[unisog] Google Desktop (cNET inquiry)

Hall, Rand rand at merrimack.edu
Tue Feb 14 13:39:50 GMT 2006


Gary Flynn wrote:

>I'll play devil's advocate for a minute and say that this
>doesn't seem to be too different than GoToMyPC.

A fellow contrarian here...

As long as users can install their own software, this is going to
continue. Google Desktop is just the latest gun that users can aim at
their feet. Spyware, P2P apps, virus payloads, etc are all exposing
HIPAA, GLB, and FERPA-protected information.

To get a REAL handle on things you need executive buy-in to a "your PC
is not your personal amusement park" policy. Good luck if you can do
that.

Contrary to another comment, user education is not the answer. I think
the growing consensus is that, while necessary, user education is a
loser (i.e., ineffective). Let's consider user education efforts in just
the roughly ten years of "the internet" as most people know it
(1995-present).

- More than 50% of consumer PCs don't have functioning A/V (and most of
those
  people think they DO)

- An informal drop-in audit in most cubicles/offices will find passwords
in
  plain view* 

What's the alternative? Us. Security in depth. Build as many speed bumps
as you can. (Antivirus, Antispyware, Antiphishing, Antispam, Antiuser,
firewalls, email/IM content filtering, auto-OS patching (WSUS/SMS), IPS,
etc.) Do as much reconnaissance as you can with vulnerability assessment
tools, logfiles, etc and take guns/ammo away from as many people as
possible.

This is all theoretical, of course ;-)

Cheers,
Rand

*and sensitive information in the trash can or in plain sight--a
testament to HUNDREDS of years of failed user education.

--
Rand P. Hall * Director, Network Services
Merrimack College * SunGard Higher Education
315 Turnpike Street, North Andover MA 01845 * Tel 978-837-5000
Fax 978-837-5434 * rand.hall at merrimack.edu * www.sungardcollegis.com

CONFIDENTIALITY:  This e-mail (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited.  If you received this e-mail in error,
please notify the sender and delete this e-mail from your system.




More information about the unisog mailing list