*>>Isn't that liability mitigation through obscurity, then?* No. Obscurity in this setting would be installing iTunes and then renaming the executable and removing icons or some other such thing.
And there is no rule against mitigating *liability *through obscurity. (Even the much ballyhooed *"no security through obscurity"* mantra is not 100% valid. Who advertises what brand and make of wall safe they use, or provides maps to it, for example?) This is all about dealing with known areas of concern. The iTunes app has had its fair share of security issues. That is also true of other apps, of course, but if you don't *need* it in an environment for business purposes, why add that burden? If you are in an environment that sees abuse of WMP, then you should rightfully address that. However, the discussion was about allowing iTunes, which is known to induce or facilitate specific usage patterns that are not generally conducive to useful consumption of resources. Thus, the advice was to NOT introduce this element into the environment. Given that WMP is probably available on these machines, the fact that they're looking to add something else, indicates that it is not being used in that capacity, and thus not a concern (or as much of a concern) as iTunes. Regardless of the validity of the file sharing portion of the argument, that was only one of the potential problems mentioned. I, certainly, did not reference it, because it was not material to my point. As for threat vectors, there are many things we allow in one context but not another. Many of the organizations that block .EXE and .PDF files via email still allow them via file shares or SharePoint or whatever. It's about mitigating liability where the liability is occurring. *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * On Thu, Sep 16, 2010 at 9:10 AM, Jonathan Link <jonathan.l...@gmail.com>wrote: > Isn't that liability mitigation through obscurity, then? > We discuss the importance of being complete and thorough in discharing our > duties. It isn't even the vector for transmission, it just encourages a > behavior, because it makes these files readily available for easy > viewing/listening/browsing. Windows Media Player does the same thing? Are > users familiar with it? In my experience, if iTunes isn't available people > quickly turn to it. Choosing not to install iTunes to prevent illegal file > sharing is a lot like a consumer buying a Mac because it is more secure. > The behavior needs to be addressed. Whether iTunes is allowable or not is > an entirely different consideration. We're doing a disservice if we as a > community suggest that if you don't install iTunes, you won't have problems > with illegal file sharing. In my experience, that isn't the case. > > -Jonathan > > On Thu, Sep 16, 2010 at 8:37 AM, Andrew S. Baker <asbz...@gmail.com>wrote: > >> I'm going to have to disagree, Jonathan >> >> Mere file copying is not what we're discussing here. As Erik notes, >> iTunes facilitates the copying/uploading a GB of files in a single bound. >> Anecdotally, the number of people using iTunes for this purpose over WMP is >> probably 20 to 1. >> >> Think of how many threads we've seen with iTunes related issues vs WMP >> related ones on this list alone. >> >> While you can play multimedia with WMP, and I'm sure that some of that >> goes on in many organizations, how likely are you to see someone trying to >> get their WMA or WAV collection onto their home share for use in WMP? >> >> >> *ASB *(My XeeSM Profile) <http://xeesm.com/AndrewBaker> >> *Exploiting Technology for Business Advantage...* >> * * >> On Thu, Sep 16, 2010 at 8:20 AM, Jonathan Link >> <jonathan.l...@gmail.com>wrote: >> >>> This argument is bunk, unless you also take the effort to remove >>> Windows Media Player. >>> Even that's bunk. Music files can be copied and shared without any >>> software capable of playing them. >>> >>> On Wed, Sep 15, 2010 at 9:26 PM, Jon Harris <jk.har...@gmail.com>wrote: >>> >>>> As someone else also mentioned there may be licensing issues with what >>>> ever gets downloaded to the company machines. That alone would make it a >>>> never to be installed software package in my book. I always used the fact >>>> that it installed a bunch of other stuff to keep it off the previous >>>> companies machines. My boss agreed his boss that that was stupid but then >>>> he ran a Mac, the rest of the office was Windows. >>>> >>>> Jon >>>> >>>> On Wed, Sep 15, 2010 at 9:21 PM, Mike Gill < >>>> lis...@canbyfoursquare.com> wrote: >>>> >>>>> In spite of there being an MSI file inside the installer, I have never >>>>> been able to get it to deploy. Appdeploy.com has a bunch of resources I >>>>> believe with people getting it to work but it was no small task. Maybe >>>>> there >>>>> are some 3rd party deployment tools that work well. >>>>> >>>>> Aside from that, iTunes media is generally high bitrate. Meaning audio >>>>> and video will take up a lot of space. Depending on if you backup or store >>>>> your users My Docs folder on a server the space requirements may shoot up. >>>>> >>>>> -- >>>>> Mike Gill >>>>> >>>>> -----Original Message----- >>>>> From: Dennis Melahn [mailto:den...@advancedav.com] >>>>> Sent: Wednesday, September 15, 2010 3:17 PM >>>>> To: NT System Admin Issues >>>>> Subject: iTunes >>>>> >>>>> I have a manager pushing to have iTunes allowed in the workplace. We >>>>> have a few audio techs who require downloading hard to find music tracks >>>>> occationally but other than that we have not allowed iTunes in the >>>>> enterprise (proliferation of illegally obtained music, using valuable corp >>>>> bandwidth, etc). I'm still against it. Anyone have any pros/cons? >>>>> >>>>> Thanks, >>>>> Dennis >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >>>>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> --- >>>>> To manage subscriptions click here: >>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>> or send an email to listmana...@lyris.sunbeltsoftware.com >>>>> with the body: unsubscribe ntsysadmin >>>>> >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> --- >>>>> To manage subscriptions click here: >>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>> or send an email to listmana...@lyris.sunbeltsoftware.com >>>>> with the body: unsubscribe ntsysadmin >>>>> >>>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to listmana...@lyris.sunbeltsoftware.com >>>> with the body: unsubscribe ntsysadmin >>>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
