How does your company deal with malware?

Stuart Jansen sjansen at buscaluz.org
Thu Aug 26 11:04:27 MDT 2010


On Thu, 2010-08-26 at 10:00 -0600, Dave Smith wrote:
> Thanks for the info. Do you know if lots of other companies have also 
> done this?

Completely eliminated Windows? Not many.

Obviously it's possible to a small company off from Windows. For as long
as I've worked at GL we've had only one Windows install, a terminal
server. Most employees do all of their work in Linux. (But then we're
kinda the definition of an outlier.)

Every Red Hat employee I've seen runs RHEL on their work machine. Novell
made a big announcement about getting rid of Windows, but I don't think
it actually happened. IBM made an announcement about moving a large
number of employees to Linux, but when you did the math it turned out to
be only a fraction (10% ?) of their workforce.

Most of the success cases I've read about have actually been city
governments, or government projects. In all cases, they required a
significant commitment to building custom solutions.

http://www.largo.com/department/index.php?fDD=24-0
http://davelargo.blogspot.com/
http://www.canonical.com/content/andalusia-deploys-220000-ubuntu-desktops-schools-throughout-region
http://news.bbc.co.uk/2/hi/business/4602325.stm

Even if you do completely eliminate Windows, you haven't solved the
problem. Running Linux isn't enough; every employee's machine has to be
kept up to date with patches. 

http://en.wikipedia.org/wiki/Ramen_worm

Whereas there's software to monitor frequently disconnected Windows
machines, there's much less software to monitor Linux. Perhaps some
employees could be moved to a thin client solution, but since you're
probably most interested in solving the problem for software and
hardware engineers, the truth is it won't be easy.

My suggestion is that you help management to understand just how much
productivity will be hurt by a solution that forces Linux users to use
Windows. If you can make a credible claim that it'll have an impact, you
can encourage the investigation of an alternate solution.

There are proxy solutions that claim to detect the host OS so that one
set of policies can be defined for Windows and a different set for Mac
OS and Linux. I've never been behind one, but perhaps it'd be worth
investigating.



More information about the PLUG mailing list