Ask Slashdot: Using Company Laptop For Personal Use 671
An anonymous reader writes "I'm starting a new job soon, and I will be issued a work laptop. For obvious reasons I cannot name any names, but I can state that I do expect my employer to have tracking software on the laptop, and I expect to not be the administrator on the device. That being said, I am not the kind of person who can just 'not browse the internet.' If I ever have to travel with this laptop, I may want to read an ebook or watch a movie or maybe even play a game. I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it. I can use portable apps off a usb key and browse in private mode. The machine will be encrypted, but I can also make myself my own little encrypted folder or partition perhaps. Are there any other precautions I could or should take?"
No (Score:5, Informative)
I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it.
Is your new job worth it? Not saying you'll automatically lose your job over that, but I can't imagine it'll go over well. Especially as you'd be using your (non-work prepared) laptop for doing work and might inadvertantly put them at risk (the kind of risk they hope to eliminate by issuing you the laptop in the first place).
The simple solution is get yourself a USB / livecd type distro. Don't touch the hard drive.. and if it's encrypted, you shouldn't be putting your company at risk (assuming you don't use the same key for anything else). Personally I'd ask your IT guys if they are ok with this before doing it. Sometimes they can actually be reasonable about this kind of stuff.
The real solution here is to leave your work laptop alone completely and get your own laptop for personal use.
Don't go there... (Score:5, Informative)
Just get a Tablet/Netbook of your choice and use that for web surfing, personal email, video and music streaming, etc.
Its a far more honest way of going about it, and by shopping around you will find a tablet that fits your needs, and can be slipped into the same carrying case the laptop uses. You may only need a wifi model, but tablets with data plans are not that expensive. You can add encryption to the tablet, if you want.
This gives you the freedom to do as you wish, and you can still move things back and forth between the tablet and the laptop as needed via any number of means when you have a legitimate reason to do so.
If you expect there to be tracking software on the machine out of the gate, then trying to go down the deception road is just a Bad Idea. Key loggers will log what ever you do, and removing them is not likely to go unnoticed. Key loggers things, if properly installed, can even read work you do in a USB thumb-drive based Linux distribution. And depending on how savvy your company's IT department is you may find any attempt to use the laptop in way other than what was intended will trigger alarms. Wiping the drive and restoring it to some back level state amounts to an admission you were doing something you weren't supposed to do. And you may not be given the opportunity to do so, when IT walks in (or accesses it remotely) to do a routine upgrade, and finds all sorts of ebooks and games, etc.
Nope, my advice is to celebrate your first pay check with a gift to yourself of that Tablet or Netbook you've always wanted. This way, you and your employer stay on each other's good side.
Read the policy (Score:5, Informative)
Read your company's employee handbook and policies. it's very likely that they allow "limited personal use". Just don't do anything stupid like watching porn or pirating stuff on the thing.
If you have any doubts about running any specific software on it, talk to your boss or call HR. They should know what the company's policies are.
I have a work-issued laptop. I'm allowed to browse the internet on it so long as it's a reasonable amount, and the corporate image came with media players, including a DVD player, so I'm fairly sure I can watch movies/listen to music on it when I travel.
But I never do. I take my own personal laptop with me. It's just a lot more comfortable that way.
use a live usb stick (Score:2, Informative)
I would use a persistent live distribution of some operating system. Just boot it off the USB stick. Your company OS won't be touched.
Yep, don't do that...unless you're allowed to. (Score:5, Informative)
I agree with everyone else. Trying to subvert your company's security policy, especially as a new employee, is an excellent way not to be an employee for very long. Just ask them if you're allowed to use the laptop for personal use. If they say no, then don't do it. If they say it depends, tell them what you have in mind. My employer wouldn't care if I was reading ebooks on it. Reasonable personal use also wouldn't be an issue. Messing around on FB on my own time? No problem. Browsing porn? Yeah, that's not going to be ok. Watching movies? Depends. DVD? Fine. Netflix (or anything else you have legit rights to)? Fine. Downloading them illegally to watch? Not a chance.
Basically, don't be an idiot.
boot off a USB fob when you're "off the clock" (Score:5, Informative)
When I am stuck traveling with the company laptop, I bring along a bootable USB fob with the latest Linux Mint on it and use that when I'm "off the clock." Some companies will try to lock down the bios so you can't even do that (forces the encrypted HD to boot first). So if that's the case, I'd just bring your own laptop/tablet along and call it a day.
