General discussion

  • Creator
  • #2189143

    Poll about having software to block out IT members unless permission given


    by chris ·

    Poll question

All Comments

  • Author
    • #3071771

      Bad precident

      by jmgarvin ·

      In reply to Poll about having software to block out IT members unless permission given

      The problem is that now, the employees can say the IT department is “snooping” if they monitor web traffic or email.

      While I somewhat agree there should be a popup box (just so the user knows why something “weird” might be happening.)

      I honestly think that IT “spying” on people is what makes IT work! How else would we keep our networks running and ensure security???

      • #3071725

        You forgot the “Smiley”

        by charliespencer ·

        In reply to Bad precident

        You’re supposed to stick an emoticon after those last two statements so everyone else could tell you were joking.

        • #3071723

          And he misspelled “president”

          by stress junkie ·

          In reply to You forgot the “Smiley”

          Misspelled president!!! hahahahaha. How can I be so funny? What a laugh riot!!! President. 😀

        • #3071719

          See you make fun of British pronounciation but

          by jamesrl ·

          In reply to And he misspelled “president”

          …an educated British person would pronounce the word in question pre-CEED-ent(phonetic spelling),and would not have made the spelling mistake quite so easily.

          But because you insist on making it PRE-ce-dent(similar to president, pepsodent etc), spelling mistakes inevitably do occur. 🙂


        • #3071559

          Don’t get me started …

          by stress junkie ·

          In reply to See you make fun of British pronounciation but

          … about the way Brits pronounce words. You people can’t even say the word “aluminum” properly. American English is the best English. 😀

        • #3071716

          You Mean Our President?

          by wayne m. ·

          In reply to And he misspelled “president”

          Gee, which of the following might apply to W?

          “I have a member of my upper level executive staff who I believe is giving bad advice to other members of the exec team.”

          “I think this guy has no real clue.”

          “I’m really looking for some evidence or polls to refute what this guy is telling everyone.”

          I guess I should check the TechRepublic topic on the FireStarter label, cause I am feeling feisty on a Friday.

        • #3071715

          Missing Firestarter Tag

          by charliespencer ·

          In reply to You Mean Our President?

          I was disappointed (my, that’s an easily misspelled word) to see the “Firestarter” tag wasn’t hung on this one. If ever a discussion deserved it, it’s this one.

          Was King George I the president’s precedent?

        • #3071712

          Shhhh. Don’t give it away!!!

          by stress junkie ·

          In reply to Missing Firestarter Tag


      • #3053540

        i agree that we must know more then only traffic

        by lukcad ·

        In reply to Bad precident

        I am developing that kind of soft for analysis of user behavior on the web sites. This is logo for web site administrator who would like to know statistic of his site and who would like to use his site with more profit. It is not for any spying about users it is need for developing of new, more effective and usefull applications for interaction users and web information. Everyone can agree with me, that any user of site would like to find very fast interesting him information. And from it depends the popularity and value of informational web site or portal. So that technology you can find everywhere: msn, cnn, aol and so on. Sometime the popup menu is only one way to make the request to server for receiving of ip of visitor, sometime it is enougth to use inner server logo. But it is need the big portals or popular sites for more clear represent of situation, for prdicting and for analysis and statistic. But it is not used for restriction of access or for some gathering information about private life (it is not possible, so easy as you think). And nice thing is THAT IT IS ALL AUTOMATED so not people or special service workers who read it for his own aims.
        Ok. I see, everyone who started afraid the web, thinking that spyware is even cookies (it is element of memory on client side for identification by server that some process was been maded before.) will read it discussion and think that i know how to write spyware for fbi. NO. be patient. Spyware is not my branch. Spyware is more difficult for me then you can image or you thought. It is connected to features of operational system. For spy ware is not standart way, it depends Window or Linux is and so on. The gathering of information from computer or sending it via smpt are specific of spyware. But you can easily to define that kind interactions in any system with NTFS and turned on the logo about security by analising of event logo.
        On my mind the problem with “spying” private information will solved fully, when the administration of computer will more close to common user. It is big task and Microsoft going to solve it in future.
        Sincerely, LukCAD

    • #3071766

      Look elsewhere

      by jamesrl ·

      In reply to Poll about having software to block out IT members unless permission given

      I am with your staff member. At a previous company the default was set to with permission only. Why do IT people need to look at whats on the screen unless they are working with the user troubleshooting some issue?

