Posted Friday 25th January 2008 17:07 GMT
I used to use my Shuffle as a flash disk, now I can only recharge it.
Any of you security-minded Admins know how to block workers attaching digifoto frames to their work laptop?
Posted Friday 25th January 2008 19:15 GMT
Permanently disabling external ports with a screwdriver is my favourite.
Don't want you storing company secrets on an external monitor now, do we?
Posted Friday 25th January 2008 19:26 GMT
Britt asked:
>Any of you security-minded Admins know how to block workers attaching digifoto frames to their work laptop?
Yeah. Symantec's new Endpoint Protection product provides device control. For example it allows USB keyboards/mice, but blocks USB storage devices. Etc...
YMMV!
Posted Friday 25th January 2008 19:26 GMT
Britt- There are a number of security solutions on the market for what most companies are calling DLP (Data Loss Prevention). Most of those will stop users from transferring files from their work laptops to any number of devices, including USB drives, email and CD drives.
Alternatively, if you simply want to stop users from plugging in and using USB drives, there's a Registry key you can modify on Windows Systems. I forget which one exactly it is, but a quick Google search should turn it up for you.
Posted Friday 25th January 2008 19:38 GMT
Well sir our our lcd photo frames are unique , will that be the one with the trojan and virus to go or the one without !
But then again it is the old story one should always turn off all auto run features for a very specific reason !
Paris because she is always running away from something indeterminate !
Posted Friday 25th January 2008 23:27 GMT
Darn it all. It sounds like this will have no effect on my Apple computer. Shucks, I wanted to be able to tell folks that I got a virus from Best Buy too, and not just a crappy product!!!! :-)
Posted Saturday 26th January 2008 01:32 GMT
I for one welcome our digital photo frame overlords
Posted Saturday 26th January 2008 11:42 GMT
Some large companies bung up all the relevant ports with epoxy resin glue.
Posted Saturday 26th January 2008 17:27 GMT
Easy. Start the policy editor (winkey+r, gpedit.msc), Go into the following key:
Conmupter Configuration -> Administrative Templates -> System -> Device Installation -> Device Installation Restrictions.
Here you will find the various controls to limit end user installation of devices. Only thing third party utilities does here, that the build in tool doesn't is give you a nice gui frontend for entering the restrictions, and thus block you from blocking devices the gui tool doesn't explicitly know about.
Now, does anybody have the usb-id of these pesky photo-frames, so I can type up a policy and let the honourable register hand out to tired BOFHs worldwide?
//Svein
Posted Monday 28th January 2008 00:40 GMT
I often configure new PC's and laptops as a favour to friends and I've found an increasing amount of undesirable software being installed by OEMs.
Recently, for example, I configured a new Dell Laptop and found that not only did it come with Google junkware installed (google toolbar) and a whole load of microsoft 'Live' junkware, but more worryingly, it also had 'Search Assist' pre-installed which is blatant ad/spyware and a significant security vulnerability.
People really need to start blowing the whistle on OEMs like Dell and others who for a few 'pieces of silver' are beginning to sell their souls, (or at least the digital souls of their new systems) to malware publishers.
Posted Monday 28th January 2008 15:38 GMT
A good question to ask here is what imdemnification does the software maker provide Best Buy against getting sued by its own customers for damages.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Back to the article