I don't agree with companies to do this kind of thing, but in these economic times it's not worth losing a job over.
Best,
Short Answer: Don't (Score:4, Informative)
Long Answer: Reword you request and the risk becomes a little clearer. "I'm starting a new job soon, and I will be issued equipment which I have agreed not to use for personal use. I am compelled to use it for personal use anyway. How can I do that." You have to first weight the cost and the benefit. Is surfing the web worth losing your new job?
On the other hand, screw Greyface, here's how you do it. Don't try any of the approaches you've mentioned. If they have tracking software installed they may have software keyloggers and remote desktops as well. They MAY have hardware keyloggers. They probably don't, but that's the risk you're taking.
Get an live Linux distro [livecdlist.com] you can boot off of USB, one that allows you to store stuff back to the USB stick. Damn Small Linux [damnsmalllinux.org] is a good one. Do your personal stuff EXCLUSIVELY when booted to the stick. That's about the best you can do. Best of luck. May the Source be with you.
Don't do it. Carry your own laptop. (Score:5, Informative)
If I may, I'd like to address a couple of assumptions in your post:
"I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it."
You can't guarantee this. I am on the security team at my company. When a person is being let go they called into a meeting and someone collects their laptop or desktop while they are in the meeting. In only one case have we allowed someone to access their system after it was collected, and that was under supervised conditions. We pull the laptop hard drive, label it, and shelve it. If that were your drive, we could have your personal information sitting on a shelf for years, waiting for someone to access it. While this didn't happen to me, a friend of mine was asked to peruse the hard drive of a terminated employee, and what she found led to criminal charges being filed against the ex employee. Not saying you would do anything illegal, but never put yourself in a situation where someone else has unlimited and unrestricted access to your personal data.
Also, this could be a violation of company policy and could be grounds for disciplinary action.
"I can use portable apps off a usb key and browse in private mode."
Yes, you can, but that doesn't mean you can bypass any monitoring or filtering software installed on the machine.
"Are there any other precautions I could or should take?"
It's just not worth the hassle, and potential employment repercussions, to modify your company owned system. I have two laptops that go with me everywhere. One is my work laptop, the other is my personal laptop. I keep both realms deliberately separated. Buy yourself a Macbook Air, or other maybe just a tablet since you mostly indicate you are browsing. Keep your work and personal life separate.
Re:No (Score:5, Informative)
Security is based off of locking down that laptop so you dont do something stupid like install a "free game" with a trojan in it.
Not that I dont trust employees to know better, but I dont trust ALL employees to know better. A breach only takes one infected system.
Re:No, there's no need (Score:4, Informative)
The parent correctly points out that you can use a live distro and avoid having to touch the company's hard drive.
Maybe, maybe not. There may be key-loggers installed which still grab your keystrokes.
Further, you can set up machines to prevent booting from anything other than the hard drive, then lock the bios.
Re:No, there's no need (Score:5, Informative)
Maybe, maybe not. There may be key-loggers installed which still grab your keystrokes.
Further, you can set up machines to prevent booting from anything other than the hard drive, then lock the bios.
How exactly will a software keylogger installed on the operating system on the local disk be able to grab keystrokes if you booted off a livecd? If you are talking about hardware keyloggers, that may make sense for a desktop computer in where the keylogger lies between the USB or PS/2 connection. I really doubt that a company would go through the trouble to install a keylogger in the proprietary ribbon cable between the laptop keyboard and the motherboard.
Re:Buy your own (Score:2, Informative)
It is not unreasonable, just inconvenient. The work laptop is for work. That is why they issued one to the OP. Personal stuff should be done on your personal stuff.
Re:My solution (Score:3, Informative)
Interestingly, there are some USB devices which enumerate as an optical drive, but have flash memory -- for purposes like installing some OSes on netbooks -- and they might work for this, depending on how the boot lockdown is implemented, some bioses treat USB-attached CD-ROM differently from USB mass storage for such purposes. Still two things to carry, but less bulk than a CD-ROM, and a little less susceptible to mechanical damage.
