Slashdot Mirror
Ask Slashdot: Using Company Laptop For Personal Use
An anonymous reader writes "I'm starting a new job soon, and I will be issued a work laptop. For obvious reasons I cannot name any names, but I can state that I do expect my employer to have tracking software on the laptop, and I expect to not be the administrator on the device. That being said, I am not the kind of person who can just 'not browse the internet.' If I ever have to travel with this laptop, I may want to read an ebook or watch a movie or maybe even play a game. I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it. I can use portable apps off a usb key and browse in private mode. The machine will be encrypted, but I can also make myself my own little encrypted folder or partition perhaps. Are there any other precautions I could or should take?"
I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it.
Is your new job worth it? Not saying you'll automatically lose your job over that, but I can't imagine it'll go over well. Especially as you'd be using your (non-work prepared) laptop for doing work and might inadvertantly put them at risk (the kind of risk they hope to eliminate by issuing you the laptop in the first place).
The simple solution is get yourself a USB / livecd type distro. Don't touch the hard drive.. and if it's encrypted, you shouldn't be putting your company at risk (assuming you don't use the same key for anything else). Personally I'd ask your IT guys if they are ok with this before doing it. Sometimes they can actually be reasonable about this kind of stuff.
The real solution here is to leave your work laptop alone completely and get your own laptop for personal use.
Just get a Tablet/Netbook of your choice and use that for web surfing, personal email, video and music streaming, etc.
Its a far more honest way of going about it, and by shopping around you will find a tablet that fits your needs, and can be slipped into the same carrying case the laptop uses. You may only need a wifi model, but tablets with data plans are not that expensive. You can add encryption to the tablet, if you want.
This gives you the freedom to do as you wish, and you can still move things back and forth between the tablet and the laptop as needed via any number of means when you have a legitimate reason to do so.
If you expect there to be tracking software on the machine out of the gate, then trying to go down the deception road is just a Bad Idea. Key loggers will log what ever you do, and removing them is not likely to go unnoticed. Key loggers things, if properly installed, can even read work you do in a USB thumb-drive based Linux distribution. And depending on how savvy your company's IT department is you may find any attempt to use the laptop in way other than what was intended will trigger alarms. Wiping the drive and restoring it to some back level state amounts to an admission you were doing something you weren't supposed to do. And you may not be given the opportunity to do so, when IT walks in (or accesses it remotely) to do a routine upgrade, and finds all sorts of ebooks and games, etc.
Nope, my advice is to celebrate your first pay check with a gift to yourself of that Tablet or Netbook you've always wanted. This way, you and your employer stay on each other's good side.
Sig Battery depleted. Reverting to safe mode.
I used to watch pr0n on my work laptop a lot until I was caught.
You're kidding right? Don't be an idiot, follow the terms of your employer and get your own damned machine.
Ultimately, it depends on your company policy. Where I work, there is a policy about reasonable personal use of company property, and as long as we stay within those boundaries, we are in no danger of running afoul of our management.
We don't know what the terms or the job are. If you travel a lot with work, having to haul two laptops around may be unreasonable.
Read your company's employee handbook and policies. it's very likely that they allow "limited personal use". Just don't do anything stupid like watching porn or pirating stuff on the thing.
If you have any doubts about running any specific software on it, talk to your boss or call HR. They should know what the company's policies are.
I have a work-issued laptop. I'm allowed to browse the internet on it so long as it's a reasonable amount, and the corporate image came with media players, including a DVD player, so I'm fairly sure I can watch movies/listen to music on it when I travel.
But I never do. I take my own personal laptop with me. It's just a lot more comfortable that way.
In the land of the blind, the one-eyed man is kinky.
What everyone else said. It's not YOUR laptop.
But if you absolutely MUST use it for personal stuff, just make a boot CD or boot pen and do your personal stuff in a separate OS that doesn't even touch the work machine's hard drive.
No.
Next Question.
As others have said, it's not yours to mess about with and that crap about 'I just can't not surf the web' - jeeze, grow up already. Use your own kit for your non work related computer activities.
I want a list of atrocities done in your name - Recoil
If your company policy is 'limited personal use," then you're covered.
That's a range of behavior. I would _NOT_ create encrypted partitions or do anything that would look like you're trying to hide stuff.
That's a big red flag and may get you noticed. Most of the time, they aren't going to examine your browsing history. Too much other stuff to do.
Legally, no one is sure what the 'limited' part of personal use means. Facebook and Slashdot and reading email and news items are probably okay.
Just don't do anything you wouldn't want your mother to see. If so, get your own netbook or option2: make a bootable Ubuntu USB stick and boot from it.
Wouldn't it just make sense to spend a few hundred bucks and get your own computer instead of risking your job for no good reason?
I don't respond to AC's.
My recommendation to you would be to leave the computer alone. Use it for work purposes only. It doesn't belong to you, therefore you have no entitlement for using it outside of the purpose for which it was given to you. That being said, talk to your IT guy, get an idea of how strict they are with regards to personal usage of company assets. You might find they don't care as much as you think they do. In my workplace, I have a strict "If it doesn't effect your job performance or compromise the security of our assets, then I don't care" policy. It is pointless for me to waste time reprimanding employees for checking their personal email or Facebook accounts periodically. Don't abuse it and it will most likely never be an issue, but you're taking a major risk to your employment regardless.
If you're seriously thinking that you need to go through that much trouble to hide your "bad work habits," the problem really is you. You appear to be aware of your less-than-exceptional work habits. Reading between the lines, it almost appears as though you lost another previous job because of your self-distractions during work.
Rather than try and hide your browsing history, why not try working for a change? They are paying you to work, after all. And on periods of downtime, bring your own laptop.
I would use a persistent live distribution of some operating system. Just boot it off the USB stick. Your company OS won't be touched.
I agree with everyone else. Trying to subvert your company's security policy, especially as a new employee, is an excellent way not to be an employee for very long. Just ask them if you're allowed to use the laptop for personal use. If they say no, then don't do it. If they say it depends, tell them what you have in mind. My employer wouldn't care if I was reading ebooks on it. Reasonable personal use also wouldn't be an issue. Messing around on FB on my own time? No problem. Browsing porn? Yeah, that's not going to be ok. Watching movies? Depends. DVD? Fine. Netflix (or anything else you have legit rights to)? Fine. Downloading them illegally to watch? Not a chance.
Basically, don't be an idiot.
The answer is so obvious to get your own laptop that I can't believe this even made it on the boards. Slow nerd day?
I hate being bipolar; it's awesome!
I'm glad to see /. takes this stance on this issue. A company issued machine is company resources; you don't use it for anything else. If you worked for UPS, would you customize your mail van with decals, nitrous injectors, &c.? If you worked at a restaurant, would you customize your uniform by dying it blue?
Want to browse porn?
Bring your own laptop or smart phone.
Want to hack, code for fun or use online banking?
Bring your own laptop or smart phone.
Subverting and sabatoging company equipment is not only a firable offense, but it is immoral and unethical. Yes the HR weenies will consider this sabatoge and hacking if you dick around with encrypted system volumes and corporate mandated software. It is not yours and belongs to someone else. Your employer wont care if you browse cnn or read your gmail or maybe even use online banking.
Also, what if you fuck up and need help to get your laptop to work? What then? Call help desk and IT? They will see what you did and your will be screwed. Meanwhile that report that needs to be worked on while you are on the road is still due and you will be screwed.
If you can get a discoutned smart phone you still technically own it and can do whatever you want. This is life and the employer has a right to specify what you can do on his own equipment just like you wouldn't do a special tune up and put a nitrogren accelerator in a company cars engine. It is the same concept
http://saveie6.com/
Personally, I'd either add a 2nd hard drive or get an external drive to install some other OS on the machine. Linux, windows, whatever. Doesn't really matter. Just dual boot the thing, make sure that the boot loader is on the original hard drive and when it comes time to hand the laptop back over, simply remove your personal hard drive.
Basically, this is someone else's laptop.
If you've been loaned a machine for a specific purpose, why would you expect to be able to use for a bunch of entirely unrelated stuff?
Travel with two laptops if you must, or get a slim tablet (I hesitate to specify a brand for so many reasons) if weight is a bother.
When I am stuck traveling with the company laptop, I bring along a bootable USB fob with the latest Linux Mint on it and use that when I'm "off the clock." Some companies will try to lock down the bios so you can't even do that (forces the encrypted HD to boot first). So if that's the case, I'd just bring your own laptop/tablet along and call it a day.
I don't agree with companies to do this kind of thing, but in these economic times it's not worth losing a job over.
Best,
Anything you do on a computer which doesn't belong to you may be used against you in a court of law.
Carry a live-VD, buy a tablet, or use any other means to do your personal computing. Never use someone else's computer to log into your email accounts, surf, etc. And if you think you have "nothing to hide" and can't even imagine how it could be used against you, then you *definitely* need to heed this advice.
I know people will go to great lengths to complain about their "right" to abuse company resources for their own benefit, but this takes the cake.
You want to WIPE the company hard drive and all the software that is provided for you to do your job, and you don't see a fundamental flaw in this reasoning?
You, sir, are a selfish, greedy, ignorant, and probably USELESS fuck who shouldn't be hired by ANYONE.
I do not fail; I succeed at finding out what does not work.
Perhaps, but lugging around an iPad or similar tablet won't add much. It's also probably a better device for things like reading a book, watching a movie or quickly checking email.
As others have suggested, a live CD/USB distro could be used as an alternative OS if the OP needs more, assuming the laptop can boot from either. He could even boot from a portable hard drive.
..of a failed interview. The interview went so well - the newly hired employee wakes up and shows his true colors.
Shame that the industry is full of such people :(
You chose this job. You know the rules. If you disagree with the rules, maybe it means that this employer work policies are not meant for you. You should search for an other job and quit. Otherwise, use your OWN laptop for personal stuff. Travel with 2 laptops, or a tablet, or whatever you use at home. Use your PERSONAL laptop for PERSONAL stuff (porn movies, bit torrent downloads, participating to DDOS attacks as an Anonymous peon, taking photos of your penis in the hotel room, etc.) and use your PROFESSIONAL laptop for PROFESSIONAL stuff ONLY. What is hard to understand ?
Get a second laptop for personal use - just a small netbook to keep with you at work. Any surfing on the *work* laptop should be either directly related to work or something so innocuous that you wouldn't mind if both your boss and grandmother looked at it with you.
At the same time, don't use your personal laptop for work-related things. No work code files. No transferring files via USB drives. No direct use of the corporate network.
Both the corporation and you are much better of with complete separation! Trying to carve out your own private area on your work laptop might work, but you'll look like a sneak if you're caught.
During the Cold War we use to read this stories of people being sent to prison in the Soviet Union because they had used the "<fill item> of the people" for personal use and wonder how could people let a bureaucratic system run so amok that it wouldn't allow for this minor, victimless transgression of the rules.
Yet, here we are...
At some point your machine will go in for repair and some techy will get a laugh or possibly report what books/movies/porn and websites you have been accessing.
As others have stated, either use your own laptop or get a USB/CD/DVD live distribution which can run without touching the company drive.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
If their choice of hardware and ability of IT staff are good you will be unable to do anything as the settings should be locked (password protected) and it should not boot from anything other that the disk they set up. If they are useless enough to allow you in then I have little sympathy for them but they will not see it like that. I remember one company that I worked at where I could not do my job because I did not have the software I needed installed. After a few days I installed it myself (using the correct install disk which was waiting on my desk but involved changing the Admin password). It was 2 weeks before IT came along and I got into a lot of trouble. The fact that I would have been doing nothing for 2 weeks and I had customers that needed my work etc. did not count for anything against an established IT manager given that I was obviously a "Hacker". It is not really worth the risk unless you are a belligerent trouble maker like me.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
Thats it. Just use a (customized) Live CD for the system and an USB stick for your data, if possible, else use online storage like SpiderOak with your live CD. That also saves you from surfing the web in the time where you should work ;-)
(If you are not allowed to use CDs, a disk image will save you neither.)
I lag
Except we're not.
1) Sometimes it's possible to just haul your laptop and do work on it.
2) Some companies aren't fascists - you can certainly browse the internet, watch movies. Just don't do anything illegal or "bad PR" with it. For example even if browsing porn is legal for you, it might be "bad PR" (or not[1]).
[1] But just because the CEOs have tons of porn on their work laptops doesn't mean you can use your work laptop to view porn.
Assuming that laptop does in fact have tracking software that can report on the applications that are running and/or be used to send screenshots back to your employer, your ideas to run standalone apps from a USB drive would only land you in "trouble" because the screenshots would still show "rogue activity". The other idea of imaging the whole HDD, re-installing, and imaging back sounds like more hassle than it's worth. But at least from this I know that your BIOS isn't locked down to the extent that you can't boot from external media. So...
What I would suggest is to run a standalone OS from a USB thumb drive or CD / DVD. In doing this, you can run the alternate OS of your choosing, while sidestepping the considerable hassle of creating the backup image, installing the other OS... Here is a rather comprehensive list from which you can choose. Knoppix, Ubuntu, or Mint are the ones I would try first.
That's the only way to be sure
1) most work computers these days have disabled USB ports, or limited function (it will work with a mouse, but not a memory device).
2) full disk encryption is the rule, and if you stick your USB drive in (or your MP3 player), the software will helpfully encrypt it for you, rendering it useless for anything else.
3) Keep your work stuff and your personal stuff separate! put work stuff on your own laptop, and you've basically given work permission to do anything they want to your laptop, including remotely bricking it. And you'll be violating umpty zillion GOOD policies designed to keep information confidential. Put YOUR stuff on your work computer and a) you're using work assets for personal gain, which may or may not be verboten for you, but is a bad practice; b) there's the whole "shop right" thing for intellectual property... use employer's stuff to invent or create something and they have a license to use it for free, even if it's not in their line of business; c) your work can freely rummage through your stuff.
4) if your work stuff and personal stuff overlap in content at all (say you do software development on your own on your spare time, and that's what you do at work too, as opposed to, say, flipping burgers) you're letting yourself in for a whole world of IP ownership hell. You could literally wind up unemployable, because nobody will want to take on the risk of having to get involved in a nasty trade secret dispute between you and your former employer. All it takes is a off-hand comment from previous company to HR weenie or hiring manager at the new company about "we're contemplating legal action against Mr Smith", and instantly, your resume just went to the round file, and you'll never, never hear why. There's enough "unencumbered" applicants around that they don't even have to think about it.
...but if you wipe the drive and install your own OS, or alter the machine in any way, you will be (a) fired, (b) sued, or in the case of some government agencies, (c) jailed.
What part of "Company Issued" do you not understand? IT IS NOT YOURS. Don't mess with it, if you'd like to keep your job and your freedom.
If the company/agency you work for is encrypting the hard drive, you're not working in a place that will tolerate ANY kind of tampering, even dual-boot. This may be for some combination of paranoia, trade secrets, legally-sensitive data, or national security. In any case, don't mess with it. Accept it and move on as a term of employment/
Get yourself a personal netbook, tablet, or smartphone and live with it. Or, go find yourself another job - one that allows you to hack company-issued hardware.
