Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > Help: ammo against IT Committee

Help: ammo against IT Committee
Thread Tools
kooBi
Junior Member
Join Date: May 2001
Location: Perth, Western Australia
Status: Offline
Reply With Quote
Nov 19, 2003, 01:26 AM
 
Hi there,

Our Faculty is in the same boat as many worldwide I imagine. The five tech support people in the Faculty have recommended to the Resources Committee that Macs no longer be supported on any of the Faculty networks (part of a University wide LAN system), and the network is to become entirely 'Windowzed'. The primary argument seems to be that there are "safety issues" in running a network with Macs and Wintels. Can this be subtantiated in any way? There are a lot of Mac users that will be affected by this, and we're trying to prepare a cogent argument for why we should continue to be allowed access and support on the network.

[footnote: I suspect the real reason the five want to get rid of Macs is because they know nothing about them and aren't able to provide to Mac users]

Thanks
     
theolein
Addicted to MacNN
Join Date: Feb 2001
Location: zurich, switzerland
Status: Offline
Reply With Quote
Nov 19, 2003, 02:05 AM
 
With the old Mac OS, they would have something there. But with OSX, I think it's the other way around. You'll need to do some research here on your own, but a few pointers:
OSX is based on FreeBSD Unix. That means it has the Unix idea of system permissions which is very secure. You can point out to them that there is not one known virus in the wild for OSX. Go and take a look at the bugtraq site for a full list of current Windows exploits.

Not only this but point out that OSX can integrate with both SMB (Windows NT filesharing and domains) as well as Active Directory. OSX can share Windows printers.

Ask them why they are considering using only Windows when there are very good alternatives, such as Linux, which cost far less and are much more secure. Ask them if they are willing to lock themselves into an enforced upgrade policy with MS. Ask them if they truly consider that using only one OS is a good idea considering that OS diversity is better security wise.

Remind them that OSX is incredibly stable, as are most Unix based OSes, and that the cost of maintenance is minimal, especially compared to Windows (do research on this point and press it home, because it means a lot in terms of support costs)

Hope that helps.
weird wabbit
     
kooBi  (op)
Junior Member
Join Date: May 2001
Location: Perth, Western Australia
Status: Offline
Reply With Quote
Nov 19, 2003, 02:20 AM
 
Thanks for the post. I've been following the virus thread closely (http://forums.macnn.com/showthread.p...hreadid=188945) and that all makes good sense. I also use SMB to connect to the Windows servers on our network (Panther network problems notwithstanding ), so can't see any reasons there either. That's why I'm confused by the whole 'security issue' thing. Granted, being a University there are likely to be many Macs running pre-OSX systems, but their numbers will dwindle.

I think it's just a smokescreen to hide the fact that because none of these admins are really familiar with Macs, they can't provide support for them (and possibly don't want to be replaced by someone that *can*).

But of course it would be folly to say something like that, hence my post
     
Developer
Addicted to MacNN
Join Date: Apr 2001
Location: europe
Status: Offline
Reply With Quote
Nov 19, 2003, 02:22 AM
 
So the safety strategy of your IT committee is that if a virus comes through it is guaranteed to come through to all the machines on the network? Interesting concept.

Mac OS X is secure.
Nasrudin sat on a river bank when someone shouted to him from the opposite side: "Hey! how do I get across?" "You are across!" Nasrudin shouted back.
     
utidjian
Senior User
Join Date: Jan 2001
Location: Mahwah, NJ USA
Status: Offline
Reply With Quote
Nov 19, 2003, 02:28 AM
 
Originally posted by kooBi:
Hi there,

Our Faculty is in the same boat as many worldwide I imagine. The five tech support people in the Faculty have recommended to the Resources Committee that Macs no longer be supported on any of the Faculty networks (part of a University wide LAN system), and the network is to become entirely 'Windowzed'. The primary argument seems to be that there are "safety issues" in running a network with Macs and Wintels. Can this be subtantiated in any way? There are a lot of Mac users that will be affected by this, and we're trying to prepare a cogent argument for why we should continue to be allowed access and support on the network.

[footnote: I suspect the real reason the five want to get rid of Macs is because they know nothing about them and aren't able to provide to Mac users]

Thanks
I suggest you remind your tech support people that, you, the users are *their* customers. It is up to them satisfy your needs. If they can't figure that out the only "safety issue" they need to be concerned with is their jobs.

On second thought... that may be a bit too harsh (but there is truth to it).

Their primary argument is, by any logic, completely false. There are "safety issues" with running a single platform on a network. If there is a bug/virus/worm/exploit for one machine then it can (and most likely will) affect all machines in a monoplatform network. Ideally, you would have as many different operating systems and suites of programs as you have computers. Then a problem that affects one machine can ONLY affect that machine. It works the same way with infectious diseases. Unfortunately that would make for a very impractical network. But the simple answer is that the more differentiated you network is the less likely you will have it affected by a single problem with any of the platforms.

