Slashdot Log In
No More Unrestricted Internet At Work
Posted by
timothy
on Mon Mar 18, 2002 08:52 PM
from the near-future-scenario dept.
from the near-future-scenario dept.
Schlemphfer writes: "You can forget about using private email or surfing the web while at work if these bozos have their way. And judging by the Reuters article, it looks like they might. Basically what they're doing is trying to scare senior management into thinking that allowing employees unrestricted use of the net will cripple a company with viruses and lawsuits."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
It's about control... (Score:5, Informative)
Additionally, all mail is screened against the server's pattern file, which tries to update itself hourly. If sometimes passes through mail, it'll be found if on a server, and the client software, which updates its pattern file upon logon, will find things as they're opened.
All with unnoticable performance difference. We haven't had a virus infection in a LONG time now.
Worms like Nimda are a bit more annoying, but we take things like this seriously, and by doing so, avoided Nimda and others completely.
=====
As for net access, we do run reports on the proxy logs occasionally. Employees understand that they have little privacy in the workplace and that if we see them goofing off (except for after hours or at lunch), they do get an email regarding it. But we haven't had to do that in years. They more or less behave, because we trust them and they trust us.
-----
Re:It's about control... (Score:3, Insightful)
In my office, where we develop in Java, the local proxy server blocks site like www.junit.org or Google (usenet) groups. I guess they want to make sure that the programmers don't cheat and use already prepared answers... :-)
There are so many ways around this - I'll just take my laptop to the part and jack-in the open wireless network that's running there...
Or better yet, I'll go to the bathroom and bring a book.
Re:It's about control... (Score:4, Insightful)
Plus the phones listen off of port 80, so watch out for DDOS attacks on those as well.
Parent
Re:It's about control... (Score:5, Informative)
At home I use junkbuster and watch all the unlogged internet there is without ads, too. OpenSSH also gives me access to nntp, smtp, and pop over a secured connection between my office and home.
So before you go off yelling about office proxies and you have dsl or cable connections at home, set something like this up and go the distance.
Parent
stranger and stranger still (Score:3, Interesting)
Asside. If your company "firewall" is anything like mine, your users, aka peers, can send anything they want at a ".zip" or anything that is not one of the banned names so frightening to M$ Admins.
Incompetence breeding inconvenience for the rest of us. Nice work, meat heads. It's not going to bother me too much because my job gives me enough time at home to have a life. Some people will not be so lucky and your efforts, or lack thereof, will really burn them. Get your freaking act togeter or go away or expect your best people to pack up and leave.
Not true for everyone (Score:5, Funny)
connected to the T1 lines.
There are already a few hundred routes in the
tables... who's going to notice everything from
my workstation misses the filtering appliance?
Oh that's right, it's my job to make sure no one
*else* does this, too.
You'll always have access (Score:5, Interesting)
Here at my company, as a sysadmin, I've been suggesting a policy of completely unfiltered web access *and* completely unfiltered proxy log access.
From the CEO all the way down to the temps.
(Except for *me* of course...)
We already filter out dangerous attachments from email and have good virus software. We really don't have a problem in that respect.
The thing is, once you take something like this away from your staff, you are saying "We don't trust you. We think you're slacking."
In my office, people work damn hard and are pretty happy in their work. We have a good atmosphere and no real division between workers and management. Once a company starts doing this kind of thing, the mood changes and people get resentful.
How many people in how many companies have said "This place really started to go downhill when they took away the free soft drinks..."?
Just my 2 yen,
Jim in Tokyo
Parent
what's wrong with these guys... (Score:5, Insightful)
seriously though, i'd go crazy if i had to work 8 hours straight without any distractions...so, what if i shoot over to Hotmail to check my personal e-mail, or over to ESPN to check out the latest sports news, or even here to post my thoughts on the latest tech news topics...and that doesn't even count the numerous times i use the internet to look up java related things on Sun's website or trouble shoot my Websphere problems over at IBM...
what's the point of having all that information available at our finger tips if we can't use it...
Re:what's wrong with these guys... (Score:3, Insightful)
Wow, that sounds so secure! Ohter than the fact that you're not doing the work that's probably expected of you, I don't think employees in any large company can be trusted to not find themselves a virus.
