Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security The Internet Worms IT

Porn-Surfing Execs Infecting Corporate Networks With Malware 151

Posted by Soulskill
from the IT-admins-know-your-secrets dept.
wiredmikey writes "According to a recent survey of malware analysts at U.S. enterprises, 40% of the time a device used by a member the senior leadership team became infected with malware was due to executives visiting a pornographic website. The study, from ThreatTrack Security, also found that nearly six in 10 of the malware analysts have investigated or addressed a data breach that was never disclosed by their company. When asked to identify the most difficult aspects of defending their companies' networks from advanced malware, 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions."
This discussion has been archived. No new comments can be posted.

Porn-Surfing Execs Infecting Corporate Networks With Malware

Comments Filter:
  • by Anonymous Coward on Tuesday November 12, 2013 @06:02PM (#45406617)

    It doesn't even include any of the URLs to go to!

    • by Anonymous Coward

      Execs always demand administrative rights to their machine... No surprise!

    • Re: (Score:2, Funny)

      by durrr (1316311)

      " 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions."

      And the remaining 40% said these numbers don't add upp.

      • It's fairly obvious that those are the percentages of people who said those items were problems. It does not say that they, individually, were the worst problem.

  • malware and porn (Score:1, Insightful)

    by Anonymous Coward

    last time i saw an article about that on /. it was stating how most porn sites have very little malware and most malware comes from stupid wholesome crape like smileys and bars and other retarded crap the mouth breathers think they need to install

    • by ZombieBraintrust (1685608) on Tuesday November 12, 2013 @06:07PM (#45406673)
      executives must be in to weirder stuff than most mouth breathers
      • I caught a VP of one of my former employers surfing tumblr for pics of women that flash their tits in public and ONLY that. He was very consistent when looking for these pics. I got wind of it when I was given access to our Solera Deep See box right after being brought in. I monitored his activity for a week then checked his past activity and, sure enough, big tits flashed in public. Used a tool to capture his IE history: Big tits flashed in public.

        I've seen execs that liked to search for wierd stuff, and t

    • Re:malware and porn (Score:5, Interesting)

      by Opportunist (166417) on Tuesday November 12, 2013 @07:17PM (#45407421)

      You don't think executives don't NEED those super important "power bars", do you?

      And of course execs have admin privs on their PC. They don't know what to do with it, they don't know why they got it, but don't you dare even suggesting taking it from him!

      Even as the CISO you get shouted down at the management meeting when you suggest something outrageous like that. What cheek! Those dumb techdroids having higher privileges on his PC than the CEO!

      Yeah, we had a good laugh.

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        Most CEOs don't even have all the keys to the factories and plants, and when they need access for whatever reason, they go in with someone who knows what they are doing- just in case they screw something up - press the wrong button etc.

        But when it comes to IT - they just love logging in with an account with full domain admin privileges (you could create a different account for them to use if they ever need it - which could be rarely, but no, it has to be their main account).
      • by jc42 (318812)

        And of course execs have admin privs on their PC. They don't know what to do with it, they don't know why they got it, but don't you dare even suggesting taking it from him!

        Reminds me of the old observation that you can easily determine someone's software expertise from the log data showing how often they run with elevated (root, admin, whatever) privileges: The two quantities are inversely related.

        I recall once impressing some people at a company that I was contracting for, when at a meeting I was asked if I needed root privileges on the machines I was using for testing. I shrugged, and said I didn't think so. When they looked puzzled, I just said that in the few cases I

  • by Anonymous Coward

    The obvious solution is for corporation to provide safe porn on their internal networks. What could possibly go wrong?

    • by TWX (665546) on Tuesday November 12, 2013 @06:34PM (#45406983)

      The obvious solution is for corporation to provide safe porn on their internal networks. What could possibly go wrong?

      I shudder to think of how this'll impact the BYOD policy...

      • I am more afraid of the sexual harassment problems looming over our heads with the BYOD crap.

