E-Mail:

Shared Computers At Work - No Way

Tuesday, June 17th, 2008
by Matt Hartley

Imagine being the recipient of a notebook for work, used by others, that was loaded with illegal malware installed content. Sounds like someone’s worst nightmare. As it turns out, it actually was. One individual actually went through what I would consider to be the worst nightmare to come of using a workplace computer. Thanks to an apparent malware infestation, extremely obscene and illegal content was automatically being downloaded on one individual’s workplace notebook.

The obscene content was being downloaded over the Verizon network and it was using an unbelievable amount of bandwidth for a workplace unit. Oddly enough, this was a malware issue and not due to newgroups/Usenet. So while Verizon is stabbing into the abyss with great zeal, the real issue - malware - remains free to download the same filth as Verizon is hoping to block…

So where does the answer happen to be here? Do we hold the ISP’s accountable? Obviously that is a logistical nightmare and totally unrealistic. What about the IT team responsible for maintaining the notebook computers? Again, not going to be very helpful as they have zero control over what the end user is going to use the notebook for. No, the answer is two fold.

  1. Establish testing from end user to end user. Because malware does not just magically appears on a workplace appliance by itself, doing a full check for malware by an IT pro before turning the notebook over to the next person is critical.
  2. As an end user, you would be crazy to take a Windows based notebook, use it and then return it without having it checked out before taking it into your custody. Obviously most people would never think of this, however that means very little at the end of the day when faced with criminal charges due to ignorance.

The moral of the story is a simple one - never take responsibility for a portable computer or long term use desktop without being darn sure it is free of malware. When in doubt, refuse. It may cause problems with your job, but that is sure a lot better than the alternative.

4 Comments

the oracle

June 17th, 2008
at 8:31pm

This is a good example of the government overreaching as well.
Andrew Cuomo is making his way up the political ladder by the use of force that results in NO RESULTS - the problem is one where an IP search should have been done, to see the source of those problems, not the victims. Intelligence combats brute force well, but the NY AG is too uninformed to see that.
Another result is the loss of many newsgroups on Verizon’s newsservers - possibly understandable in the state of New York, but inexcusable for the rest of the country.

leftystrat

June 17th, 2008
at 9:16pm

As a human, I say whoever has the computer has responsibility.

As an IT person, my team struggles with this problem. The idea of holding the user responsible is a non-starter. Even asking nicely fails. The loaner laptops come back with AOL and all sorts of gunk which, of course, the borrower has no idea how it got there.

Massive user education combined with massive Laptop Lockdown is the only thing that comes to mind. The former may just be for show though.

The irony of the story is that Verizon won’t lift a finger to correct a virus or malware emanating from one of their wired homes.

Another tactic is to lend out linux laptops. They’re a bit more difficult to muck up. If the borrowers are not going to educate themselves to surf safely, rest assured they’re not going to learn how to do things in linux.

Martin Williams

June 18th, 2008
at 9:05pm

While the proper usage of a computer is matter for managers and human resources, keeping the computer clean and protecting the device from malware, viruses and the like sits squarely with IT.

IT has a responsibility to not only protect the machine but the user from themselves. There are many vendors of software that can either totally lock the system (Faronics) or severely limit the changes that can be made (MS GPO’s, Shared Computer Toolkit).

Depending on the usage of the computer and data and software contained on the device the computer can easily be re-imaged in matter of minutes every time the computer is returned.

Lastly, IT has a responsibility to protect the company from dangerous software that can expose a companies secrets and financial data.

Dave

June 19th, 2008
at 12:30am

This is completely due to a flawed process, if the laptop was not wiped before he received it. Sysprep and Ghost have been around for how long now? If it was clean when he received it, then that speaks very poorly of the quality of the IT department. I know my work laptop is regularly scanned by an auditing app in my login script.

What Do You Think?

 

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

GnomeREPORT - Oct 10, 2008

NVIDIA Cards Used For WPA Hacking?

GnomeREPORT - Oct 7, 2008

There Is No Place Like Home

Business, Resources, Troubleshooting - Oct 3, 2008

Software Test & Performance Magazine

GnomeREPORT - Oct 1, 2008

Does The Mac Pro Cause Health Issues?

68 queries / 0.327 seconds.