On 02.05.2012 04:27, Kf Lee wrote: > 2) The user OS are all installed in the usb. When computer startup, the Grub take the control and check which usb has an OS in it that is bootable. In this way I can play with different OS having them installed in several usb. Most of USB sticks around are a cheap unreliable stuff slow compared to SSDs or traditional HDDs for most tasks. They're useful for recovery scenarios and to have a familiar environment when travelling but are of bad quality for primary OS. > > 3) In office, the staff carry their entire OS with him. Plug in and > work at any computer, when job done, take him usb with him. All > security issue solved. If his OS got virus, he is the only one suffer > from it. > This point simply doesn't hold. Using USB rather than fixed HDD presents no additional challenges to a virus writer. After all, if the virus is able to write itself on a HDD, what makes USB different? Quite the opposite, the USB themselves that people carry all the time with them is in itself a major virus carrier. Even if you put regulations like "Don't put this USB stick into other computers", someone who need to transfer data and by chance has only this stick will use it and in the meanwhile get all the viruses of both target and destination computer. It makes data theft more likely since people may intentionally or unintentionally often carry these sticks around and they'll get stolen or lost. After all, it's easier to get one of your employees drunk beyond remembering in a bar and get the stick off him than it's to break into an adequately protected physical facility. Moreover in the case of break-in into your facility the law is on your side (you're a victim of break-in) while in later it's against you (you failed to secure customer data) and depending on country penalties apply and your public image will get disastrous as well. Also it puts everyone into managing his own OS which is a bad thing unless all your stuff consists of sysadmins. It's unreasonable to require anyone from cleaner (who have no idea) to CEO (who consider it too low for their duties), including the people in non-IT jobs like accountants (who are neither educated nor paid for computer security) to be an educated sysadmin. Imagine a village where everyone constructs his own house without knowing anything about building. Many of them will be shaky from the beginning and crumble in few days, most won't survive full year, and after a good winter only few will remain, probably, done by people who learned how to build or have a talent. Even if you distribute initial OS yourself there are still many routine tasks you simply can't expect everyone to do properly. For security just stick to usual scenarios (network of centrally managed computers or servers+thin clients) with adequate permission policy. Also if you have no idea about security or don't have enough experience hire someone who does (if your company is big enough) or purchase a network administration contract with a company who offers such services or, most commonly, some combination of both like a part- or full-time sysadmin and a support contract with a company like Red Hat. After all you buy/rent your building from specialists rather than attempting to construct yourself. In my country, and probably in others, failing to secure adequately customer data is a criminal offence, so it's probably better not to risk it and let professionals do their job.
-- Regards Vladimir 'φ-coder/phcoder' Serbinenko
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel