mculbert
Macbot3000
join:2001-04-11
Clive, IA | Zombies
Maybe it's more like the IT managers don't want their employee's virus ridden zombie email blasters on the corporate network.
I sure as hell don't. |
|
JTRockville
Data Ho
Premium,MVM
join:2002-01-28
Rockville, MD
clubs: | That happens with traditional commuters too. You don't have to be a telecommuter to bring your laptop home, get an infection, and bring it to the office the next day. |
|
JakCrow
join:2001-12-06
Palo Alto, CA | reply to mculbert
You might want to check your corporate network for zombies and email blasters. You're not the only one surfing the net from work. |
|
vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| reply to mculbert
said by mculbert  :
Maybe it's more like the IT managers don't want their employee's virus ridden zombie email blasters on the corporate network.
I sure as hell don't.
There is software out there that scans if the machine has the latest patches and virus definitions before connecting to the VPN and it can be made maditory. Symantech and other providers make it.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! |
|
mrchris
We don't miss you Bush
Premium
join:2002-10-01
North Babylon, NY | reply to mculbert
Blame the IT managers for not securing each computer properly |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
 ·Verizon Online DSL
| reply to mculbert
said by mculbert :
Maybe it's more like the IT managers don't want their employee's virus ridden zombie email blasters on the corporate network.
I sure as hell don't.
Well, I am an IT Manager, and I telecommute. I do not have that problem. Every one of my field techs, and every one of my employees who telecommute use a company laptop outfitted with Linux. I would not want to be responsible for maintaining a telecommute network based on windows, or have one of my techs infect a client with a virus.
The very few windows machines we have at our company are strictly off the network after installation, and used as stand-alone work stations with network cards disconnected and floppy drives removed. We have NEVER had a virus or Zombie problem. Telecommuters must use a company laptop configured by me to do their work, no home-PCs allowed.
When a field tech must use a windows machine at a client site they will use one of the client's machines; all other work, like router setups, network scanning, connectivity testing is done from their laptops.
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
 ·Comcast
·Comcast Formerly ..
| That is like the kid plugging holes in the dyke with his fingers. Sooner or later it will blow up in your face. Linux is not the end all solution. And forcing people to use something they are not familiar with is even more of a problem waiting to happen.
But hey it's your choice as a manager. Just curious but did those laptops come with windows licenses ?
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·AT&T Midwest
 ·Site5.com
·Comcast
| reply to TamaraB
IT Manager here as well, and it doesn't take a rocket scientist to secure a Windows computer, even remotely. We have about 20 users who telecommute. Everyone of them is in the office at least once a month. It is easy to set up updates to run on the systems automatically. I am not talking automatic update either. I run these from a custom login script program called Profile Maker by autoprof
»www.autoprof.com
This program is simply amazing...but enough shameless plugs.
The key is that Linux is no safer than Windows. It all comes down to administration. A good administrator knows how to secure both in a mixed environment with no headaches. 
--
My Domain
Nightfall's Hockey and Life Journal |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| said by Nightfall :
IT Manager here as well, and it doesn't take a rocket scientist to secure a Windows computer, even remotely.
Unfortunately what you can't configure against is the employee who has a jones for some sort of porn, or warez! All the technical forethought can be easily thwarted by one employee who just has to see that snatch, or download that game now and then. Windows has the biggest exploit window of any OS, mainly because of it's overwhelming popularity.
said by Nightfall :
We have about 20 users who telecommute. Everyone of them is in the office at least once a month. It is easy to set up updates to run on the systems automatically. I am not talking automatic update either. I run these from a custom login script program called Profile Maker by autoprof
Right! And it take all of 20 seconds of vulnerability to get zapped!
said by Nightfall :
The key is that Linux is no safer than Windows. It all comes down to administration.
Oh but it IS! There are 2 orders of magnitude fewer exploits/worms/viruses which can infect a linux box than a windows box. Windows is the pre-eminent OS in the world, and 99.99% of maleware is designed to attack it, meaning the same attention to patches makes you 2 orders of magnitude safer with Linux. I agree, that technically Linux may not be any more secure inherently; but if you look at your port traffic once in a while you will realize that there is a blizzard of systems attempting to exploit any un-patched windows box on your network.
