I would add that there are several group policy settings available that can limit the way WMP is used on a Windows network. I am not aware of any way to centrally manage iTunes on a Windows network.
________________________________ From: Steven Peck [mailto:sep...@gmail.com] Sent: Thursday, September 16, 2010 11:44 AM To: NT System Admin Issues Subject: Re: iTunes Windows Media Player is not a good analogy. There are often work related files and it si mainly a player. To have a more complete analogy. While it sort of can pull files from the Internet, it isn't really very automatic about it. You would want to compare the desire to install the Zune software with installing the iTunes software. Ironically, with the release of the Windows Phone 7 series this fall, this is a timely comparison and one people will have to deal with. Steven Peck http://www.blkmtn.org On Thu, Sep 16, 2010 at 7:17 AM, Andrew S. Baker <asbz...@gmail.com> wrote: >>Isn't that liability mitigation through obscurity, then? No. Obscurity in this setting would be installing iTunes and then renaming the executable and removing icons or some other such thing. And there is no rule against mitigating liability through obscurity. (Even the much ballyhooed "no security through obscurity" mantra is not 100% valid. Who advertises what brand and make of wall safe they use, or provides maps to it, for example?) This is all about dealing with known areas of concern. The iTunes app has had its fair share of security issues. That is also true of other apps, of course, but if you don't *need* it in an environment for business purposes, why add that burden? If you are in an environment that sees abuse of WMP, then you should rightfully address that. However, the discussion was about allowing iTunes, which is known to induce or facilitate specific usage patterns that are not generally conducive to useful consumption of resources. Thus, the advice was to NOT introduce this element into the environment. Given that WMP is probably available on these machines, the fact that they're looking to add something else, indicates that it is not being used in that capacity, and thus not a concern (or as much of a concern) as iTunes. Regardless of the validity of the file sharing portion of the argument, that was only one of the potential problems mentioned. I, certainly, did not reference it, because it was not material to my point. As for threat vectors, there are many things we allow in one context but not another. Many of the organizations that block .EXE and .PDF files via email still allow them via file shares or SharePoint or whatever. It's about mitigating liability where the liability is occurring. ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 9:10 AM, Jonathan Link <jonathan.l...@gmail.com> wrote: Isn't that liability mitigation through obscurity, then? We discuss the importance of being complete and thorough in discharing our duties. It isn't even the vector for transmission, it just encourages a behavior, because it makes these files readily available for easy viewing/listening/browsing. Windows Media Player does the same thing? Are users familiar with it? In my experience, if iTunes isn't available people quickly turn to it. Choosing not to install iTunes to prevent illegal file sharing is a lot like a consumer buying a Mac because it is more secure. The behavior needs to be addressed. Whether iTunes is allowable or not is an entirely different consideration. We're doing a disservice if we as a community suggest that if you don't install iTunes, you won't have problems with illegal file sharing. In my experience, that isn't the case. -Jonathan On Thu, Sep 16, 2010 at 8:37 AM, Andrew S. Baker <asbz...@gmail.com> wrote: I'm going to have to disagree, Jonathan Mere file copying is not what we're discussing here. As Erik notes, iTunes facilitates the copying/uploading a GB of files in a single bound. Anecdotally, the number of people using iTunes for this purpose over WMP is probably 20 to 1. Think of how many threads we've seen with iTunes related issues vs WMP related ones on this list alone. While you can play multimedia with WMP, and I'm sure that some of that goes on in many organizations, how likely are you to see someone trying to get their WMA or WAV collection onto their home share for use in WMP? ASB (My XeeSM Profile) <http://xeesm.com/AndrewBaker> Exploiting Technology for Business Advantage... On Thu, Sep 16, 2010 at 8:20 AM, Jonathan Link <jonathan.l...@gmail.com> wrote: This argument is bunk, unless you also take the effort to remove Windows Media Player. Even that's bunk. Music files can be copied and shared without any software capable of playing them. On Wed, Sep 15, 2010 at 9:26 PM, Jon Harris <jk.har...@gmail.com> wrote: As someone else also mentioned there may be licensing issues with what ever gets downloaded to the company machines. That alone would make it a never to be installed software package in my book. I always used the fact that it installed a bunch of other stuff to keep it off the previous companies machines. My boss agreed his boss that that was stupid but then he ran a Mac, the rest of the office was Windows. Jon On Wed, Sep 15, 2010 at 9:21 PM, Mike Gill <lis...@canbyfoursquare.com> wrote: In spite of there being an MSI file inside the installer, I have never been able to get it to deploy. Appdeploy.com has a bunch of resources I believe with people getting it to work but it was no small task. Maybe there are some 3rd party deployment tools that work well. Aside from that, iTunes media is generally high bitrate. Meaning audio and video will take up a lot of space. Depending on if you backup or store your users My Docs folder on a server the space requirements may shoot up. -- Mike Gill -----Original Message----- From: Dennis Melahn [mailto:den...@advancedav.com] Sent: Wednesday, September 15, 2010 3:17 PM To: NT System Admin Issues Subject: iTunes I have a manager pushing to have iTunes allowed in the workplace. We have a few audio techs who require downloading hard to find music tracks occationally but other than that we have not allowed iTunes in the enterprise (proliferation of illegally obtained music, using valuable corp bandwidth, etc). I'm still against it. Anyone have any pros/cons? Thanks, Dennis ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: ---------------------------------- This communication, including any attachments, may contain confidential inf ormation and is intended only for the individual or entity to whom it is add ressed. Any review, dissemination, or copying of this communication by anyon e other than the intended recipient is strictly prohibited. If you are not t he intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin