Forgot your password?
typodupeerror
Security IT

Young Employees Pose Increasing Risk to Networks 710

Posted by CmdrTaco
from the also-increased-chance-of-lohan dept.
buzzardsbay writes "Baseline is reporting on an upcoming survey from Symantec and Applied Research-West that confirms many suspicions about the generation gap in the workplace, namely that younger workers will use your corporate network to run most any device, technology or social networking software they can get their hands on. Dubbed "Millenials," these workers born after 1980 are nearly twice as likely to use cell phones and PDAs at work, and half admit to installing unauthorized software on their employer's computers. On the upside, the Millenials are more security aware than their older co-workers."
This discussion has been archived. No new comments can be posted.

Young Employees Pose Increasing Risk to Networks

Comments Filter:
  • by k3v0 (592611) <k3v0@nOspam.k3v0.net> on Monday March 17, 2008 @11:45AM (#22773738) Homepage Journal
    isn't it the company's responsibility to control their network?
    • by SatanicPuppy (611928) * <Satanicpuppy@@@gmail...com> on Monday March 17, 2008 @11:55AM (#22773880) Journal
      Having a company adequately secure their network would cut into symantec's bottom line, so, from their perspective, no.
    • by tattood (855883) on Monday March 17, 2008 @12:24PM (#22774180)

      isn't it the company's responsibility to control their network?

      It's also about educating the employees more than anything IT can do to protect the network. If I can call one of your employees and pretend to be the remote helpdesk, and say that I need your password so I can install some software on your computer, and they give me the password, I am in your network.

      It's called social engineering, and if you are good at it, you can get past ANY network or software based systems.
      • by vertinox (846076) on Monday March 17, 2008 @01:04PM (#22774656)
        If I can call one of your employees and pretend to be the remote helpdesk, and say that I need your password so I can install some software on your computer, and they give me the password, I am in your network.

        Which is why you mitigate how much damage a single person can do.

        So if you do get a password of a normal user in a corporate office, all can do is read their mail and delete their home directory. If their machine was properly locked down, you won't be able to install anything either and if their password expires in 60 days you got that long to harass them.

        Yeah... Your employees will complain they can't get anything done because they can't install programs or save files on the network or modify databases as they would like. At the same time, you have to put in procedures that minimize damage if a IT person is socially engineered such as not even let them look at existing password and temp ones have to changed on login.

        This technique also is useful for rogue employees who plan on going postal with your companies data.
      • by someme2 (670523) on Monday March 17, 2008 @01:32PM (#22775016)

        It's also about educating the employees more than anything IT can do to protect the network. If I can call one of your employees and pretend to be the remote helpdesk, and say that I need your password so I can install some software on your computer, and they give me the password, I am in your network.

        In other news:

        "That's not our problem", says area CIO. "Our problem is educating our helpdesk, that if someone calls and says he's an employee and needs a new password for his account, they shouldn't just give out a password without further identification. "

        Seen it happen in three companies in the last 5 years. Each company with more than 2000 employees & one of them a fortune-500 company.
      • by Danny Rathjens (8471) <slashdot2&rathjens,org> on Monday March 17, 2008 @02:55PM (#22776036)
        That's why the ol' security maxim of basing authentication on "something you have and something you know." a.k.a. multi-factor authentication. It's a lot harder to social engineer something they have away from someone.
    • by Verteiron (224042) on Monday March 17, 2008 @12:28PM (#22774212) Homepage
      And that's a great idea, until you end up with a piece of required software that refuses to run without local admin privileges on the computer...
      • by bconway (63464)
        "software that refuses to run without local admin privileges" = An admin who is too lazy to look up the file and registry permissions required to run the (shoddy) software and would rather put the network at risk than do real work.
        • Re: (Score:3, Insightful)

          there are some apps that even then still give a hard time. Also some IT departments are under staffed for the work load and don't have the time do that or the have the money to hire more people.
        • by Verteiron (224042) on Monday March 17, 2008 @12:50PM (#22774486) Homepage
          Or an admin who has looked up the file and registry permissions required to run the shoddy software (shoddy, yes, but also provided by manufacturer and the only way to do business) and found that said software requires the admin to essentially open up the entire HKLM branch anyway, thus granting local admin privileges available in fact if not in name. Welcome to the wonderful world of car dealerships.
          • Re: (Score:3, Informative)

            by The Spoonman (634311)
            but also provided by manufacturer and the only way to do business

            Then stop doing business with that manufacturer until they fix their software. Either that, or take it off the network. Or isolate it within a DMZ. Or call the helpdesk day in and day out asking for a resolution to the problem until it's fixed. Or get the higher-ups involved and tell them how they've had money stolen because their network was hacked or....well, you get the idea. Sometimes the only way to get shit fixed is to be a major
        • by Nimey (114278)
          You're assuming there's actual documentation of which files/folders/registry entries a poorly-written program needs to write to.

          As someone with experience here, allow me to laugh in your face.
      • by SoonerSkeene (1257702) on Monday March 17, 2008 @01:36PM (#22775066)
        I work for a certain convergent outsourcing company which converges with converging technologies to provide a ... okay I've taken this too far: I work for Convergys [convergys.com]. Every user on their network is an administrator. Every. Single. One. We have 1200 or so employees at my site alone, and we've got over 70 sites in the US.