      I think the guy has a clue – he may not know technology but he recognises a privacy issue when he sees one.

      I think this exludes any auditing tools that may provide data on the user, what programs are installed, what the HW config is, network settings etc. – thats clearly something IT needs access to and shouldn’t require permission to gather.

      But seeing what the current user is doing to me is only valid if there is troubleshooting going on, or a formal investigation into a security issue – and if thats the case, HR or someone other than IT must be aware and approve.

      Just because you are IT doesn’t mean you have carte blanche to go snooping around for fun. At that company we even went so far as to set up encrypted email for senior execs, that only a couple of IT people could decrypt(the ones who administered the certifynig server).

      How would you like it if someone from outside your department, say HR, could at any time look in at what you are doing on your computer without your knowledge or consent?


      • #3071747

        I agreed with JamesRL

        by charliespencer ·

        In reply to Look elsewhere

        Chris, why do you need to be able to monitor computer use without the user’s knowing about it? You’ve repeated what a senior manager has said, but you haven’t presented any technical reasons to disagree with him or justified the need for this.

        You put “spying” in quotes; what else would you call this? It isn’t policy enforcement; it’s too random. If policy enforcement is the goal, spend the money on policy tools instead. If you’re a Windows shop, are you getting all you can out of Group Policy?

        I’m not sure what client OS you’re running, but XP comes set by default so the user has to give permission. This may not be a case of having to spend money for additional software to block spying so much as reconfiguring what you already have. Often its the software to -enable- monitoring that costs money. This just makes his case stronger. His approach is free; your’s requires at least the time to change the default configuration.

        It’s one thing to have HR present a documented request to the IS department head and the user’s manager for monitoring a user’s computer without the user’s knowledge. It’s another to randomly hop from box to box on the off chance you’ll catch someone buying old Hustlers on eBay. Eventually someone will delete a file and blame IT for it, or a user will file a harassment complaint because they think they are being singled out for monitoring without justification. The senior exec may think someone on the IT staff has too much time on their hands and view that as an opportunity for “rightsizing”. Don’t let it be you.

      • #3071730

        Concur with JamesRL

        by wayne m. ·

        In reply to Look elsewhere

        Asking the user’s permission before connecting to his desktop has been standard practice at every place I have ever worked in. If it is not policy, then it is at least good manners to ask first.

      • #3071713

        I subscribe to JamesRL’s view

        by stress junkie ·

        In reply to Look elsewhere

        Hey. You know what? There aren’t that many synonyms to “agree”.

        All the same, JamesRL and others are correct. The end user has the right to know if someone is watching them. Remote viewing software should only be used with the knowledge and consent of the person being viewed, and then only for diagnostic or teaching purposes.

        The capabilities afforded to IT personel must be used responsibly, just as in any job with higher than normal privileges. People do not thrive nor do they do their best work if they feel that someone might spy on them without their knowledge. That sort of covert capability only undermines morale and creates resentment among the employees toward the employer. No good can come of that. IT should do their job out in the open. Even the use of monitoring software to detect intrusions or email viruses or block web sites should be known to the end users.

      • #3071711

        I too agree…

        by jdmercha ·

        In reply to Look elsewhere

        But I look at it from a slightly different perspective.

        The computer equipment is owned by the company. Any files stored on the computers also belongs to the company. IT people (at some level at least) need to be able to access all that data.

        Users should not be allowed to encript files so that nobody else could get to them. Even the CEO might get hit by a bus on his way home. Somebody has to be able to get at his files.

        But having access is different than having unfetterd access. IT should not be monitoring computers, unless there is a specific reason to do so. Monitoring the network for specific parameters should be adequate enough to protect the company from malware or ilegal activities.

      • #3058099

        You were on a roll …

        by too old for it ·

        In reply to Look elsewhere

        … until you equated the company’s computer with the user’s personal computer.

        Company computer on company time: Do not even start to whine to me about privacy.

        Tho I do think that if there is to be monitoring and security, it should not be done by IT. Hopefully by a group from security, preferably housed in the same country as the company is located.

      • #3057904

        I see your point…but

        by jmgarvin ·

        In reply to Look elsewhere

        Many times you may have to remote into a machine, while the user is logged in, but nobody is home. How may of your users forget to log out?

        While I don’t think ALL the IT people should be doing this, I don’t see this as a major invasion, unless it is abused.

        I loved your idea about the senior execs and their emails. Perhaps something similar could be implemented for this issue?