I also do not want to spend all my time "securing" multiple systems, when there is really no need to. The shear number of new windows exploits is mushrooming daily, and it is almost impossible to totally control any users habits.... even a small time-slip can mean an infected machine. It's too expensive, time-consuming, and I would have less time for fishing
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| reply to BosstonesOwn
said by BosstonesOwn :
Linux is not the end all solution. And forcing people to use something they are not familiar with is even more of a problem waiting to happen.
I disagree! If an employee can't break-out of what they are familiar with, and learn something new, I don't want them as employees! I don't hire people who know everything, I hire people who can learn. The ability to learn is the definition of intelligence; and I do not hire people of low intelligence.
I may be an old-fart, but I have learned a thing or two in the past 50 years!
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
·Comcast
·Comcast Formerly ..
| reply to BosstonesOwn
Problem being is that new users to new technologies always going to make mistakes and some times people don't want them making mistakes on their systems. That is business. They don't want a new guy working on their 50 k cisco switch who is not familiar with the OS he is using. It makes your company look bad when the guy goes in and has to look threw 20 man pages for a simple command and it's switches or syntax.
Learning is a very important part of IT. If you don't learn you are obsolete, that is just the facts.
Pardon the pun on the "breaking out" part coming. When they "break out" of their box it is very possible they could "break out" a network or a very important server. Depends on where your clients lay. I know I have had to do some swaps before that made them very angry at even having the switch down for 2 or 3 minutes.
People learning quickly for you is good fortune shining upon you at this point. But it is not always the case. Me personally I know enough of how it all works to be dangerous with the wrong tools. But I also understand enough to fix any fubr conditions quickly and efficiently.
On the hiring point If I was an IT manager ( I have been reduced to contract switch monkey  from a tech) I would rather have people with a wide base to start and let them learn from others.
But When it comes to making them make a switch from windows to linux, that is in my book a big no-no, especially if the person has a very profound understanding of networking and security. Windows and Linux security are separate animals. The windows approach to security he may understand may leave a big hole in the system by accident. Besides what matter is the OS if the person is competent. I know many people who can do anything linux can on windows. And they run very securely threw multiple systems.
I have seen people take down whole servers by a one slip up in how ip chains takes switches. Was pretty funny having to fix it after the genius hammered it but It was not exactly an ideal situation when you have to travel 35 miles to do it in 20 minutes.
Sort of all over the place I guess but it comes down to learning is not the only thing. It is wrong to take a person who is great with one OS and force them to another solution. You take away their experience which puts them on a lower level. And makes them less valuable to your organization until he can become proficient in the new system. Which depending on the person could be months or years.
I am lucky I guess, I have knack for picking up on mostly anything tech based I read about, especially since I can pretty much memorize page for page of manuals.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·AT&T Midwest
·Site5.com
·Comcast
| reply to TamaraB
quote:
Unfortunately what you can't configure against is the employee who has a jones for some sort of porn, or warez! All the technical forethought can be easily thwarted by one employee who just has to see that snatch, or download that game now and then. Windows has the biggest exploit window of any OS, mainly because of it's overwhelming popularity.
No offense, but you don't know how to secure a windows platform very well. Think you can't secure a windows system from either of those two things? What if I was to tell you that in our office, we have zero porn and warez site usage? Zero spyware as well. It isn't that hard if you know what you are doing and have the right software and equipment.
quote:
Right! And it take all of 20 seconds of vulnerability to get zapped!
If you aren't patched, then that is a problem. However, patching is easy to do. Major service packs are doled out at the local office. Small packs are sent out remotely as well. So far, after 6 years of using this method, zero exploits and problems.
quote:
Oh but it IS! There are 2 orders of magnitude fewer exploits/worms/viruses which can infect a linux box than a windows box. Windows is the pre-eminent OS in the world, and 99.99% of maleware is designed to attack it, meaning the same attention to patches makes you 2 orders of magnitude safer with Linux. I agree, that technically Linux may not be any more secure inherently; but if you look at your port traffic once in a while you will realize that there is a blizzard of systems attempting to exploit any un-patched windows box on your network.
I am not denying your figures on the attacks. I am saying that it doesn't take hardly any time for me to support these windows boxes. The right admin can secure anything, and with the right technology, it becomes easier. What can be easier than patching 100 systems at one time using a custom GUI login script? You install a client firewall on 100 systems and the policy is doled out from one location and changed at any time. Man, there is a lot of capabilities out there that you don't have any idea about.
quote:
I also do not want to spend all my time "securing" multiple systems, when there is really no need to. The shear number of new windows exploits is mushrooming daily, and it is almost impossible to totally control any users habits.... even a small time-slip can mean an infected machine. It's too expensive, time-consuming, and I would have less time for fishing
I am sorry you feel that way. It is probably your misinformation about how to secure a bulk windows systems. As I said, 6 years here as a manager, no spyware, no exploits, no viruses. It isn't that hard with the right technology, an open mind, a just a little time. I spend more time educating my users than fixing windows problems.