Re:what's wrong with these guys... (Score:5, Insightful)
Ideally, employees should be gauged on performance items: do they do the work they're given, does their work reflect a high level of quality, does the employee both fill their job description and give that extra 10% (participating in meetings, giving a shit about the product, etc) you expect from employees, etc.
Things like monitoring web access are on the other end of that. This is more on the level of companies that rate their employees by how many hours a week they spend at their desk or who eats lunch in the office. These things are quantifiable, but in the end are a lot less meaningful (for example, at my last job there were people who'd spend 14 hours a day at work, but who couldn't make a deadline to save their souls).
But hey, it's tough find good managers. And even when you find them, they tend to be expensive. It's much cheaper to hire people with degrees in business from state colleges and experience bossing their dog around. I'm looking at you, Nadir.
Parent
Security in the workplace (Score:4, Insightful)
Certainly, there's room for an ebb and flow of security standards, but they're a limit to how oppressive they'll be, at least to the engineers. If things like web surfing have a few legitimate uses (eg. looking up technical documentation), there's no way it'll hampered much, because managers would quickly start complaining on behalf of their workers.
Foolish. (Score:4, Insightful)
I remember being in a school that had open internet access, then going to another school that had limited internet access and constantly being frustrated by the limitations imposed. I couldn't download the application I was working on and test it on a new machine, I couldn't go to a website talking about Middlesex county. There were a lot of legitimate things that I wished to do that I was blocked from, yet I could go to satanic websites, pro-life websites with all sorts of horrid imagery, and more.
Most attempts at controlling content end up being failures. Bring this to the attention of those seeking to control the information you recieve and you'll get a confused look, they'll pause and say "I don't know why you couldn't access that site. You should be able to."
I think it would be better to leave things open and dock the pay of any employee who violates "Guidelines". Let 'em hang themselves. Set up the "filters" not as filters that block the person but as flags that flag the IT staff regarding potential illegal use. The IT staff could then investiage and initiate a "three strikes" scenario. Strike one- warning, strike 2- docked pay, strike 3- no more internet access no way no how.
-Sara
Re:Foolish. (Score:4, Insightful)
Screw notifying the IT guys. That's an HR job. I want no part of it. Let the guys that chose "business" and drank too much in college be hated and vilified. I'd like to be able to eat lunch with the people I work with and not have them be careful about what they tell me. When they come back with 4 hand grenades and an uzi, I'd rather not be the face of the Oppressor.
Parent
Wasn't yours to begin with.... (Score:3, Insightful)
Due to viruses and other problems I've blocked any attachment capable of carrying a virus. Yes, it's sometimes a hassle but that's the way it is now. Management has requested we monitor the type of sites people visit just to make sure there isn't a big problem. So far they haven't requested user lists or specific sites. They won't until XXX sites start getting out of hand.
Viruses, security holes, and loss of productivity have caused these limits to be placed. Want to surf for fun, do it at home.
Re:Wasn't yours to begin with.... (Score:5, Insightful)
Sounds fair. Now, of course, I'll just stop doing any sort of work outside the contracted time. Inspirational idea in the shower? Too bad. Clever way to save the company money thought up during the commute? Guess someone else will have to think it up during approved times.
This is part of the insane attitude that one's workers are one's worst enemies. Letting people do these little things is far from bad for business. It is most likely actually good as it creates an environment where people feel invested and where they have the wild concept that maybe their employer sees them as more than "production units".
But of course that assumes there's actually value in labor, and that's anathema to the modern capitalist.
Parent
Re:Wasn't yours to begin with.... (Score:3, Insightful)
Seriously, "lost productivity" isn't really an IT or technology issue. ("Let's get rid of the coffee machine and water cooler. Too many people standign around when they should be working!") But it should be pretty obvious to the dumbest PHB that unrestricted Web access makes people stay in the office longer --- and unlike foosball tables or a refrigerator full of beer, it doesn't cost much. Note that I'm only referring to WEB access here: Morpheus and Kazaa can bring a network to a halt, and I wish my company would do more to block spam. (I get far more at work than at home, thanks to our Webmasters sticking prominent "mailto" links on the company site.)
