This is why you don't borrow other peoples flash drive

[mvbighead]

Again, you are utterly wrong here. No BIOS is set to boot to the USB stick by default so a failed battery wouldn't cause it to happen. If someone wants to put a no-prompt installer on a USB stick then they are perfectly free to do so.

The fault of the PC being wiped lies entirely with the IT department. It's a piece of piss to have all the BIOSs pre-set at the factory and it has nothing to do with the helpdesk people anyway.

No BIOS huh, so you've seen them all then?

Nothing to do with the helpdesk? Who the hell do you think builds the systems? It sure as shit isn't the network admins or the director/manager of IT. And what department do you think the helpdesk falls under?

Personally, I could give two shits about securing boot methods for laptops. Confidential data should NEVER be stored on an END USER device. It is that simple. If the device gets stolen, while there is certainly the possibility for some data getting into the wind, if your users are trained right, it won't matter. Everything will be stored on a file server, where it is more secure and backed up regularly.

 

[ch33zw1z]

I know that Internet forums are generally populated with people who are borderline Aspergers but this is beyond absurd. The idea that someone will either catalogue the contents of every USB device they have or thoroughly check through it every time they lend it out is ridiculous.

A thorough check would not have been needed. The idea that someone doesn't know what's on their flash drives and readily hands them over to unsuspecting victims is absurd. If you're gonna be the tech guy, then don't half ass it. And definitely don't pass the blame onto the users when shit goes wrong because of you.

Your focusing on the part where it's a work system, big f'in deal. He could've handed that out to anyone.

 

[mvbighead]

Because people forget things.

Yeah, like an install stick that automatically wipes all data. There is a reason that is a bad idea... the OP found it. End of story.

 

[mvbighead]

A thorough check would not have been needed. The idea that someone doesn't know what's on their flash drives and readily hands them over to unsuspecting victims is absurd. If you're gonna be the tech guy, then don't half ass it. And definitely don't pass the blame onto the users when shit goes wrong because of you.

Your focusing on the part where it's a work system, big f'in deal. He could've handed that out to anyone.

THIS.

So she takes that stick home, plugs it into her laptop. Whose fault is it then? Hers for not properly securing her boot options? NO. It is the guy who made an install stick that doesn't give any prompt whatsoever for totally destroying all data on the primary disk. It's a stupid thing to do in the first place, as some prompt should be given on anything that destroys data. PERIOD.

 

[Veliko]

A thorough check would not have been needed. The idea that someone doesn't know what's on their flash drives and readily hands them over to unsuspecting victims is absurd. If you're gonna be the tech guy, then don't half ass it. And definitely don't pass the blame onto the users when shit goes wrong because of you.

Hello Mr Aspergers. You honestly think that people will always check what is on a USB stick before lending it out?

Your focusing on the part where it's a work system, big f'in deal. He could've handed that out to anyone.

There is a huge difference between a work system and a home system, hence the difference in focus.

 

[Veliko]

THIS.

So she takes that stick home, plugs it into her laptop. Whose fault is it then? Hers for not properly securing her boot options? NO. It is the guy who made an install stick that doesn't give any prompt whatsoever for totally destroying all data on the primary disk. It's a stupid thing to do in the first place, as some prompt should be given on anything that destroys data. PERIOD.

Have you even read his post where he says exactly why it was a no-prompt installation?

 

[mvbighead]

Personally I blame you 100%. That USB drive is the equivalent of a loaded gun with no safety that goes off as soon as you touch it.

THIS as well.

I can see the point of securing boot options in a BIOS, but you cannot account for everything that your USB stick will come into contact with if you don't physically secure it yourself. By just leaving it about, you set everyone who comes into contact with that device up for some major negative feelings towards you should they wind up booting from that device.

 

[ch33zw1z]

Hello Mr Aspergers. You honestly think that people will always check what is on a USB stick before lending it out?



There is a huge difference between a work system and a home system, hence the difference in focus.

1. Yes, I expect it from people who choose to support other's. As should you.
2. The difference is there, but the point is moot. Again, a quick check would've stopped this situation from even becoming a situation.

 

[mvbighead]

Have you even read his post where he says exactly why it was a no-prompt installation?

It... does... not... matter.

If you create such a boot device... YOU MUST properly label the device or wipe it immediately after you're done using it. End... of... story.

 

[Veliko]

No BIOS huh, so you've seen them all then?