      • Re: Safe Surfing (Score:3, Insightful)

        by Anonymous Coward

        You jest but the threat is real. We have a slew of android users who had their phone done over.

        It used to be that we would tell users "don't click that link. " where now web sites like yieldmanager throw apk files at them.. which download automatically .. they install... and we have to clean their phone and explain that their phone is a small pc. Sigh. The 90's all over again.
        Those who do not learn from the past.

    • When I went to college the network admin (who also happened to be an instructor for one of my classes) told us the university could save a lot on network costs if it would just set up internal porn server mirrors. Unfortunately the board of regents didn't like that idea.

  • by themushroom (197365) on Tuesday November 12, 2013 @06:04PM (#45406643) Homepage

    -- Mel Brooks, "History of the World pt 1"

    • by DavidClarkeHR (2769805) <(ac.tsilarenegrh) (ta) (ekralc.divad)> on Tuesday November 12, 2013 @06:35PM (#45406999)

      It's good to be the king. -- Mel Brooks, "History of the World pt 1"

      Agreed. I'm one of the fortunate ones - my boss actually follows the rules, but I've worked in places where the boss is exempt from basic network security. One was a small business where the boss 'pays the bills', so he got to 'make the rules'.

      When his customer database was deleted he fired his IT guy in a fit of anger. He lost a lot of money in a wrongful dismissal settlement, and lost all of his business. It might have been the IT guy who did it - but the lawyers obviously felt that 'I don't need a slow virus scanner' was more likely the cause. Or at least, reasonable doubt.

      • How fucked up was the IT infrastructure that one douche bag running windows without a virus scanner managed to nuke a database and all the offsite backups?

        Must have been one hell of a virus.

        • by Opportunist (166417) on Tuesday November 12, 2013 @07:20PM (#45407445)

          "Why do we need backups, we have it all here, right? So why do you want to have it there, too? Do you want to steal our customers?"

          I was actually asked that once.

          • While I don't doubt you, to be honest I've never ran across any business that didn't value data protection. Then again, I do work for a MSP (Managed Service Provider) that works with 50+ SMBs on a yearly bases. About a quarter of those are monthly regulars. In any case, all of them prefer having a local D2D copy of the server with incremental backups ran nightly and an off-site replica of core user share data via MozyPro. Regardless of the product and methodology, every single client of ours values backups

            • I should maybe mention that the statement above is about 25 years old and, as many here can imagine, the business in question does not exist anymore. It wasn't a data loss problem that fell them, though. They were incompetent in other areas too. :)

      • by mysidia (191772)

        'I don't need a slow virus scanner' was more likely the cause.

        Wait... that's a true statement. Nobody needs a slow virus scanner. Go get an application whitelisting solution such as Bitlocker, Lumension, or Bit9.

        The slowest/most user-annoying of signature-based av such as Mcafee or Symantec have piss-poor detection rates anyways ---- I find possibly 90% of scans of malware yield false negatives (failure to detect). Often, virus signatures will never recognize the malware variant you happened to h

      • by pnutjam (523990)
        I have had alot of success convincing VP's who insist on local admin rights to use a local admin account. I create it on their machine and walk them through how to use it. UAC makes it pretty simple.
        *Tip, to authenticate to a local account on a domain computer,use '.\' as in '.\jsmith'
  • Solution (Score:5, Interesting)

    by girlintraining (1395911) on Tuesday November 12, 2013 @06:05PM (#45406653)

    and 58% cited the ineffectiveness of anti-malware solutions."

    So the majority of experts agree the existing solutions are ineffective. And yet the solution remains the same: Buy more of it.

    • What a truly ignorant statement. 96% of infections are covered according to the experts. Just because 4% get in doesn't mean it is 100% ineffective and useless. I see many malware programs all the time from people who say they are clean.

      It is not 10 years ago where an infection slows it down. Today it is quiet and quick on purpose as your bank account numbers and credit card info gets sent to Russia quietly.