Don't do anything with the company notebook except work for the company. That is it's purpose. If you use it for person use then you may cause issues with the system that may cost the company resources to repair the damage. In the past I have always purchased my own notebook and used it for company stuff, but I was the IT Manager. But when I was just a developer I used the company units and travelled with two notebooks, which is a pain at airport security. Pick up a tablet or netbook for your own personal use. frank
Long Answer: Reword you request and the risk becomes a little clearer. "I'm starting a new job soon, and I will be issued equipment which I have agreed not to use for personal use. I am compelled to use it for personal use anyway. How can I do that." You have to first weight the cost and the benefit. Is surfing the web worth losing your new job?
On the other hand, screw Greyface, here's how you do it. Don't try any of the approaches you've mentioned. If they have tracking software installed they may have software keyloggers and remote desktops as well. They MAY have hardware keyloggers. They probably don't, but that's the risk you're taking.
Get an live Linux distro you can boot off of USB, one that allows you to store stuff back to the USB stick. Damn Small Linux is a good one. Do your personal stuff EXCLUSIVELY when booted to the stick. That's about the best you can do. Best of luck. May the Source be with you.
[-- Trust the Monkey --]
If you assume they are going to be putting monitoring software on the device, you certain can't make the assumption that it won't tell them what you've been up to the first time it connects to a wi-fi hotspot.
Except most places I've worked (actually all places I've worked that involved computers) allow for "limited, personal use of company assets". This is obviously highly subjective, but in general it means using your companies computer/network to browse cracked.com at lunch, using your companies phone system to call home to let them know you are going to be a little late for dinner, etc..
Obviously people push boundries (like using the companies large format printer to make a poster for their kid) .. but in general if you arn't torrenting / spending 4 hours a day browsing the web .. you're probably fine.
Why not just buy a second drive and load an OS and apps you want/need. The swap is simple and only takes a minute or two and it negates all the other issues.
If it's a Windows 7 machine you can create a VHD (virtual hard disk) and boot from that. I believe you can even bitlocker it so that your employer won't be able to decrypt it. Other than that I'd say boot from USB. That's if you have to keep everything totally separate.
I thought most employers who send people on the road with a laptop are more sensible about this, and as long as you don't do anything illegal and you don't accidentally show off your porn bookmarks in meetings you should be fine. If that's the case then a separate non-work user account should be sufficient.
Reformatting and replacing the system image that's provided for you does not strike me as a good idea. Perhaps your best bet is to get a speedy external drive and boot off of it when you absolutely need personal privacy.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
It's not your laptop, you are not entitled to mess around with it.
That said, if you can boot from the disc drive or usb (if it hasn't been disabled in the BIOS) you could probably get away with a linux liveCD/USBStick. Actually doing anything to the hard drive itself is likely to ruin it.
The very fact that you'd consider it would make me want to fire you if you were working for me. If you are working, you use the work-provided equipment on work time. If you are not working, use your own equipment on your own time.
(Saying this as someone who had one parental unit use work gear for personal reasons all the damn time and was busted once, not by being stupid about it, but because the boss literately went out of his way to waste company time to spy on my parent during lunch. So what I'm telling you is that your boss might be a dick and look for an excuse to powertrip if you do anything to the laptop.)
Just to re-iterate the dozen or so replies so far...
Don't fuck with the companies laptop. It doesn't belong to you. It's not your property. The companies disk image may be configured a specific way for security reasons; you can't just make changes to it without asking permission. As for tracking and keylogging, some companies use keylogging software to measure productivity. If you bypass the software, then you're productivity will appear to be ZERO.
For personal use on trips buy a tablet or netbook -- something light and thin that you can slip in along side the company laptop in your baggage.
The parent correctly points out that you can use a live distro and avoid having to touch the company's hard drive. If you need a lot of personal data, you can use the cloud.
Your phone has a lot of the capabilities that a laptop used to have. You don't need to use the employer's hard drive for personal purposes because there are easily available alternatives.
The easiest ways of "keeping tabs" on a company laptop would be to install stuff like a keylogger and browser-history-catcher in the operating system.
That is unlikely to work if you install a new operating system. i.e. resize the partition where the main OS lives, and install a whole new OS instance on the free space. Best would be to install Linux while the rest runs mircosoft stuff. But installing your own copy of the microsoft stuff should work too. That would be reasonably convenient and reasonably safe. Of course it might not fit your definition of "reasonably safe" (or for "reasonably convenient").
If I may, I'd like to address a couple of assumptions in your post:
"I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it."
You can't guarantee this. I am on the security team at my company. When a person is being let go they called into a meeting and someone collects their laptop or desktop while they are in the meeting. In only one case have we allowed someone to access their system after it was collected, and that was under supervised conditions. We pull the laptop hard drive, label it, and shelve it. If that were your drive, we could have your personal information sitting on a shelf for years, waiting for someone to access it. While this didn't happen to me, a friend of mine was asked to peruse the hard drive of a terminated employee, and what she found led to criminal charges being filed against the ex employee. Not saying you would do anything illegal, but never put yourself in a situation where someone else has unlimited and unrestricted access to your personal data.
Also, this could be a violation of company policy and could be grounds for disciplinary action.
"I can use portable apps off a usb key and browse in private mode."
Yes, you can, but that doesn't mean you can bypass any monitoring or filtering software installed on the machine.
"Are there any other precautions I could or should take?"
It's just not worth the hassle, and potential employment repercussions, to modify your company owned system. I have two laptops that go with me everywhere. One is my work laptop, the other is my personal laptop. I keep both realms deliberately separated. Buy yourself a Macbook Air, or other maybe just a tablet since you mostly indicate you are browsing. Keep your work and personal life separate.
-- This sig is only a test. If this were a real sig it would say something witty. --
Know the company policy and apply common sense. It is unlikely that while staying at a hotel they would care if you looked at cnn or slashdot. Most policies seem to be "limited personal use" and this is where common sense applies.
Surfing the web ok, surfing for porn bad.
Playing flash games ok, installing games bad.
Streaming hulu/netflix at the hotel ok, streaming at work bad.
Watching a dvd ok, watching an illegally ripped anything bad.
Installing anything outside of browsers and plugins (And even then that might be bad) is a bad idea. Trying to use USB to circumvent company policy is a terrible idea. If in doubt and about to travel ask your manager or IT what you can and can't do. Some companies have iron-fisted approach to computer management others do not.
unless of course the company has an explicit policy against it.
Surfing news sites, Slashdot and other tech sites, ESPN, Facebook, Linkedin, personal email - OK
Occasional casual games like minesweeper - OK
Short YouTube videos like movie trailers and stupid pet tricks - OK
Porn sites - definitely not OK
Making inflammatory posts on political web sites - not OK
Watching streamed movies or live sports events - probably not OK
FPS and other long, involved games - probably not OK
This is pretty much common sense. Remember, everyone has to live by the same rules, and no one wants to be told that they can't check out the sports scores (men) or Oscar nominations (women).
I see a lot of reasonable comment about legality and issues and such but not the single comment that makes sense:
just ask them, politely and focusing on your traveling issues.
First, this is the wrong way, but it works.
Use VMware player to install an OS image of your choice. Oh, but you don't have admin rights, so you might have to use QEMU. The networking might be an issue if you can't install the networking drivers, so you might have to find a way around that. Maybe USB? But once you have a VM with networking you can do anything in it with relative impunity. Your host will probably use a proxy (transparent or otherwise) so you still can't browse porn.
The right way is to get your own damn laptop. Newegg has them for under $500 (17" too!). I have to question your judgement if you in this economy would chose to use your laptop over a job. Also, if you do anything enterprising on your VM, your company can claim ownership of that too (if they know you have it). So just be smart and use your own laptop.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
You could swap out the work drive and replace it with a new one with your own os on it. You'll be able preserve your own settings and files easier.
First off, I'm reassured at all the "get another device" replies. That's about the only sensible option you have, if you're reading your employment agreement properly (read it closely if you haven't already, as some have suggested).
Secondly, this is not remotely a "Your Rights On-line" issue, as it has been tagged by someone. This is contract law. You agreed to rights and restrictions under that contract when you signed the employment agreement. You waived any rights you think you had when you signed it. If you want to violate that contract, you need to renegotiate (or should have negotiated better terms in the first place), or should cancel the contract as per its terms (or via a legal defense like fraud, duress, or mistake) and find something else to do. Or, you pay the penalty for breach. Your choice.
Regardless, what you are asking shows a remarkable ignorance of "your rights" anywhere, and you should look to secure better terms in the future if an agreement is unpalatable to your lifestyle.
School up, brother, and good luck.
Modern laptops weigh between 1.25 an 3 kilograms. Power adapter is another 500 grams or so and unlike netbook, it can stay at your hotel.
If you need ultraportable, get a brazos netbook. Else get a ~1k "desktop replacement" laptop within 3kg weight range. You'll be able to even play decently modern games at high quality levels. Personally I just got a cheap 2.5kg brazos laptop as I hate small screens of netbooks/tablets but also wanted a long battery life while being able to play starcraft 2 every once in a while. E-450 does everything I want, and 15 inch screen is big enough to browse with reasonable comfort. Weight is a bit of an issue though.
Conclusion: hauling a second laptop is worth the freedom it affords. And there are enough choices on laptop specifics to suit both "as light and little as possible" as well as "I want to play games on the move" crowds and everyone in between.
Here's what you do: wipe the hard disk; install an OS and apps of your choosing -- be sure sure to include an assortment of cracked, pirated, warez and other forms of illegitimate software; remove any and every password you can find; don't forget to disable TPM while your're at it; get rid of any firewall software; anitvirus software only annoys you - ditch it all; and if you have any spare components around your house be sure to upgrade it (or downgrade it if you happen to have a personal use for some of the parts in it). Then take your new and improved laptop to your boss and/or IT department and show it off. As you're being escorted to the door by security you can reflect on what an idiot you are and vow to yourself to not be so stupid again at your next job. (Hopefully you did this your first week on the job so you won't have a gap in your resume).
The parent correctly points out that you can use a live distro and avoid having to touch the company's hard drive.
Maybe, maybe not. There may be key-loggers installed which still grab your keystrokes.
Further, you can set up machines to prevent booting from anything other than the hard drive, then lock the bios.
Sig Battery depleted. Reverting to safe mode.
Two popular ways I see are to:
1) get a second hard drive and use it as your base system for personal use. Just swap them out between tasks.
2) Install VMware and virtualize the corporate image. Use the hypervisor or main system for your personal use and the VM for all things work-releated.
You can carry the USB key with you, and just swap laptops as needed.
As for general use, are you traveling a lot? Employees that travel tend to have a bit more leeway with the use of their PC, browsing should be no big deal, but I would still recommend not loading up games or media on it. Get a smartphone or 2nd PC for that. And have some common sense; no porn browsing, period.
OT: sounds like there are a lot of 'bosses' on this thread ;0
I'd have a personalized plate on my car, but "toxic bachelor" won't fit into 7 letters.
Buy yourself another laptop.
Yes, please feel free to do this. Get your dumbass self fired so somebody with a clue can have your job.
The other posters have covered well the fact that you really shouldn't try to work around the employer's policies. Getting caught is likely, and almost certainly grounds for termination. Don't go there.
That said, you should find out what the employer's policies actually are, rather than just assuming they're going to be insane. I've had a company-issued laptop since the mid-90s, with several different employers, and none of them have done what you describe. Moreover, I've also spent years consulting with dozens of companies about their IT security policies, including management of laptop use, and none of them have approached it the way you describe, either.
Most employers care about (in decreasing order of importance):
1. The security of their data. There are lots of good reasons for this, obviously. This includes things like full-disk encryption to ensure that if the laptop is lost the data it might carry is not revealed, and mal-ware prevention in order to prevent mal-ware from revealing important data.
2. The security of their network. Since you'll bring the laptop into the office and connect it to the network, employers don't want the laptop to be a vector for malware or targeted attacks.
3. Preventing HR problems. Stuff like porn on screens in the office can create sexual harassment lawsuits. This is the primary reason for anti-porn rules.
4. Productivity. Misuse of company equipment on company time means (arguably) that productive work that should be done isn't. This is another reason for anti-porn and anti-surfing rules.
Different companies take different approaches to managing these risks. A common, if very authoritarian, approach to limiting malware, for example, is to allow only software which is specifically approved by IT to be installed on the machine. Keylogging doesn't really accomplish any of the above, however, and I've never seen any company who does it, with the exception of one company that installs a browser plugin which watches for users typing their corporate password into non-company web sites.
If you're using the laptop at home, on your own time, I don't think most employers will care if you surf a little, check your personal e-mail, watch Netflix, etc. They may or may not care if you surf porn. I think most would rather not know. Outside of that, if it doesn't require changing the security configuration of the laptop, doesn't require installing software and doesn't interfere with productive work, I doubt they're going to care.
Check out the policy carefully, ask questions to make sure you understand it, and then comply with it. But I would be surprised if the policy truly is as draconian as you say.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I would take any of that as a sign that your employer is serious about controlling their equiptment and trying to subvert their control is a sure way to find your stuff in a box at reception when you get back from your trip.
In other words, a sign to buy your own laptop ;p
Like others have stated, I wouldn't even try to do this. That said, if I were going to do this, I'd try installing an OS on a usb drive and boot from there. I'm not sure if Windows supports that, but Linux and BSD can. That also requires you can specify the boot device in the BIOS.
Just buy a second hard drive and swap them out. Make sure you have two of the right size screwdriver in your laptop bag in case you lose one.
Takes maybe 3 minutes per swap once you've done it a few times.
Of course, you *could* ask your employer (A) if that's OK, and (B) what their policies are for people who travel. You won't be the first person to ever face this problem with them.
I found an iPad v1 really useful when I was working in an office where product security meant you weren't allowed to bring in your own laptop, or anything with a camera.
Buy your own laptop to fuck around with you cheap bastard. The laptop is the property of your employer and if you don't agree to the terms they set then don't work for them.
What he said. Seriously, you can find something decent for under $300. If you have a position that received a company issued laptop, I can't imagine how you can't afford $300. Yeah, so you have to lug around one more device, big deal. A tablet or a netbook really isn't that back breaking.
This is what tablets and smartphones are for. Bring your own tablet and/or smartphone, keep the personal surfing personal. Nobody will ask, nobody will care... your iPad is for watching movies on the plane, reading eBooks, random surfing, etc.
Also, having written a few AUPs myself... the exact restrictions tend to be pretty well documented, and driven by security and compliance requirements that your employer would be in trouble for violating. Read the AUP in full and make sure you understand it, ask questions if needed. Those of us who have to help maintain compliance / security would much rather get a few "silly questions" than have to clean up a mess. When in doubt, use a personal device. There's absolutely no excuse not to have one.
And to the employer... think about VDI+BYOD. Move the security back into the server room, let employees use "whatever". Keeping the personal surfing out is a losing battle, no matter what your compliance requirements are.
ERROR: Null
If the boss says no then it is not worth going against him.
But as long as you are not installing anything then he should be reasonable.
Troll is not a replacement for I disagree.