        They use group policy security to control the network, but you wouldn't believe how little thought goes into it. We had a new team form to provide support for a certain now-defunct pacific-coast city's municipal wifi. Because supporting an internet service sometimes requires tools such as ping/tracert/whatever -- they gave us a command prompt. But because they didn't want us having all kinds of access, what they really gave us was a shortcut to a batch file, which started with a choice prompt, allowing you to 'paste' so-to-speak, several commands, such as it would not let you have a blank prompt. It would always have a command, such as C:\>ping .

        Well apparently no one told them that you can concatenate commands. We soon discovered we could just use the batch file to C:\>ping google.com & start cmd and have an unrestricted command prompt. And since we're all administrators, we can use MMC, and control every other part of our access.

        I've since moved past my call-taking days, but I still work for them as an analyst. Of course they still won't let me provide any kind of network security device.
    • by Simonetta (207550) on Monday March 17, 2008 @12:54PM (#22774540)
      I'm not a 'milleniumial', I was born in the first half of the 20th century. When I work for a company, they want two things: productivity and security. Security means that I'm not going to harm the company physical property and co-workers. Productivity means that I produce more of what they sell than it costs them to pay me.

          Two paracitical factors inhibit this arrangement: the IT department and the human resources (legal) department. The cousin ITs believe that they can build a framework according to their training that will make us all be more productive. The HR believe the same with a different framework. But since neither of them are engaged in the primary productive activity that makes the enterprise profitable, the inevitably screw it up. In a million little and not so little ways. So we fight back.

          Case in point, in the USA the politicians and insurance companies have fucked-up the health care industry to the point where most employers will not hire people in order to avoid providing health insurance. They hire people on 'contracts' creating a class of permanent temporary workers. This is especially common in the electronics industry. We work some place for six months, then work another place for six months, etc... If we get sick, we point a gun at the head of some supermarket manager and have him give us the cash in the safe. It's the new American way, it will happen to you, so don't judge me for what I must do. I don't want to hurt anyone.

          Anyway, we bring our own tools to new jobs. Our software programs that we customize and modify that will maximize our productivity. Tools like text editors, spreadsheet macros, graphics and CAD design programs. I'm going to spend forty hours learning CADbozoCAD when most of the industry uses BozoCAD, just because your company got it a 10% discount? Fuck that!

          I'm going to put BozoCAD my computer that I work with. I'm going to create works and convert the results into standard formats. I'm going to ignore as much as possible any previous work done in any non-industry standard format. Is there a risk to your company network and even maybe the BSA Microsoft thugs? Possibly, but...I...don't...give...a...fuck. If you hire us and provide health insurance like all companies do in the rest of the civilized world, then I ( and the millions like me in this situation) would be more sensitive to these concerns. It's one of the unforseen issues that results from using perma-temps as your workforce.

        Most production managers realize this and accept it. Most cousin ITs and dumb-as-shit Human Resources people don't. Because it doesn't fit into the frameworks that they built. But my paycheck depends on the companie's bottom line and as a production worker, I create that.

          So it is a constant three-way battle between the cousin ITs (the information technology department of the company who maintain the company network),the perma-temps, and the HR lawyers. They ALWAYs believe that by firing us, they maintain control and security. But they don't provide the product that keeps the company in business. Their departments are not profit centers for the company.

          So the game just goes around and around. This is why I have come to hate the IT department in any company. HR people are too stupid to be concerned with, and lawyers aren't human so don't waste emotional cycles on them.
      • by v3lut (123906) on Monday March 17, 2008 @01:56PM (#22775272) Homepage
        Why do people in this country feel so obligated to work for companies that treat them like crap?

        Somewhere along the line here is some element of choice, and it's an element that people have somehow been taught that they don't really have anymore. "It's the best job I can get" or "that's how this industry works."

        I don't accept that, and I don't think anyone else should. Once you're working at a certain level, probably just above the poverty line, you make a choice what you're going to do to earn money, and who you're going to work for. We all make these choices based on supporting the kind of lifestyle we want. If your entire industry works this way, and you hate it so badly, you should work in ways that don't make you miserable. That might mean adjusting your lifestyle. But seriously, find something that makes you happy and do it. Don't spend your life working for people that treat you like crap. I won't, even if it means living in a tent. I'm not for sale.
        • by CodeBuster (516420) on Monday March 17, 2008 @03:39PM (#22776538)

          I won't, even if it means living in a tent. I'm not for sale.
          A noble sentiment, but sentiment does not put food on the family table. Not all of us are able to make decisions secure in the knowledge that only we ourselves will suffer the consequences if our decisions turn out to be wrong or even just-sub optimal. Some of us have families and other people who's fortunes depend upon our success. Real life is, unfortunately, rarely as simple as our high minded principles lead us to believe.
      • by King_TJ (85913) on Monday March 17, 2008 @01:58PM (#22775300) Journal
        I don't really find the parent post all that "insightful". It may, indeed, be his previous experiences with employment - but it doesn't speak for everyone.

        I've worked in computer support AND in a management capacity with I.T. for several smaller companies, and things never really played out like his description claims.

        In fact, I can't remember working in an environment where an employee flat-out wasn't allowed to install a piece of software that he/she found aided him/her in doing their job. If you want to use "BozoCAD" and the company officially has "CoolCAD" installed everywhere, ok. A little COMMUNICATION with people in I.T. would get you approved to load a copy of BozoCAD on your PC. (It's cheaper to have you use a product you're efficient using than to waste company time and money training you on an alternative.)

        The only problem comes about when someone just assumes they know better than anyone else what should be on their PC, and they take it upon themselves to install and use unofficial software without informing anyone.

