Re: My week with Linux: I'm dumping Windows for Ubuntu to see how it goes

On Sat, 5/17/2025 8:38 PM, chrisv wrote:

Paul wrote:
 

You have to be TrustedInstaller to do much of anything.
>
That's why malware runs as TrustedInstaller.

 
I've caught wind of my company's plans to disallow USB sticks on our
PC's. 
 
I'm not sure what to do.  I use them almost daily.
 

The problem is, employees can't be trusted to follow the simplest of rules.

Some places make it a firing offense, to violate a rule like that.
If they say, no USB sticks, or no user media at all, they can
enforce the rule.

At other places, they have tried filling a few of the
USB ports with epoxy. But it's pretty hard to do that
to a computer, after the fact. If the manufacturer offers
a "security" version of a machine, they can de-pop
the connectors they don't want the staff to use. Or, fit a
connector which is a "blank" and has no electrical contacts in it.

You could use an SD for example, except if that was a firing offense.
At some places, they make you sign a piece of paper, acknowledging
the rule has been explained to you. That's to avoid a wrongful dismissal
suit later, if you claimed you had not heard of such a rule.

I had to remove malware a couple of times from computers at work,
because someone we worked with was not all that clever. We had a
summer student, with poor English skills, that brought malware to
work. It's because of individuals like this, the lowest common
denominator, that everyone else has to suffer. I could trust the
rest of the RFTs to not be doing stuff like that.

Every possible thing an employee could do, someone has tried it.

One of the incidents was pretty funny, and I was too busy to
seek out all the details. It seems some lump of an individual,
attached a 20MB file (the "largest allowed") to an email,
and then sent it as a broadcast email to the entire company.
And as near as I can tell, they didn't get fired for this.
One of the results of incidents like this, was the broadcast
capability was removed and blind carbon copies had a lower
limit applied, to try to herd the turtles who would try
stunts like this. It put a lot of other people to disadvantage,
to limit the ability to easily send important memos in one shot.
Some people just can't be trusted with capabilities like this.

But the "firing offense" thing, the anecdotal evidence is,
that's pretty effective. That works better than filling the
sockets with epoxy.

   Paul