Get IT Done: Keep distributed computing programs off your organization's desktops

Prevent users from running distributed computing programs

End users who install distributed computing programs, such as SETI@home or software for the Intel Philanthropic Peer-to-Peer Program, may think they’re doing something good. After all, allowing a PC to process a small amount of data and then send it back to the research server could help prove the existence of alien life in space or find a cure for cancer. Some IT pros disagree with those users, though—at least about using these programs in the workplace.

A recent TechRepublic quick poll questioned members about whether or not these programs should be run on company PCs. Fifty-six percent of the 303 voters said users shouldn’t be allowed to run them in the workplace. This begs the question: Why shouldn’t you allow end users to run these helpful programs?

PC problems
Brooks Fancher, a network administrator for the Homewood Public Library outside of Birmingham, AL, explained that a big reason for not allowing users to install and run such programs in the workplace boils down to jurisdiction.

“I cannot control what’s going on, but I am the one held responsible,” Fancher said.

Several support techs whom I spoke with agreed that any software not installed by support personnel—including these seemingly harmless programs—could affect a PC by causing device driver problems, DLL conflicts, or other unknown issues. These issues might not be evident right away but could cause problems later when troubleshooting or upgrading the PC.

Other IT pros felt that such programs could be poorly written or run unknown code that could cause user systems to become slow or unresponsive.

Fancher also said the extra load these programs could put on older workstations—no matter how small the load—might also be a consideration for some organizations.

“At the moment, I have a lot of old creaky machines…that need a lot of babysitting…. [These programs] would put additional strain on them,” Fancher said. Many end users probably wouldn’t think that such small programs would add much load to their workstations, but in organizations where money is tight, you often can’t afford to run software other than what’s necessary to do the job.

Security concerns
Joe Tzoumis, a support tech for SupportFreaks.com, said that he could also see network security concerns. “With software like [this], there are security issues because of the number of users that access such a system,” he said.

Fancher agreed. “Network admins have a tendency to be paranoid about [these programs]. I am not setting up an e-mail virus filtering server and a firewall appliance and using a multirouter scheme just to blow the doors open and allow someone access,” he said.

Possible security worries include the vulnerability of such program code to hackers and the general fear of users running unknown code on PCs connected to the company network. Fancher added, “If someone somewhere figures out a way to turn the next update for [one of these programs] to include a small Trojan on its back, they could use it to gain access inside my facility to dig out info or they could use it in a zombie DDOS attack.” If an attack like this were to happen, Fancher said he would then have to clean up the mess and report to his supervisors about how such an event could happen without his knowledge.

Possible network issues
From the network side, admins might also be concerned about these programs causing network congestion. Even though the screen saver programs themselves don’t use a lot of network resources, if the applications were loaded on a large number of workstations, with packets of data being transferred day and night, the usage of those resources could add up. This additional nonbusiness-related activity can cause congestion on a LAN and affect Internet connectivity both in performance and price (that is, if you’re billed on a per-use basis for your Internet bandwidth).

If, down the line, these programs suddenly start to use more bandwidth, with several users running them, a network could experience a rise in bandwidth usage. Said Fancher, “I’d have to start hunting down the problem and checking out packet analyzer logs,” which would cost him time better spent on more pressing network issues.

Stop it before it starts
Unless your help desk has locked down every desktop in your organization, the key to preventing the installation of distributed computing programs is communication. Be sure your computer use policy forbids the installation of non-IT-department-approved software and inform end users about the added problems and costs that your organization could incur from allowing the installation of distributed computing programs. Suggest that they install these programs on their home computers.

Figure A
The Ethereal analyzer captures the domain (circled in red) to which the packets are sent.

To find out if users are running such programs on your network, you could run a packet analyzer, such as the open source Ethereal, to see if packets were being sent to a specific domain. For example, if you wanted to see if any end users were using SETI@home, you could install the SETI program on your PC and capture packets using Ethereal to find out the domain to which packets were being sent (see Figure A). Then, run Ethereal on your network to capture packets being sent to that domain.

Desktop lockdown
How much control does your IT department have over your organization's workstations? Do you use software to lock down end-user workstations? How do you overcome end-user resistance to such controls? Post a comment to this article and let us know what you think.

Editor's Picks