I work for one of the major global consultancies, my last job was also with one of the big global players. It has never been a problem that we use laptops for personal stuff. I watch videos, install applications & games and sometimes watch porn. I dont download stuff though - for that I use my NAS.
I can't believe all the scaredycats here replying that you should buy your own laptop and drag around two laptops. That seems stupid and inefficient.
Sometimes employees have gotten malware from personal use, and sometimes company laptops get bricked (never happened to me). No big deal. Getting a new image is a fairly effortless jobb for IT support, but it can be embarrasing of course..
In return I don't have to buy and carry around two laptops, I am more efficient because I can quickly switch between personal and professional tasks when I am working from home in the evening.The laptop is then seen as a small perk in addition to being a tool I need to do my job..
I am in Norway and I have NEVER heard of anyone being fired for something like this, and quite frankly if an employer will fire an employee for surfing slashdot or watching porn on a company laptop then they don't really appreciate their employees.
I quick google turned up nothing on this. Do you have any examples?
Maybe, maybe not. There may be key-loggers installed which still grab your keystrokes.
Further, you can set up machines to prevent booting from anything other than the hard drive, then lock the bios.
How exactly will a software keylogger installed on the operating system on the local disk be able to grab keystrokes if you booted off a livecd? If you are talking about hardware keyloggers, that may make sense for a desktop computer in where the keylogger lies between the USB or PS/2 connection. I really doubt that a company would go through the trouble to install a keylogger in the proprietary ribbon cable between the laptop keyboard and the motherboard.
I bring a Knoppix live CD, a ruggedized 500GB USB drive (Adata SH93, which is powered from a single USB port), and headphones. In total, this adds less than half a kilo to the mass I have to carry, and almost nothing to the bulk. The laptop hard disk is untouched, as it's not even mounted when Knoppix boots. I'm only using the laptop for personal purposes in hotels to either (i) surf the web, (ii) access non-work email accounts, or (iii) watch movies. I generally copy a selection of movies from the home media server to the USB drive before traveling - hotels often charge outrageous amounts for their limited selection of premium channels, and the company won't cover such charges. If I download anything, it also goes to the USB drive.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
The short answer is, "You are working for the wrong employer." You say you work at a company that will install tracking software on your laptop and won't give you admin access. Therefore, you can't disable the tracking software. Furthermore, you say that you are addicted to the Internet. Working for a company that is likely to fire you for doing something that you don't have the self-discipline to avoid doing doesn't sound like a good plan to me.
/. can't help you find out what your company's policy is -- you'll have to do that yourself.
The long, more realistic, answer is, "Read your corporate compliance policy. It should outline what is acceptable in your organization and what is not." A lot of companies consider laptop use, especially while traveling, to be more like telephone use. It is issued to you for business purposes, but let's face it: most (all?) of us will use it for some personal activities as well. So long as you aren't browsing NSFW sites on the clock, installing malware, etc., most IT departments really don't give a rip what you do. They have more important things to do -- and not nearly enough time in which to do them -- than to spy on your web surfing activity. More likely, the tracking software is to find out what you did that hosed your computer in the event that you were browsing sketchy web sites and infected it with something. However, different companies have different policies.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Then delete it when you're done :)
Pimps!
Having done this for years with many jobs at companies I don't trust whose computers are mismanaged to the point of blue-screening no a daily basis (IT routinely installs incorrect drivers on the machines they issue).
I have simply purchased a hard drive and identical chasis for the laptop (you can find sleds/caddies for most anything on eBay for less than $10) I have which I can easily swap depending on the situation. Most of the time, I just keep my custom drive in but in the situation when I resign or have to give the machine back, I can swap the drive in a matter of seconds.
This gives me the peace of mind that they aren't tracking everything I do (which I doubt they do anyway) which is also helped by the fact that all web browsing I do is done via SSH (including making certain that DNS requests go through the proxy as well). I've seen companies fire people for reading nytimes on their machine.
This method isn't for everyone. Realistically, the people who are sophisticated enough to get this working right are also most likely the same folks who don't represent a risk to the network. My custom install/drive is far more secure than the one they gave me so I know I'm not a security risk as most of the issued machines are loaded with spyware since they have most people use ancient versions of IE. Further the drives they give don't use FDE which is silly given the amount of confidential content many folks deal with whereas mine is FDE w/truecrypt.
In the unlikely event you are ever "caught" you could always claim that you swap drives to play games and left your personal drive in.
Ever since an employer truly wronged me, I decided I'm not going to stay late since my laptop is misconfigured and pleading with IT to fix it yields no traction ("only one blue screen per day? that's one of the better ones, don't complain").
I know this may be an unpopular view here, but I've found the certain benefit (no monitoring of what you do, much faster computer, FDE for peace of mind) far exceeds the very unlikely downside of getting in trouble. Besides if I didn't do this, much of my benefit as an employee would be gone as I'm known as being very efficient in that when I encounter situations with software where I can't access the back-end, I can quickly write screen scripts to automate processes for myself and others. If I had to use IT's install, I would not be allowed to really install that software or it would have to go through some goofy approval process and probably get denied.
Maybe, maybe not. There may be key-loggers installed which still grab your keystrokes. /quote? ... which is why you boot from your usb key?
Also, your sig : "We paid for the internet one dialup account at a time." is completely wrong. Much of the internet infrastructure was paid for through government subsidies and grants, EVEN in the USA, but especially so every where outside the usa. As for developing the internet itself, that was subsidized through military and education spending... by the government.
Quartz Extreme and Core Image. Are there any other real reasons to spend all that money on generic hardware?
Get a cheap one that does what you want and use it for non-work stuff. If your employees is using tracking software, trying to bypass it is likely to end badly. With your own, you don't have to worry about what you do ith it. Sucks to carry 2 machines but it would be the option I'd chose.
I'm a consultant - I convert gibberish into cash-flow.
I think he means a hardware-based solution. I've seen them sold as usb keys or sortof innocuous passthrough connectors for an external keyboard. I've never heard of them being covertly installed inside a laptop like his post seems to be implying but that doesn't mean it doesn't ever happen.
I travel extensively for my job, as do most of the people in my company. My employer actually issues us two hard drive, one just for work which is locked down (can't install anything, etc) and one for use for when we're in the hotel and want to surf, etc. It can't be that expensive to buy a laptop hard drive that will fit in your hardware and you won't have to worry about putting your companies info at risk, getting tracked, imaging etc.
Those all sound like a bad idea. Not only is doing most of that likely to be against company policy and could cost you your new job but it might also be illegal. If the machine is encrypted because of HIPPA compliance or other similar regulations you are getting into real dangerous territory. You don't want to become personally responsible for a breach because you intentionally reconfigured your laptop and left confidential information on an unencrypted/unprotected machine.
Besides, if the IT department is halfway descent you probably couldn't do what you are talking about anyway. Since you aren't going to be an admin I think it's safe to assume the bios will be password protected. They are probably using windows 7 bitlocker with the TPM. In that configuration you wouldn't be able too boot of a usb thumb drive or a live cd. Even if you did and you cloned the hd to something else and formatted it you wouldn't be able to boot the machine because the TPM -> Bitlocker chain would be broken and would require a recovery key you wouldn't have access to. This setup is pretty resilient to tampering even when you have physical access to the hardware.
If your new company really is that bad that they say you can't use your laptop for anything personal, even when you are traveling, your solution is to use something else. Smart Phone, tablet, netbook. Heck even the hotel provided business center computers. Personally, I just started at a new job and our IT department is much more reasonable and realistic but maybe that is because we have lots of people who travel 90% of the time. We are admins on the box. We can install almost anything that isn't harmful but don't expect IT to support it if it isn't business related. Personal browsing is allowed as long as we remember the hr rules about appropriate content.
Ha, nothing is better than modding the employers hardware a bit, just replace the harddisk with one of your own. Only use the official hd if you need something of the systems guys. Locked down laptops limit your productivity, so with your own 'modded' laptop you'll be that little bit more productive than your colleagues. Extra bonus, this extra freedom will stimulate your creative flow. And lets face it, in this society, as long as you are productive nobody in management will ask questions :-)
It is not unreasonable, just inconvenient. The work laptop is for work. That is why they issued one to the OP. Personal stuff should be done on your personal stuff.
If you value your job, bring your own laptop or tablet computer for personal browsing.
9/11 Eyewitnesses to Explosive WTC Demolition 1 of 2
Kindle Fire
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
./'s angriest day.
Yet when someone starts using a company/government laptop for personal web browsing and installing personal software, and this results in release of confidential data, people are in uproar as to how this could be allowed to happen. It was allowed to happen because dipshit here decided "fuck the Data Protection rules, I gotta play farmville!".
The work device is for work, the personal device is for personal stuff. And never the twain shall meet
Ask your employer or do whatever you want.
Next.
Since you asked the question in the first place, you obviously don't understand the issue. The laptop is not yours. Lets get that straight in your brain again: the laptop is *not* yours. It is a device given to you *only* for the purpose of doing your employed work. Consider it on lease only for work purposes. There will be a list of permitted activities and applications for work purposes and, perhaps, a limited number of personal use scenarios permitted. Separate, there will be a large number of activities / applications which will be specifically prohibited. What you are proposing doing is using *someone elses* property to do something which you will have signed a contract (your contract of employment) not to do. To do so would therefore make you in breach of contract and to do so knowingly means you are essentially dishonest. So it's not your right, nor is it your shit to do what you like with and you will have expressly signed a contract for money (your wages) not to do it. See? If you do see but you still think you should be entitled to do what you like with someone else's property against their permission when you've signed a contract saying you won't do it, then, yes, you absolutely deserve to be fired.
Get yourself a new job when your employer finds out what you're doing to their property
I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it.
Is your new job worth it? Not saying you'll automatically lose your job over that, but I can't imagine it'll go over well. Especially as you'd be using your (non-work prepared) laptop for doing work and might inadvertantly put them at risk (the kind of risk they hope to eliminate by issuing you the laptop in the first place).
The simple solution is get yourself a USB / livecd type distro. Don't touch the hard drive.. and if it's encrypted, you shouldn't be putting your company at risk (assuming you don't use the same key for anything else). Personally I'd ask your IT guys if they are ok with this before doing it. Sometimes they can actually be reasonable about this kind of stuff.
The real solution here is to leave your work laptop alone completely and get your own laptop for personal use.
The parent correctly points out that you can use a live distro and avoid having to touch the company's hard drive.
Maybe, maybe not. There may be key-loggers installed which still grab your keystrokes.
Further, you can set up machines to prevent booting from anything other than the hard drive, then lock the bios.
Just to be clear, OP is saying he is "not the type of person who can't look at pornography" right? In this work-related scenario, if that's the case, get your own laptop, tablet, or smart phone.
If that's not the case and he is worried any personal use will get you in trouble, that's probably something he should clarify. I know plenty of unreasonable work places are around, but it is unreasonable to expect no personal use from a company laptop in constant possession of an employee (especially outside of work hours).
If neither is the primary case and you are expecting the laptop to be so locked out that you can't run anything but an office suite and the company-modded IE-engine software, then, as was pointed out, run a separate OS off a thumb drive. If the hardware is completely locked-down, back to the tablet/smartphone concept. Look up the policy, talk to the IT guys, but, essentially, DON'T do something that can mess up IT's carefully locked down security, and DON'T do things that are illegal or NSFW.
If the issue isn't "I want to look at pornography on my work laptop", why would the company care if he reads an ebook or watches a movie, if it's done responsibly (and somewhat out in the open, so all that's monitored is a lot of "unknown activity")? It kind of sounds like it's a porn thing, though. Maybe it's the inferred metaphorical air quotes.
Have you asked your employer about allowed personal use on said laptop?
Are they cool with use that doesn't touch the contents of the hard drive?
I have a 2.5" USB HDD in a USB-powered enclosure (Vantec=recommended). It's got a bootable Linux distro with a browser, utilities, and games etc for when I don't want to expose *my* data to possible viruses on relatives' machines.
It isn't going to be long before you get fired from this new one
If your company does a lot of working with contractors or independent entities, chances are that they have policies in place to support people who aren't using institutional systems. Check and see if there's a contractor policy already in place that covers this and if any other employee has opted for this freedom.
/.
After a couple of years of frustration with super-crappy work machines, I checked with my employer (a university). Was there anything for which I needed their hardware or software to access? The answer was no. I don't do financials, I access institutional data at only one step above the general public (Read-Only, limited access) or through portals that are already designed to work off-site.
So I cut the cord and don't use a work-provided machine for anything. It's occasionally annoying (as when my HD died and I had to deal with that on my own) but in so many other ways, intensely liberating. I watch colleagues wrestle with clunky "hardened" laptops or the large Powerbooks they get if they're not stuck with a low-spec desktop. I attend meetings with all of my documentation and data-crunching done on a netbook or ereader that's customized to my workflow. Plus, because I have consulting and contract work outside my full-time job (with employer's full knowledge and consent), my tech is even partially deductible at tax time.
If you can't use your own or can't afford to at this point, talk with IT about the acceptable policy for occasional private use and software add-ons they'd approve. At least you'll know you'll be in their good graces when you're on the road for them and would like to surf to
ancarett, historian and zombie gamer
Buy your own laptop to fuck around with you cheap bastard. The laptop is the property of your employer and if you don't agree to the terms they set then don't work for them.
This is an entirely fair point of view.
To which I would respond, if my employer presented it as an argument, by leaving said laptop at the office 24/7/365. I might take it to (on-site) meetings so I could actually get some work done in the back of the room while the 3rd assistant VP of Buzzword Optimization drones on with a variety of incorrectly-used physics metaphors.
Companies provide people with laptops in the hope that those people will do "free" extra work for the company. In some cases, the use of a laptop for whatever-the-hell-I-want while stuck in a hotel room for four days between conference sessions makes up for that extra work they might occasionally get out of me. If I can't use it for anything but work, I view it as nothing but an albatross to lug around, feed, and check through security. And if it actively tracks me while on my own time - thankyouverymuchbutfuckrightoffnow, 'kay?
If the issue isn't "I want to look at pornography on my work laptop", why would the company care if he reads an ebook or watches a movie
That's what I was thinking, too. If you are reading /. or watching a movie TV show on the laptop on your own hours, who really cares. Just don't read Catcher in the Rye on eBook, the FBI will flag you for sure!
This guy is obviously going to get himself fired one way or the other. The fact that wiping your company laptop even crossed your mind makes me think that you're very young, and have yet to feel the sting of being fired for doing something stupid like this. Has it crossed your mind that they might find out that the machine has been wiped through timestamps / missing logs, and that they might not like this? Don't be an idiot, dude. Just buy your own damn laptop if you "can't not browse the internet" you junkie.
Don't listen to advice about wasting money on a new laptop that you will only need for one time...Get a lawyer to look your employment terms, and if he saids OK for you to do whatever you want, then do whatever you want.
Now the OP just needs to find a lawyer who charges less than the price of a cheap laptop for giving any sort of legal opinion!
I want to develop software. The company I work for does not develop software. I do not want them to have ANY rights to the software I develop. I may license it to them, but at my discretion. So I carry two laptops! Done!
