The IT SS patrol on the prowl.

If you don’t like geek speak, at least enjoy today’s comic strips. 🙂

The following cheery email greeted me this morning. This is something I caught wind of yesterday because I nearly always hear of stuff before it happens – I have connections in IT. ooooooooh! Who wants to touch me? … I said, “Who wants to fucking touch me??”

From: Bill *****, Chief Information Officer

To: All employees:

In light of recently discovered security issues and what’s been found when investigating them, we would like to remind you of some basic components of the PC Policy, which applies to all employees. The full policy can be found here –> http://intranet.***.com/intranet/Corporate/ComputerTechnology.asp

• No unauthorized changes to the hardware, including installing wireless network cards for use at home.
• No unauthorized software installed.
• No software updates to the machine in any way unless they are received through official channels from *** support personnel.This includes the automatic Windows Update process built into Windows.

If found in violation of the policy, aggressive measures may be taken to enforce compliance. Thank you for your cooperation.

So I seem to have only a few states of being: anger (in many forms), contentment (as close to happy as I usually get), and depression. This email makes me angry.

I have to continually remind myself that since I worked on the Help Desk, and continue to work closely with them, they trust me enough to handle any problems I might have with my own computer. Therefore, these policies rarely apply to me, but I never know when they might decide that I no longer have a say in the matter.

Our security is a joke anyway, but no one knows enough to know any better. The people making the decisions have been trained just enough to do their job and fool all the non-technical people into thinking everything is under control. In reality, I could go connect to a network printer, reconfigure it however I like, deny people access to it, and then deny the administrators access to it by setting an arbitrary password on it. I could probably do that throughout the company – even in branch offices all over the country. Why? Because the security measures are a joke. Granted, I’m one of few people in the entire company with the knowledge to do things like that, but they should be prepared for that.

They blocked the checking of personal email that’s not web-based (like yahoo and hotmail) through the POP (Post Office Protocol). There were very few people checking personal mail through that protocol, but they determined that it was a security risk since someone using an email program that’s very prone to virus attacks (such as MS Outlook) could cause the whole company to be infected with a virus. An annoying policy, but livable – especially after a friend and co-worker gave me some tips on how to get around it.

The method for circumventing their blocks also allows me to browse the web through an encrypted channel they cannot monitor. That means they cannot enforce their web site blocking on me either. I can go visit the web site for the Essex steam train if I like without being blocked for having SEX in the name. And they probably have no idea how I’m doing it if they’ve even noticed.

Tired of geek speak? Sorry, there will be more, but feel free to ask me questions if you want, I’ll explain in case anyone else has the same question.

Now they have this wonderful technology that lets them monitor every piece of hardware we have installed on our computers, every bit of software, every file, etc. They can start enforcing the “No unauthorized software installed.” policy if they want. While they’re figuring out how to use the system and what’s what, I’m working on ways to hide unauthorized files from their scanners. Why? Because I want to. I could remove all unauthorized software and personal files if I wanted to, but I like the challenge of finding a way to hide it instead.

Their monitoring software is cool, and from a Help Desk/support perspective, I can totally understand the need for it. On the other hand, I don’t approve of their bullying. In my opinion, enforcement is fine, but I only see it as necessary in cases where unauthorized software has actually caused a problem. Enforcement for the sake of conformity is a waste of resources. Hell, there are people in the company who have to use unauthorized software in order to do their jobs. You can’t take away the only tools someone has to work with – especially if it’s as harmless as a rubber mallet – just for the sake of enforcement.

There is talk of not allowing people like me to connect to the office network from home without a using a company purchased and built computer – i.e. anything but my home computer. That would mean that in order to work from home I’d either need two computers or a laptop. Laptops are okay, but they’re slower, more expensive, more of a hassle to maintain, and more to carry on a daily basis for the few times I might need it. I had one when I worked on the Help Desk, it was more of a necessity then. I think they’re just now starting to get paranoid because management is just now starting to understand technology enough to realize all of the vulnerabilities in our company. But of course, not enough to handle it the right way.

On top of all this, they’ve taken away a nice program they had setup for the pruchase of personal computers. You could buy a computer for up to $2500 and the company would give you an interest free loan for 18 months that took payments directly from your paycheck. It was a great way to buy a computer if you couldn’t afford the thousands of dollars all at once. Not anymore, here’s another lovely annoucement:

Bulletin Board: Corporate Communications

From: *** ******, VP, Human Resources

Date: 08/01/2003

Subject: Interest-Free Computer Loan Program Discontinued

***’s computer loan program was instituted several years ago to help employees fund home computers. Since then, the costs for computer equipment have dropped significantly. Consequently, effective Monday, August 4, the program will be discontinued.

If you presently have a computer loan, deductions will continue to be made at the current rate until the loan is repaid in full. However, no new loans will be allowed as of August 4.

If you are considering purchasing computer equipment, you may wish to participate in Dell’s Employee Purchase plan.

At one time, this was a great place to work for. Somewhat lower pay than other places, but we’ve always had lots of benefits, a relaxed environment, plenty of vacation time, etc. But they’re taking away one thing after another and getting a lot more invasive. And we have to take it because the job market sucks, but boy are they going to be sorry when the market improves again.

Must think positive thoughts…