Re:Wasn't yours to begin with.... (Score:3, Insightful)
This is part of the insane attitude that one's workers are one's worst enemies. Letting people do these little things is far from bad for business. It is most likely actually good as it creates an environment where people feel invested and where they have the wild concept that maybe their employer sees them as more than "production units".
As I read the article, the point isn't "Joe smith just spent 10.3 minutes reading slashdot when he could have been working".. It has more to do with "Joe Smith just downloaded a pirated version of Photoshop to run on a company owned PC". Your doing some online shopping or checking your Hotmail (possibly) hurts your productivity, but NOT the productivity of others. Now imagine you're pulling up porn in your cube and Cindy M. Biblethumper happens to walk by... Or when you open your outlook and unleash the latest win32 virus on the network. This cost the company serious money above providing net access.
We're reached this point at my company. As the network admin I've taken to explicitly blocking any e-mail with a .exe, .vbs, or any one of a 100 different virus-carrying file-types across. I still allow .gif's, .zip's, .doc's, etc, but scan them before delivery. If they get upset because they can't receive dancingbaby.exe from their cousin in Toronto, that's too bad.. Let them download it home their home computer and infect it.
The same thing is happening with spam. For 5 years now our policy has been "we can't do anything about it", because we didn't want to be responsible for attemping to filter the incoming e-mail stream. It has reached the point that our CEO is receiving 15 - 30 porn spams a day and has had enough. We have to pay the costs while he's travelling in europe and dialed in to our 800 number at 28.8 downloading this shit. We're about to deploy spamassassin [taint.org] site-wide, and if it happens to catch someone's birthday card from his step-mother, that's too bad.
Shayne
Re:Wasn't yours to begin with.... (Score:3, Insightful)
This is the reason we're the #2 consulting company and you have to block
Re:Wasn't yours to begin with.... (Score:3, Insightful)
This "productivity loss" is a bunch of horse shit anyway. People with a strong work ethic will do the job regardless, and people without won't. You're not going to turn a bad employee into a good one by removing net access.
The folly of this BS (Score:3, Insightful)
This won't work for people who do more than automaton work. If you restrict net access or filter sites in any way, you risk employee burnout, employee morale, and employees' ability to research job-related stuff. If my company used filtering or blocked my internet access, I might not be able to get the information I need to do my job. What happens when I need to look for API documentation?
This is kind of like curing athlete's foot by amputating the patient's leg.
FUD FUD FUD!!!!!!!! (Score:5, Insightful)
"As a result, companies are considering dramatically curtailing, or even abolishing completely the freedoms, on which employees have grown increasingly reliant over the past few years. "
Companies? What "companies"? The only firms named in the article are firewall and security companies that are spewing the fear used in this marketing spewing article.
No real management is going to take this seriously.
Re:They take it seriously where I work!!! (Score:4, Insightful)
If my company took away net access, would I continue to work, well yeah, would I be any more productive definitely not. Would I be looking for a new job, count on it.
Parent
Bozos? (Score:3, Insightful)
You're surfing the Internet on your employer's time
Your employer is paying the bill for the T3 (or whatever)
And you think you have the right to surf the Internet while at work? When you're on the company's time, you're supposed to be working...not bidding on crap on eBay.
Would someone please tell timothy what censorship is? This story doesn't even come close to the definition.
OK, OK, turn off the net access... (Score:3, Insightful)
...but please, please, please leave me a hole for Google's Usenet archive [google.com]. Almost every programming question I've ever had has been answered 100 times on Usenet.
It may not be a right, but a good idea (Score:5, Insightful)
The fact of the matter is right now Americans are required to work way too much as is. Many jobs onyl allow you two weeks of vaction for several years after you start, and even then you might not get that "benefit" for a year after your start date. People getting burnt out at work happens all the time, and that hurts business in terms of productivity. Sure they enact short term solutions like fire the employees and hire new ones, but the new ones get burnt out faster trying to catch up. Allowing someone some time to spend checking up on their personal email and sending an ICQ to their wife is not to much to give up when it means your employees will be happier, and therefor more productive.
