Posted on 08/20/2015 1:25:47 PM PDT by SeekAndFind
Externals, yes. Did they seal off the docking port connector, too? If not then sealing off the USB ports wasn't a particularly effective security measure.
Disclaimer: I am a Mac user- and have a long-standing disgust for MS, particularly every flavor of Windows OS (though a particular disdain for Vista).
Two laptops were recently purchased for my daughters and their homeschool work. Both came with Windows 8.1. This was my first significant experience with this version. I HATED the mobile theme that everything tries to default to - even with every setting changed possible on the issue, you cannot totally avoid seeing and/or interacting with that kludge (on a non-touch screen device).
So I was anxious to update to Windows 10 - I had run an earlier beta on my Macbook Pro and found it somewhat better than my typical Windows experience.
Sure enough, once I was able to get these two laptops (Lenovo G70) upgraded (which went pretty smoothly - more so than I have experienced in the past with Windows upgrades), and so far have had no driver issues (other than ONE of the two identical laptops had the trackpad just quit - fixed with a reboot).
My observations - The interface is much better - the “metro” garbage has been relegated to a much smaller impact - THANK THE LORD! A much more usable start menu is the only regular connection with metro - so it’s much more friendly.
BUT - many settings you still have to navigate through an idiotic number of control panels/tabs - and then sometimes get shuffled off to a separate app/control panel... back and forth (as has been normal for a long time with Windows).
Setting these laptops up for my daughters to use was a bit frustrating in that MS now basically DEMANDS that you have a MS account (aka - an outlook.com or hotmail.com email).
The new MS browser - “Edge” - seems more streamlined - but it just randomly quits loading pages - IE still works.
The task of getting these both set up with some parental controls and with the rest of the software readied for them to work took about 5 times longer than I thought necessary - based on my experience doing similar set-up on OS X machines.
But long-short - so far, Windows 10 is more usable to me than the last several generations. I’m still not a Windows fan and don’t see that changing, but it does appear MS made a positive step for this one (and apparently are demonstrating that they can learn from Apple once again...LOL).
I would normally wholeheartedly agree - I have seen far too many people get hammered with bugs and other troubles by jumping in too early... BUT...
MS took a bit of a different tact on this one - opening up the beta for the public earlier and running the beta program a bit longer - I would even go out on a limb and suggest that Windows 10 (especially how it is being rolled out incrementally for upgrades) is closer to SP 1 level already (at least more so than normal for MS).
I personally use the Classic start SHELL myself and set up my machine to resemble their earlier more familiar windows environments.
My first major complaint about WIN 10 is that the got rid of the Windows Media Center. There are workarounds which I have such as Snapstream’s Beyond TV and XBMC/KODI, but everyone in the family is more familiar with WMC.
I have temporarily installed WIN 10 over my WIN 8.1 “Main” machine which uses the classic start menu. The upgrade kept almost everything the same except that it did add the new smaller Metro screen while KEEPING the Classic Start Shell.
I didn’t like the WIN10 Internet Explorer, it is very bad and I didn’t like it’s newer replacement either. Along my few complaints is the loss of WMC.
No, they were trying to seal of easy means of stealing data or bringing in anything not permitted on the laptop. I didn't say it made sense. I said I'be seen CiO and IT departments do it in their attempts to lock down and secure machines.
You made the following statement:
"His claim that Enterprise CIOs are worried about a lack of USB 3.0 ports on tablets is bunk. . . because Enterprise CIOs look for ways to DISABLE such ports for security reasons. Everything I saw in this report screamed that it was a paid Microsoft placed FUD piece. "
And you back that up by saying you've seen it done, but you seem to agree it doesn't really make sense as an effective security measure.
How many places have you actually seen this done? Is this really SOP for enterprise environments, or did you just see it done once and are attempting to speciously imply this is an industry standard practice?
Look, tacticalogic, I am not going to argue with you. . . but many companies prohibit the practice of even bringing in a flash drive to work or into the building, with it being a firing offense in many companies.
I have an over 38 year experience in this field. I have read a couple of articles on the advisability of using epoxy on USB ports to secure them. . . and I've seen such efforts in the wild.
I just say that it really does not make sense because if someone is bound and determined to protect data, you DON'T put it on a portable device where the entire device can be stolen, the case of the device cracked open and the drive taken out and installed in another case and mined. I have been astounded how often the data is not even encrypted when it has been stolen by such means.
IT departments are NOT looking preferentially for portable devices with USB ports. It is NOT a high priority for them. Similarly they are not looking for cellular phones with removable memory for the same reason. This is why Google Android and Samsung have dropped full support for removable SD memory cards so that Enterprise level businesses would be more likely to select their phones for use.
I am NOT going to again participate in one of your signature NIT-PICKING exercises, so leave it at that it DOES occur and that I have experience with it. Beyond that, as far as I am concerned, this discussion is over.
Okay, my 40+ years in enterprise data center environments, and never having seen anybody do this doesn't count for shit, and whatever you say is going to be the last word.
We deny specific device types (like removable storage) via Group Policy. You can plug it in, but it won't work. The fact that you can get reported by plugging something in means that they chose to address it by monitoring those ports, not sealing them off.
I too have heard of IT departments that have glued the ports shut. Most enterprise PC’s have too many ports anyway.
Now if somebody needs the other ports, IT can set them up.
Windows 10 breaks the Cisco VPN Client (ipsec). They need to fix that.
Thank you, amigatec. I've seen such laptops at least five times. . . and thought it totally stupid. It still had an active and available ethernet port. Go figure.
Where I work they are absolutely anul about PC security. It wasn't until the last few years they unblocked youtube and Facebook. They run filters on the email, so nothing that even looks like a SSN goes out. They didn't allow iPhones or iPads for a long time.
I haven't seen an epoxied USB port in years either, but tacticalogic was taking the position that it was not a tactic that was used, when it was and actually a recommended tactic. My point is that IT and CIOs do not want means of inputing and outputting data on devices. It is NOT important in their list of features in their criteria for mobile device selection, in fact its presence would be considered a security risk requiring mitigation.
All thumb drives were i work have to be encrypted, and only IT has them.
Go back and look again. I never said it was never used, I said that hardware manufacturers has switched to using USB keyboards and mice years ago and that made sealing off the ports impractical. I asked how long it had been since you'd seen it done, but you wouldn't answer then. Now you admit you haven't seen it done in years.
If it hasn't been done in years, what was the point in bringing it into a conversation on reasons a company would or wouldn't want to upgrade to W10 today?
Then you can plug in a USB hub or a keyboard with USB ports (the one I'm using right now has 2) and get around it. At best it would make getting something other than the mouse and keyboard connected a little more inconvenient. At worst it will instill a false sense of security by creating the perception that they've actually secured the PC.
Please refer to reply #48
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.