        And to be totally honest, *I* have always taken the stance of "If I'm familiar with the software I find out you've installed on your own, and I'm fairly confident it's not harmful to the network, I'll opt to leave it alone." This might bend the "letter of the law" a little bit with H.R. people and their policy handbooks .... but we all know they're like lawyers. They write policies to cover ALL possible scenarios, just in case they need to enforce something. They're not even smart enough about matters like I.T. to KNOW you're in violation, if someone in I.T. doesn't take the issue to them and ASK for enforcement.

        I think the original point of this whole Slashdot article was more about younger employees insisting on installing "entertainment" type software, though ... social networking and chat apps, etc. If you want a chat client on your company PC, you should be prepared to justify its existence to management. (I've worked with software developers who really did use IRC clients and IM because they needed to bounce problems and potential solutions off of other like-minded people over the Internet. But if you just want to talk to your girlfriend while you work, hey --- too bad, so sad.)
      • Re: (Score:3, Funny)

        by Linux_ho (205887)
        But my paycheck depends on the companie's bottom line and as a production worker, I create that.

        When you're not reading Slashdot, that is...
      • by dissy (172727) on Monday March 17, 2008 @02:52PM (#22775982)

        Security means that I'm not going to harm the company physical property and co-workers. Productivity means that I produce more of what they sell than it costs them to pay me
        I just wanted to point out one detail.
        Security is not limited to their physical property. Security includes their digital assets as well.

        As an example, if your company makes widget, and the staff uses computers to design said widget, to send those designs to the part of the company (or another company) who actually builds said widget, then the designs for that widget are digital assets, and are no doubt quite valuable to them.

        If I as a hacker, working for another company, or even for myself, got access to your company computers and copied those designs, I could then either give them to my company to give them an advantage over yours, or if working alone, I could offer to sell them to every company that competes with yours, giving them all a leg up on your company, plus making a tidy profit for myself.

        While I agree that a lot of times the things put in place by IT to stop this are poor, i'm sure they would feel you do not have the right to do things that would aid me in copying those designs. To some IT departments, this includes you installing software on their computers. The fact they may be wrong is still not your task to covet and single handedly choose for them. If you think their methods are wrong, try telling them why, and suggesting a more correct approach. If they still choose to go about it wrong, then let them (and look for another job, since that company most likely wont be in business long, thus needing you.)

        You may disagree with their policy, and may even be perfectly right in your reasons for it, but the fact remains it is still their hardware, their network, and their digital assets, not yours.

        Taking your attitude is akin to me visiting you, sitting at your computer, deciding that the way you set it up is 'wrong', and changing that against your will.

        You have every right to make wrong choices with your own property. So does the company you work for.

        And if you really honestly believe it is perfectly ok for someone (you) to come in and tell someone else (the company) what they can and can not do with their own property, well, by that exact logic, you have no right to complain still, because someone (me) has by your own argument the right to come in and tell someone else (you) what YOU can and cant do with your own computer. Thusly, I say you arn't allowed to reply and complain, and thankfully, you would agree ;}
      • Re: (Score:3, Insightful)

        by Kamel Jockey (409856)

        I'm going to spend forty hours learning CADbozoCAD when most of the industry uses BozoCAD, just because your company got it a 10% discount?

        We had such a maverick at my place of employment. He insisted on using software tools and other items that were not "standard" for our organization. Guess what happened when he decided to leave? We now have someone else having to learn the way that person did things so that we can convert them back to the way we normally do things so that we can get said things don

      • Re: (Score:3, Informative)

        by Red Flayer (890720)

        Is there a risk to your company network and even maybe the BSA Microsoft thugs? Possibly, but...I...don't...give...a...fuck.

        Which is why I'd never in a million years hire you.

        You think that exposing your employer to risk is laughable? You think that the circumstances of your hiring justify you exposing them to risk?

        You've agreed to a employment contract, and likely in that contract there is a clause about adherence to corporate policy, and there may even be a specific clause related to use of unauthori

  • by ccguy (1116865) * on Monday March 17, 2008 @11:45AM (#22773742) Homepage

    half admit to installing unauthorized software
    I assume the other half:
    - Do it but don't admit it
    - Or don't it but are way less productive than their peers

    I don't know how it is for the rest of the slashdot crowd but almost everywhere I've worked it's impossible to be (decently) productive using only authorized software.

    The sad thing is not a matter of cost, but a matter of paperwork. Something as basic as winrar (no, let's not go into why would I want to use winanything) is impossible to get by the official channels.
    • by Smidge204 (605297) on Monday March 17, 2008 @11:51AM (#22773834) Journal
      Interesting how you say that "installing unauthorized software" = "more productive"

      I'm willing to bet that the vast majority of "unauthorized software" are things like chat clients, media players, RSS/Weather update notifiers, games and software for personal devices (iTunes etc).
      =Smidge=
      • by Compholio (770966) on Monday March 17, 2008 @11:56AM (#22773890)
        Firefox, SSH, VNC, .... Not to mention that a lot of tech support happens over IRC and IM.
        • Re: (Score:3, Insightful)

          by SatanicPuppy (611928) *
          Firefox: If places don't allow multiple browsers, thats their own fault. Just stupid.

          VNC: If it's needed for the job, I'd have it installed, or some other similar remote management program...VNC isn't all that feature rich. You'd probably need NAT for that as well, and you ought to run it through a tunnel. Otherwise, I am the firewall gestapo. I open ports for no one, and if you try to local proxy all your traffic out through 80 I will notice.

