I must say you guys are great.
A heated debate and no one has been shot yet. I'm impressed, many other places the insults and name calling would have started at the end of page one of this thread. But nothing yet. I am very impressed.
That's part of why I think this forum is so great. That, and the excellent advise on actually fixing the issue.

Yes, if your going to try and bypass the "system", then cover your tracks as best you can. Or if you're going to use the wireless, install it under someone else's desk and then deny knowledge. ;)

Yes, it hardly ever gets personal here. These 'arguments' are actually useful, since they make you think about your own way of doing things. ;)

I just noticed this:
I would agree that the OP introduced a strong point in a relatively weak network, and therefore exposed one of the network's weaknesses. The difference being that if the components of the network were secure enough that they didn't need to be quarantined, there wouldn't be an issue at all. This of course implies that either 1) the IT staff doesn't know what they're doing, or 2) they're buying equipment that cannot be properly configured to be secure. I don't see a third possibility.

That just so does not make sense.

I would agree that the OP introduced a weak point in to a network. and therefore exposed one of the network's weaknesses.


** WARNING ALCOHOL INBIBED

I think the point is, whether the IT department is smart and realizes that all components and devices connected to the network are potential risks, or if the IT department is ignorant and thinks that just because they don't have knowledge of a computer type (i.e. if he has never touched a Mac and you try to add your Powerbook), all that matters is that the IT Department (SHOULD) have a written policy on this matter. Banning non-alike OS's or allowing a few different ones is up to the policy.

While I agree that just because someone uses Brand X which may or may not be more secure than Brand Y means they shouldn't be automatically barred from using it on a given network, it shouldn't be done behind the backs of those who operate and maintain the network.

It basically comes down to the skill of the IT director and his/her staff, and the written company policy on rogue computers.

Calling it a weak point implies that it is susceptible to being compromised and therefore would be the weak link in the chain. There is no data to support that, but there is plenty showing that the Windows machines are. Edit: I'm talking about the Mac here. The wireless access point would be a weak point, but it really isn't the issue.


DarkSaint, I would agree with what you're saying, except that it's based on the assumption that the IT Department management is fair and has no agenda of their own. It appears that in the OP case, this isn't true, since they've practically banned all OSes outside of Windows and even that is limited to a specific version. This is a giant red flag indicating apathy, ignorance, and a strong preference for putting their convenience over the needs of the company and its various departments.

while I agree with you conclusion here.

I have to say that if you took that to a judge they would say its circumstantial and does not hold up to the charges.

We know nothing of what the company does or the software they run, the software could be propriety,we do not know if they need to use win2000 because its the only os that they can run the software on that is reliable.

All we know is the OP wanted to use a Mac to get broadband access to the internet.

Here's what we do know:

1) There are thousands of computers at this company used for (tens of?)thousands of jobs.

2) Windows isn't always the best solution for the job.

3) We do know that many people in IT claim that you should use the best system for the application(s) you need to run.

4) We also know that many of those same IT people almost always exclusively recommend Windows. This contradiction only makes sense when explained by their putting their own convenience over the people they're supposed to be serving.

5) As was the case in this thread, IT people often claim that they're limiting computer choices based on security reasons.

6) The Mac has been to date, significantly more secure than Windows, so if they were really concerned about security it would be Windows that they were banning.

7) IT departments around the country (the world?) have reputations for doing as this one is accused.

So yes, it's circumstantial, but many people have been convicted of crimes on less evidence.

Thought you all might like this Article saying it basically cost double to maintain a PC then compared to a Mac. Read the article for specifics and conditions of that statement.

Hehe, I beat you to it: Post #27 :D

DOH !!!

27???
We're on post 70 now, it's just a friendly reminder!...yeah that's what it is...

It's good you saw it though. It points out that at least part of the extra costs in a PC's TCO is security, which puts even more suspicion on the usual claim that they're banning Macs from their network for security reasons. :D

"Security reasons" can mean an awful lot of things. From an IT department perspective, it's reasonable to call a security risk anything you don't have deep knowledge of and complete control over.