    • by mysidia (191772)

      So the majority of experts agree the existing solutions are ineffective. And yet the solution remains the same: Buy more of it.

      Was the research study funded by security companies, that may be involved some way in the antimalware business?

    • Re:Solution (Score:5, Insightful)

      by Opportunist (166417) on Tuesday November 12, 2013 @07:31PM (#45407527)

      Does Antivirus software get everything? Hell no. Is it useless because of it? No, far from it.

      The world is not black and white and neither is security. I mean, by the same logic you could say that anti-drug laws didn't work, so let's abolish them. Police didn't arrest every murderer out there, away with it. And since doctors fail at saving every patient, shut down those hospitals.

      Would that be stupid? Of course it would be. No, anti malware programs do not catch everything. But even the worst of them (interestingly named after its currently quite mobile founder) finds about 95% of the threats. Yes, that means that one out of 20 attacks could bet past it. But the other 19 do not!

      Not to mention that the best security system is powerless against user stupidity. I think I pull that link every time we're discussing this, but it just was true, is true and probably will be true forever until I find a way to kill clickmonkeys via internet: Given a choice between dancing pigs and security, users will pick dancing pigs every time [wikipedia.org]. There is exactly NO way how you can secure a system against a clickmonkey that has admin privs. And those idiotic execs do! Not that they need them or know how to wield them, but they want that "in control" feeling. Needed or not.

      The very LAST thing I want is any kind of privileges beyond the bare minimum to do my job. Simple reason: Credible deniability. What I could not do, I most certainly did not do. Your database is missing? Could not have been me, I can only enter data but I can't delete or edit anything. Go look elsewhere for your culprit.

      But back on topic. Statistic is a multi-layer system. Relying on only one part of security is simply dumb. There is no such thing as 100% security. It's a myth. Like 100% uptime. You can lower the chance for a security breach, with technology (firewalls, antivirus), with policies (least privileges, secure processes) and a few other things. And yes, hence the solution to security is more security. Well, within reason and at sensible points, of course, but the solution can't be "can't stop it, so why bother trying?"

      • No, anti malware programs do not catch everything. But even the worst of them (interestingly named after its currently quite mobile founder) finds about 95% of the threats. Yes, that means that one out of 20 attacks could bet past it. But the other 19 do not!

        If my own corporate experience with antivirus/antimalware tools is any indication they actually find 120% of the threats.

        How do they do that you say? By flagging legitimate files as malware and trojans. It's a very real problem for small software d

      • by mcgrew (92797) *

        You bring back memories of slashdot's badanalogyguy.

        I mean, by the same logic you could say that anti-drug laws didn't work, so let's abolish them.

        That would only be a good analogy if antivirus actually caused more infections than they stopped. The societal ills blamed on drugs are actually caused by the laws against them.

        That said, the rest of your argument is logical.

        • Well, considering that some false positives can actually cause more havoc than some infections...

    • by wvmarle (1070040)

      When kept updated, antivirus software should do a pretty good job keeping all the older, known attacks out of the door. That leaves only a (relative small) number of new attacks that can affect you.

      Combine that with some proper lockdown of the computer (not running as admin/root should help a lot, for example) and you can keep many of those newer attacks at bay as well.

      • by ruir (2709173)
        It doesn't work. As you say, it keeps last year flu out of the door, but you will get next year flu, unless by luck some had caught them earlier on, and you are paying a fee. I can't get how protection virus model still run basically with string matching which is quite easy to defeat. The inherent flaws that they explore are due to Microsoft still maintaining an operation system model defective by design and not killling compatibility for good with the past, and locking it down more. The AV companies also d
    • by Shavano (2541114)

      the next rev will fix your problem...

  • by generic_screenname (2927777) on Tuesday November 12, 2013 @06:09PM (#45406679)
    The top threats listed in TFA are all common-sense things to avoid with work machines. (Visiting porn sites, letting family members use equipment, installing malicious mobile apps, and falling for phishing emails.) There is a reason us IT folks tell people not to do these things at work.
    • by idontgno (624372) on Tuesday November 12, 2013 @06:22PM (#45406829) Journal

      And there's a reason why the executive suite doesn't listen:

      "You're not the boss of me!"