          SSH: See above, except for the tunnel part.

          The worst type of user
          • by haystor (102186) on Monday March 17, 2008 @12:23PM (#22774166)
            "They always think they know better, they have a massive attitude, and a huge superiority complex."

            They?
            • by djdavetrouble (442175) on Monday March 17, 2008 @03:04PM (#22776166) Homepage
              I don't think it is fair to make such a broad generalization.
              It depends on the person. I have had plenty of very technical people
              in non technical positions. It is the halfway ones that give me a problem.
              Someone that is savvy will already know how to gain
              administrative rights on a Mac Laptop, and won't have to ask. The truly savvy ones
              almost never call for support unless a piece of hardware has failed.

              Tales from the trenches:
              I was working desktop for an advertising agency around the time that p2p was
              becoming VERY popular (edonkey, kazaa, etc). Each summer we would get a new
              batch of college interns. You could bet on 2 things, the girls were cute, and the
              boys would barely even pause to call their moms before installing their favorite
              p2p platform.

              At my next company we discovered a guy running around after 6 pm starting edonkey
              on every computer in his department.

              It wasn't long before hair trigger p2p client detection was installed.
          • by aclarke (307017) <spam@[ ]rke.ca ['cla' in gap]> on Monday March 17, 2008 @12:39PM (#22774342) Homepage

            If you can prove to me you know your shit, I'll give you some leeway, but that leeway is probably just having your box dumped out into the DMZ, and you screw it up, you fix it.
            Yeah, way to go. Great idea. So when your "clueless user's" box in the DMZ is pwned and your boss' boss' boss and the company lawyers are wondering how the competition knows the quarter's sales number before they're announced, you can complain about how stupid the user was for not being able to secure the box that you put out in the DMZ.

            Good luck with your job.
          • Re: (Score:3, Insightful)

            The worst type of user is the tech guy who doesn't work in IT. They always think they know better, they have a massive attitude, and a huge superiority complex. If you can prove to me you know your shit, I'll give you some leeway, but that leeway is probably just having your box dumped out into the DMZ, and you screw it up, you fix it.

            And if the guy is an engineer, then they probably do know better. Especially in their area. And then we engineers have to fight against guys like you who have a chip on their

      • by poetmatt (793785) on Monday March 17, 2008 @12:10PM (#22774032) Journal
        You know, they were pretty darn accurate.

        At my work, the things I install "unauthorized" for myself and my coworkers which are 100% productivity:

        Firefox
        Phrase Express (text macro program)
        Stardock
        Microsoft Powertools/toys (the one that gives you a screenshot of each app when you alt+tab).

        None are "approved" but all the techs approve of it, because they know better.

        None of them use any of what you mentioned. No RSS readers, no games, no funky screensavers, no weather spyware shit. Work is laid back enough to not care (many people just browse the web all day, I mean cmon I'm replying on slashdot), but most people don't push the slacking that far. Also, we're an enormous multibillion $ nonprofit corporation and what I am telling you is like...hmm, well its a worldwide company with thousands of employees. I've talked to the CEO and even he has admitted to having a preference for firefox over IE for example, even though the CIO hasn't officially or formally approved it.

        I don't mean it to be ad hominem on this, but I will say you are making a pretty general bias here that is pretty generally not accurate.

        • Re: (Score:3, Informative)

          by Sylver Dragon (445237)
          I think most techs, and even admins are going to fall into the, "as long as it doesn't break anything, I don't really care." camp. As an admin, I couldn't care less which browser people use. We do have a few in house applications which are IE only, but as long as people are willing to deal with their own browser issues, if they want to use Firefox, Safari, Lynx, go for it. Just don't bug me when your browser of choice doesn't display correctly. Mind you, I work for a small research group at a University
      • by Guspaz (556486) on Monday March 17, 2008 @12:21PM (#22774144)
        and software for personal devices (iTunes etc).

        I'm more productive when listening to music (blocks out outside noise). I've worked at places where my bosses have SUGGESTED that I get a pair of headphones and listen to music at work. If anything, iTunes should make an employee MORE productive by helping them get into the zone, and less prone to distractions.

        The same thing applies to media players, assuming they're used for audio and not video. Anyone suggesting that such things makes employees less productive has obviously never worked for a software development company/department.
      • by hobo sapiens (893427) <ELIOT minus poet> on Monday March 17, 2008 @12:47PM (#22774446) Journal

        "installing unauthorized software" = "more productive"
        False dichotomy.

        Where I work, the company standard IDEs for web development are Dreamweaver or Eclipse. Both are completely unacceptable. Yet, a F/OSS text editor like jEdit is nonstandard but allows me to be much more productive. Why? Because it allows me to work quickly. I have all of the powerful text editing tools of an IDE without the extreme overhead.

        Also, as someone else replied, Firefox and certain plugins like Firebug and the Tidy validator are critical. I am a web developer, you see, and IE's ultracrappy javascript debugging capabilities are not even worth considering (even with the insanely useless MSFT Dev Toolbar installed). Profiling AJAX calls, or ANY HTTP request, is impossible without a tool like Firebug. And they are all nonstandard, but without them it would be more time consuming if not practically impossible for me to debug or optimize web pages.

        I am not trying to install iTunes or GAIM or games. Stupid people install that stuff at work. I just want to use tools that will allow me to get the job done. The web and its technologies are rapidly changing. Company Standard Software committees do not seem to be able to keep up, at least where I work. So, you can either 1) fight the establishment and risk looking like an "OSS hippie troublemaker" and still never get what you need, 2) work with approved but ineffective and usually expensive tools, or 3) just install what you need and produce good work. Within reason, I go with option number 3.