Indeed, I assume firstly that the IT department is fair and equitable. I then listen to hear the retort, and it's either the ignorance of the IT staff or a real 'reason' to block a specific or non-specific OS, such as in-house software is Windows compliant only, or a specialized login services for recording hours worked, or any other such software.

What most IT staffing and directors doesn't seem/doesn't want to understand is that most software nowadays is either cross-platform or 100% compatible with alternate OS's. I suppose morale and productivity isn't IT's area of expertise, so we can give a little leeway to those poor souls :rolleyes:

It is never reasonable to call something a security risk when it is your job to know and you don't. Claiming you don't need to know because you've chosen the tactic of blocking out technologies that you don't know is no excuse. Once again, if you aren't competent in your field, you should find another job.

...and what if you are hired to administor a one platform company, not knowing the other platform, better or not is in now way a lack incompetentcy.
And in this case someone bringing in a "foreign" technology, even if "better" is a security risk, espicailly if hidden from those in charge.

If you're in IT, your job is Information Technology, not Windows Technology. Not knowing the alternatives to Windows is like a pediatrist having no knowledge about the heart or a brain surgeon knowing nothing about your digestive system. In either case, such a doctor would probably end up losing their license, and for good reason. They'd be incompetent. Of course, that assumes they could actually get a license, which would be next to impossible.

IT needs to be held to the same standards as other professions, because they're supposed to be the experts who can evaluate new technology as it comes out and make the right decisions. If they don't understand the alternatives to Windows, their decisions cannot be trusted. Hence, they're incompetent and should be removed.

But while a Brain Surgeon does need to know basic info on the digestive system he would likely not operate on it, that's not his speciality.
Just like the captain of a 747, while he needs to know the basics of flying, he does not need to know and likely doesn't know how to fly a A320.

So likewise you can be in IT and specialize in PC's or Mac's, in Linux or OS/2, even Word vs Wordperfect.

While not knowing how to use both Word and WordPerfect limits your ability to service more customers or to inform your customers better it does not make you incompetent.
Otherwise, under those standards you would have to know every system and every software package out there.

Yes, but we're not talking about delving deeply into the guts of the machine. We're talking about knowing enough about it to set it up on your network with some confidence that it's done correctly and securely. That's about the equivalent of a doctor checking your blood pressure.

But you don't even need to abe a doctor to check blood pressure.

You're saying if someone only knows one system then they are not IT and speciliazation in only one (or knowing only one) is being incompentent.

There are enough systems and people with systems that a person can specialize in only one system and still be knowledgable and compentent in their field.

Not knowing how to drive a Standard Transmission's car does not make you a bad driver, nor does knowing how to make you a good one.

And if 75% of the possible clients out there only drive an automatic car, what's the point of learning how to fix a standard transmission. Granted you can't fix a car with a standard. And not knowing how to fix it doesn't mean anything negative about you or your business.
The great thing is someone else has a business who only fixes standard transmissions and a few other can even fix both.
When there are enough different products and enough different people out there, you'll never have "One Great Product" that everyone will want.
There will always be two sides to the coin and you can never see both at once.

Yes, you don't need to be a doctor to check blood pressure. That's the point. Properly setting up a computer on a network doesn't require a degree in computer science either. It isn't a matter of specializing. It's a basic function that anyone in the field should be able to do in their sleep, and the OS shouldn't mattter much.

I'm saying it's ok to specialize, but you can't be completely ignorant of areas outside your specialty. What's more, while specialization is fine for individuals, an IT department serving thousands of users cannot be so specialized that no one in it knows anything but Windows. That's incompetence on a grand scale. To use your car analogy, you may be able to find a single mechanic that can't fix a standard transmission, but I challenge you to find a dealership with an entire service department unable to do so. If you were able to find such a dealership, how would you feel about taking your car there for a tune up?