I have never heard of USB being the default boot device in a BIOS.

Nothing to do with the helpdesk? Who the hell do you think builds the systems? It sure as shit isn't the network admins or the director/manager of IT. And what department do you think the helpdesk falls under?

The helpdesk people sit there and answer the phone. They log calls, do basic troubleshooting and then pass the issue on if they can't resolve it. They aren't involved in deciding what hardware to deploy, what hard drive image is used, what BIOS image is used, asset management, etc.

Personally, I could give two shits about securing boot methods for laptops. Confidential data should NEVER be stored on an END USER device. It is that simple. If the device gets stolen, while there is certainly the possibility for some data getting into the wind, if your users are trained right, it won't matter. Everything will be stored on a file server, where it is more secure and backed up regularly.

Well we agree on something at least.

 

[Veliko]

It... does... not... matter.

If you create such a boot device... YOU MUST properly label the device or wipe it immediately after you're done using it. End... of... story.

Utter tripe.

 

[Veliko]

1. Yes, I expect it from people who choose to support other's. As should you.

I choose to support others because they are friends and I am doing them a favour. I am far more relaxed with that sort of thing when doing it outside work than if I was doing as part of my job.

2. The difference is there, but the point is moot. Again, a quick check would've stopped this situation from even becoming a situation.

The IT department doing their job would have stopped it happening. The buck stops with them.

 

[mvbighead]

Hello Mr Aspergers. You honestly think that people will always check what is on a USB stick before lending it out?



There is a huge difference between a work system and a home system, hence the difference in focus.

There isn't a huge difference in how that device will react on a home system vice a work system. It'll wipe out anything that boots from it.

As for checking something before lending it out... uh, well, I have personal USB drives, work ones, DOS bootable ones, etc. I tend to know what each ones purpose is.

You can damn sure bet that if I created an unattended install media, it would be labeled as such and would not be loaned out under any circumstances unless formatted and tested prior to loaning out. You call that Aspergers, I call it responsibility.

 

[mvbighead]

I choose to support others because they are friends and I am doing them a favour. I am far more relaxed with that sort of thing when doing it outside work than if I was doing as part of my job.



The IT department doing their job would have stopped it happening. The buck stops with them.

Same scenario, but it happens to the GF's laptop? Who do you blame then?

As for being more relaxed, many of us are the same way. But not many of us are stupid enough to hand out an unattended install media to our SO's and not think twice about it. There is a difference between being relaxed, and being careless.

 

[SpatiallyAware]

If I was the owner of that company and you were the IT guy who said that the loss of any data on that PC wasn't your fault because someone from outside the company forgot what was on a USB thumbdrive, you would be out on your arse.

Absolutely not - the employee who ignored corp policy and brought in an outside USB drive would be 100% at fault. No matter what you do (disabling boot, disabling autorun, etc etc) there is no way to completely protect a PC from malicious usb drives short of disabling all USB ports which you cannot do in most environments. So in this specific case yes the IT could have done a better job securing the system, but the blame is still on the user (from a company standpoint) and her b/f (from any other standpoint).


No matter how 'secure' your systems are, you cannot account for these outside devices. The blame is with this girl who brought in a drive from home and plugged it into her work PC.

Now in her mind (and IMO correctly so) she will pass the blame to the boyfriend who left what is essentially a malicious usb drive laying around the house.

 

[ch33zw1z]

I choose to support others because they are friends and I am doing them a favour. I am far more relaxed with that sort of thing when doing it outside work than if I was doing as part of my job.



The IT department doing their job would have stopped it happening. The buck stops with them.

Maybe we should get a copy of her IT Departments usage policy? I bet it says not to plug in any non-approved devices. Maybe the buck stops with her.

 

[Veliko]

Maybe we should get a copy of her IT Departments usage policy? I bet it says not to plug in any non-approved devices. Maybe the buck stops with her.

If the buck stops with the user then the IT department isn't worth a penny.

 

[mvbighead]

Utter tripe.

Why exactly is that rubbish? I fail to see your point. If I created such a boot device, handed it to my wife for her personal use, and she wiped out her PC by rebooting it with the USB stick, I would take full responsibility for losing all the data on her machine.

Personal accountability. If you have needs for a device as destructive as that, fine. But don't forget about it when you're done using it. You're liable to fuck up someone's day entirely.