        So...unauthorized software isn't always better; authorized software isn't always better.
      • Re: (Score:3, Interesting)

        Izarc (because the 'authorized' WinZip sucks)
        Firefox (One internal website went as far as to redirect you to 'this doesn't work with FF' even though changing the user agent made it work just fine).
        WinAmp because yes, I am more productive when I'm listening to music.

        Sametime 7.5 (Company only 'authorizes' up to 6.5, but the difference is amazing), but I guess that's a 'chat' client.
        Foxit instead of Adobe
        DVAssist because I type on Dvorak and sometimes other people want to use my computer. Heck I even edited t
        • Re: (Score:3, Insightful)

          by hobo sapiens (893427)

          One internal website went as far as to redirect you to 'this doesn't work with FF'

          If there's one thing I hate more than company standard software boards who chronically Don't Get It, it's the self-proclaimed Intranet Hall Monitor buttholes. Show me someone who goes out of his way to intentionally deny users access to a site simply because he dislikes the user-agent...and I'll show you someone who just doesn't get the medium he is working with. "Internet? Shucks no, boy, I use that there big ole blue E!

        • I agree (Score:3, Insightful)

          by Simonetta (207550)
          I agree with your position. In an electronics production lab or factory floor it is insane to be tied to the same network as the rest of the company. And it is unreasonable to expect us to follow the same rules for the omnipresent company network.

          Each department or workgroup needs to have a private network so people can load their own WinAmp, personal text editors and productivity-enhancing macros, MP3s, and oscilloscope controllers without having to interact with the rest of the company ne
      • Re: (Score:3, Interesting)

        by penguin_dance (536599)
        I'm willing to bet that the vast majority of "unauthorized software" are things like chat clients, media players, RSS/Weather update notifiers, games and software for personal devices (iTunes etc).

        I'll bet I'm not the only one that carries a flash drive filled with very useful, PORTABLE APPS (and bless the people that create them!) I can run them without any permission because they don't need to install. How about things like Gimp and KompoZer so I can get my job done better and faster? The only "legitimate
    • by digitig (1056110) on Monday March 17, 2008 @11:54AM (#22773856)

      I assume the other half:
      - Do it but don't admit it
      - Or don't it but are way less productive than their peers

      I don't know how it is for the rest of the slashdot crowd but almost everywhere I've worked it's impossible to be (decently) productive using only authorized software.
      Quite. I remember being employed to do software development when there were no programming languages included in the approved software, because the people who drew up the approved software list had never bothered to ask the business areas what they did with their computers. I never did get any languages approved, but I did get them to lift my authorisation level so I could run executables that weren't on their heavily locked-down desktop, which was all it took. The company bought the C++ compiler I asked for, and I installed and used it -- unauthorised.
      • Re: (Score:3, Interesting)

        by the_rev_matt (239420)
        I'm on a government project. None of the software we need to use is approved. IDE, debugger, sql optimizer, photoshop, etc etc. The network administrators aren't allowed to have PuTTY, nmap, etc. If the branch chief's secretary doesn't need it, they don't see why we would.
    • by plague3106 (71849) on Monday March 17, 2008 @11:55AM (#22773870)
      Why do you assume that? Never crossed your mind that the other half don't, but are just as productive (or more so)? Maybe the other half can learn to use the authorized software instead of being so tied to one particular program and can't be bothered to learn something new.
      • by ccguy (1116865) * on Monday March 17, 2008 @12:18PM (#22774100) Homepage

        Never crossed your mind that the other half don't, but are just as productive (or more so)?
        No.

        Maybe the other half can learn to use the authorized software instead of being so tied to one particular program and can't be bothered to learn something new.
        OK OK, I'll give notepad another chance for my code editing, and I'm sure I can come up with two decent .bat script to launch the compiler and so on... More good ideas? Email them all to ccguysboss@gmail.com :-)
        • by plague3106 (71849) on Monday March 17, 2008 @12:35PM (#22774294)
          No.

          Ahh, a self important ass that believes his world view is the only correct one. Gotcha.

          OK OK, I'll give notepad another chance for my code editing, and I'm sure I can come up with two decent .bat script to launch the compiler and so on... More good ideas? Email them all to ccguysboss@gmail.com :-)

          Ya... because it's either VIM or notepad. Well have fun installing all the crap you think you need, I need to get back to doing actual work.
  • Also... (Score:4, Funny)

    by Mickyfin613 (1192879) on Monday March 17, 2008 @11:45AM (#22773746)
    They are more likely to play on your lawn. Make sure you yell at them from your front window. Damn kids.
  • by Chrisq (894406) on Monday March 17, 2008 @11:46AM (#22773758)
    only 25% of pre-1980 employees install rogue software on corporate PCs compared to 46% post 1980. If that happened in the bank I worked for there would be hell to pay!
  • Contradiction? (Score:3, Interesting)

    by eggman9713 (714915) <{eggman97132007} {at} {mac.com}> on Monday March 17, 2008 @11:47AM (#22773762)
    They pose a greater risk because of unauthorized software, yet they are more security aware. Am I missing something that would otherwise make this sensical?
  • Funny that (Score:5, Insightful)

    by damburger (981828) on Monday March 17, 2008 @11:47AM (#22773766)

    Most people born after 1980 are treated like shit in the IT industry. You are taken on for pitiful wages with vague promises of future riches, squeezed for every bit of knowledge you have, then booted out when the project(s) you are working on are finished. So it is hardly surprising that people treated so shabbily don't have a particular commitment to their workplace.