Now that you have a job, you can afford your very own smartphone.
1, read their acceptable use policy.
2, follow it.
For your security, this post has been encrypted with ROT-13, twice.
Can't you just play fair with the company you're in? You are in the same team and they pay you. Try to work it out with your superior if you have special needs. The hacks you listed are just lame.
Keyloggers can be installed in the BIOS, though this is rare, it can be done.
From the way you ask the question I think you know the answer is "don't" but were hoping someone here would be able to convince you otherwise. When I was younger I'd say go for it - I would have just bought a separate hard drive and sled for the laptop and shut down/swap hard drive/boot up when I wanted to switch between work and play. The hdd sled is pretty 'easy-access' on most laptops and while it's a hassle to have to shutdown every time, it beats having to carry an entire other laptop and it covers more potential holes than the usb/livecd boot option. That said, with the stakes as they are today for protecting company data and networks, I would never do work or connect to their assets while running the other drive. And by the same logic of the stakes being what they are, even if you were scrupulous about that rule, if the company detects the change somehow, someway they may just can you for it to be on the safe side. This is a very common entry vector for hackers/malware. I admit it sucks to have to carry two laptops on travel. Tablets are convenient for carry size but there's times when they just don't cut it and you need to step up to the laptop level hardware. So generally I just carry a personal laptop or suck it up and limit my personal computing to what can be done on a tablet.
Employers generally think they rule your world. For the hassle of having to lug around one of their laptops you should demand the freedom to use it in any reasonable way, such as web browsing. If the employer pitches a fit, tell them good riddance.
Employers think they rule the world. It's time the "human resources" set the terms!
I am a Director of IT.
Buy your own damn laptop or iPad. That one is not only not your property, and it will not only be inspected upon return, but nowadays it is very probably festooned with monitoring utilities, including keyloggers, which work in real-time and report back to the mothership what you're doing and when. Some companies even install covert utilities which take a snapshot from the computer's camera every few minutes. I am not not not kidding.
There was once a time when I felt comfortable sending personal emails and cruising the web from my company-issued laptop, but those days are gone forever. The trend in corporate IT shifted to total surveillance over the past couple years. Laptops and iPads are cheap. Invest in a good one and don't look back. And never use your company machine for anything you wouldn't do with the most judgmental and accusatory IT manager at your elbow.
Oh, and maybe put a little piece of tape over that camera.
Just get your own laptop and use both. Yes, it's a hassle. I don't think *most* companies regularly monitor what every employee is doing on work computers so that they can hassle you about it, but I know firsthand that a company *will* take the opportunity to snoop for reasons to fire you if there is anything else they don't like about you.
I bought my own systems and monitors and use them in the office so that I don't have to install the company's licenses tracking and monitoring software. I also bring in my own laptop and use my own equipment at home. Hardware is so cheap today that it's not that hard to afford your own equipment. I think of it as being similar to construction workers that carry their own tools in the back of their pickup trucks.
"We don't know what the terms or the job are."
Well, we can pretty much assume the GPS and other things are, they're on the device and he wants to circumvent. He wants to circumvent because he knows about them. He knows about them because he was told they were there or he purposefully went looking.
"... having to haul two laptops around may be unreasonable."
Please, they weigh what, three pounds and both can fit in the same carry and occupy an entire inch and a half more?
I'm company IT, I own that laptop I can make it do anything I want, I can install a boot rom that means I own any OS that's installed on the machine.
The laptop is for company use only, it's camera will be used to photograph everyone who uses the machine.
If you attempt to wipe the disk it will start up it's 3G chip and send a photo of you to the police.
Every keystroke you make will be recorded and sent to HR for analysis.
All photos will be archived for later perusal.
All attached USB devices will be copied and archived.
All local networks will be monitored for illicit content.
But of course you can trust me, I only have your best interests at heart.
One thing to remember is that for most companies, any activities undertaken on company equipment that create intellectual property is owned outright by the company, and not the individual. So that book or game or widget that you might write will end up not being your own. Get yourself a netbook or tablet or whatever - there are just too many reasons why your post is just plain scary for the new employer.
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.
Not your laptop, not your rules to make.
. . . then join Anonymous. The corporate world may not be for you.
Dear God, I think someone with common sense and integrity just posted.
I'm not sure if anyone mentioned this, but a lot of today's laptops have easily removable hard drives. Buy your own replacement drive and carry it with you. Swap the original drive in to do corporate work, use your drive when you're on your own time. In this way, you will have good performance without putting your employer's network at risk.
In my experience, having a company laptop issued to you is much like having a company car issued to you. Take care of it, don't do anything you're not supposed to with it, and remember it's issued to you to make your job easier, so make sure it does. I can't think of a single thing that you should be doing on a company laptop that you'd need to encrypt or hide from your employer (remember, THEY own the hardware), so a lot of your question is moot.
Stuff like reading an e-book, browsing the web, or customizing it to your specification is probably fine, assuming it doesn't interfere with your actual work. Well, unless your company has specifically told you NOT to do these things, in which case you really should bring a second, personal, laptop (or kindle, or ipad, as others have said) with you. Doing anything you'd be embarrassed to have your boss find out about is simply not a good idea, though. Think of it like it's your work desktop, only portable, and adjust your usage accordingly.
I don't see why this question needs a more complicated answer than this. If you still have questions, ask your boss. None of us on Slashdot are policymakers for your company, and asking us to decide for them is silly.
use vmplayer, put a vm on it - run your stuff in that.. with no access back to the physical machine... plug in a different wireless adapter, configure with no network stack, then bind to the vm network - then it's isolated from the laptop os as well.
Unless they act like viruses or the person using the laptop is running MS-DOS, there should be absolutely no reason for concern, because no modern operating system uses the BIOS to read input from a keyboard....
This sort of thing depends on company policy and would be a perfectly reasonable question to ask your supervisor/boss. Nobody here knows what your new employer's rules are :P unless you're just asking how best to break them. In which case sure system image. Whatever -- doesnt really matter what we say since we dont know your new it dept's procedures either.
I'm sure your laptop has monitoring software, but the question is... who is actually looking at the monitoring and do they care?
I have a laptop issued for work. At work I used my desktop, but when I need to remotely work, I used my work laptop.
If you're honest with yourself, chances are you won't get in trouble. Unless you work for a hyper security company. Are you putting in an honest days work at the office? Beyond that, they're giving you a laptop . Just like if they gave you a company car. Some amount of personal use is generally tolerated.
When I'm at home, I use my laptop quite liberally. Some small games, web browsing... are all good.
I don't do anything 'illegal' on it though.
I think you need to relax a little bit. By all means find out what monitoring policies your company has... but if its like 99% of companies, all the data goes into a giant pit no one looks at... until you give them a reason to look at it.
then use your own laptop or netbook.
Wow does nobody have any cojones? This what I do with my corporate laptop. Well it is nice that the laptop has two hard drive bays. I copied the company drive to another. Hack the crap out of it. Decrypted the local admin password. Removed all the crappy security software, and crap I don't need. Left just the apps I need for work, then migrated slimmed down version a virtual machine I run in linux. So I run linux on my work laptop, and a couple work apps in a virtual machine. And if IT wants the laptop for a update or replacement I just put origial drive back. Added bonus, I swapped drives when I fly international and customs never asks about my whole drive encryption because they never bother to look at the second drive.
Keep your work and personal life separate.
Truer words were never spoken. Well said.
A tiny tiny portion of the real early internet was funded by the govenrment. There has been no funding of infrastructure by government for the last 20 year.
Many companies turn off usb booting in the bios, and then lock the bios.
Sig Battery depleted. Reverting to safe mode.
At least do one fucking day of work at your new employers before you start asking the world for guidance in subverting their IT policies. Sweet Jerry Lewis, what else are you planning here? Already freeing up space in your kitchen cupboards for the cafeteria sugar sachets you'll be trousering? How all those toilet rolls you can smuggle out?
Do something wonderful. Call your hiring manager, explain that he's just hired a freeloader with no work ethic, but one who'll be helping him out by declining the position. Doing this will induce strange feelings in your body. This is a symptom of having experienced integrity for the first time in your life.
Here is what some have done at my company. We have a similar situation with my employer. The employer isn't unreasonable, but the machine is locked down to the point where it becomes a nuisance.
Buy your own laptop
Install the common work applications you need - Visio, Office, etc.
Leave your company laptop on your desk
Create share to synchronize data between company and your laptop
RDP into company laptop via company VPN to work on any apps exclusive to company
Works like a charm and you will usually end up carry something lighter than the company issues
or if not a Macbook Air, then something else equally small and portable. I'm a big fan of my wife's two-year-old 11.6" Acer Aspire - it's nearly as small as a netbook but much faster with a better keyboard and display. It's possible to replace the hard drive with an SSD, too.
Hail Eris, full of mischief...
E pluribus sanguinem
I know plenty of unreasonable work places are around, but it is unreasonable to expect no personal use from a company laptop in constant possession of an employee (especially outside of work hours).
The only case I can think of where personal use of one's work laptop may be unavoidable is if the employee is travelling out of town on a business trip somewhere - he's not likely to take 2 laptops w/ him. In such a case, it may make sense for him to use IE's InPrivate Browsing or something similar. Or else, better idea - if he has his tablet or smartphone w/ him, use that. I'm assuming that it would be for afterhours entertainment (once all the meetings and dinners are over) and he's done checking his work stuff on the laptop.
Otherwise, get another laptop/tablet/smartphone for what you need to do. Laptop if a lot of typing will be involved, and tablet/smartphone if it won't. Whether it's porn or visiting otherwise blocked websites, do it on your own equipment - and on your own time.
Yeah the person is going over board with talk of wiping his laptop and all that noise.
But what is with all the vitriol? He's a "cheap bastard". He has horrid working habits. His life is hollow and he should read a book? How any of that was deduced from one post on /. is beyond me.
My advice, as someone who has written AUP for companies: If your company policy is that ridiculous, you should question working there. Odds are it is not. My guess is if you get your work done they really won't give a rats arse. The laptop is their property, a worker is not. If they cannot accept you checking YouTube or /. while off the clock (including a quick break here and there), they're crazy.
But, should you seriously just want to avoid it: Make a bootable Linux USB drive and encrypt /home
No sig for you!!
If your employer is overly paranoid, just find another one. Absolute majority of IT companies don't care about reasonable personal stuff on the laptop. Even companies like Intel, with "paranoid" being part of their motto, allow personal use of the laptops (yes, Intel). Of course nothing illegal, no p2p etc. No problem with slashdot and facebook.
If they're going to the extents that they are to lock down and secure their network/devices, surely they won't allow booting from a CD or any external device... they'd be crazy. The BIOS is likely locked to boot only from an internal drive, and it's probable that tamper detection is in hardware. Not worth the risk...
Use your work laptop for work and your personal laptop for personal use. Don't ever make the mistake of mixing the two as it can only lead to bad things later on.
Keyloggers can be installed in the BIOS, though this is rare, it can be done.
Actually, it is not that rare. A company called Absolute is a pretty big player in the firmware level asset security control and recovery business. Every major vendor has models that embed their agent into the firmware of select machines. These agents persist through imaging/formatting. They allow tracking of IP address, geolocation on models with GPS, keylogging, remote bios lockdown, remote wiping, and more. You can see a list of models on their website at: http://www.absolute.com/partners/bios-compatibility
In short, I agree with the above posters. Play it safe and talk to your IT department. Ask them if you should buy your own laptop for non-work use or use a live cd.
"If you travel a lot with work, having to haul two laptops around may be unreasonable."
Nothing a Hardigg or similar case which can hold two laptops plus accessories can't solve. Get the sort with "pluckable" foam squares and make suitable holes, then put a section of foam between the lappies so they don't slap each other.
I'd rather have a case I can bang around a bit and lean against than a common laptop bag.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
My usual workaround is just to remove the supplied HDD intact, stick it in a drawer, and install my own. (With a sticker saying "personal property of..")
That way, should the return of the machine be demanded, my data won't go with it.
...buy your own laptop.
Almost everybody here says: "It's company laptop, buy your own", but nobody asks why did the guy got a laptop? 1. You don't need a laptop if you're just going to work at your workplace. A desktop is much better solution (easy upgrade, multiple monitors etc). So either his boss(es) chose to give him a laptop for a reason and he's forced to use it, or he wanted it. 2a. The reason could be that he needs to travel a lot. In this case, how will they monitor his usage when he's not online? Even worse, how will they enforce security policies if he's constantly in non-secure areas? First time the laptop leaves the company, it should be considered unsecure. 2b. The reason could be that they want him to work from home. In that case, it's pretty easy solution - leave the computer at work 24/7/365 and use your private equipment at home. Don't use your work computer for anything beside work. On trips (look at 2a), don't bring a computer, let somebody else take it, or organize a computer on the destination. If your job is so important that you need to be on your "work" computer (or have it next to you) at any moment (please read: in your spare time), then you should have a privilege to use it as you wish, even if it's company computer. Another problem is this guy's health. Somebody mentioned that a laptop is 1.5 - 3 kilograms. I was issued a 3kg laptop + adapter which I carried in public transport (mostly standing in crowded trams and busses) during my commutes. After 6 months I requested a sub 2kg laptop because my back was killing me. It's easy if you're driving to work, but if you're bringing it around on a shoulder (why should you buy a backpack for company's computer), then that's a highway to hospital. So, the question is: why did the guy get a laptop? Was he forced, or did he want to get it. If he's forced, he can either refuse to use it outside his workplace, or, if the company is so paranoid, request a permission for every usage of laptop outside his work place (this will make PITA to IT guys :D). If he asked for it, then play by the rules you willingly acknowledged.
Either way - buy your own equipment, and work@work, don't read slashdot during work hours.
Load Portable Apps on your flash drive, and then load Firefox (or Chrome) on that. It'll keep all of your browsing history and temp files on your flash drive.
While, I agree you should play safe, I have to also call BS on the ability of the BIOS to keylog a linux distro that isn't preprogrammed to allow it.
Take a look at the system requirements:
http://www.absolute.com/products/endpoint-security/computrace
Notice it doesn't support any distro of linux. I imagine you'd be quite safe using a live cd of any OS not on that list.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Today you're going to learn about something new (to you). It's called SMM, or system management mode. Go look it up. It might also interest you that the Intel CPU isn't the only processor in your computer: http://www.youtube.com/watch?v=tmZ4yXuDSNc
Executive summary: There is a software level below the OS even without virtualization.
I would never allow you to manipulate the laptop that I give to my employees like that. It's a work laptop. You want to play games, you can get your laptop, and travel with two. It's not a huge deal. Certainly I'm not going to bust you for reading an ebook or surfing the web a little. But you're forgetting why I gave you the laptop in the first place.
By doing so, it's my responsibility to keep it running well. if it fails, you don't need to do your work. But every time you install something, go to some random web page, or just use up more ram that I planned for you to use, you risk making the laptop a little more unstable. Then if it breaks, it's your fault but my problem because you aren't getting your work done.
