| Deutsch English Français Italiano |
|
<100c0b9$sj2i$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Paul <nospam@needed.invalid> Newsgroups: comp.os.linux.advocacy,alt.comp.os.windows-11 Subject: Re: My week with Linux: I'm dumping Windows for Ubuntu to see how it goes Date: Sun, 18 May 2025 02:56:40 -0400 Organization: A noiseless patient Spider Lines: 57 Message-ID: <100c0b9$sj2i$1@dont-email.me> References: <1008i5i$f02$2@dont-email.me> <ldng2klg7bifp0poi7eostltfu5ru6v42t@4ax.com> <7mpg2kh7rt9i18khpmomro9vqksd6r7uss@4ax.com> <100a01i$d28d$1@dont-email.me> <m8s126F3rk1U6@mid.individual.net> <100au4d$iunm$1@dont-email.me> <otai2kdvjcc8m6bj6q36rn4nd99otk2hg3@4ax.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Injection-Date: Sun, 18 May 2025 08:56:42 +0200 (CEST) Injection-Info: dont-email.me; posting-host="63d6f5677a7d1ac3b6c305146c695904"; logging-data="937042"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Q8Hh04W0RFN51cW7YK6i1x0OE54VOuLE=" User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802) Cancel-Lock: sha1:Ds2hS1g6sV9gP/OMA0RnPoPlPT8= In-Reply-To: <otai2kdvjcc8m6bj6q36rn4nd99otk2hg3@4ax.com> Content-Language: en-US Bytes: 3801 On Sat, 5/17/2025 8:38 PM, chrisv wrote: > Paul wrote: > >> You have to be TrustedInstaller to do much of anything. >> >> That's why malware runs as TrustedInstaller. > > I've caught wind of my company's plans to disallow USB sticks on our > PC's. > > I'm not sure what to do. I use them almost daily. > The problem is, employees can't be trusted to follow the simplest of rules. Some places make it a firing offense, to violate a rule like that. If they say, no USB sticks, or no user media at all, they can enforce the rule. At other places, they have tried filling a few of the USB ports with epoxy. But it's pretty hard to do that to a computer, after the fact. If the manufacturer offers a "security" version of a machine, they can de-pop the connectors they don't want the staff to use. Or, fit a connector which is a "blank" and has no electrical contacts in it. You could use an SD for example, except if that was a firing offense. At some places, they make you sign a piece of paper, acknowledging the rule has been explained to you. That's to avoid a wrongful dismissal suit later, if you claimed you had not heard of such a rule. I had to remove malware a couple of times from computers at work, because someone we worked with was not all that clever. We had a summer student, with poor English skills, that brought malware to work. It's because of individuals like this, the lowest common denominator, that everyone else has to suffer. I could trust the rest of the RFTs to not be doing stuff like that. Every possible thing an employee could do, someone has tried it. One of the incidents was pretty funny, and I was too busy to seek out all the details. It seems some lump of an individual, attached a 20MB file (the "largest allowed") to an email, and then sent it as a broadcast email to the entire company. And as near as I can tell, they didn't get fired for this. One of the results of incidents like this, was the broadcast capability was removed and blind carbon copies had a lower limit applied, to try to herd the turtles who would try stunts like this. It put a lot of other people to disadvantage, to limit the ability to easily send important memos in one shot. Some people just can't be trusted with capabilities like this. But the "firing offense" thing, the anecdotal evidence is, that's pretty effective. That works better than filling the sockets with epoxy. Paul