    Most of the highly technical and well paid jobs (system admins and the like) seem to be already taken by well established old folk, and nobody is really interested in training anybody for when they retire. Managers take IT systems completely for granted, consider IT professionals to be lowly peons, and are in for a nasty shock when the handful of people keeping their systems running leave.

    • by pastpolls (585509) on Monday March 17, 2008 @11:52AM (#22773846)
      You sound bitter that you have to start at the bottom like everyone else. Then again, maybe that is the problem some of us have with your generation.
      • Re:Funny that (Score:4, Insightful)

        by damburger (981828) on Monday March 17, 2008 @11:59AM (#22773926)

        Fine, fine, I'll get off your lawn.

        The myth that young people are spoilt and have an undue sense of entitlement is starting to wear a bit fucking thin though. In what way do we have more than previous generations? Tax burdens have been moved down to lower incomes in the UK, and I believe this is also the case in the US. Public services have been gutted by privatisation. Yet because we can buy iPods these days apparently we are spoilt. Fuck you. I'd rather be able to find an NHS dentist and get free higher education than have an mp3 player. Of course, now all you old fucks have no more need of public education and have fat wage packets to pay for private healthcare, you want such things scrapped so you don't have to pay for them. That is called 'kicking away the ladder'. Then you have the fucking nerve to complain about an undue sense of entitlement in the younger generation. You simply don't want to pay now for the things you were given to help you out when you were young.

        Yeah, I'm bitter. I was treated like crap and told to suck it up and that I was spoilt by a generation that had it a fuck load easier than I did. That is why I turned my back on the entire industry, although I don't hold out much chance of getting away from selfish middle-aged wankers any time soon.

        • Re: (Score:3, Insightful)

          by DM9290 (797337)

          Fine, fine, I'll get off your lawn.

          The myth that young people are spoilt and have an undue sense of entitlement is starting to wear a bit fucking thin though. In what way do we have more than previous generations? Tax burdens have been moved down to lower incomes in the UK, and I believe this is also the case in the US. Public services have been gutted by privatisation. Yet because we can buy iPods these days apparently we are spoilt. Fuck you. I'd rather be able to find an NHS dentist and get free higher education than have an mp3 player. Of course, now all you old fucks have no more need of public education and have fat wage packets to pay for private healthcare, you want such things scrapped so you don't have to pay for them. That is called 'kicking away the ladder'. Then you have the fucking nerve to complain about an undue sense of entitlement in the younger generation. You simply don't want to pay now for the things you were given to help you out when you were young.

          You are confused son. Its a class struggle, not an age struggle. Stop attacking people on the basis of age; you're just making yourself into a useless annoyance to everyone and not accomplishing anything at all. You are also advertising the fact that you are basically an ignorant thug.

          Just because you see someone criticizing youth as if it were a collective sentience (an absolutely absurd position: they are all individuals with seperate aims and ambitions), that doesn't make your attack against another col

          • Re: (Score:3, Interesting)

            by Eli Gottlieb (917758)

            You are confused son. Its a class struggle, not an age struggle. Stop attacking people on the basis of age; you're just making yourself into a useless annoyance to everyone and not accomplishing anything at all. You are also advertising the fact that you are basically an ignorant thug.
            I think damburger's anger is pretty damn stupid, but please read this [usatoday.com].
        • Re:Funny that (Score:5, Interesting)

          by lysse (516445) on Monday March 17, 2008 @02:03PM (#22775366)

          I was treated like crap and told to suck it up and that I was spoilt by a generation that had it a fuck load easier than I did.

          Yes, you were. The baby boomers. Us gen-X-ers watched them take over everything on the grounds that youth and social position should not be discriminated against, cement themselves so firmly into positions of power that nothing can dislodge them, and then kick away the ladders they found so useful on the grounds that age and achievement should not be discriminated against. You lot are the second generation they've shat on - they practised on us, and we were so stunned by the sight of our future being flushed down the toilet that we let them get really good at it. Sorry about that... on the other hand, you guys have at least grown up without the memory of hope.
      • Re: (Score:3, Informative)

        by Compholio (770966)
        Sounded to me like he was pissed that there was no chance for promotion since young people get let go when their project is complete. That's not "starting at the bottom", that's "temporary slave".
        • Re:Funny that (Score:4, Insightful)

          by SatanicPuppy (611928) * <Satanicpuppy@@@gmail...com> on Monday March 17, 2008 @12:38PM (#22774330) Journal
          One of my first jobs out of college was being hired into a situation where they had downsized everyone who had 10+ years of experience and replaced them all with kids straight out of college. You can imagine how the managers and supervisors, all of whose friends we were replacing, treated us.

          It definitely goes both ways. Sucks for him that he took it in the ass, but it happens. I remember showing up for work during the dot bomb and finding the doors chained shut. Yee haw. Had my 20 months of "freelancing" (e.g. scrabbling for consulting gigs and contract work in an economy saturated with out of work professionals). Tons of fun.