        Security really means making sure your users aren’t doing what they aren’t supposed to do. What if you suspect a user is coping company data to a thumb drive and selling it to the competion? You can’t remote in, unless you have his permission?

        There is a middle ground and the fact of the matter is that IT sometimes needs to “snoop” to ensure security of all the assets!

        • #3072418

          At one place

          by jamesrl ·

          In reply to I see your point…but

          I worked, the place with 65000 employees, and 5000 IT employees, the only person who could authorize any “snooping” was the CIO. This was a good thing. It meant that you had to be serious, have a valid case and all your ducks in a row – no fishing expeditions allowed.

          If the user isn’t there, but they gave permission – such as logging a trouble ticket, then to me you have carte blanche to resolve their problems, including logging on when they aren’t there – in my organizations this is an implied consent. But its also implied that once you have finished fixing the problem, you stop accessing the PC.

          I understand there may be a need for some security folks to have full access to do their job – doesn’t mean they should go fishing, and it certainly should not be a blanket excuse for all IT staff to have that ability either.


    • #3071706

      Creates trust with the user

      by jdclyde ·

      In reply to Poll about having software to block out IT members unless permission given

      You should NEVER be able to “snoop” on someones pc without their knowledge or YOU are creating a hostile work environment.

      This is a standard practice, and many remote software packages will even beep if it is being used to monitor a screen.

      It is unethical of YOU to spy, or set yourself up in a position to spy. This is the same reason that IT NEVER knows peoples passwords. If something happens, you will be the FIRST person to get the blame.

    • #3071658

      Poll about having software to block out IT members unless permission given

      by chris ·

      In reply to Poll about having software to block out IT members unless permission given

      Poll Question

      • #3071653

        Same answer

        by stress junkie ·

        In reply to Poll about having software to block out IT members unless permission given

        The fact that this person has no knowledge of IT doesn’t mean that he is wrong on this one issue. He may be wrong on numerous other issues and still be right on this issue. If the issue is correct it doesn’t matter what credentials he has. Even a broken analog clock is right twice a day.

        The same is true of someone who makes an incorrect assertion. If someone is an IT expert but believes something that is incorrect then his credentials don’t change the fact that he is wrong. Stick to the issue, not the person.

        And, the expression is “I couldn’t care less” not “I could care less”.

      • #3071633

        IT Should be able to “spy” if they feel req’d

        by fluidtech ·

        In reply to Poll about having software to block out IT members unless permission given

        I think if IT can get an idea of what kind of sites the users are visiting, it puts them in the position of preventing a future problem, rather than reacting to a current one.
        Otherwise I feel it leaves you exposed to exploits & malware. It might not come from the sites currently being visited, but if you can interrupt the pattern of behavior, that is a step in the right direction.
        And don’t throw updates/patches at me…there’s always a machine that seems to slip through the cracks.
        And I don’t care who monitors my surfing…I keep it to company related issues. I have my personal machines for other stuff.

        • #3071608

          Internet Usage

          by charliespencer ·

          In reply to IT Should be able to “spy” if they feel req’d

          The company’s Internet usage policy should specify the IT department will track Internet sites for appropriateness. This can be done by sites visited without having to identify users by name. These sites can be blocked by a variety of software apps and services. Hardware and software firewalls, and anti-malware apps are better ways of preventing future problems than watching individtual desktop usage. Most of our malware problems lately are due to laptops being connected to unsecure home networks then brought to work.

          Directly monitoring user activity is a shotgun approach. You can’t watch more than one at a time. This should be reserved for cases where a user’s supervisor has requested monitoring of an employee for a specific documented reason, and only with HR’s documented concurrence. Without HR’s agreement, IT probably is not going to be able to take any action on it’s own.

        • #3057996


          by tonythetiger ·

          In reply to Internet Usage

          I don’t think it’s appropriate for the IT department to be the police. In my opinion, it is not for IT to determine the “appropriateness” of any user’s internet activity. It is the supervisor of the employee who is responsible for making sure that their employees are doing what they are supposed to be doing.

          That’s not to say IT doesn’t play a part, by generating reports, etc., but the “determining” ought to be left up to the supervisory chain of the user in question.

        • #3072412


          by jdclyde ·

          In reply to right

          method of managing.

          A pathetic manager will look at someone and see them not working every second of the day and yell at them.

          A good manager will look at the quality and quantity of work that employee does during the day and only yells at them if either slip.