I am sure we can both agree that, with the right administrator, anything is possible. I support 150 systems in my company with almost 200 users total. We have 95% windows systems, and as of yet, I am still learning on how to be as efficient with my linux systems as we are with the windows ones when it comes to updates, protection, and so on. Would a Linux admin have better ideas for me? You bet. However, I would also have to say that maybe, a linux admin would keep an open mind to us Windows admins who know what we are doing.
So while you fish and know you are secure, I will play hockey and feel the same way. We will let our track records speak for themselves. Just keep in mind not to discount us knowledgable windows admins and the capability of securing the windows platform. It isn't as hard as you think with the right admin and technology.
--
My Domain
Nightfall's Hockey and Life Journal |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·AT&T Midwest
·Site5.com
·Comcast
| reply to TamaraB
said by TamaraB :
said by BosstonesOwn :
Linux is not the end all solution. And forcing people to use something they are not familiar with is even more of a problem waiting to happen.
I disagree! If an employee can't break-out of what they are familiar with, and learn something new, I don't want them as employees! I don't hire people who know everything, I hire people who can learn. The ability to learn is the definition of intelligence; and I do not hire people of low intelligence.
I may be an old-fart, but I have learned a thing or two in the past 50 years!
Bob
I think the thing that should be stressed is that Linux is not an end all solution. Also, since I don't do the hiring for the other departments, everyone who comes in knows Windows. IT is like customer service. To throw them Linux and say, "Learn Something" doesn't get you many brownie points. Maybe you can do that, but I can't. Which is why we have a few Linux systems and mostly Windows systems.
Call me an old fart, but I prefer to make people's lives easier by supplying them with the tools that will help them perform to the best of their abilities. Not supplying them with software where they will spend months behind the eight ball trying to learn it or where my IT folks will spend time trying to teach them.
Just my .02 cents.
--
My Domain
Nightfall's Hockey and Life Journal |
|
wtansill
Ncc1701
join:2000-10-10
Falls Church, VA
| reply to JTRockville
said by JTRockville :
That happens with traditional commuters too. You don't have to be a telecommuter to bring your laptop home, get an infection, and bring it to the office the next day.
My company has a policy of not allowing any home PCs to connect to the corporate network via VPN. If you have a corporate laptop loaded with AV programs, and a few other items, then and only then are you allowed to access the VPN, and then only from the laptop's enclosed dial-up software. I could not, per policy, plug the laptop into my network's router and use my DSL line...
--
That which does not kill me merely prolongs the agony. |
|
Vchat20
Landing is the REAL challenge
join:2003-09-16
Warren, OH
clubs:
| reply to mculbert
well, i got to completely agree with Nightfall here. my cousin works for the Bank One HQ in Columbus Ohio as a Programmer. afaik (dont remember offhand), hes been there for atleast 5 years and is currently making $70k per year.
I went with him to work one day and all i saw was windows computers. every one of them i saw running windows 2k. only ones that were not running 2000 were the actual servers which were unseen and they were running Solaris iirc.
not only that, but to comment on wtansils post about not being allowed to use his own home broadband connection to VPN in: my cousin works from home occasionally. the one summer i was with him he worked from home about every other week. and every time he does hes always connected into his home connection with the work laptop.
may i also add in that his department works with big companies such as comcast? one email i remember reading while i was at his workplace was where he had to fix a few problems that comcast was having viewing the online statement. and he fixed it right there in front of me. although i had no clue what he was doing since he used nothing but telnet  but nonetheless, do you think that they want unsecured computers dealing in that kind of situation? very highly doubt it.
hope i got my point across there. windows can easily be secure as linux, you just need to have the patience to do the securing. |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| reply to Nightfall
said by Nightfall :
Call me an old fart, but I prefer to make people's lives easier by supplying them with the tools that will help them perform to the best of their abilities. Not supplying them with software where they will spend months behind the eight ball trying to learn it or where my IT folks will spend time trying to teach them.