      (Supported by "If anything does happen, it's your fault anyway.")

      • by boristdog (133725)

        I was the execs personal IT support (not my job, but hey) in the last company I worked for.
        One day the CEO brought his "wife's" laptop for me to fix because it was really slow.

        I had never seen so much and so varied porn on one persons computer before. I learned so much back then...

      • by mysidia (191772)

        (Supported by "If anything does happen, it's your fault anyway.")

        No... this is when you bring them a paper; "Please sign here that you agree that you will have exclusive responsibility for the security of this workstation which will be excluded from the security rules --- you understand the risk, and the concerns of the IT department, attempting to maintain due care with regards' to the security of the organization's assets and proprietary and sensitive information."

        Copy in triplicate; keep a co

      • What you need in this case is a CISO with a hell of a backbone who cares more about doing his job than about keeping it.

        In other words: Good luck.

      • The more I get older, the more I realise that the majority of adults are essentially still children.

        • by CrazyDuke (529195)

          Yeah, all the old behaviors still exist from childhood. Maturity just takes off enough of the rough edges to not be continually abrasive. Well, in those that have matured anyway. About a third of population didn't made it past puberty personality wise. And, about 9% never made it past the terrible twos. That latter group frequently clusters at the extremes of society, for example, in positions where they make and/or break the rules.

    • by mysidia (191772)

      There is a reason us IT folks tell people not to do these things at work.

      PERHAPS; it would be more credible if IT folks would actually explain a plausible reason, every time they tell people not to do something.

      People will assume you're telling them not to surf porn, because it's against the rules, or because you in IT feel that is immoral, and maybe you warn them about "malware" as a scare tactic to try and keep them doing what you want them to do, instead of what they want to do.

    • by LoRdTAW (99712)

      Management and bosses aren't peons and want carte blanche when it comes to IT. At my work we had a problem with people using facebook and porn. Its a small shop with about 20 PC's and there were only two culprits: the office "manager" who spent her entire day on FB and a skeevy shop worker who used his PC for porn. The office manager tried to hide her addiction but she was caught time and time again with FB open. She once had the nerve to tell an overworked and overloaded secretary that she was too busy to

    • Lets not forget the big picture here. While they may be violating IT policy, possibly opening the network up to many infiltration risks, and potentially costing many hours of lost productivity across many departments; this is all true.

      The fact is, before internet porn, they were spending their time between meetings giving HR headaches with torrid office affairs and sexual harrasment lawsuits.

      Believe it or not, this is cheaper.

  • by Anonymous Coward

    It gets 'em every time.

    • by Anonymous Coward

      Well, when even Google tells people that their software needs to be updated, without being asked, then of course people will eventually believe that a web site is an acceptable channel for that kind of information. You can tell people that they should never heed the warnings of a web site as often as you like: Your authority does not come close to Google's clout. It is like banks embedding links in their emails: When the good guys make themselves look like the fraudsters, then the fraudsters start looking l

  • Is executives trying to claim sovereign immunity to IT regulations.

    I doubt those of lower rank would be given anything but a pink slip if they were caught doing the same thing.

    • Pretty much this.

      One of the core reasons this problem exists in the first place is that execs insist that the rules don't apply to them. Oh sure, we have insanely tight corporate rules concerning computer usage... but of course not for C-Levels, certainly not. And their secretaries (who are collectively ignorant enough to be a security crisis all by themselves) have to be exempt, too. And while we're at it, we not only need to bypass the firewall entirely but we also need administrative privileges on our ma

    • by mysidia (191772)

      Is executives trying to claim sovereign immunity to IT regulations.

      Perhaps.... but this is one of the reasons IT security cannot be built from the bottom up.

