On Wed, Nov 26, 2014 at 4:30 AM, Ancor Gonzalez Sosa <ancor@suse.de> wrote:
On 11/26/2014 08:09 AM, Michal Kubecek wrote:
On Tuesday 25 of November 2014 09:36:38 Lew Wolfgang wrote:
For my two-cents, many organizations forbid using USB memory sticks for security reasons.
Makes one wonder what exactly is the evil thing one can do with a USB flash disk that can't be done with a (self-burned) DVD... (Except infecting a machine without DVD drive, of course.) But yes, I understand that making sense is not a requirement for rules of this type.
I don't think it's a measure to protect the system from the evilness of the users, but from their ignorance. DVDs are (almost) read only, so they don't get infected as easily as flash disks. Most Windows users have evil autorun.inf files in their flash disks and they don't even know.
I can assure you it is both - an effort to eliminate IP theft by users copying files to a thumbdrive. - an effort to eliminate malware imported from thumbdrives inadvertently. Why a specific company has the rule could be either of the above or a combination of both. As a stronger example of the malware concern: I am aware of one company that has their field engineers carry 2 laptop hard drives with them. One is used while working on scada equipment in the field. The other is used for typical business activity (e-mail, web browsing, etc.) I know of other companies that don't allow anything on the laptops except remote termimal apps. All business work is done via terminal servers on corporate servers. I work primarily in the field of IP theft (both via rogue employees and via external parties hacking into a network) so I am exposed to both negative aspects of USB thumb drives. Greg -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org