Just my .02 cents.
Agree.... Guess I just run with a different crowd. My office is 2 blocks from NYU, and I find hiring 3rd year CS students (major in programming) Ideal for my needs. We run just over 200 Internet domains, with about 10,000 users exclusively on Solaris, BSD, and Linux servers co-located around the country; all this with my partner and I, 2 field techs, one secretary/bookkeeper and half dozen NYU CS students working from their dorms; everyone except the secretary are telecommuting.
Just about every 3rd year NYU CS student can jump right in and do a task on our network with relative low risk and quite impressive results. They all know UNIX, and can get around a command-line driven OS easily; which is needed since none of our servers runs any form of GUI.
So, in my case, I am providing them with the tools they are already familiar with... VI, FTP, SSH, (the only "software" needed to administer a nix system) and a knowledge of C/Unix.
To believe that every computer nerd is windows-centric is a mistake (a very expensive mistake). The best are actually C-Code Hackers and very Nix-Centric (like my NYU students); but like I said, we obviously run in very different circles This has worked for me for decades, since our days on the arpanet, and still works well.
The money I have avoided paying Gates over the years has bought my lovely yacht/home
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| reply to BosstonesOwn
said by BosstonesOwn :
Problem being is that new users to new technologies always going to make mistakes ...
Right on! However to me, windows is the "new technology", the new kid on the block; if it can't do UUCP it's raw-new!
Amazing how some people think nix systems are "new technologies", when they actually pre-date windows by decades!
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL
| reply to BosstonesOwn
said by BosstonesOwn :
Linux is not the end all solution.
I absolutely agree, it's not for everyone, not for most probably! It's just my solution, one I am comfortable with; probably not the solution MOST IT managers will implement. But I am an Old-Time-Fart!
said by BosstonesOwn :
and forcing people to use something they are not familiar with is even more of a problem waiting to happen.
I NEVER do that, I hire people who are comfortable with UNIX and with command-line administration and text-programming. This necessarily excludes those who have learned their IT skills on Windows systems, and can't manage without a GUI.
said by BosstonesOwn :
But hey it's your choice as a manager.
Certainly is! God Bless America!
said by BosstonesOwn :
Just curious but did those laptops come with windows licenses ?
The software originally on them was one of the MS/OS's and came with a Microsoft License, I have had varying results (mostly negative) with hardware vendors with respect to getting refunds for taking the MS software off the laptops; I have been told by a few vendors that they risk their lucrative contract with Microsoft if they do so ( I smell MAFIA here).
The Hardware is not MS, so there is no actual licence problem. But I have had big trouble getting reimbursed for NOT using the crap they installed, (the term crap is my very own assessment, and should not be construed as defamation) even after f-disking the drives and returning the CDs unopened! (again MAFIA Tactics)
I find this one of the biggest reasons NOT to use MS products. There is an implied Mafia-Style contract associated with these thieves, and it spills over to the hardware vendors as well (I realize they are under tremendous Mafia-Style pressure from MS).
Dell, turns out to be the best in this respect, you can actually purchase a server from them without a MS OS on it, (and without the MS extortion fees); but most vendors will not even support or honor their hardware warrantee if it is not running the original MS pre-installed stuff! I find this akin to criminal behavior, and illegal (I am not a lawyer), but it IS a problem!
We do have a few SUN Laptops, with solaris installed, for the folks who do most of their work on our solaris systems. There is NO "Licence" issues there, as Solaris is free as long as you own a sun server/laptop.
My only license issues to-date have been getting my money back from hardware vendors who pre-install windows OS's... It's like dealing with a whore, once you give her the money, you will NEVER get it back. Nice rep MicroShit has (Yes I am BIASED, but thats my right as a free American no?) ehh??
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·AT&T Midwest
·Site5.com
·Comcast
| In a perfect world, everyone would know both operating systems. If you are hiring right out of college, then you have more flexibility than 99% of us do and can demand Linux knowledge.
--
My Domain
Nightfall's Hockey and Life Journal |
|
GlobalMind
Domino Dude, POWER Systems Guy
Premium
join:2001-10-29
Hollywood, FL
| reply to wtansill
Our policy requires you install company provided AV, firewall before you can even launch the VPN software client installer.
From there, you can access with your home PC or laptop if you like...as I do since I don't have a company provided laptop.
K.
--
TheGlobalMind.com
"On a clear disk you can seek forever" |
|