Re:Don't go there... (Score:5, Informative)
Re:No, there's no need (Score:4, Informative)
A tiny tiny portion of the real early internet was funded by the govenrment. There has been no funding of infrastructure by government for the last 20 year.
Many companies turn off usb booting in the bios, and then lock the bios.
Re:No, there's no need (Score:5, Informative)
Keyloggers can be installed in the BIOS, though this is rare, it can be done.
Actually, it is not that rare. A company called Absolute is a pretty big player in the firmware level asset security control and recovery business. Every major vendor has models that embed their agent into the firmware of select machines. These agents persist through imaging/formatting. They allow tracking of IP address, geolocation on models with GPS, keylogging, remote bios lockdown, remote wiping, and more. You can see a list of models on their website at: http://www.absolute.com/partners/bios-compatibility [absolute.com]
In short, I agree with the above posters. Play it safe and talk to your IT department. Ask them if you should buy your own laptop for non-work use or use a live cd.
Re:No, there's no need (Score:4, Informative)
While, I agree you should play safe, I have to also call BS on the ability of the BIOS to keylog a linux distro that isn't preprogrammed to allow it.
Take a look at the system requirements:
http://www.absolute.com/products/endpoint-security/computrace [absolute.com]
Notice it doesn't support any distro of linux. I imagine you'd be quite safe using a live cd of any OS not on that list.
Re:My solution (Score:4, Informative)
Just get your own net book man.
Why? My present solution is better in several ways.
First, the work laptop has a 17" 1920x1200 LCD, and I have full HD videos on the USB disk, while I have yet to see a netbook with a remotely comparable screen. Second, the USB disk and CD add almost nothing to either weight or bulk, while any netbook would occupy more space and mass, especially if it has a decent display. Third, the USB disk and CD are rather cheaper than even a budget netbook, and far cheaper than any netbook with an adequate display (or a tablet, as another pundit opined).
BTW, I already have a personal laptop which also has a 17" 1920x1200 screen (actually slightly nicer than the work laptop's). However, I choose not to carry it around when I travel on business, since it has mass and bulk far greater than the USB drive and CD, and for my purposes would provide no additional functionality. Note that I carry several other work-related items along with the laptop, so airplane carry-on mass and space are not to be wasted.
Re:No, there's no need (Score:4, Informative)
Today you're going to learn about something new (to you). It's called SMM, or system management mode. Go look it up. It might also interest you that the Intel CPU isn't the only processor in your computer: http://www.youtube.com/watch?v=tmZ4yXuDSNc [youtube.com]
Executive summary: There is a software level below the OS even without virtualization.
Re:My solution (Score:4, Informative)
Even better, if the laptop supports it, buy a second hard drive tray and hard drive, and swap between them for business and personal use.
Re:No (Score:5, Informative)
This is exactly right. It's amazing how many people immediately look for ways to go behind the employer's back. Why not start by just asking them? If the employer is expecting you to travel for extended periods of time, then there is an obvious need for getting a reasonable amount of personal use out of the laptop, as traveling with two laptops (one for work, one for pleasure) is just silly. Your employer is human, and likely a reasonable one at that (and if not, you should be looking to replace her or him). So, just explain your needs and come to an agreement.
Not just don't WANT to... (Score:5, Informative)
...but can't.
There are several countries where going through customs with TWO laptops will ding you for import fees on the 2nd laptop.
Re:No (Score:5, Informative)
No, arogant users, the job it to work with, not against the company and its interests. Only one of those interests is catering to all the whims of some prissy dev. Security, stability, liability and supportability are some of the other large factors your self centered world view completly misses.
Re:No (Score:5, Informative)
That's assuming you'd know. As I said above, you'd be none the wiser.
That's a criminal lawsuit right there, you are aware of that, yes?
As an IT professional you are supposed to work WITH me, not AGAINST me. Until you understand that, deceit is all you deserve.
I will gladly work with you. I told you how to initiate such a cooperative effort. Bypassing the corporate security measures is where you are working against the company.
I am 100% for making security a lot more user-friendly and cooperative than it is today. In fact, I've given the keynote on a security conference on that exact topic two weeks ago.
But that doesn't mean any joker who thinks he's smart can just go and violate all policies, bypass all security measures and put the entire corporate network at risk.
Re:No (Score:5, Informative)
It really doesn't fucking matter - *IT IS NOT YOUR LAPTOP*