      IT security inherently requires management buy-in, and management has to be made to understand about leadership by example. They must be sold on it. If they themselves can't adhere to it, then they sure aren't sold on it! How could they expect their hired help to be sold on it, if they don't even agree with it?

      If the manager or their fa

  • As old as graffiti as new as twitter. Ubiquitous, indomitable, insatiable.
  • OS Design failure (Score:3, Interesting)

    by ka9dgx (72702) on Tuesday November 12, 2013 @06:30PM (#45406931) Homepage Journal

    So, none of this mentions the lack of a proper security design in the Operating System. When someone says run a program, it let it use this much ram, this much cpu, and this folder.... that should be it.

    But no existing commodity OS lets you do that, does it? Until capability based security becomes the norm, this will never be fixed, and information security jobs will flourish.

    • by Nemyst (1383049)
      I hope you realize most malware these days uses exploits... You know, bugs which were not planned for and thus can mean the circumvention of the entire security system. Your solution is no less vulnerable to a simple bug which, until it gets squashed, could let a malicious application through the net. Despite sandboxing, multiple security layers, countless detection algorithms and heuristics, malware still manages to go through, so I doubt the solution is as easy as what you're claiming.
    • Perhaps it doesn't exist because making a usable system "secure" in every variable definition of the word is impossible.
    • How well is that going to work for your file browser? If it is sandboxed/chrooted to its own folder structure, there isn't much to browse, is there? Ok, so open it up a bit, you say? Share it with the folders of app x, y, and z? But app x shares folders with app a, b, and c! And app y shares folders with d, e, and f...
    • No OS can protect you against user stupidity. When the user says "execute program", the OS can yell ten times how unsafe it is and how much this is a virus, when the user overrides it all it accomplishes is to annoy the user.

      He needs administrative privileges to do that you say? And he doesn't need them to do his job you say? I agree. The C-Level in question does not. Since you can't fire him but he can fire you, guess who gets his way.

  • by grahamsaa (1287732) on Tuesday November 12, 2013 @06:31PM (#45406937)
    I've never understood why people do stuff like this. Years ago I recovered data from a CFO's laptop, only to find the thing filled with porn. Senior managers generally make enough money to have personal devices to look at porn on -- why do they risk the embarrassment of being discovered misusing company resources? I guess now that I think of it, the CFO in question wasn't fired (or even really disciplined) for this, as far as I can tell, so maybe senior managers just think that they're important enough that rules and common sense don't matter. If the laptop had belonged to a lower-level employee, he or she probably would have been disciplined.
    • by Anonymous Coward

      Because they can.

    • My guess would be a misplaced feeling of entitlement combined with turf war mentality. Combined with a pretty comfy security that they won't get fired over something as trivial as surfing porn.

      Senior managers are a bit like little kids. They have no real worries in life and they have nothing really important to do, so they start a bling war. Who got the better car, who gets the better parking space at work, who has the secretary with the bigger hooters and so on. Of course this entails the feeling of needin

    • Oh you silly Slashdotters. The CFO certainly has a reasonable golden parachute. He probably has gold digging wife at home that would be really pissed off if he were caught watching porn. Thus, just watch it at work. Worst case, he gets fired and paid off. He'll move on to another company. Rinse and repeat.
  • by wjcofkc (964165) on Tuesday November 12, 2013 @06:41PM (#45407069)
    If employees were bypassing security, and getting their machines and the network infected en-mass via porn. One of two or both would happen:
    A. A very stern email would go out to all employees regarding the issue.
    B. A whole lot of employees would get canned.