But I imagine the suits along with all the "you are paid to work" zealots on this site will only see the one dimension picture of lost email due to "personal" activities. At what point did we become slaves anyway?
The way it should be. (Score:5, Insightful)
Where I work (5000+ people company), this is what we do:
Honestly, I think that is about the best you can do. IT needs the internet extensively; other departments not so much. Hell, my boss has said to me on more than one occasion that if
I must say that I don't think its a good idea to totally remove internet access though for entire departments. I mean, if you work 8-5, that's the largest portion of your day spent at the office. You do have a life outside of work, and sometimes you have to do something online during those hours. Same goes for the phone, you are going to need it for a personal call every now & again. Of course, if you abuse the privileges, then you should have them revoked, plain & simple. But basic access should be allowed, after proper training, etc. However, giving everyone in the company unrestricted access is just flat-out stupid.
Re:The way it should be. (Score:3, Interesting)
I've seen IT departments that have ONLY HTTP access through a proxy. I was once stationed at a consultant through my full time employer as such a place and when I neeeded to do a text dump of a DB I couldn't even FTP it back to our site because -nobody- in the building could do an FTP transfer. Solution: NFS mount the Unix partition that had the
IT may abuse it from time to time, but take it away and you pull a huge resource from the good workers.
technical solution to a people problem (Score:3, Informative)
Having said that, there is indeed a need for increased security awareness in many companies. Buying more gear isn't really that cost effective though. Educating your people and letting them know the expected behaviour is better. This includes increasing the Cluedness of manglement so that they are aware of what their people are doing. If someone feels a need to surf pr0n all day instead of doing their job, your problem is not giving them access to pr0n. Why not find out why people are doing it instead of working?
If you've got people using decent passwords that they don't put on PostIt notes on their monitor; if your network techs are using ssh instead of telnet to configure routers; if every two bit middle manager stops demanding to be an exception to all the rules; and if you still have security issues, then maybe you can start looking at more drastic solutions. Security must be holistic, and more often than not it's more a business process issue, not a purely technical one.
Lastly, I've been at sites with really tight access policies that were easy enough to bypass for someone in the know. If there's any outbound access permitted, there's a way to bypass the security. So go ahead and implement this stuff. If I really want to get past it, I probably can.
But then, I've got better things to do with my time than surf pr0n at work, so when I say I need ssh access outbound, I actually do. Don't stop me doing my job by implementing some half-assed pseudo-security solution. Better yet, hire me to do it right! ;-)
Reactionary Drivel... (Score:4, Insightful)
Gads, a tad bit reactionary, aren't we???
First, any company that doesn't take, at least, modest precautions in blocking certain types of e-mail attachments, or abusive downloadable web content is foolish, and, IMHO, acting negligently towards their own fiduciary responsibility, or toward their Internet neighbors.
I've been long sickened by the number of automated attacks that my IDS picks up. How long has CodeRed and Nimda been around??? Too many of these are comprimised hosts supported by corporate networks of some sort.
Second, there's little "right" involved in your use of corporate assets such as personal computers and networks. It's a kindergarten mentality to expect a company to be required to provide you with resources to order the latest teen-pop drivel, or whatever it is you just _have_ to buy during work hours.
That said, I (and many of those within my company) couldn't do our jobs as developers without net access. Any company which starts arbitrarily blocking access to the Internet without properly judging the necessary impact to their workers is also foolish.
If your company manufactures pencils, then OK, they can probably get away without providing unrestricted access to the Internet without any negative impact on their workforce. On the other hand, if your company develops software, etc... the impact would be substantial.
It's all a matter of degree, and like most things on this planet, the right solution lies in moderation.
Was this REALLY worth a Slashdot news item? I do not see how this is news in that a) it's not anything new, or hasn't been bandied about ad nausem; and b) common sense tells me that the submission itself is borderline troll. Seriously, timothy, did you think this was news???
It'd be nice to be able to moderate story submissions in addition to comments.
Duh, quit using Outlook (Score:5, Insightful)
The biggest developments are around email prevention, experts say. Elaborate content filtering software, which can run upwards of $30,000 to install, can block all but the tamest incoming emails, and most attachments, said Trend Micro's Genes.
