Educause Security Discussion mailing list archives

Re: Other software like Google Desktop V.3

From: Graham Toal <gtoal () UTPA EDU>
Date: Wed, 15 Feb 2006 13:17:41 -0600

We  are planning to put out a campus notice concerning Google
Desktop and request that it NOT be installed and used.  Can
anyone share with me other names of similar software that
will do the same thing?



I appreciate what you're trying to do and I know this isn't the
answer you're looking for, but I'll say it anyway :-) ...

If you physically allow people to install software and rely
on their common sense and restraint not to install software
that is against your policy, you're fighting a loosing
battle.  All that a policy like this will give you is an
opportunity to pursue disciplinary action after the event -
it won't help reduce the problem, whatever that is perceived
as being.  Obviously the simple answer to your question is
to add "and any other desktop search software which could expose
restricted data to unauthorized people" rather than enumerating
which programs specifically are not allowed, but the proper way
to handle this is to make your users into Windows "user"s rather
than "power user" or "administrator", and use Group Policy or SMS
to list only the programs which are *allowed* to be installed
on your desktops.

I know we're all in an academic environment and historically we've
been focussed on the academic staff and therefore a tightly locked
down computing environment has seldom been an option.  But we have
to look on our staff (as opposed to faculty) as employees of a
business and quite separate from the academics, and start thinking
seriously about supplying a far more restrictive environment for
them, whenever we can.  The vast majority of regular workers need
email, word processors, the usual office suite of goodies; they
don't need the ability to install Party Poker...

The two biggest security issues come from allowing people to browse
the web and to read email.  Both of those are probably necessary
for work but they can be far better controlled than we usually do.
For instance both could be done in a throw-away vmware player
environment, except for a few cases such as saving attachments.

Anyway, bottom line answer to your question - think bigger than
just blocking Google Desktop and similar programs.  Band-aid
measures *will* fail, and doing it properly is going to be a
major undertaking so start thinking about how to do it as early
as possible.


Graham

Current thread:

Other software like Google Desktop V.3 Theresa Semmens (Feb 15)
- <Possible follow-ups>
- Re: Other software like Google Desktop V.3 Brad Miller (Feb 15)
- Re: Other software like Google Desktop V.3 Graham Toal (Feb 15)
- Re: Other software like Google Desktop V.3 Theresa Semmens (Feb 15)