          Now I'm in my 30's and am probably one of the "middle aged" bastards he was talking about since he's a gen y kid and "middle age" can usually be calculated by adding 10 years to your current age. I remember being a know-it-all kid, and thinking I was better than people who'd worked their way up. Sometimes I was, but that doesn't change the fact that not everyone gets to start at the top.
    • Re:Funny that (Score:5, Insightful)

      by 3waygeek (58990) on Monday March 17, 2008 @12:13PM (#22774066)

      Most people born after 1980 are treated like shit in the IT industry.
      So are most people born before 1980.
  • Two Cents (Score:4, Interesting)

    by Ethanol-fueled (1125189) * on Monday March 17, 2008 @11:47AM (#22773768) Homepage Journal
    disclaimer: I am a "millenial", whatever the hell that means ;)

    From the second slide: It's irritatingly true that many millenials can't pry themselves from their damn phones. Nobody should allow their phones to ring in class or during a date -- unless they're dope dealers, pimps, doctors, or on-call IT staff. That's why I prefer the company of mature women: they say a lot less, but what they say actually counts!

    From the fourth slide: Not at all surprised to see that 59 % of "millenial" workers think they can install whatever they want, given that more of them are spoiled gimme-gimmes...but to be fair, I'll bet that older people are far more adept at trashing their home computers than millenials are at trashing any computer. How many times have you all had to reinstall your grandpappy's mangled, crapware-infested OS(which shall remain nameless...*wink*)?

    From the tenth slide: how does better access to technology improve work/life balance? Does it enable workaholics to work from home during their offtime? Does it enable employees to feel "home" while fuckin' off on Myspace at work? I doubt that a significant percentage of those sampled were full-time telecommuters who truly felt a better work-life balance(read: they weren't "encouraged" to put in mass overtime just because they worked from home).
    • Re: (Score:3, Insightful)

      by MobyDisk (75490)

      How many times have you all had to reinstall your grandpappy's mangled, crapware-infested OS(which shall remain nameless...*wink*)?

      Never. But I've reinstalled my younger brother's computers so many times I can't count it. And doing house calls, it is always the teenage son who downloads questionable applications and trashes the PC. Or the teenage daughter's free music downloading program that does it. But grandma and grandpa's computer still runs whatever version of Office it came with the day they bought it, Pplus the latest Quicken: without flaw.

  • by comet63 (1256400) on Monday March 17, 2008 @11:50AM (#22773822)
    Looks like the title is overblown. The younger works do slightly more risky things than the older workers. However, the older workers (Gen X in this case) still do all the same things, just a little less often. None of the numbers suggest a big change in risk. A lot of the risk factors being described just go from numbers like 47% to 51%. Hardly anything dramatic.
    If you want to secure your network, you need to address all the risks that are out there. Adding a little more risky behavior does not really make for any real changes is the risks to the network. Networks are always at risk from the weakest link. A 60 year old employee who happens to do something risky is just as bad for the network as a 20 year old.
  • by jandrese (485) <kensama@vt.edu> on Monday March 17, 2008 @11:51AM (#22773828) Homepage Journal
    On one side letting some random person install any old IRC client is just asking for the office machine to be owned eventually. On the other hand, I hate the idea of being a no good outlaw just because I want to use vim instead of notepad for text editing.
  • by SatanicPuppy (611928) * <Satanicpuppy@@@gmail...com> on Monday March 17, 2008 @11:51AM (#22773838) Journal
    First off: Worst article ever. Not just one paragraph per page...1 statistic per page? Jesus. Content to page ratio is like .001:11. And what content there is is vapid and uninteresting.

    If you're an admin tasked with security, you have to assume all users are evil, so the question should be more along the lines of, "What is the problem with your process that you are allowing these users to install unapproved software?" Symantec obviously has a big stake in convincing people that they need better security (assuming that this will drive business for their crappy products), but the simple truth is that these sorts of problems shouldn't BE problems in an adequately secured network...Even your basic windows AD setup on XP is capable of restricting software installs and such.

    If you're a big believer in allowing users to install whatever crap that they think they need to do their jobs, then you'll need to invest in some solid networking gear because you're inevitably going to have more problems. Otherwise, just lock it down, set up an approval process, and be prepared to deal with a zillion complaints from people who think they're experts because they did their own myspace page.
    • Re: (Score:3, Insightful)

      The "article" was more like a Powerpoint presentation for retards. You're right, any sane security-minded company would lock their systems down. This usually isn't about approval of certain CAD or automated test software, it's about the damn internet and the gimme-gimmes wanting their fix because they can't go 8 hours without looking at some blinkenlights. Most companies I've seen are either totally locked down or totally open. A good compromise would be for a company to set up a common terminal(with intern
  • And old People... (Score:4, Insightful)

    by boris111 (837756) on Monday March 17, 2008 @11:52AM (#22773842)
    give their passwords on the phone to whoever asks. I've seen it happen. Security is an issue that effects us all. Shouldn't single out the young people on this one.
  • Fair Trade (Score:5, Funny)

    by multisync (218450) on Monday March 17, 2008 @11:53AM (#22773852) Journal

    On the upside, the Millenials are more security aware than their older co-workers


    They're also less likely to call IT with problems like "I'm trying to make an Internet on my desktop but I can't get the file to program."
  • by jockeys (753885) on Monday March 17, 2008 @11:54AM (#22773860) Journal
    This just in... young people are more likely to use iPods and PDAs than old people. Film at 11.
  • And this is why. . . (Score:3, Informative)

    by smooth wombat (796938) on Monday March 17, 2008 @11:55AM (#22773872) Homepage Journal
    those who manage the networks and PCs get ticked off and impose what seem like draconian rules about installing software and locking people down. All that extra cruft takes its toll on network performance and consumes resources.