Corporations, particularly those that were stung hard by the wave of virus and worm attacks during the past two years, are considering it a top priority.
Here's a free clue: QUIT USING MICROSOFT SOFTWARE.
Sheesh, how stupid can you be? And what a stupid solution to the problem, cutting your nose off to spite your face.
Seriously, damned near all the email viruses are targeted directly at Outlook. So the solution is to ban email? Why not just, ya know, not use Outlook?
Myopic. Utterly myopic.
Office e-viruses - "The Microsoft Disease" (Score:4, Troll)
Really. Because there's times I'm very, very, happy not to be using Windows, such as when the latest Outlook or Word infection is going around.
Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]
it is about control... (Score:4, Insightful)
A draconian attitude regarding squeezing every last second of work out of an employee is pointless! all it does is breed resentment in the employees. when I was working in an environment where 5pm counterstrike matches were commonplace, we tended to do more work after the match. however, the work was interesting enough we did not mind.
the moment the management is against the workers is the moment production starts to fall. everyone should be working toward the goal.
also I highly doubt that ANYONE here could go 8 hours without a slashdot fix. dream on.
they won't stop me! (Score:3, Funny)
I'm a BOFH!
Besides, I'd rather have the users porn surfing than asking me about excel and access anyway.
They Watch You At Home, Too (Score:4, Interesting)
Not a case of rights, but still important. (Score:3, Interesting)
From the standpoint of security and/or legal responsibility, of course a company needs to restrict Internet access. No filter is perfect, but as long as it blocks out most of the obvious porn, gambling, "hacker" (speaking colloquially), racist, etc. sites it should at least make it abundantly clear that an employee is trying very hard to circumvent the rules. But then again, there should already be policies on the books dealing with those things, Internet or no Internet.
On the other hand, from a standpoint of productivity, a company should be very wary of restricting Internet access. I don't buy the argument that if an employee isn't surfing the Internet for X hours per day that all of a sudden, he will be productive for X more hours per day. There is a limit to how productive someone is going to be -- if you take away the Internet, some other "time waster" will rise in its place. Do you really think everyone who has a Palm just uses it for phone numbers and schedules? Do you think that just because someone is at their desk concentrating intently that they aren't working on a crossword puzzle? Do you think that every phone call made is for business? How about good old-fashioned staring into space?
An employee is productive if he or she performs to expectations, period. Companies should have an interest in getting rid of (or better yet, finding a way to motivate) unproductive employees anyway -- but it shouldn't involve cutting off the Internet from employees who are already pulling at least their own share of the weight, if not more. If my company wants to call me on the carpet for reading Slashdot or sending an e-mail to my girlfriend to see how her Monday is going after being sick with the flu all weekend, fine. I will be more than glad to show them the half-dozen individual and team achievement awards that senior management has given to me in the last three years, agree sarcastically that the Internet has indeed made me a lousy employee, and otherwise be as amicable as Galileo before the Inquisition. I will also be sure never to work more than 40 hours per week, observe Internet usage policies religiously, and perform utterly mediocre work for the length of time it takes to find a job for a competitor who understands that achievement is the bottom line.
Lucent now blocks webmail (Score:3, Informative)
However, they have expressly allowed limited personal use of company e-mail.
VPN sucks.
Laptop users (Score:4, Insightful)
With increasing numbers of portable devices, and wireless networking, including 3G phones, it's going to be harder and harder to plug all the gaps. Instead of listening to the sales pitch of the anti-virus and firewall manufacturers, we should use some commonsense: ditch products like Outlook.
i hope i never become like you people ... (Score:4, Insightful)
... what it is like to have your spririt broken like that??? to have resigned that 8 hours of your life a day - AN ENTIRE THIRD - of it is surrendered so completely to someone else just because they give you some money for it. has your life become so shallow and money obsessed that you are prepared to resign the greater part of your waking day to someone else just for money?
