having to interact with the rest of the company network.

    But I've found that it is nearly impossible to convince anyone in any IT department of this reality. So it goes.

Re:fuck load easier? was:Re:Funny that

[xtracto]

I will step to put a bit of perspective on this flamefest and tell you something I heard somewhere (unfortunately I can not site but someone here will certainly correct me). The paraphrased quote went something like this:

"The difference between Americans and British is that Americans believe their country is wonderful and is the best one in the world while the reality is that it is terrible. On the other hand, Britons are always bitching about their country without realizing their life is actually pretty good".

I can tell you from my experience in the UK (I've lived in the UK for about 4 years, coming form Mexico) is that you people over here have it really easy. Shit, people can just stop working and the government will pay them money. "spare some change mate?" you see people selling the "big issue" and then they go to cash their check to get beer. That is being poor in this country. Let me tell you, you do not know what the fuck you are talking about.

For people in the UK life is really easy right now. It is, really. You have a hell lot of things which you take for granted. You whine that you can not get a free dentist. Oh shit, but you do not see that in other countries and in other times (even in your country) there is no free NHS even for a freaking Nurse.

So as other people already said, stop whining and go back to fucking work you lazy ass.

I think I see your problem

[keineobachtubersie]

"People in my country have less these days, yet we are told the young are spoilt."

I see why you're having such a hard time understanding this.

You seem to think that "spoilt" = having stuff. If you'd bothered to ask, I suspect many of the people who think you're spoiled think that not because of the amount of stuff you have, but because of the sense of entitlement that is practically dripping off of your posts on the subject.

You see, it's not about the stuff, it's about the attitude that you think you deserve something you haven't yet earned. If your posts are any indication, that may be why people around you think you're spoiled.

Re:I think I see your problem

[damburger]

The previous generation had free education and healthcare paid for, mostly, by older taxpayers. Now they have reached that age, they are grumpily demanding tax cuts. So who the fuck has the sense of entitlement?

Re:It's you, not them

[kesuki]

he chose to blame insurance blah blah... but the fact of the matter is temp agencies ARE becoming massive massive employers for white collar jobs. the early temp agencies were for blue collar jobs, but now it's spread to white collar jobs and, yeah the company usually doesn't hire you because replacing you with another temp instead of hiring you is 'cheaper.'

I have heard of many many places that now use temp agencies almost exclusively. The reason why white collar jobs are going to temp agencies, is because they can staff the positions like lightning and have them ready to be restaffed when the people have been on contract too long, and you get a really good idea of where to put certain people because of the tests the temp agency runs... I know some of this stuff can be done with a normal HR department, but it boils down to cost, temp agencies get the worker to do the same job for less pay, even when the temp agency takes a certain cut of that pay.

Re:It's you, not them

[Azghoul]

It's not just cost. It's skill.

You can't actually hire someone straight out because once you're do, you're basically stuck with them and the lies they put on their resume to get the job.

Contractors who are any good get hired permanent once a company realizes it. And by "good" I don't just mean good technically - gods know there are plenty of assholes who can code pretty well. It's personality and compatibility with other human beings. Note that the great-grandparent ranter who started this fails in those regards. HR (who are also shockingly just trying to make a living) are too stupid to even respect? Buh-bye.

younguns

[Sczi]

I have one of them there younguns on my network (receptionist), and she managed to install random crapware onto a terminal server on 3 separate occasions. I don't know how she does it, because it's locked down fairly tight, but I'm sure it's from myspace or whatever friendster clone the kids are using these days. Anyway, she's off the terminal server and running a local Linux now. Her manager wanted me to lock her down to where she couldn't do anything, but I felt bad for her, since reception isn't such a stellar job to begin with. Plus, she's kind of wild and not too discreet, so I sometimes get to see some boobies on her screen, heh. Good times, good times. I actually covered for her the first two times and just cleaned up her mess as quick as I could, but on the third one, her manager started getting popups saying such and such dll wouldn't load, and the dll supposedly existed in the receptionists home directory. I couldn't do much about that one..

Re:It's you, not them

[pw1972]

I was going to comment on this thread, but you hit the nail on the head. I work for the "evil" fortune 500 large corporation. Same situation. We get a lot of resumes, a few look like they might be a match technically, and then even fewer have the personality to work in a corporate environment. We almost exclusively do try-to-buy contracts here for that reason, usually 6 mos to a year before someone will get hired on full-time. It's a two way street also, sometimes after 6 mos they want to run screaming from here. We've gotten to the point where we are usually willing to sacrifice technical expertise for personality. We can overcome just about any technical obstacle, however the rogue @ssh0le programmer that can't and won't work well with others is virus to the organization, especially considering it takes an act of congress to fire anyone anymore.

Re: Then the Boomer arguement is backwards

[colinnwn]

Maybe... just maybe... you have a point. But if so, the boomer generation should emphatically NOT be saying Gen X and Millenials are lazy self-entitled pansies. Instead Boomers should be saying - We're sorry, we collected more intergenerational economic rents than we should have, and kept doing it for too long. We are the arrogant and greedy generation. Now that we are "rich" on our children, grand children, and great-grand-children's backs, how can we transfer some of that wealth back to later generations and ease your transition into economic sustainability?

My 2 (lessening) cents

[otomo_1001]

Ok, I am 26 and fit into this category.

I am a unix (solaris, aix, linux) systems administrator and my job is being the darth vader of unix land essentially. That being said, yes, I installed unauthorized software on my windows workstation.

The software? Firefox, putty, cygwin, gvim, winscp.

Un-authorized? Sort of, but only if I can't prove it doesn't apply to my job. If your policy doesn't allow people to install tools they know to be useful to their job, your policy is wrong. Now since I am an admin of sorts, i can understand the iron fist reasoning for tracking what is installed and where. But the same reason I need putty is the same reason I as an admin can't sit there and easily judge if user xyz really needs app foo.

A chat client? Yeah, good luck convincing me on that, but installing emacs or gvim to edit files? As long as you ask beforehand why not? Then I know, and more importantly I know who installed app xyz. Isn't IT supposed to be a cooperative venture and not adversarial?

I can't imagine I am alone being my age and with this attitude here. But whatever, flame away.

Re:I think you've proven my point

[Fulcrum+of+Evil]

He's right - you're an ass. If I saw my parents' generation reap the benefits of free education and dentistry, then stop paying for it when they got old, I'd be pissed too. It's not entitlement to expect the same deal the previous generation got. If it is, then the behavior of the boomers is just rapacious, which makes entitlement downright civilized.

Re:I think you've proven my point

[rhendershot]

mod parent up. it's not a troll it's the clearest explanation of the problem with the OP in the thread.

Things change. I don't treat my youngest son exactly the same, nor provide for him exactly the same, as I did his older brothers. Partly because he's different, partly because our environment is different, partly because *I'm* different.

I'm guessing the OP is old enough to vote. Part of the problem then?

Damburger- as to respect. If you require every interaction to prove deserving of respect then you'll forever wander a lost zone where nothing is real. You sense this and you call it cynicism. It is not. It's just simple misanthropy.