Desktop Linux Sliding in Under the Radar? 742
Paul Johnson asks: "This article at ComputerWorld describes a sysadmin's discovery that many people in his company are installing Linux on their desktops without consulting IT. The writer is concerned with the security implications, but there is a wider issue. At present the 'official' penetration of Linux into the desktop market is something around 1%. The writer of this article doesn't give figures, but it sounds like he may have stumbled on several times that percentage of desktop Linux installations. If so then this is an important trend. Linux got its foot in the datacentre door in exactly the same way a few years ago, with unofficial installations doing odd server jobs.
If you are a sysadmin, in an organization that runs Windows on the desktop, have you stumbled on many unofficial Linux installations?"
I'm not a sysadmin (Score:5, Informative)
Re:Nope, not here (Score:2, Informative)
This effectively prevents linux replacement. Also of note, these NT boxes are secured down so only admins have access to even the start menu, everyone else it opens the program only and when you close it it closes it out.
"Insecure" Linux, Cygwin and RedHat (Score:5, Informative)
Now I know more and have played enough that I disable everything except what I need, make sure it's secure and then put up a firewall just to be sure. But heck, just the other day I realized I hadn't apt-get update'd and apt-get upgrade'd in a couple of months. Oops. I also had weak passwords until about a month ago.
I'm in a non-tech company, and the Linux penetration is well below 1%. Only one desktop--a dual-boot laptop--as far as I know (except when I boot up KNOPPIX), but I have three rouge servers of my own. (Squid, Nessus, nmap and Snort are my friends.)
I also have two Cygwin installs, but they're my workstations, not user PCs. Anyone seeing those on desktops yet?
In this article the guy chose RedHat. If you don't care for commercial support, why would you choose RedHat over Debian or Slackware? Especially if security is a concern.
Live Linux CD's (Score:3, Informative)
As a ardernt Linux user, I would just change the BIOS settings to boot from CD first, and pop in Knoppix, or leave the CD-ROM tray empty when I wanted to use windows. No one in IT would need to know what I was upto.
New York City 911 EMS: When you absolutley, positivley cannot call a cab for your toothache
Not on the network?! (Score:1, Informative)
And the sysadmins keep it that way. >:(
Well...this naturally sucks if you are an engineer and need something that fits: "I can make this with things I already have...for FREE!".
I currently have Slackware 9.0, w/ Apache, MySQL running for a development program I am writing in PHP. It works well on the *spare* PC (read: old and nobody wants)...but as all computers it will be forever limited as it can only talk to 127.0.0.1.
Re:Does this count? (Score:4, Informative)
Re:Not exactly ... (Score:5, Informative)
I got about 4 or 5 of the Unx admins and a good number of the DBS'a doing this too.
In small shops - we had 6 Linux desktops running at the Multi-Media Developer I worked at in '94. XFree on ATI Mach32, anyone?
Re:Don't reinstall - boot linux from another disk (Score:4, Informative)
Then, no matter where you go, any machine you can get your hands on your machine.
Re:This is unexpected? (Score:3, Informative)
Re:yep... (Score:3, Informative)
Just because you can only boot from the HDD doesn't mean you cannot install anything you want! You just have to work around the problem. For example you could use VMWare to boot your distro and then install to the real hard disk. Alternatively you could simply use rawrite to overwrite the mbr (tricky to construct your mbr ... but possible). Now if your OS that you can boot from won't let you access the mbr and the raw disk, then you'll just have to whip out the hard disk to do your installing and then return it.
Bottom line is that yes, every desktop in a large install should be secured both physically and through software to prevent the users from modifying anything non-trivial.
As for personal experiences, I have owned "stealth" linux installs and a good friend of mine who works for one of the largest ISPs in Ireland has one, as he has told me do many others throughout the company.
Installed Linux under my desk (Score:2, Informative)
Before I knew it, I had Samba installed, MRTG, and was sniffing anything that came accross the network. A few weeks into, after compressing all my CDs (And a few others) using the openmosix cluster, someone asked me if they could install some software for testing, before you know it (right now in fact) I'm lead tech in a project to bring linux file servers to our clients instead of pushing the Win2k3 servers. Samba is working great as a replacement for the Win2k/2k3 servers that are in our market place.