I do put tracking software onto my employees machines. It's nothing scary, just timetracker, logs a spreadsheet of active window titles. They can see it, they can look at it, and yeah they can manipulate without my knowing. It's supposed to replace their hand-writing a log of their activities. It's a way for me to know how much time is spend doing what, so I can improve their work. It's not about beating them down. They're welcome to remove the six hours of solitaire from the logs.
So for all of the effort that you plan to put in, imaging and whatnot, why wouldn't you just get a $600 machine of your own, and not worry about anything.
Companies provide people with laptops in the hope that those people will do "free" extra work for the company. In some cases, the use of a laptop for whatever-the-hell-I-want while stuck in a hotel room for four days between conference sessions makes up for that extra work they might occasionally get out of me.
The convenience works both ways. On one hand, sometimes during a busy period, like say a Sales Conference coming up where the employees have to put the finishing touches on their presentations, having the laptop instead of a desktop saves the employee from having to stay @ the office up to 8pm until it's done. Otoh, it sometimes gives the employee the opportunity to work from home, connected to the corporate VPN, in case there happens to be an emergency - like the kid is sick or some such.
And even for employees who lock their laptops within their desk drawers instead of taking it home (there were times I used to do that) - laptops are still more useful than desktops. You are called to a meeting where you are either going to be referring to your e-mails or other files, or if you're driving it, use it to show your presentation. And in the event that it's a worthless meeting that you were just forced to attend, you can be productive during that time on your e-mail or other stuff (although I've seen some bosses crack down on that and demand that the laptops be closed during such meetings).
There have been times when I've had to lend a laptop to a colleague, and even give him the password in the event that it was screen locked. So I'd give it a differnent password from the ones I personally use, so that my sharing it doesn't give any insights into any of my other passwords. Given all this, the last thing I'd want to do w/ my laptops is put personal info there - even if IT were to encourage me to do it. There is something to be said for separating the worlds, as George Costanza of Seinfeld would put it.
use your favourite linux distro to boot from a usb hard disk where you have your video and personal stuff, a little slower but you don't have to wipe anything !
I simply use an encrypted 1TB USB3 disk and Linux, with a SSH socks proxy for browsing. Yes, I am paranoid.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
I would carry an extra bag: and it would be my notebook. If I have to carry their thing, then fine, I will carry their thing. What I do on my stuff is mine. They can't snoop, and don't have any business in my stuff (and likewise, my stuff isn't in their business). I worked for a place that was always worried about people taking software home (there were always lots of system install disks laying around because they had 5000+ site licenses every year). They were very Pro-microsoft, but I am a Linux guy, and didn't care about their install disks (and no, I don't care about their stuff, and I was never even tempted). I had to install a crapload of MS operating systems on old machines because my normal job (mostly taking care of advanced unix servers) didn't occupy enough of my time. Unix doesn't break nearly enough. I also had to shutdown/restart machines monthly, since M$ operating systems are flaky. The unix machines they replaced needed to be cycled about every 3500 days (9 years 7 months 3 days) although we had some that went past 10,000 days without problems (and continuous heavy loads for that whole time).
My company, also unnamed, has policies and employment agreements against doing such things and even goes so far as to send out quarterly newsletters informing the employees that individuals have been sacked for violating said policies. It just isn't worth it. Find out what is and isn't allowed on the laptop. My company does understand that people will browse the web and has no issue with that as long and the content and sites are safe. They have laid policy that personal email can't be checked (makes sense with viruses) and that we cannot install non-licensed software (theft, if you think about it). So really it is a matter of security in the end.
Really.. its not your machine, don't screw with it.
---- Booth was a patriot ----
What you propose is exactly what the employer wants (or should want, if they aren't stupid). You use your own devices for entertainment. If you aren't in immediate need of that laptop, then keeping it locked up is perfect.
And then when you DO travel, take the laptop with you if only to use as your remote terminal to work. On the plane, you can use your phone and/or whatever other toys you want to bring for your entertainment. But keep your personal nonsense OFF the company computer.
All of this goes for the article submitter, as well.
I carry a second hard drive and swap out the work one with my personal one and vice versa. It's a no-brainer, small, lightweight solution that has zero impact on the company's hard drive, security, etc. Carry it around in a decent protective case.
If that were your drive, we could have your personal information sitting on a shelf for years, waiting for someone to access it. While this didn't happen to me, a friend of mine was asked to peruse the hard drive of a terminated employee, and what she found led to criminal charges being filed against the ex employee. Not saying you would do anything illegal, but never put yourself in a situation where someone else has unlimited and unrestricted access to your personal data.
Very true. (And to me) more importantly if the laptop has HIPAA on it and the temporary images don't follow HIPAA rules you are personally liable. You, OP, will pay the fines out of your pocket. And that may prove difficult without a job.
Try working at a consultancy house, then at times I ended up with three. Their laptop, the client's laptop and my laptop. Still, unless it's the difference between carry-on and checked in luggage I don't see it as a big deal as corporate travel generally meant taking a taxi anyway and the few meters I walk it's on wheels. If you feel a spare notebook is too much to haul around then drop it and spend you time in the hotel's exercise room. Seriously.
Live today, because you never know what tomorrow brings
I'm starting a new job soon ... That being said, I am not the kind of person who can just 'not browse the internet.'
Dude, the idea isn't to get around the security. It is their laptop. Don't mess with it. Booting a USB drive and using that seems fine, but don't mess with their original installation. If you don't like their rules, find a different new job.
Don't assume, ask permission first. You might be surprised.
If you want to do something totally not approved, get your own laptop.
"Almost every wise saying has an opposite one, no less wise, to balance it." - George Santayana
Unless you count subsidies to the telco industry
Let me clear up the ambiguos advice that preceded this post. Get YOUR OWN machine!
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Well, to be fair in this specific case, Absolute doesn't collect more than basic hardware and state information until you report it as stolen. And, yes, there are limitations to the BIOS implementation. It's really just a persistence module to reinstall the agent software on Windows and Mac OS. However, the inability for it to properly function and call in can be cause for alarm on the part of the employer.
The first, most obvious thing to do is to ask your IT department, your boss, or whomever is responsible for communicating policy to you, what you're allowed to do with it. If they say "No personal use at all," then don't use it for anything personal. Full stop. Get a smart phone or tablet. If they say "limited personal use is OK, but you're responsible for the integrity of the machine", then don't do anything stupid with it, which includes anything NSFW or something you wouldn't want your boss to know about. Ask them if the computer has spying software installed. If they're that serious about wanting you to never check your personal e-mail on it, then they'll want you to know that, and will probably acknowledge that they're using it. Granted there are some people who deliberately give their employees enough rope to hang themselves with [waves to former employer], but most are more interested in getting you to follow policy in the first place, not firing you for violating it after the fact.
The other thing to do is honor whatever constraints they've put on the machine. If they've made you a non-power-user, then don't try to install software on it, even if you know how. If they've disabled the USB ports or booting from external devices, then don't try to get into the BIOS and turn them on. Basically, anything you do to try to outsmart the techs, even if you succeed at it – especially if you succeed – will just piss them off, and they'll throw the full force of the company's official policy at you out of spite.
http://alternatives.rzero.com/
same here, big company, encrypted drive, big-bro seeing all in the background. Simple solution : on friday night, I pop out the hard drive, put in my privately owned HD with the OS of my choice. can do EVERYTHING bad I can imagine, without any trace on monday morning. re-imaging is a pain. simply pull-out / push-in HD.
Rather than worry about the company, worry about yourself: do you really want the company to see your data? The computer assigned to you is their property and they have the right to reclaim that property at any time and for any reason, and they are not required to give you time to "get your affairs in order" ahead of time.
Those are the system requirements of the management and tracking software, genius. If you read further and not just linked the first thing you saw you will see that the agent software is embedded in the firmware "and even if the hard drive is completely reformatted or replaced" the agent is active.
You'd make a good crook though, they tend to be dumb and overconfident.
Considering how cheap good enough hardware is today, why risk messing with your employer's hardware?
Go to a pawn shop, and get a used laptop for basic stuff. I have seen laptops sufficient for non-super powered web browsing for under ~$150. A new Kindle Fire tablet can be had for under $200.
or get an Amazon EC account. Then you vnc or rdesktop there (or onto the netbook if the screen is too small).
What you consider is probably criminal, puts your company into danger of violating recording rules, and useless in case they are really paranoid.
I know that I am going to sound like a broken record, but buy another laptop take it with you while traveling. Or better, but an iPad or other tablet - you can probably do 99.9% of what you need to on that (checking email, reading books, watching a movie).
....Try reading the corporate SOP.
Step Two: When in doubt, ask.
Step Three: If the SOP isn't something you can abide by, find another job. Dishonesty WILL ruin your career.
Regards;
The system requirements are actually for the agent software. The firmware embedding is a persistence module that "self-heals" the agent software. The references to it surviving through reformatting and hard-drive replacement is the fact that the BIOS will re-install the agent on the new OS / Hard Drive. Black Hat 2009 had some research presented on the shortcomings of this technique, which is summarized on coresecurity: http://blog.coresecurity.com/2009/08/11/the-bios-embedded-anti-theft-persistant-agent-that-couldnt-response-handling-the-ostrich-defense/
That being said, preventing the agent from calling in when you know it should be calling in would be cause enough for an employer to be suspicious.
Are there any other precautions I could or should take?
Yes. Check your employers rules on private use.
If they allow it - forget about private mode and encryption, if I control the hardware, you can't hide from me. Don't treat the company IT like an enemy, unless you want to be treated likewise in return. Storing your personal data on an USB stick is a good decision, however. Not for security reasons, but because it makes the seperation between work and private simpler.
If they don't allow it - get an iPad for the road.
The one thing IT departments, and especially the IT security guys, can't stand and will come down on like a ton of bricks if they ever get the chance are the "power users" - the people who know enough to screw things up and not enough to resist doing it.
If your machine is locked down tightly, there are reasons for it. They might be bullshit reasons, in which case there are appropriate ways to challenge them and get things changed. Playing Johnny Hacker isn't one of them.
Assorted stuff I do sometimes: Lemuria.org
Just swap out the hard drive, easy 'nuff to drag along another 500G 2.5" drive. Hopefully your laptop makes accessing the drive easy. I do this with my Thinkpad, but more for WindowsLinux transitions...since it's my laptop.
...but can't.
There are several countries where going through customs with TWO laptops will ding you for import fees on the 2nd laptop.
paintball
I love how everyone says boot usb or cd, but if your IT department was smart enough they would have disabled the boot other devices made the HDD the first and only boot option and then locked you out of the bios so you couldn't change it. If you really much do personal thing on the computer ask the company what you can and can not do with the laptop. If they say you can't do anything, buy your self another hard drive install your OS of choice and move on. Don't mess with their partitions and/or anything that's on the hard drive that's already there because most encryption software will log that kind of thing or prevent you from using the hard drive at all. I've got my work computer locked down, but it's video card is also really nice so I did this to my laptop. can't boot up CD's or USB sticks on it so another hard drive was my only options short of running a shell on top of my OS that it starts off with.
This is a Mac, what you have there is an embarrassment to your fellow computer users.
Laptops are not that expensive. If you're interested in doing something personal on a laptop go buy one and take it with you. Don't use company property for anything personal. If you have trouble with this, then you probably have problems with ethics in other areas of your work as well. Where do you draw the line?
Why are you playing games like this? If you are doing something that you don't want them to know about then put up your own 2 cents and use your own equipment.
But better yet, if you are doing something that you don't want people to know about than you probably should man up and stop doing it in the first play.
Well, I was sort of a quasi-IT engineer, and good friends with the real IT folks, so that's probably the only reason this flew. But my best setup was running some 64-bit Linux distro on the bare metal, and installing the stock IT WinXP Pro build with the ancient IE6 we needed for mandatory training in a VM, with all of their stock full disk encryption and everything.
Also had a separate WinXP Server x64 install for a few games. But never porn. Even booting from LiveCDs, I'd never use work equipment for porn, if only for the pure terror from the inevitable nightmares that you'd get from imagining your strange donkey porn popping up onto your laptop during staff mtg presentations. Just don't go there! :P
A former customer demanded everyone use Windows laptops, and had an insecure locked-down configuration that accidentally prohibited the use of Windows ssh. I chained it to a desk inside the firewall, and used an rdp session to access it when traveling. My (personal) travel machine contained no work files, not even email, just a copy of rdesktop and a putatively secure VPN for contacting work.
I don't like modifying the work machine to support my environment, I'd rather have an environment and ssh or rdp into any legacy systems. Rdp supports mounting disks and virtualizing devices, so it's not hard to export the required parts of my environment to the crippled Windows box.
--dave
davecb@spamcop.net
Just install VirtualBox, create a virtual machine and from there run all your needed programs. For added security do not connect your virtual machine directly to your company's network, but to an outside VPN. And you basically have two machines, one fully sand-boxed virtual machine and your basic work laptop.
If you are so hard up to use the internet, etc. either buy a tablet or a small cheap laptop.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Unreasonable?
I've done travel for work. Often it involves me bringing along a work laptop, and my 12"eeepc. You probably only need to bring one mouse, one network cable (or ask the hotel desk, they often have extras if wifi isn't an option). The eeepc is the size of a small textbook, and the power adapter is the size of a snickers bar.
If you travel so much that adding a netbook is too much for you, then you need to reorganize your carryon or hit the gym.
And when I say I've done travel, I've been in the desert, under HMMWVs, through customs (where my coworker's fruit smelling shampoo set off the sniffer beagle), given 1 days notice to travel to the Mexican border for a month.
What I'm saying is that if having a computer is just that important to you that you would consider the effort to image wipe and replace the entire disk drive, a netbook is a pretty freaking simple option. And as a bonus, the 1215n eeePC can run WoW if that's the real 'can't live without it' reason. If it's porn, well, it can handle that too.
(heh, the captcha was 'misused')
If your IT regime has any sort of remote update system, your backup image will gradually get outdated as IT pushes patches onto the standard one. It will be seriously out-of-date if you ever restore it before returning the machine.
To a Lisp hacker, XML is S-expressions in drag.
Install VirtualBox and create virtual machine. You can nuke the disk image before returning the laptop.
Informative really? Of all you readers I'm the only one that's heard of the evil maid attack?
http://en.wikipedia.org/wiki/Evil_Maid_attack#bootkit
There are bios level key loggers, so keep thinking your keyfob or live cd can't be logged but I'm afraid your wrong.
"(I) have this unfortunate condition that causes me not to believe a single thing any politician says when a mic's on.
If I find an oppressive scenario where I can't use the laptop to my discression, you can keep the system, I don't want anything to do with it. A fairly functional laptop is cheap ($400) and anyone viewing them as a privledge or some godsend from their employer are being well duped. If it's required for work, then that's the only time I'll touch the system, you can forget any voluntary work. I'd rather carry two systems than deal with tyranny, plus it's great excercise. Any additional time through security can be billed to your employer due to their own policies.
Activities generate logs.
Sometimes it isn't the activity which can be suspicious, but the absence of any activity when activity is expected to be found.
Not that this is an argument for or against alternative ways of using company hardware during non-business hours, simply a warning that a vacuum can be far more obvious than a bad smell.