          This old school mentality of 9 to 5, nose to the grinding stone is counter productive.

          Yesterday, a manager was concerned a 2nd shift floor supervisor was spending their time on their computer instead of supervising the floor as the job requires. Was told they were making their resume on company time and surfing the web. I made them go through HR, to go through my boss, and then come back to me and only if HR came with me.

          No way was I going to just jump in being the IT Nazi unless my boss told me to and I had witnesses at every step of the way.

          Didn’t find the resume, but did see where the resume template had been recently used in the word proccessor, and lots of web activity. some for building resumes, some for applying for work, much for shopping.

          Didn’t have the smoking gun, but they were just looking for supporting evidence anyways.

          Having HR with me the whole time protects ME. If I had the ability to snoop, then if something happened they could claim I had access and I did it.

          This is the same reason I never know passwords or have keys to anything but my office and the front door.

          Don’t be an a$$. Cover your a$$.

        • #3053545

          Uneffective and unethical

          by jdclyde ·

          In reply to IT Should be able to “spy” if they feel req’d

          IF you want to use your proxie or your firewall to montior sites, that is one thing and much more efficient.

          I would never work anywhere that “spies” on me, or expects me to be the IT Nazi and spy on others by going into their computers without their knowledge.

        • #3058091

          Well, maybe

          by too old for it ·

          In reply to Uneffective and unethical

          I helped migrate a mortgage broker from “wild wild west” to proxied and firewalled. To set up the proxy, we scraped the recently visted URLs from three top offenders, and sniffed the fourth who was using his personal laptop in our network.

          Soon as we threw the switch on the proxy, the two guys with their own business quit, the music streamer started bringing in CDs.

          The fourth? Actually went to the boss and complained that he wasn’t able to get to his porn sites. When he was told he wasn’t supposed to be looking at porn on company PC’s it went to fisticuffs (and NOT Marquis de Queensbury rules either)!

        • #3058042

          But that isn’t what he is advocating

          by jdclyde ·

          In reply to Well, maybe

          Monitoring the network traffic is VERY different than watching a users screen with spy software without them knowing it.

          You always let them know that the network is monitored and block what is deemed inapropreate.

          I would NEVER work with someone watching over my shoulder. I WOULD work someplace that states don’t get [i]caught[/i] visting porn sites. ;\

    • #3057984

      Privacy? What privacy?

      by dc guy ·

      In reply to Poll about having software to block out IT members unless permission given

      I work in a company with thousands of workstations. We have a rather large data security staff and an even larger help desk staff. Every one of those people has the ability and authority to key in a user ID, see exactly what is on that user’s screen, and watch the cursor move.

      This was explained to us at new employee orientation time. I’ve never heard of anyone changing their mind about working here because of this.

      We get used to it. They’re discreet and don’t go around talking about what they see. I suppose they joke about it with each other but so do doctors and lawyers. If they see something illegal or unethical or a flagrant violation of company policy they jump on it. That’s their job and it’s our job not to do it in the first place so it happens very seldom.

      People do occasionally get into very personal e-mail discussions and visit websites that clearly have nothing to do with our business. As long as they don’t overdo it and as long as they’re willing to take a chance on being observed, the network monitors and security officers don’t think of themselves as our nannies.

      Get used to it. These days there could just as easily–probably more easily–be someone “looking over your shoulder” on your home computer.

      • #3057939

        Me too

        by jamesrl ·

        In reply to Privacy? What privacy?

        I too have worked in several companies (4) over the past 15 years that have had between 3500 users and 65, 000 users.

        In all cases but one, they did network monitoring/traffic analysis to ferret out the bad eggs. But in no case did they allow someone to browse the screens that users were working on, without their consent, or without a formal investigation being opened. What offended me is the blanket, “we can look when we want, we are IT” statement of the OP.

        At one job, it was clear that it would have been a violation of national security as there was definately a “need to know” policy in some areas, and not all IT staff were cleared for TOP SECRET – though all data centre staff had to be.

        Even though I was involved in recommending certain security measures on one project, I as senior management of IT did not need to know just how they implemented my suggestions.

        I understand the work life balance means having to do some home things from work. If we do internet banking from the office(which is allowed) I don’t want someone seeing my bank account information.

        Of course if I am under investigation, all bets are off – but there had better be some grounds, and someone higher than a low level IT tech better have approved the investigation.


Viewing 4 reply threads