 

[davmat787]

QFT, no prompt at all is an idiot's device.

Huh? Slipstreamed install disks that require no user intervention are a huge win. For example when you have a lab with 200+ machines with daily OS turnover, you may not want to babysit all the computers to install an OS. There are other very legitimate reasons for this as well.

 

[Veliko]

Absolutely not - the employee who ignored corp policy and brought in an outside USB drive would be 100% at fault. No matter what you do (disabling boot, disabling autorun, etc etc) there is no way to completely protect a PC from malicious usb drives short of disabling all USB ports which you cannot do in most environments. So in this specific case yes the IT could have done a better job securing the system, but the blame is still on the user (from a company standpoint) and her b/f (from any other standpoint).

No matter how 'secure' your systems are, you cannot account for these outside devices. The blame is with this girl who brought in a drive from home and plugged it into her work PC.

No, the blame is with the IT department. You also have no idea what the IT useage policy is, or how seriously it is treated. If it is the case that it has become the norm for user's to bring in their own USB thumbdrives (there are various reasons why this happens) then it is a management problem.

Now in her mind (and IMO correctly so) she will pass the blame to the boyfriend who left what is essentially a malicious usb drive laying around the house.

It is not 'essentially' malicious in the slightest.

 

[SpatiallyAware]

If the buck stops with the user then the IT department isn't worth a penny.

I'm not sure where you work, but in MOST companies usb ports cannot be disabled without severely hindering day-to-day business.

Boot order stuff *should* be locked down, but the REALITY is that it's rarely locked down (primarily since most places just use imaging and you shouldn't have sensitive etc etc stuff on a machine)




In your fantasy-land then it's the IT departments fault. In reality the OP shouldn't have left a "loaded gun" laying around the house, and the g/f shouldn't have brought a "loaded gun" to work and plugged it in.



There are limits to what IT can forcefully prevent users from doing, this is why there are policies in place that users must agree to which prohibit things like outside USB devices and so forth

 

[Veliko]

Why exactly is that rubbish? I fail to see your point. If I created such a boot device, handed it to my wife for her personal use, and she wiped out her PC by rebooting it with the USB stick, I would take full responsibility for losing all the data on her machine.

Personal accountability. If you have needs for a device as destructive as that, fine. But don't forget about it when you're done using it. You're liable to fuck up someone's day entirely.

If it's my own, personal USB thumbdrive then I won't bother labelling it simply because I have no real reason to. I wouldn't knowingly hand such a USB thumbdrive out either.

In the case of giving it to a friend for their own personal machine it the blame would be shared.

 

[mvbighead]

No, the blame is with the IT department. You also have no idea what the IT useage policy is, or how seriously it is treated. If it is the case that it has become the norm for user's to bring in their own USB thumbdrives (there are various reasons why this happens) then it is a management problem.



It is not 'essentially' malicious in the slightest.

Malicious - having or showing a desire to cause harm to someone

Something that destroys data on a disk without user intervention is indeed malicious in my book. It's not much different than a virus that would go through and wipe out any *.doc or *.xls files. It's actually worse than that, as it wipes out EVERYTHING. In that specific context, it is 100% malicious.

 

[ch33zw1z]

If it's my own, personal USB thumbdrive then I won't bother labelling it simply because I have no real reason to. I wouldn't knowingly hand such a USB thumbdrive out either.

In the case of giving it to a friend for their own personal machine it the blame would be shared.

Yea, hand over that USB device to a buddy with some critical data, then "share the blame". Good luck with that...

 

[Veliko]

I'm not sure where you work, but in MOST companies usb ports cannot be disabled without severely hindering day-to-day business.

Boot order stuff *should* be locked down, but the REALITY is that it's rarely locked down (primarily since most places just use imaging and you shouldn't have sensitive etc etc stuff on a machine)

In your fantasy-land then it's the IT departments fault. In reality the OP shouldn't have left a "loaded gun" laying around the house, and the g/f shouldn't have brought a "loaded gun" to work and plugged it in.

There are limits to what IT can forcefully prevent users from doing, this is why there are policies in place that users must agree to which prohibit things like outside USB devices and so forth

It's really, really, REALLY simple to stop people booting to USB devices - put a password on the BIOS. Job done. If the BIOS isn't password protected then it is the IT department's fault.

The OP is perfectly entitled to have what content he likes on a USB stick and is also perfectly entitled to not label them.