I think its great, and it simply started by asking for junk hardware.
Ignoring the standard MS shot... (Score:5, Informative)
Re:I've done this (Score:2, Informative)
Novell Client for Linux [novell.com]
Re:Does this count? (Score:2, Informative)
Each TS is 2-way Athlon 1600MP+2Gig+6diskRAID10 - 10 users supported quite happily.
TS's were NT4, but new printers came along without NT4 (supported) drivers...
At least we only had 5 servers to upgrade...the rest of the infrastructure magically changed (apparent) OS...sweet!
This IS the 1% (Score:2, Informative)
Last big company worked for there were maybe 150 people with Linux installed at the desk. Out of 96 thousand employees.
I'd REALLY like to know where they get the 1% figure from. (looks at the boxed, downloaded and magazine-front Linux CDs on the shelf and his ZERO Linux installations)
Re:I'm under the radar (Score:2, Informative)
Ethernet switches are different. They work at a higher level and actually process the packets. This lets them direct packets between various ports as well as allow for unlimited cascading. We noticed problems with ethernet hubs when we deployed them at my University in the mid-90's. Faculty members would decide to connect hubs to their network outlets and entire departments would lose connectivity when we tried to bring a different section of the building online.
Re:ARGHGHG!! There's no such word as "boxen"!!! (Score:3, Informative)
I thought it was in analogy with ox/oxen (which comes from Old English, so in the same family as German). It's easier to pronounce -xen than -xes endings, so rather a shame it's not in more general use.
History Repeats Itself (again...) (Score:2, Informative)
In the 90's, it was departmental servers. First on NetWare, then on Windows NT.
Today, it's wireless networks, cr^h^hblackberry devices, and (you guessed it) Linux.
Anyone see a trend? What's deployed behind the backs of the IT department today is often an intergal part of the computing environment tomorrow.
Re:Not exactly ... (Score:2, Informative)
You didn't forget about Cygwin, did you? (Score:3, Informative)
Where I work, we have 3 or 4 developers who use Linux. They requested it when hired, and other than making sure they don't have rogue DHCP servers screwing up our networks, we have a hands-off policy where we don't officially support the box because it's not Windows. Unofficially I help them all the time, of course.
What gets me is Cygwin. The last time I ran a software audit, I checked for Cygwin just for a goof. HALF THE COMPANY (that's 50 people) has Cygwin installed. Well, why not? It lets you comply with management's wishes for a Windows world, but still gives you the lion's share of Linux's power. If you count Cygwin I'll wager you'll find the 1% figure to be much lower than reality.
Of course, if you're comfortable with Cygwin, switching to Linux is that much easier.
Re:Not exactly ... (Score:3, Informative)
[snip]We implemented a filter file for the proxy and traffic went from ~97% down to ~30% utilization.
That is exactly what I was talking about when I mentioned applying appropriate security and traffic measures. I fail to see any difference accruing to the user's choice of platform.
[snip]You go back to being a scientist and I'll go back to saving people like you from yourselves with your lack of understanding regarding the need for real security policy.
FYI, I spent 15 years as a systems programmer specialising in security before I jumped fields into biotech, so I believe I have a claim to know what I'm talking about :-) and IIRC just about every major Linux distribution I have come across is arguably more secure by default than Windows can be with a lot of tweaking from sysadmins.
Ultimately, though, security should be applied at the network level, particularly if, as you say, you can't trust your users.
Re:Not exactly ... (Score:5, Informative)
You should buy something you want to use.
Using something simply because you bought it is moronic.
The waste happens on the purchasing side, not the usage side.
This is not a 'geek' view, this is a good economist/businessperson's view, and for anyone who disagrees with it, here is a good example.
You're stuck on a desert island. You knew you would be stuck here. TO prepare for being stuck here, you bought some cyanide-based glue (i.e. superglue). Your major problem is that there is no food on the island. Do you
1) Eat the cyanide-based glue
2) Don't eat the cyanide-based glue
The "Well, it would be going to waste if I don't eat it" argument obviously doesn't work here. If you don't get the right tool for the job, you shouldn't be forced to use it-- The damage is already done, no need to exacerbate it.