i am working in a job i like (computer programmer), and its something that i will even do at home after hours on a different level (i write commercial apps at work, and i fiddle with games/graphics programming at home)
... sure, when one of the plebs in support double clicks on a
... and on the flipside, if i think of something outside of work - when im not *GASP* actually getting paid for it - that is useful or may relate to my work, i may still actually spend a bit or a lot of time (whatever may be required) working it over or writing it down or something AND I DONT ASK FOR MONEY THE NEXT MORNING
... i just hope to that i never EVER become as depressing and inert as half the ppl who have replied to this posting
Productivity and Internet Access (Score:4, Insightful)
An aspect that I haven't seen brought up, however, is the productivity that comes from keeping salaried employees at work. Being able to handle personal business online and not having to take long lunches or leave early before the stores/banks/etc. close is a benefit to employees, employers and even the environment.
Analogy (Score:5, Funny)
--Blair
Yup. (Score:3, Insightful)
As the sole unix admin there, I mostly got to sit back and chuckle evilly, but half a week's lost productivity is no laughing matter when you're tallying up the balance sheets at the end of the month.
The bottom line here is that you are being paid to work, not to check your personal email, IM your friends, or post to Slashdot. If that seems unreasonable, start your own damn company.
Re:Yup. (Score:5, Insightful)
But that point aside, that's fine I'm getting paid to work, 40 hours a week. The main reason I can work 60-70 hours is because I can deal with my real life issues while at work quickly and easily through net use. Not to mention that my work is greatly facilitated by the fact that if I need software or information I can quickly and easily obtain it from my desktop.
I see your point, but (tech) companies thrive on a particular type of employee, who if he can't read
Parent
Re:Yup. (Score:4, Insightful)
" While I agree that Admins need to keep on top of patches, Nimda can still spread even with patched servers. It self-propagates through Outlook "
If you're using Outlook, you deserve all you get.
I am the web orientated guy out of a two man IT server admin team. Frankly, I think time would be much better spent upgrading company policy and used programs such that a simple virus such as Nimda CANNOT propergate.
No, not everyone can move away from Windows, but you can't tell me anyone needs to use Outlook or Internet Explorer, or any of the other arse security-bug ridden apps MS releases.
Rather than paying for Microsoft's mistakes with employee moral and wasting IT's time, simply think before making any software purchasing decisions.
Parent
Re:Crippling. (Score:4, Insightful)
Parent
Re:Crippling. (Score:3, Funny)
Speaking as an Apple employee and shareholder, thank you. Tell all your friends
-jcr
Re:Yea, dont want any WORK happening. (Score:3)
Re:Yea, dont want any WORK happening. (Score:3, Informative)
So the internet lowers productivity by 25% just by connecting to it. Anyone with any brains at all would pull the plug.
Maybe you don't remember time wasting activities in the pre-internet era. Things like: wandering the plant on epic donut quests, endless banter with your office mates, reading thick publications like Byte and PC-Week cover-to-cover, writing video game emulators, calling all of the car stereo stores in the Yellow Pages looking for the best deal on an in-dash cassette player, and countless others.
I'm guessing that Internet usage has cut into the above activities more than into real work. In my case, I think the amount of off-topic time I spend at work has remained roughly constant over the last 15 years. (And it's been more than balanced by work I've done while at home).
Internet access is a *symptom* of the real problem (Score:4, Insightful)
That means it's a problem their managers need to address; not something for the IT department. If someone is surfing six hours a day, then it's the manager's fault that they're not properly supervising them and giving them tasks or disciplining them for not getting their work done.
That said, a company would have to be foolish not to employ some basic filtering measures(porno, gambling, gaming sites, file sharing services, e-mail attachments) to keep network traffic and the more obvious time wasters in check.
However, if an employee is doing all their work and checking Yahoo Mail or ESPN.com, what is the harm? It keeps them happy and the company's work is getting done.
Parent
Re:Yeah. (Score:4, Interesting)
Additionally, the occasional personal use tends to reduce the number of personal phone calls coming in dramaticly, so as long as it isn't excessive, we tend to let it slide.
Parent
Re:What is the problem?? (Score:3, Interesting)
It is mighty handy for somebody running tech support to know about the latest computer virii before it hits the customer base, or even the networks servers, if it is a virus that does not propagate by e-mail but rather by exploiting a server vulnerability.