There are two kinds of laptops - ones that contain sensitive information, and ones that don't. If it's that sensitive, you shouldn't be browsing the web on it at all, even for work purposes, even to check in for your return flight on a business trip. If it's just a regular laptop, reasonable personal use is usually OK, just as it's usually OK to call your kids from your company cellphone whilst on a business trip.
There are good reasons that your corporate use policy most likely prohibits you using their laptop for your own personal use. Here are some of them:
1) Protection from liability. If you use the corporate laptop to do something illegal, it exposes them to liability for providing the means by which the crime was committed.
2) Protection from you: If you use the corporate laptop to do something personal, and you get the machine infected and the company's security is breached, it may very well expose company-sensitive data, and you will be responsible.
There are many more.
Just do yourself a favor and when you're at work, work. Get your own equipment for your own personal activities. They have no place on your company's laptop.
I have re-imaged my laptop issued by the company, granted myself admin rights and stripped off some of the cruft with which company laptops come equipped and installed non-standard software, but I work in IT, and I have access to all the tools and images and am in a better policy position than it sounds like you are. Were I not deep in IT and secure in my position, I would not try it. You are issued a laptop to do a particular job, and that's what it's for. If you just can't make yourself not surf naughty teens websites, get yourself a tablet of your very own and use that.
One possible geeky solution would be to create a virtual instance on your laptop and use that to watch naughty nurses. But even that might not be safe depending on whether there's traffic analysis software on the laptop or just hooks into the browser.
What it comes down to is this: There's a recession on, buddy. Be happy you're employed. Don't screw around with company property.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Okay .. we can play that game. But you have to get lucky *every time* .. I only have to catch you doing it once.
.. if you don't like it, go work somewhere else.
The corporate policy is there for a reason
We are not "lucky" to have an employee like you.
--IT Security Director
Stop being a cheap or lazy bastard and buy yourself a personal laptop.
What is it with you guys? it is not worth it in any way to use the company laptop for personal use.
Do not look at laser with remaining good eye.
A company that distributes "secure" laptops but fails to lock the BIOS and boot order (and make use of the on-board TPM to secure the physical hard disk) either doesn't care or isn't trying.
How is this any different from doing personal things/errands on company time? I mean most of us (including me) telecommute to work and I use my office time to do personal work (gym, errands, cooking, etc) while also giving up my personal time (weekends, evenings, etc) for company work as it comes up or becomes necessary. So by that same token, does company property really have a right to dictate what you can do with it? You are giving back to the company in terms of work done, productivity, reports, etc. As long as you deliver what's expected, why does it matter how its done as long the its not compromised?
They're not (usually) going to sniff your internet traffic... They'll more likely look at browser history and file contents, and usually in the "normal" places for the usual file extensions. Running an alternate operating system renders the issue moot.
1) Download and install VMware Player
2) Download and install the Linux distro of your choice, with a small disk so it doesn't waste too much space.
3) Enjoy all the surfing you want.
Yeah, you said it was probably locked down, I know. But maybe this is something you can ask about? This is what I do, but I usually carry my own personal laptop.
Alternative 1:
1) Download your favorite distro's "live" CD
2) Boot it up and have a good time.
You should be able to do that at least, right? You can save files/configurations to a stick.
Alternative 2:
1) Download your favorite distro
2) Write it to a stick with LiLi USB Creator (Windows) or one if the million such apps on Linux, such as usb_creator.
3) Boot that up and rock on.
A clever person solves a problem, A wise person avoids it. -Einstein
Get your own hard drive. They are super cheap and super easy to change out on most machines. Especially if the drive in encrypted, if you expose some company info by changing the system it could be your job. Make a complete other install and tweak it out how you want it for travel and personal use. Keep your work life on one disk and your personal life on another, just don't show up at work or a meeting with the wrong disk!
If you are that paranoid, you can pull the hard drive out of the laptop before you boot off a usb key/flash drive. Or buy your own internal drive and switch it for when you want to use the laptop for personal use.
Download VirtualBox or any other VM software. Install your own OS there and programs. When you leave the company you could just simply move that image to another computer or just erase it if so you desire.
I have an HP Elitebook for work, I travel a fair bit, so I bought a netbook that has the SAME power adaptor, which saves most of the annoyingness of having 2 laptops. The netbook even fits in my company issued laptop bag along with the company laptop. I don't even browse for work related stuff on my work laptop. The browser is so locked down (and stuck in an older patch of IE) that it is annoying to find answers to API problems on forums and whatnot.
If you were working for me (I'm a business owner and virtual CIO for other businesses) and I saw this post or discovered your intent YOU WOULD BE FIRED! I'd just shout NEXT out the nearest door and start the next eligible candidate tomorrow. I'd be glad to have your type of employee gone from my business. It's no different than the policy for a company car or any other imprtant business asset. I own it. You don't. If you're going to spend your time violating my policies instead of doing your job and making me money you are going to have a hard time staying employed anywhere (especially once the word gets out about you among your local HR people).
Officially a geek since 1984
Buy a spare hdd if you're married to windows otherwise boot to Linux on a USB stick. Consider portableapps for stuff when at work
sag
if they're considering issuing a company laptop, that the work probably involves connecting to the company network to do stuff anyway.
Connected continuously or connected intermittently? E-mail can be downloaded, read and answered offline if it doesn't refer to something specifically online, and then sent at the next coffee shop. A computer program can be checked out, developed and tested locally offline, and checked in and tested on the farm later.
Perhaps this is something that should be considered for all company issued laptops. Have them set up from the git-go to dual boot. The company OS can be on an encrypted partition with a separate partition set up for the employees personal OS. Install Windows on there, but allow the employee to change that if they wish.
Problem solved. Companies data is behind company encryption safely away from any malware and/or viruses that may infect employees partition.
--- Keep the choice with the user..
There's an item that is easily portable, that you can watch films on, play games on, browse the web and read ebooks on.
It's called a smart-phone.
I have a personal phone and a work phone. My personal phone is perfect for keeping me entertained while travelling, and no trouble to carry.
because that's what the IT department installed on servers?
but it's great anyway. local access to company and user data, beats syncing heavy files over the same network, even IT can like it better. regarding X though, it's awesome for beaming text editors and such but with its chatty protocol, RDP and similar can beat it on other things.
See 18 U.S.C. Â 1346. Then see the penalties and prison term you could be sentenced to.
Then, make your decision.
this is what I haven't understood yet in all of this discussion. half the posts are about bringing a redundant inferior computer with its AC adaptor and whatever.
why shouldn't you visit porn sites on the company laptop? a locked down computer *should* allow you to visit any website. it's not like security depends on it, or are we again in the IE5 and XP SP0 era? porn is NOT illegal except for some copyright infringements concerns you have no control over. likewise, are your downloads filtered by content type so you can only download .doc and .pdf from your corporate mail? I don't think so. this is USER data, an honest admin has no reason to spy on your home directory and report you for storing media files.
use the web : you could have a media server at home with a web front end that lets you access or stream the content. or have a remote desktop running at home or even in a datacenter, accessed through a web based client. you could play flash games and that may be better than crappy cell phone games. read e-books in your web browser. don't ever try to run any user installable crap like google chrome or portable .exe for firefox and other software, this is breaking the limits of course.
Is the hard drive bay sealed? Unless it's one of them irritating machines that requires you to separate the case to remove the hard drive just buy another one, pop it in there and load it with the OS of your choice and then swap them as needed.
'I am not the kind of person who can just 'not browse the internet.'
Who is? The problem that the poster may be pointing to is that it's not hard to forget which laptop is which and jumping on the Internet to check personal email or whatever. If your company has given you a Windows laptop, use a Mac or better still a Linux machine as your personal laptop. The operational differences should be enough to remind you which one you're using.
If you've accidentally stumbled onto xhamster on the company machine and anybody notices, just open your eyes wide and act dumb. Screwing around with hard disk or anything else makes it look like you've been on an Al Qaeda chatboard or something; don't be an idiot.
You might first check with the company policy on use of company-owned equipment. It may be acceptable for you to watch a netfilix movie, read an ebook, do some shopping or check personal email via a website like gmail. The company policies may actually be reasonable. On the other hand, if the work you are doing requires the highest level of security , then no you shouldn't use the computer for anything else. Check first. If the answer is no, then respect it or get another job.
If you are not allowed to use the computer for any non-work related stuff, buy a lightweight laptop or tablet for travel. It's not that hard.
If discovered, any attempts to circumvent the company security (successfully or not) are grounds for termination. I'd say you should not even usie a USB key with a distro unless explicitly approved. It's your employer's (or the client's) call. Copying and restoring the disk is just completely out -- what happens if someone else notices it while you're on your trip, or something bad happens to the laptop and the admins can't remotely control it?
Ask, and if the answer is no, buy your own device to travel with.
We have a job title for arrogant users like you, former employee
It gripped her hand gently. 'Regret is for humans,' it said.
If you can get the hard drive out, just carry one personal drive, and the work drive. If that isn't possible, just fix up a bootable thumb drive with Ubuntu or something similar.
...our company's laptops are very locked down, all internet request go through proxies, and they bar access to personal email sites, social networking etc (I work in a highly regulated industry). So I carry an external hard drive and just boot from that into Linux - the internal drive is encrypted and the two OSs never know the other exists. Works great.
Oh for fucks sake. What is it with you people? If you don't want to do additional work on your own time than don't. Don't use this concept lead you to doing something against company policy.
But what the fuck do you care? It's not your job nor your company. I just hope I never have to work with a fucktard like you.
"Using Company Laptop For Personal Use" Title tells you everything that is wrong with this question. "Company Laptop" - You dont own it... dont mess with it. "Personal Use" - Nope its not intended for personal use, its a tool given to you, so you can do your job. You wanna play games and surf the net? Buy a Tablet they go from $200-$800 depending on what you want. I would be really pissed off if a user did this. You think imaging the laptop etc.. is a perfect plan, but its not worth it, if things go wrong.
There is nothing to prevent the OEM from installing a 4+GB flash drive on the Mobo as part of this program. Does the app need to be larger then that? Don't think so if it's working at the hardware level.
Mod me up/Mod me down: I wont frown as I've no crown
Yes I know it's redundant. But it needs to be reiterated. Again and again.
It used to be very difficult to deal with this situation. Carrying a second laptop was a lot of effort. The laptop was heavy, it required a case, it required a charger.
Not any more. An iPad weighs about 1.5 pounds, has a very nice form factor, and is quite usable for Internet access for an entire day without needing chargers etc.
buy a fucking iPad
1. Look at the news.
2. Look at your horoscope.
3. Look at the weather.
4. Stay off of social media.
5. Don't write anything or watch anything your mother would see.
The only secure computer is your own computer, barring any viruses.
The mind conceives, the body achieves, the spirit manifests.
As is having to pack two types of clothes on business trips, one for work, and then leisure. Yet people do it.
Seriously. What are you thinking? Also, many states have serious legal issues with ownership of personal things down on corporate equipment. You don't seem to smart. Is this a help desk job?
"My company is issuing me a laptop. I want to do stuff on it that I assume they don't want me to do. Here are some ways I've considered to subvert their policies--are there other ways to subvert their policies I haven't considered?"
No dialogue with the employer. No consideration on the reasons behind the policies. Heck, he doesn't even have the machine yet to see if it really is locked as hard as he thinks it will be. Yet he's ALREADY planning how to use his COMPANY-OWNED laptop in ways he assumes the company will explicitly prohibit and try to prevent.
The problem isn't that he's trying to find a "safe" way to use his company laptop to do non-work activities. If my company didn't allow non-work on their machines, I'd have quit long ago. I understand that impulse. The problem is he intends to subvert their policies and lie to them about it (at least by omission, more likely by signing an acceptable use policy he has no intention of honoring) as a FIRST OPTION, without even TRYING to ask about what the policies are or their reasons.
I'd fire OP in a heartbeat. If he's this tone-deaf and this low-integrity on this policy, I shudder to think how he'll react to any other policies he'll find personally inconvenient.
* My company has a proxy that blocks certain content I want to watch in the office. How can I set up a tunnel to outside the firewall so I can do what I want?
* My company allows me to expense business meals. How can I make it so taking my girlfriend out for a nice dinner qualifies?
* My company travel agency has policies that won't let me select flights that are more than $X more than the cheapest flight available. How can I set my query so the current cheapest flight doesn't show, and the flight I want becomes OK to select?
I'm going to tell you exactly what you need to do, and it's extremely simple.
1. Reimage that bad boy to your heart's content and install whatever you want.
2. Reply to this post with your position and company name. That way, anyone reading this thread will be able to watch your company's job site to see when your job comes open after they can you.
If you think I'm kidding, go ahead and put your plan into action. You think you'll have time to return your laptop in pristine condition, but what's your plan when your boss stops by your house on a weekend because his laptop died two hours before he's scheduled to fly out for a meeting, and, since he went by the office and didn't see yours in your office, he knew you must have it at home? How are you going to stall him, and, even if you can reimage it while you pretend to take a very long dump, how are you going to explain that it doesn't have that mission-critical application that IT pushed out last month and asked everyone to install when they were prompted to? And what will you do if the laptop gets lost and IT can't contact it to do a remote wipe? If that happens, you'd better pray the thing isn't found and returned, because it likely won't come directly back to you, and IT is going to be pissed when they see what you did to it. And these things do get returned on occasion. My department just had one that was returned after going missing 14 YEARS ago.
Is saving a few hundred bucks by not buying a netbook or tablet worth possibly losing your job?
First off, if you like your new job, ask your new employer what you can do with their equipment. You won't get Admin from me either- that's policy. But if a user (you) asks me for software for playing movies, eBooks, other multimedia bullshit, and is willing to work with me and the policies he/she has to operate under, and understands there are policies *I* have to operate under, I'll do what I can to accommodate your needs. You catch more flies with honey, as the saying goes. All you gotta do is just ask and not assume that IT are all BOFHs.
If you don't like your new job, want to play "wannabe" guru, then go ahead an screw with the laptop, and your paycheck. I'll make sure that when I find things you've fricked with, that you go on the A-list for audit scans. A for Accelerated. I'll also make sure your laptop is fully compliant with policies, and take the extra precautions you mentioned re: locking down settings. And it will all be documented. I'm not being an a-hole, but if you don't give a shirt about company policies and want to 'take matters in your own hands', then I don't trust you, and will do what I have to do to ensure my job isn't compromised by your crazy-train inept attitude.
This guy hasn't thought this through. This is not a battle that can be won.
Even if he were able to bypass his corporate VPN, bypass any proxy, erase/encrypt everything he did, and re-image everything, he still wouldn't be able to prevent a key logger from recording and emailing the corporate office a regular log of his activities, nor would he be able to prevent the tracking software from taking random screenshots of his favorite porn sites and sending those off as well.
And yes, he could backup and wipe his system clean as soon as he was given the laptop, and install Ubuntu or something, but I'm not sure how he would handle those secret hidden partitions that are often left there by the manufacturer, nor would he able to explain to his employer why his laptop has suddenly stopped accepting software updates, or remoting requests from IT. And yes, he could boot his laptop from a usb disk, or from a DVD, which is less risky, but that too has risks if any of the tracking is done at the hardware-level, which is done by some of the tracking products out there (so we all know this kind of tracking exists as well, and is commercially available).
