[unisog] Google Desktop (cNET inquiry)
flynngn at jmu.edu
Wed Feb 15 16:25:07 GMT 2006
Michael Holstein wrote:
>>I would tend to agree. But I believe the technical solution
>>to enforce a policy about software installations should
>>involve the actual installation process, not some Rube
>>Goldberg after the fact network solution.
> If you have everyone in the same domain, this is easy with GPO or
> whatever else you might use (we, for example, block the .exe from running).
> This, however, dosen't catch everyone -- since there are plenty of
> professors, etc. that might have what's considered "sensitive" data
> (like a class roster, grades, whatever) on a PC that's not in the domain .
> I agree that any policy must come from "up on high" and be enforced
> unilaterally -- but you're always going to have somebody that "needs
> admin rights", or has some goofy gas chromotagraph that needs to run on
> Windows 95.
> At a previous employer, we contemplating disabling the "usb mass
> storage" drivers in Windows to prevent information leakage by lost
> thumbdrives .. but the outcry quickly quashed that idea.
> Short of making everyone use Citrix (or dumb Xterms), you're never going
> to be able to force them into acting right. It's that never-ending
> balance between security and usability -- I mean "fluffy is so cute,
> I've just gotta have him as my desktop wallpaper".
Agreed. And it may be that if 85% of the computers are
addressed with desktop configuration management, then
security awareness would be sufficient to address the
residual risk associated with the other 15%. Or maybe
not, and a network based solution would be needed.
I was arguing against a purely network solution to a
desktop/operator problem. Simple, direct solutions
are sometimes discarded because they don't solve all
the problems or cause problems for a few (while
benefiting the many).
James Madison University
More information about the unisog