    Since it's executives, there will be no scolding or even talk of it. Not to mention their security for no good reason is low, so they access anything they want on the internet. It will just keeping going on. After all, this is hardly news. It's well known (at least in support) that executives have been infecting their machines and the network by the sackful for ages. When I did internal corporate IT support, I personally saw it. Over and over and over. The standard course of action? Remote into their machine, silently remark at the sheer number of porn related icons on their desktop, start removing things (toolbars too), climb around in the registry fixing all the damage the porn did, patch anything I had to, and then disconnect - walking away from the whole matter without a word. Also, these events were never properly documented to protect the executive, and therefor my job. The funny thing is, a lot of the higher ups would watch me while I was remoted into their machine, seeing everything they had been up to - they truly didn't give a shit due to their level of authority. I sometimes wondered if they got off on it. No shame at all.
  • This is not 40% if executives infecting phones. In fact, based on the article, we don't know how many execs get malware on their phone. However, out of that total unknown percentage of execs with malware, 40% of them get their malware from porn sites. The summary is using a method of lying with statistics, letting the reader infer something that isn't true by showing a similar true statistic.

    This statistic wasn't even the point of the article, but rather that breaches are not being reported by companies.

  • by blahbooboo (839709) on Tuesday November 12, 2013 @06:56PM (#45407213)

    http://yourbrainonporn.com/ [yourbrainonporn.com]

    All that needs to be said...

  • by sjames (1099)

    I really want to say "UNBELIEVABLE", but it's all too believable.

    Apparently it's just too much to ask that some jackass making over a million a year show a tiny little bit of emotional maturity and/or professionalism and NOT view porn at work. More is expected of teenagers at their first minimum wage job than that.

  • Why do porn sites have more malware than other sites?

    It stands to reason that porn on the internet shouldn't have any more to do with malware than sports on the internet. Both are popular with about the same demographic and both are providing an entertainment product.

    By now, considering the money associated with porn and the relative competiton, porn sites should be like any other site selling entertainment, wanting to maintain a "safe" shopping experience for their customers lest they take their entertai

    • by anyanka (1953414)

      It's because execs don't want to pay for porn, so they end up on the bad side of the webs, where free porn is used to lure people to malware sites.

    • by Zapotek (1032314)
      Seems easier to setup a porn website to serve malware than a sports one. Not much need for coherence of content in porn, just random pictures/videos of naked people; plus, it really catches the eye.
    • My guess is that with porn sites and infections it is much like in RL with STDs. There are not really that many infected porn sites, but people tend to move around and switch frequently, hence eventually catching something.

      Stay faithful to your porn page and you will be fine. Ramen.

    • Why do porn sites have more malware than other sites?

      Simple, really. Tell a sports fan, "Save as. Wait. Type 'mount' and press enter. No, in the other window. Mount. Yes. Does your /home say noexec next to it? Yes, in parenthesis. I don't care about nodev, I asked about noexec. Oh, good. JUST A MINUTE, this won't take long if you just do what I say. Save as, malware.sh in your home directory. Your home directory. Now, type 'chmod +x malware.sh' Yes. Yes. No, chmod. C as in Catcher. H as i

  • I was once googling for "evacuated cylinder solar collector", and cmd-clicking all the links to open a batch of tabs to vendors of such. A few dozen tabs in, I looked over at my secondary monitor, and it was filled with a porn site. So you see, I "visited a pornographic site" that day.

    • Well, if you're googling for such perverted stuff, it's your own damn fault!

    • I was once googling for "evacuated cylinder solar collector",.

      Holy cow, that's some nasty porn!

    • The problem is the latency - you needed to cmd click all those pages because clicking and hitting the back button to click the next link doesn't work. First, your browser wants to refresh the original page every time because...why again?

      Then, each page has a ton of 3rd party includes that break the page layout if they don't load in the right order (and have their own... 4th party, I guess.. includes, which are computed on the fly, so you have to run some of the js before you can even find out you're missin

  • Any executive who gets a virus from a porn site instead of a hooker is grossly incompetent and should be fired.

  • by clickclickdrone (964164) on Tuesday November 12, 2013 @07:26PM (#45407499)
    I work in a major Bank and the support staff tell me the senior execs are all kept in a separate isolated LAN, not because of the security of the documents they work on but because they access so much porn and torrents etc that their bit of network is riddled with crap that needs daily cleaning up. And some of the porn is very much in the jail time category.
    • by z0idberg (888892)

      The support staff are either full of shit (which is the most likely scenario) or breaking the law themselves by not reporting this "jail time category" porn.

