Dear all,
Can anyone advise on possible security issues from public use of 'U3'
apps
http://en.wikipedia.org/wiki/U3
http://www.u3applications.com/
http://www.schneier.com/blog/archives/2006/06/hacking_compute.html
on public PC's.
Has this been raised as an issue by corporate IT? staff? users?
Do you know if it is being used on your public PC's?
These seem to be not only apps such as Office-type programmes, but
various utlities. My view is that this is risky - it might allow apps to
run which could compromise the PC's and the network. It wouldn't be
allowed on corporate PC's as 'unauthorised' software.
My view is also that apps we install on PC's such as Office and those on
the web which we don't install such as Googledocs on the web are fine.
This seems to emulate a CD Install - even if transient and supposedly
removes itself - and we don't permit that in the first place.
'Live' apps which require access to the boot sequence to run and take
over the PC's we don't permit, so why should we allow this?
I want to know if I am being paranoid or not?
If it works, we don't know about it (how can we monitor?). If it doesn't
the user complains - and we are surprised that is is going on at all.
Are we in the business of troubleshooting this sort of thing or do we
just say to the users 'Unsupported'?
etc. etc.
All contributions gratefully received.
Regards
JU
John Usher
ICT Manager
Library and Heritage Services
Islington Council
Central Library
2 Fieldway Crescent
LONDON N5 1PF
Tel: 020 7527 6920
Mobile: 07825 098 223
Fax: 020 7527 6926
Alternative contact: Michelle Gannon - 020 7527 6907
www.islington.gov.uk
How to get to Central Library:
http://www.islington.gov.uk/Education/Libraries/Local/Central.asp
****************************************************************************************
This Email, and any attachments, may contain Protected, Restricted or Legally Privileged information and is intended solely for the individual to whom it is addressed. It may contain sensitive or protectively marked material and should be handled accordingly.
If this Email has been misdirected, please notify the author immediately. If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained in it or attached, and all copies must be deleted immediately.
Whilst we take reasonable steps to try to identify any software viruses, any attachments to this Email may nevertheless contain viruses which our anti-virus software has failed to identify. You should therefore carry out your own anti-virus checks before opening any documents.
Islington Council will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this e-mail. All Email communications may be subject to recording and / or monitoring in accordance with relevant legislation.
Information contained in this Email may be subject to public disclosure under the Freedom of Information Act 2000 or the Environmental Information Regulations 2004. Unless the information is legally exempt from disclosure, the confidentiality of this Email and your reply cannot be guaranteed.
If you wish to re-use the information, perhaps for commercial purposes, in a way which, without permission, might breach our copyright, please first read our policy on Re-use of Public Sector Information which can be found on our website http://www.islington.gov.uk/freedomofinformation or alternatively e-mail [log in to unmask] Any part of this Email which is purely personal in nature is not authorised by London Borough of Islington.
Contact Islington switchboard: +44 20 7527 2000 www.islington.gov.uk
****************************************************************************************
|