I have the same situation - a company-issued laptop. I carry it - and I carry a personal laptop as well. No big worries carrying two laptops with me, but then again - I'm not a 98 pound weakling who complains about carrying 12 pounds of laptop through an airport...
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
If you are a programmer, Linux is your thing anyway. Image the drive, then download linux. If you have to, just partition to dual-boot... otherwise, just go whole hog and wipe it with Linux. You'll be happy you did... I ended up being 10x more productive than anyone in my department just due to moving away from Microsoft and on to scripting/automating things on Linux. With that level of productivity eventually comes power -- power enough that you can stop hiding your install and do what you want with your "tool set."
I worked three or four years this way until I got into management where, darn it, everything is latest fashion of power-point, Excel (with macros), Lync (Office Communicator) and crap like that. I really wish I could work in another environment, but the most convenient thing right now for me is to load Cygwin on Windows. If I figure out how to keep up with Microsoft crap, I'll hop back to Linux as my desktop in a second.
So, again, while you are not a management guy, just do Linux.
You are the worst kind of employee for any IT department. Why don't you have your own computer? Why do you insist on using something the company provided you for personal entertainment? Buy your own laptop/desktop/tablet/phone to use for that.
If the company gave you a car would you use it to go to the movies, grocery shopping, or on vacation? Would you reset the odometer (if you could) when you returned it to them? This isn't an analogy, it's a serious question and I bet I know your answer.
The examples of personal activities listed by the original poster could possibly be done on a tablet like an iPad. The only variable would possibly be the type of games he likes to play, but if he's a serious gamer he will have a specifically specced rig at home already, otherwise there are plenty of causal tablet games available to play while on the road.
I'm currently playing through Lego Harry Potter on the iPad. I have hundreds of books (mostly sci fi or crime/mystery) loaded in iBooks and have web/mail via 3G. I wish I'd had this kind of convenience when I was travelling for work a few years back. I used to take 2 laptops on the road and play WoW on my personal laptop from hotel rooms to spend time with my other half from the other side of the country.
Sara
Designer, Gamer, Macgrrl in an XP World
" I am not the kind of person who can just 'not browse the internet.' " - really? I mean seriously?
Yeah, I understand. I am not the kind of person who can just 'not rape little girls' either.
Seriously, just don't do it, it's that simple. If you have such a strong desire to play, then get a personal laptop and bring it too. I know two laptops is heavier and all, but it can be a MacBook Air, or even an iPad or whatever floats your boat. Then you can play all you want all day long without worrying about screwing around with your company PC. They won't monitor you, and you won't mess with their image or risk compromising their security.
As a second-best option, you could have a USB-based linux boot partition that doesn't read/write the real HDD in any way - but you would have to reboot every time to use it anyway.
But what the fuck do you care? It's not your job nor your company. I just hope I never have to work with a fucktard like you.
Hey, I'm not a Jew, what do I care about where they ship them off to? I just hope I never have to live next to a Citizen like you!
I always just run opcrack (assuming it's win, it always is), give myself admin rights, and fix anything I find "wrong" with the setup. I assume I can do anything that I can do, if they didn't want it done they would have made it not do-able. I have never been challenged or questioned. Sometimes IT changes my rights back to less then admin and I have to open it back up, but no big. If they can keep me out they are welcome too, if not I will set it up how I like. I don't get malware and i don't DL anything dangerous, and with 30+ years experience I figure I probably know more about net safety then they do anyway. And if not, they should have done a better job of securing the machine.
Past experience posting this philosophy tells me the IT security guys will jump all over my bad. As always, fuck them. If you can't keep me out don't complain about what I change. If you knew what I needed for a usable system I wouldn't have to go to the minor effort needed to set it up properly.
The reason we subjugate ourselves to law is to better procure justice. If law does not accomplish this purpose then it m
Plenty of companies, including those I've worked for whose names you would recognize, install software that prevents any writing or even reading from USB drives, CD/DVD/Blu-Ray, any external ports. Only devices whose fingerprint matches the list of approved devices, sometimes even by a specific serial number, are allowed to talk to the USB port. This can be managed remotely, and they can send updates over the open internet even if you haven't VPN'd into the company network.
I had a personally-owned Sprint USB datastick work fine from my hotel in my company laptop one night just fine. Didn't connect to the VPN, watched a couple of TV shows streaming on Hulu. Left it on overnight connected to the public internet. In the morning laptop would not recognize the USB datastick at all. Sprint hadn't done anything. PC was fine. Later I had reason to contact corporate Information Security on another matter. They told me, "oh by the way, we disallowed your unauthorized USB device."
Later I was able to get my manager to approve my getting a mobile broadband card. Sprint. But the one supplied by the company was whitelisted. My personal one was not.
Note that my use of the laptop on off hours, and occasionally for non-work use, was itself not a violation of this company's policy, which did allow "incidental personal use that does not take away from work productivity." But plugging in any device not authorized by them was not allowed, was logged, and could be remotely disabled.
Are there any other precautions I could or should take?"
Yeah. Buy yourself a laptop and use _that_ to watch pr0n.
Sorry: "read an ebook".
Less than a grand for a laptop. Worth the hassle, imho.
Display some adaptability.
discuss usage policy with employer.
I work for a VAR (which shall remain nameless), and what I've done is simple: I bought a second SATA drive so I could load whatever I want. Then, I carry both drives. When I'm not "on-the-clock", I swap in the second drive and can do whatever I want without fear of treading on my employer's interests.
Neigh-sayers might argue that this is a step too far, I say its perfect -- their interests are preserved, I benefit from the use of their laptop, and no one gets hurt.
Download ubuntu, boot off the CD and make yourself a bootable usb drive that run ubuntu. When using it for personal use, boot off your usb drive.
1) Buy an new hard drive for the lap top
2) Remove the "Work" hard drive, Insert your "Play" hard drive
3) Build your own OS. Install your own apps
4) Swap the drives to your heart's content
I am browsing Slashdot right now from a work laptop, with a 32Gb USB 3 stick plugged in, from which I'm running Linux Mint Works great. My typical SOP is to hibernate Windows, reboot Linux when I want to do personal work, and restart Windows when I'm done. All of my personal files installed on the stick, all of the work files on the hard drive, and never the two shall meet.
End of discussion.
Get yourself a personal laptop. Travel with both when both are absolutely essential.
In some cases, just travel with your personal laptop is probably sufficient and remotely log into your work laptop (remote desktop connection) left at work or at home. (That is what I do and I have never had problems for all my business travel)
I've always insisted on owning my laptop and always will. My employer recently offered to buy me a laptop and I declined for several reasons:
1. I don't want to worry about having to get my data off with short notice. Things are great now, but management changes and I could walk in to a layoff one morning, or I could get another job offer, or just decide to walk if things go bad. Regardless, it's my laptop and I leave it with.
2. I don't want to want to be faulted for using company resources for personal use. If I choose to use my laptop for company business (barring policy restrictions on such a thing), it cannot be held against me.
The above is worth investing $500 to $1,000 of my own money every two to three years.
Does the laptop have USB 3.0? If so use some free virtualization software (I like VirtualBox) and keep the VM hard disk file on external storage. I haven't had much luck running a VM off of USB 2.0 storage, but 3.0 should provide enough throughput for satisfactory performance. Depending on your job, use of virtualization software might not even raise any suspicions. I use multiple VMs to create an entire testing development on my one machine.
That being said, preventing the agent from calling in when you know it should be calling in would be cause enough for an employer to be suspicious.
Bingo.
In fact, that very scenario results in alerts from the Absolute management console that causes IT to seek out the laptop to figure out what the problem might be - It's one of the key indicators that the device is in a 'suspicous' state.
You can afford to do this because you have a job. No need to be defiant just because you can. Live Linux USBs and Live optical disks can sometimes (very rarely) interact badly with the host system. I once made a DVD drive invisible to the installed system after using the drive to run a live CD. I got it back, after a bit of work, but there was no sweat because it was my computer. These days there are netbooks, tablets, smartphones, media players etc etc. All have a small form factor, which makes them easy enough take along with you in addition to the work-supplied computer. And most can be had for a couple of hundred bucks.
Dude, I can hear the HR officer explaining your pink slip. "It's not about the equipment. Really. It's about the position of trust you so defiantly cast aside. You broke your commitment to abide by company policy. Remember the form you signed when you were issued the machine? If we can't trust you here at Assadyne then we can't work with you."
"No fear. No envy. No meanness." Liam Clancy
Our parent company is located in Japan and is much larger than ours. They have some solution in place that basically tracks everything done with the laptop (I have not been able to check it out, I just can't reasonably navigate a computer that is in Japanese). They can't get into the BIOS and the computer won't boot off a USB stick so they don't have any options they like. I'm guessing the GP's laptop will be like that as well. Even their high level executives carry around a personal laptop when they travel. They are usually both in the 12-13" so it isn't a terrible hardship. That is a nice size as it is still small enough to be less than 3 pounds while still getting an i5/lots of RAM instead of an Atom/little RAM of a true netbook. Most try to buy similar models or a universal power supply to have some redundancy there. Why take bizarre chances if the answer is a few hundred bucks and 3 extra pounds in your bag? I would be very concerned if one of the guys at my company started talking about how they do some batshit crazy thing like imaging the drive.
I guess another possibility is you could ask IT about their policy on personal browsing. See if you can hit your favorite sites while traveling. Maybe they would be kind enough to install your Ebook reader software. Obviously, if by "can't not browse the internet" you mean "Like to get my porn on" you shouldn't even think this way.
It's not your machine, so stop mucking around with it. You will almost certainly impose liability on your company by performing illegal acts on their hardware, something our company takes VERY seriously (and rightly so), an offence worthy of instant termination.
If you want to do all that stuff you mention, go get yourself an Android tablet or your OWN laptop.
1 - you startup the laptop from a usb key. Put ubuntu or something like that on it and you can browse and read e-books without problems. You'll only use the hardware, not the software. Don't use your company's network, that would be a stupid thing to do
2 - use your smartphone instead. Ubuntu can use your phone to connect to the internet, that's another option
3 - find a job at a company that isn't this paranoid and controling
The iPad is the solution to your prayers.
Lightweight, Soon to be Quad-core, unix, and apps for many things.
Or if you don't care for apps, security and patches, get a cheaper Android.
Illegal stuff I understand but why the fuck porn? I watch it and you watch it, it's perfectly normal. Sure there is illegal porn but that case I already covered. I never expected such purist non-sense from the /. crowd...
Most Chinese made laptops (such as Lenovo) have keyloggers builtin on the motherboard.
And if it actively tracks me while on my own time - thankyouverymuchbutfuckrightoffnow, 'kay?
So your advice is instead of some technological solution or a second machine be it tablet or laptop, to instead have the OP resign. I'm sure you'd be the first one to resign if your company's machine use policy suddenly turns draconian.
Stuff like that is easy to say. Come back when it's your turn to put your neck on the line.
Unless you're advocating for the OP to actively subvert the company's machine should such a situation happen. In which case, you'd be in for a rude awakening when you get that termination notice and subsequent breach of contract (et al ) lawsuit.
Don't like having to work under company policies? Work for yourself. That's what everybody who's not interested in the corporate culture does. You lose the job security and stability, but you get your freedom in return. If that's not for you either, then you better hope you're real lucky.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Or at least buy a second drive to put in the CD-ROM bay (assuming you have BIOS access). But really it is taking the piss using a work laptop for watching pr0n.
#include <sig.h>
Laptop hard drives are cheap, and held in with just one or two easily accessible screws.
Remove the company hard drive, pop in your new drive. Format / install the OS, then install your games / movies / music / porn. Just don't forget to swap back to the official hard drive before you head into the office.
Get a hard drive of your own, and keep the company HD separate. That way your not harming their data in any way or compromising their security.
Technically a boot-able usb (HD or flash) or CD would work as well.
One thing I did @ work was to save all my files on Network drives/Sharepoint drives @ work, and have them shadowed on my laptop. Everyday, when I would power down, it would save the current state of my working files, so that I could pick up where I left of, were I to work from home or travel. At home, if I were working (usually I wasn't), I'd reconnect to the company VPN, particularly if I needed to check any e-mail updates before continuing w/ my work, or else, I'd just continue working on it offline. Same for if I was travelling.
That way, in the event of my laptop being stolen (which thankfully never happened) or damaged (which did happen once - the power outlet became so loose that they had to replace the whole thing), all my work would still be there on company resources and once I got a new laptop, I could simply pick up where I left off. Similarly, the work involved for IT to clean and restage the old laptop, assuming that they re-used it, would presumably be minimal.
Why don't you just boot Ubuntu from an external USB stick?
Alternatively, just use a smartphone or tablet for personal stuff.
So your advice is instead of some technological solution or a second machine be it tablet or laptop, to instead have the OP resign.
Actually, I just meant I would more-or-less politely decline to take advantage of the "opportunity" to do work on my own time with company-provided hardware. If that means resigning... I work to live, I don't live to work. If my employer has a problem with that, you can already consider me a short-timer with that company.
I'm sure you'd be the first one to resign if your company's machine use policy suddenly turns draconian.
Nope, but I will stand at the front of the line to demand an on-file exemption from stupid rules. From a past employer's joke-of-a-noncompete (that tried to regulate the totally un-work-related behavior of my relatives), to a current prohibition against salaried employees working on the side (gee, you want me to take an effective 30% pay cut, plan to make up for it?), I don't bother sneaking around when it comes to major policies I dislike. Now, for minor nuisances (like the corporate firewall classifying O'Reilly Media as porn), sure, I'll just circumvent it rather than raise a fuss. But for "terms of employment" level of issues, never, ever accept anything you don't plan to put up with for the long haul, because those terms won't get better over time.
Don't like having to work under company policies? Work for yourself. That's what everybody who's not interested in the corporate culture does. You lose the job security and stability, but you get your freedom in return. If that's not for you either, then you better hope you're real lucky.
I would point out that I live in a "right to work" state - So my employers can get rid of me at the drop of a hat anyway, without cause or warning. Although that tends to give companies a lot more leeway in abusing their staff, it also means that two-inch thick employee handbook doesn't mean squat, when "I don't like the weather today, pack your things and GTFO" carries as much weight as getting caught for the 3th time drunk in a placarded company vehicle.
Comment removed based on user account deletion
Many companies used to say 'and we give you a laptop' as part of the package valued at $2000 per year .
Gently say - I will use my own and take the cash instead, as I really have no flexibility on a crippled device with such limited usability.
It confirms what other posters say - lock up under desk and use your own, because you can't stay with the curve any other way.
Oddly enough company execs are the first to use iphones and 'apps' to do as they please, except the corporate image that is locked down. One rule for them, rules for others.
Just bring your own laptop along. Modifying an employer's machine isn't smart. Let me reiterate something: It's a computer that's not yours. You don't have permission from the owner to modify it. Period.
It is pitch black. You are likely to be eaten by a grue.
Install "Oracle VM VirtualBox" or something similar, create a new VM and use it for all your personal stuff.