      And if they are more concerned with keeping their job than reporting it they are in the same low-life category as the execs accessing the stuff.

    • I also used to work in a bank, and there was this opt-in network (you actually had to ask for it, and it of course put you on a "watch" list for performance and such) on a regular home-grade connection, called "red cable". It got you access to a nearly unrestricted NAT connection (separation for each floor, wireless network segments, and meeting rooms), and incidentally allowed IT folks to download packages and other cumbersome images that the regular proxy would not download/filter.
      Meeting rooms also were

  • by Anonymous Coward

    Yep, above the law, above company policy...these modern lords "tax" by paying woefully less to the peons than their labor is worth (usually less than half the profit created by said peons is returned to them) . A majority provide only the "leadership" of following the latest trends from books or from successful start-ups...except the execution is typically poor because they try to do it cheaper. Anyone who has worked for a corporation probably recognized the enthusiastic rantings every time some new initia

  • by PopeRatzo (965947) on Tuesday November 12, 2013 @07:32PM (#45407545) Homepage Journal

    These porn-surfing execs are just taking a more "hands-on" approach to management and want to make sure they have a firm grasp on their critical infrastructure.

    It gives new meaning to The Peter Principle.

  • get a linux box (Score:4, Insightful)

    by cyfer2000 (548592) on Tuesday November 12, 2013 @09:40PM (#45408495) Journal
    For the pron, get a linux box please!
  • by Anonymous Coward

    I have a family member who is a VP at a top 100 company. I've spoken to him and he mentions that they don't worry about IT coming
    after execs that high up and porn. I was shocked and tried to warn him that it just gives the company a good out if something should
    happen, yet he continues to surf porn. As I work in IT and as one of my former jobs was to monitor the midnight biology lessons that
    would take place and report on them, I found this both disturbing and pissed me off. Here I am busting my ass to k

  • Is this because porn sites are serving actual exploits that use Flash or browser bugs, or because people downloaded and ran .exe files?

  • Reading from the article: Visiting a pornographic website (40%) Clicking on a malicious link in a phishing email (56%) Allowing a family member to use a company-owned device (45%) Installing a malicious mobile app (33%) Are these numbers cited from each individual that was polled or from the entire group of 200 people? Furthermore, they don't seem to add up. Finally, I remember when some 20 years ago when I installed my first proxy cache with site blocking capabilities and it blocked almost all porn s
  • She's a killer man!

  • The "well known" paid for and free porn sites try hard to keep their servers free from malware. It's the ad servers they use to generate income that usually get infected. The other way to get malware from going to porn sites, is going to malware sites that use the promise of free porn to get you to click on stuff.

    The best way to prevent this from happening if you can't do anything about the browsing habits of your users, is to block all ad servers, regardless of what site they serve ads on on your firewal

  • So I guess we can add one more thing to the list of benefits for bossless offices [npr.org]: A more secure network.
  • When it comes to corporate IT, they're idiots at removing viruses. I'm head IT manager but also run a mostly residential computer repair shop. I know how to remove a virus! Anyone who doesn't remove viruses for a living does not. Its as easy as can be to delete any virus manually then clean up with other tools if you know what you're doing. Unfortunately, they do not.
    • When it comes to corporate IT, they're idiots at removing viruses. I'm head IT manager but also run a mostly residential computer repair shop. I know how to remove a virus! Anyone who doesn't remove viruses for a living does not. Its as easy as can be to delete any virus manually then clean up with other tools if you know what you're doing. Unfortunately, they do not.

      Corporate IT doesn't need to know now to remove viruses beyond clicking 'delete' in the installed AV software. If it goes beyond that then there is a security issues and the best practice is just to replace the computer which usually takes less time, work, and worry than trying to remove viruses manually.

Mediocrity finds safety in standardization. -- Frederick Crane

Working...