    If you need a piece of software, yes, we will install it for you. You do not need the Gmail notifier constantly popping up and telling you you have new mail or checking for updates. Nor do you need to have Quicktime continually checking for updates. You most certainly do not need any kind of P2P software installed.

    While it's nice these "new" people are more comfortable with technology, the downside is the proverbial, "Just enough knowledge to be dangerous".
  • by wile_e_wonka (934864) on Monday March 17, 2008 @11:57AM (#22773906)
    What exactly does "unauthorized software" mean?

    My company doesn't give me administrator privilages, but has IE 5.5 installed. They haven't told me exactly what I can or can't do with my computer (except "you can browse the web in your down-time, but don't look at porn"), but I don't think the people that immediately oversee me know enough about computers to understand installing programs and stuff (really, it's pretty amazing--they don't even know that IE 5.5 is different at all from whatever they use at home).

    The computer won't let my upgrade IE, so I installed Opera and Firefox. Is this "unauthorized software"?

    Now, let's go a step more complicated.

    They said I can browse the web in my downtime, right. So I figured I can also download and view MIT physics lectures (yes, Walter Lewin). My computer doesn't have proper codecs to view these videos. So I had to install codecs, but the computer is very resistant to that--it took a lot of trial and error to find a codec that would install and also play the videos.

    Did the larger amount of work to avoid the problems associated with a lack of administrator privileges make this "unauthorized"?

    I've also tweaked the registry (this is Windows 2000) because there were several programs starting with the computer that I have no use for. "Unauthorized"?
  • Security aware? (Score:3, Insightful)

    by Oligonicella (659917) on Monday March 17, 2008 @12:02PM (#22773952)
    "...namely that younger workers will use your corporate network to run most any device, technology or social networking software they can get their hands on. Dubbed "Millenials," these workers born after 1980 are nearly twice as likely to use cell phones and PDAs at work, and half admit to installing unauthorized software on their employer's computers. On the upside, the Millenials are more security aware than their older co-workers."

    Um, no. That they install unverified social software on corporate machines and socialize at work means they are not more security aware. Social access is the number one security breach method.
  • I'm in my mid-20's (Score:5, Insightful)

    by failedlogic (627314) on Monday March 17, 2008 @12:07PM (#22773992)
    I'm in my mid-20's so I think I would fit into this "generation" gap and want to comment on this. And no, I'm not at work presently to post this, in case the inescapable irony strikes some readers.

    I know some of my peers feel that simply having access to the Internet means they can use it during the workday either to take a break during the work period, not work at all or use the Internet on breaks. My friends don't do this but I have had co-workers who have and were generally disciplined and eventually fired for not doing their assigned work.

    Personally, I feel that I have an obligation to my employer: 1) to do the tasks I am assigned and 2) to protect the information on their networks. I avoid using the Net at work for non-work tasks and social networks for these reasons.
  • by khendron (225184) on Monday March 17, 2008 @12:15PM (#22774082) Homepage
    This article appears to be taking a stupid slant on the statistics that have been gathered. It keeps harping about the "Millenials" (people born after 1980) when really it should say "people in their 20s". My issue is that 20 years from now, the Millenials will be in their 40s, but it will still be the people in their 20s who are the greater risk. The Millenials are not a generation of risk takers, they are currently at the risk taking age.

    When I was in my 20s, I was much more risk prone than I am now (in my 40s). Back then I considered it my *right* to be able to install whatever I wanted on a computer, and would be unconditionally annoyed and offended if it was not allowed. Today I am more aware that there are reasons for most restrictions. Yes, some restrictions don't make sense, but a very many do.

    This type of thinking was in more aspects of life than just computers. Back in my 20s, I would say that I drove less cautiously than I do today. I drank more heavily, ate poorly, resented having to wear a bike helmet, jay-walked more often, the list goes on. These are all behaviours that I, and most people, grow out of.

  • Heh (Score:5, Interesting)

    by Xest (935314) on Monday March 17, 2008 @12:22PM (#22774152)
    I'll remember this article next time that me, born in 1982 has to go round removing all the shareware games like Kyodai that all the middle age helpdesk women have decided to install on their computers because the 40 yr old manager we have thinks they should be free of security restrictions even if it causes such problems and creates security risks for the network.

    Or when I'm dealing with silly amounts of calls because one 40+ yr old colleague is stood outside on their mobile phone arranging with their wife who is doing the cooking and the other is browsing holiday sites deciding where to go on holiday next.

    Articles like this are stupid, they're a generalisation and where I work it couldn't be further from the truth. 3 out of 4 of our 1980s+ born workers and 1 out of 12 of our pre 1980s born workers make up our best 4 workers, that's completely out of line with the articles findings and whilst I realise you always get anomalies from statistical samples you should also not try and dress up this kind of bullshit as general fact.

    In fact look at TFA, as hard as that is when it insists on jumping to the next stat before you've had chance to check the page properly I don't notice any information how solid a test base they used.

    For all I know this could be put together by some disgruntled middle aged worker who actually sucks bad at his job but like many would rather blame someone else and so decided to blame the younger generation for taking his work.

    Anyone know how reasonable a test base was used for this study? As it stands I could equally put together a made up study claiming older people are more likely to steal from the work place and pass it off as being fact.
  • by dpbsmith (263124) on Monday March 17, 2008 @12:24PM (#22774172) Homepage
    ...to use ten animated web pages to display data that could have been presented better in ten lines of text using old-fashioned print media.

Those who can, do; those who can't, simulate.

Working...