I had the exact same problem.
Here's the ideas and why I did or did not go for them:
1) At first I carried round my own personal laptop. This is the best way, but it was adding ~20% extra weight to practically everything I own as a semi-permanent traveller.
2) I thought about asking the IT dept for a permission to do X or Y. I considered this and then decided firmly against it. What exactly am I going to ask? Having to ask to install everything would definitely be unworkable.
3) Then I thought about asking IT for permission to install a separate O/S for personal use. I felt this would single me out for special attention ( a case for anonymouse communication methinks) & they'd probably have to say no for fear of plugging that unauthorised software into the company network.
4) So when my personal laptop broke I bought a much bigger hard drive and imaged to this. If I need to return the laptop or use the company network I just plug the old hard drive back in. This has reduced what I need to carry around with me by a large factor, but I'd prefer to be able to buy my own ultra light and use that for work rather than having to lug this around. I originally had linux for personal work and Windows for work but I've found this was too ambitious - have a separate partition imaged from the original hard drive.
A few things to add:
- a coworker once pointed out that if he asked to use 'my' laptop then really I have to let them do so, since it is not my laptop - be prepared, have everything well organised and passworded
- it's a shame I don't trust the IT dept to talk openly and honest about it, no? A good casestudy for anonymous communication as a workaround
- Be realistic. The OP admits he's internet addicted like the rest of us, be honest with yourself - are you really going to be able to resist the temptation to read Slashdot on the laptop? There's no way you're going to be able to resist not breaking IT policy. Remember what the policy is there for. Care for your company network. Remember that any device getting plugged into the network is a risk not just for them, but for you. That's a line to take responsibility at. If the company has sensitive data on there, see to protect that data from random software
- Failure to manage people in these cases is the greatest failure of IT departments. Giving someone a laptop and then expecting them to do what you say without any interest into human nature can be logical (not what my job's worth, not what I'm paid for) but actually complacent. In a perfect world people would go to work, follow the rules... sleep at work and carry on working, forever. In reality we have a confusing mismash of work and private life. Because of this YOU HAVE TO DRAW THE LINE CLEARLY. Draw a line at company data. Offer users a safe conduit for personal stuff - better to legalise and control than prohibition and black market
My brother is sysadmin and he takes a very simple "You're not allowed to do it, so don't do it" attitude.
I'm sure if enough people were sacked globally, the fear could enforce enough control for this to be feasible. But thankfully the world isn't like that. People aren't robots running on electric. People are people.
You have to treat people like people. Sorry, no choice. You have to have compassion to understand what it's like to be in someone else's position. Educate and support. Show clearly how a closed source program steals company secrets and give them the means to protect against this.
All too often I hear an attitude from sysadmin and I think to myself "If you were at the coalface I know you'd do exactly the same". It's all to easy to sit in an ivory tower. And from a users point of view you've also got to realise the IT depts point of view too.
A blog I run for the wealth
if you want to do something? I mean really, why waste the time especially since it's not your laptop?
A tiny tiny portion of the real early internet was funded by the govenrment. There has been no funding of infrastructure by government for the last 20 year.
Many companies turn off usb booting in the bios, and then lock the bios.
Come out of the bubble. Life is better in the real world, where facts aren't made up and truth is based on objective reality!
Quartz Extreme and Core Image. Are there any other real reasons to spend all that money on generic hardware?
then it never gets to the host OS.
Or run an emulator like Qemu, boot it in snapshot mode and nothing will get written unless you want it to.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Why not just boot from a portable OS on a USB drive or buy a compatible HDD and swap it out during personal use. If the laptop has an ESATA / USB 3.0 port(s) you shouldn't take much of a performance hit. Options abound... boot from cd, edit boot.ini (if you know what you're doing) to be able to multi-boot, use a remote desktop via a proxy service.
Hopefully they don't use full-disc encryption, but even if so you still have options.
And are there actually SMM keyloggers that are loaded via the BIOS available, or did you just hear about SMM hacks from Rutkowska and assume that there must be?
Hi Sam;
I mean no personal disrespect to you, but I find it out that any person in 2012, let alone an IT person or a Slash Dot reader would be asking such a question.
Your company laptop is for company use.
Yes, they will likely examine it.
If you want to surf the web while traveling why not buy yourself your own smart phone, tablet pc or laptop.
Happy Monday
Is this really a fucking serious question? I have to wonder whether a submitted trolled the editors, or the editors are trolling the users.
I am not the kind of person who can just 'not browse the internet.' If I ever have to travel with this laptop, I may want to read an ebook or watch a movie or maybe even play a game.
Seriously, you simply cannot browse the internet? Will you go into diabetic shock without it? Your employer won't let you read an e-book or watch a movie waiting in the airport? If your work machine is so locked down or corporate use policies so strict that you can't use it for any personal use while traveling, why don't you BUY YOUR OWN FUCKING LAPTOP AND TAKE THAT WITH YOU TWO? Or are you too frail to carry an extra 5 lbs of laptop?
Seriously, WTF Slashdot? I figured everything would go to shit when Malda left, but I didn't think it would happen this fast.
Ok OP - you might want to ask your IT Dept what limits are reasonable for use. You might also want to consult the company handbook - chances are they have an acceptable use policy.
Maybe you are new to the corporate world - but policies and procedures are there for a reason. Acceptable use policies protect the company (and fire your sorry ass) when you decide to browse pr0n, download viruses, do your bittorrenting, etc from work. Those kinds of things make the company LIABLE because it is their machine, do you get that? Also, sysadmins frigging hate losing a weekend cleaning a virus out of the corporate systems because a dipshit like you decides he wants to take his corporate machine to places it shouldn't be going. On top of that, there are a lot of regulations (like SOX in the US or the "CSOX" version of SOX here in Canada) that define what IT should be doing for security, etc. We don't just lock people down because we hate people, we do it because we are required to be LAW. We also do it because the average user (which you aren't, I would say) is pretty dumb and can easily hurt themselves and others when given unfettered access (aka "local admin") on a machine - creating a lot of work and pain for IT people that is easily avoided. I hate auditors, I hate some of their picky requirements - but they are there to protect my employer and probably save me time and effort that can be focused on more productive things.
You sir, are trying to circumvent protections put in place for a large number of perfectly good, common sense, reasons for purely selfish reasons.
I would fire you ON THE SPOT if you modified a corporate laptop like that - and you would deserve it.
GROW UP.
True, or never use it in a machine that belongs to yourself or is predictable that you will use. I just wanted Bluecobra to realize that it is not as safe as they think.
"(I) have this unfortunate condition that causes me not to believe a single thing any politician says when a mic's on.
The simplest/shortest answer to this question is: Befriend your IT support people and find out what they'll let you get away with. There's no need to be too secretive about it. If they don't want you to use your laptop for the personal usage you'd like, find out if they object to using a LiveCD/LiveUSB. They may even be willing to hook you up with something. As an IT person, I've even bent the rules here and there for people who were nice enough to ask politely.
If they absolutely do not want to permit your intended usage under any circumstances, then don't try to subvert their security. Too many IT disasters happen when people try to subvert IT policies, even innocently. Sometimes there are important business or technical implications of those policies that you don't know about.
frankly, their sw seems like it would depend on OS side code quite a bit!
not just a little bit mind you. but so much that a fresh os install of any operating systems _on_ the list would render
this pdf explains the non-os side functions. http://www.absolute.com/shared/datasheets/ct-intel-ds-e.pdf . disable and poison pill. not dabbadabbadoo much(and for even that to work the computer has to connect to 'net).
world was created 5 seconds before this post as it is.
Tom is just an example of those idiotic IT types.
I have been using my private MacBook Pro at my company as my work computer for years.
Perhaps it never occurred to you that *I* am more valuable to the company than you? Who would be dismissed, you or I?
they typically only track you when you are on the network. most companies really dont care if you use your laptop for personal use as long as you dont break it or require support with your personal software. Avoid the X rated sites on it or anything like that. For the most part they don't care. Why would they? They just don't want you breaking it or doing anything they consider embarrassing.
i am having trouble with my PC and plan to install turbo tax on my work laptop. no one is going to care. I run minecraft on here too at home. Most companies let technical staff have admin privileges because we are consider competent enough not to break anything. On the other hand, they usually don't provide alot of support if we do. In the past, I have seen IT guys tell programmers 'we can re-image your hard drive or you can fix it'. Cause the programmer installed some things that caused problems.
Some businesses do allow this in Canada, though often it's "limited" personal use.
The caveat though: it's a taxable benefit. In fact, just having a company vehicle and going to/from work is taxable (unless you don't have a fixed work site)
Just buy yourself a 2nd hard drive and swap it out.
Your company spends a lot of money on it's laptops to ensure that workers can do their job - messing with that is messing with your employment. You might be able to do these things once you've earned enough attaboys to get away with it, however, If you need to have a secondary computer because you do things on it that you don't want work knowing about, then you should have a second device - pure and simple. Your employer may cipher the hard disk, so replacing it with a different one might be possible - but in reality, that's not true. The BIOS will likely have recovery software built in - my company does that, and we're not that big, and if they're actually encrypting the laptops, then you might not even be able to use the USB ports the way you'd like and the BIOS may even be locked out as far as preventing you from booting from anything other than the hard disk. Your best bet is to carry an iPad or something else that's small enough to like, but not heavy baggage.
When I worked for...uh, the military...I got one of the "old" (3 years) laptops that wouldn't run Vista plus their security/spying apps and anti-everything, and slapped Mint on it. I needed it for a remote location (et cetera....) and it would never touch the wire. When I left they just put it back in the turn-in pile to be wiped, separated from its power supply and extra battery and disk drive so it would be near worthless, and sold in a lot of 50. Your tax dollars at play.
If you travel and they audit and monitor you 7x24 they need to pay 7x24.
Do not futz with their machine except for work. A tablet or other portable
that you own is your best solution. A USB key is handy because a well
managed company machine can still be hacked. if the company locks the BIOS
With a password and encrypts the system you may also need legal advice.
Border agents want access but it is NOT YOUR LAPTOP so you may be catch-21
caught between a rock and a hard place. If you unlock it you will have violated
company policy and risk termination. Yet, failure to unlock and you risk denial to
enter or return. You may be compelled to open your kimono but not your company
kimono.
Run "your" copy of Windows from a bootable usb drive, unhook the drive it's the companies, hook it up it's your safe haven. Your data is safe and the company data is safe.
I am Bennett Haselton! I am Bennett Haselton!
I know there are people out there who feel they are entitled to use company provided equipment any way they want and are ready to circumvent safeguards put in place to protect that equipment in any way they can. Don't do it get your own equipment, if the company is security conscious like were I work then it is likely you will be caught, terminated, no unemployment, and no references. (Not all companies are like that, but I have seen it to many times to count. I've even seen some get prison time, because what they were doing wasn't legal company equipment or not.)
my daughter was issues a laptop that had a key logger on it. She got called on the carpet by management demanding to know what she was typing in code... turns out her cat was sleeping on the qwerty board....
Republican leadership = Idiocracy
With you newly found cash inflow, buy your own. Keep them seperate. Do not use the company owned machine for anything but company use. Having property damage, corporate secret exposure, and fired for being a jerk, does not look good on the resume.
of your company car usage agreement. I work for a large multi-national corporation that allows me to use the company car just like a personal car outside work hours, even to the extent of taking it on vacation if I want. In return, I pay them a very reasonable monthly fee as rental for the car. The fee is not optional. If you have a company car, it's automatically deducted. I'm very happy with this arrangement.
Buy your own laptop or tablet and use that. It doesn't sound like it's worth it to go to all that trouble just to play some games or watch a movie.
If buying your own laptop isn't feasible--i.e. your traveling all the time, or some such. Why not get a 2nd hard drive and simply swap your work and personal hard drives. So use your work drive during the day, when you get back to your hotel--swap out the drive for your personal drive and watch some porn before going to sleep. Just remember to swap the drives again in the morning... (or you could do it after the porn--just wash your hands 1st!)
It might not be unavoidable but why should anyone care? Maybe the screen's bigger or the processor faster maybe they don't have a laptop of their own or just don't want to deal with the stupid inconvenience of having two laptops on the ready. Whatever the reason, if there's no harm done then what's the problem?
Too all of the IT nerds who clearly don't actually think about what they do and the filth they are pushing down on people. People don't want to carry around two laptops. If the company provides one, guess what, its going to be used for personal activity. Employees are not slaves of the company. If the "company" wants to declare what information will be collected and how it will be collected that is one thing. But if you THINK for a second that as a technically competent user I am going to allow some IT group to push down a horribly configured machine bloated with IT malware that sucks resources and makes work as big as a pain as possible. You are dreaming. To answer the posters question. Just wipe out the IT malware and re-install the OS from scratch. Give yourself admin rights and approach life with the attitude that you are responsible and can take care of your own SHIT. Then when you return the machine just take the hard drive out and say it broke. If they question you about it. Just ignore them. Stupid IT facks.
You will have to check your company's policy on personal use. Generally, a good number of companies do not mind limited personal use provided that it is not detrimental to your productivity and/or you're not visiting certain sites (e.g, no gambling, no porn, no warez...etc). It is always better to clarify what you're allowed to do and follow that. As a member of an IT department, I can tell you right now that messing with the software or hardware without explicit instructions to do so by IT or Help Desk staff is probably going to land you in a ton of hot water when (not if) it is found out.
"If you travel a lot with work, having to haul two laptops around may be unreasonable."
"When I was his age, I worked in a slaughterhouse. It was a good experience. I learned how to use a hammer.”
- Red Foreman
Yeah ......... unreasonable
Then run the most powerful magnets you can find over the hard drive when you turn it back in. Most IT staff are lazy about this sort of thing. If you report it not working, and you turn it in unable to boot to the OS, they'll just wipe it and put the company standard image back on. No one will be the wiser.
Problem solved.
Buy a second hard drive and a small screwdriver...
I've even had three laptops before. My work laptop, my client's laptop (I'm a consultant), and my laptop. Thank the pastery tentacled one for wheeled cases!
Clue for you, caps-lock property loving fwad: EMPLOYEES ARE NOT PROPERTY EITHER!
ubuntu would be good
I hope none of the security poseurs in this discussion are posting from work. What a bunch of dick wads.
I would suggest, you should not mix private and work-bussiness - except the employer explicitly allows it.
With my last employer, I always traveled with my work-laptop and my private one/or my iPad. Although I had admin-rights on my work laptop, I did not want to mix private video watching/gaming/reading with my work laptop. Too much risk of viruses, *very interested* admins who make their fun on looking into the device what you did, ...
Many have commented on "this is company property" and you shouldn't install your own crap but users do it all the time. Many organization do not completely enforce the "don't put crap on company computers" but how many actually enforce the policy. For that matter, how many organization actually have a policy and have the employee sign off on the policy when they are given the laptop? Lack of proper education of the users is the bigger issue.
I look at it this way, I am paid a salary and should be able to afford to purchase my own stuff to do what I want. Why risk it? Of course, if you are looking to get fired, go ahead and do what you want on company property. When they are looking for a reason to get rid of you, perfect reason.
Problem solved.