this post was submitted on 01 Jun 2024
1008 points (97.9% liked)

Technology

59641 readers
2930 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Q. Is this really as harmful as you think?

A. Go to your parents house, your grandparents house etc and look at their Windows PC, look at the installed software in the past year, and try to use the device. Run some antivirus scans. There’s no way this implementation doesn’t end in tears — there’s a reason there’s a trillion dollar security industry, and that most problems revolve around malware and endpoints.

you are viewing a single comment's thread
view the rest of the comments
[–] BearOfaTime@lemm.ee 13 points 5 months ago (1 children)

It won't.

All the crap from MS only affects ignorant home users. (I say that with no criticism - home users often lack significant expertise in this stuff).

Corporate has an IT team dedicated to image building, based on requirements gathering, which is well documented and well tested before it's deployed to even a small test group (usually us fellow IT geeks get to be Guinea pigs first).

Once it's been certified, then they'll deploy to a second, larger group, test and verify.

Wash, rinse, repeat.

Plus they'll probably start with new hires and anyone with a machine that is falling off lease/aging out. This gives them a little room, in that new hires don't have any local data (no one should have much in the first place), and people with aging machines can hold onto the old machine for a couple weeks as a fallback, just in case.

I've seen it several times, been part of deployment and upgrade teams.

Additionally, they deploy policies to redirect any MS network services to their own internally hosted services - windows is designed to do this, there are specific policies for everything, such us Windows Update services, even the MS App Store. Because no company wants machines pulling random crap from outside the company (they probably even block the access at the network level - I would).

[–] TexMexBazooka@lemm.ee 19 points 5 months ago

Everything you’re describing is how it should be done. Realistically it isn’t done properly, all the time, and that’s why breaches happen.