I run a pretty even mix of Linux, Mac OS 9/X, and Windows 2K/XP in an academic environment. I have had zero "safety issues" to deal with on the Mac OS and Linux machines... ALL of the problems have been on the Windows machines.

Ask them to elaborate and specify their concerns in more detail.

If they are still not sure or have any questions... have them contact me: dutidjia-AT-ramapo.edu.
-DU-...etc...
     
kooBi  (op)
Junior Member
Join Date: May 2001
Location: Perth, Western Australia
Status: Offline
Reply With Quote
Nov 19, 2003, 02:58 AM
 
Thanks utidjian, sometimes I wish we were their customers! That was my first thought - "Aren't these people here to serve us?" Seems to be a common mentality with some Uni committees - they are non-consultative and dictatorial and often make decisions that many don't like. I will get in contact with them and ask them to clarify what they mean.
     
mcsjgs
Mac Enthusiast
Join Date: May 2000
Location: Collie-fornya
Status: Offline
Reply With Quote
Nov 19, 2003, 03:09 AM
 
Ah, the wizards in white lab coats! I might point out to the decision makers that it sounds as if the IT people are trying to make their job easier (and guarantee full employment with all the security concerns on Windoze). You might also point out to them that the G5 just won computer of the year award from PC Magazine, a windoze publication, no less!
Suicide Bombers: That never-say-die spirit. No, that's not right.
     
SJ
Junior Member
Join Date: Dec 2000
Location: Earth
Status: Offline
Reply With Quote
Nov 19, 2003, 04:15 AM
 
Sound like a something a friend of mine ran into.

He took his powerbook to the school where he worked to show how easy it was to hook up to a windows network. Strangely, his powerbook was able to see and access a lot more sharepoints than all the other windows machines could.

When the network admin found out about this he talked to the school board and had the teacher band from bringing his laptop to school on the grounds of security.

It turns out that this admin had installed a script on all the windows machines to stop them seeing these other sharepoints rather than configuring the server correctly and securely in the first place. The teacher pointed this out to the board but they didn't want to hear it.

As has been stated before the only reason they could possibly want to get rid of Macs on the network are as follows...

1. They don't know anything about them and don't want to be replaced by someone who does.
2. They like the job security of windows. (Exploits, Viruses, Constant Upgrades).
3. They are trying to hide something and don't know how to hide it on the Mac.
4. They are being paid (directly or indirectly) to move completely to Windows and get the institution locked into annual licensing.
     
Gee4orce
Professional Poster
Join Date: Dec 2000
Location: Staffs, UK
Status: Offline
Reply With Quote
Nov 19, 2003, 04:17 AM
 
The X vs XP site has lots of good info too, though it's more to do with the user experience: X vs XP. For 'out of the box' security, they give X a 9 and XP a 3 ! If anything, that site is slightly biassed away from X.

You could try talking directly with one or two members of the IT support team and find out what exactly they are afraid of - and let's get that straight, it is FEAR that is causing this reaction; fear of the unknown.

I work in IT, and in my experience IT guys like toys. What most IT guys don't realise is that Mac OS X is a wonderful toy, with loads of very cool things to play with. Slap an X Serve into the mix and things just get better and better. IF you can get one of two of the IT people interested in the technology, the fight is half won already.
     
jasong
Mac Elite
Join Date: Mar 2000
Location: Allston, MA, USA
Status: Offline
Reply With Quote
Nov 19, 2003, 09:24 AM
 
there are "safety issues" in running a network with Macs and Wintels.
There are safety issues. Get those buggy, virus ridden wintels off your Mac network!

-- Jason
     
stevec999
Fresh-Faced Recruit
Join Date: Nov 2003
Location: Columbus, OH
Status: Offline
Reply With Quote
Nov 19, 2003, 09:52 AM
 
Let�s take a look from the IT guy�s side. They may very well not know anything about Macs that is pretty normal these days. Say they allow you to plug your Mac into the network, you have problems and call them for support. They will not be able to help you. Now being a knowledgeable user you will say ok and figure out the problem on your own. The trouble comes when someone who is really just a user and not a techie has the same problem, they can not help themselves and need support so they call the IT guys. The IT guys can not help and tell the user that, the user then says � but Macs are allowed on the network so you have to help me�. It can be a big problem.

Now I work in an organization that has Mac and Windows users. We allow people to decide what system they want to use. It seems with every hardware refresh cycle fewer people chose Macs. The only real problems we run across are some odd network related issues with users still running OS9 and appletalk. With the current refresh OS9 will be gone and should rid us of the network issues.

There are issues but the ones most IT shops quote are generally not real but perceived. Unfortunately perception is often reality in the IT world.

I am a UNIX guy so OS X is attractive to me, I have been playing with an old Pismo that was lying around and will soon be ditching my windows systems at work for a new 15� powerbook and G5 desktop.
     
Millennium
Clinically Insane
Join Date: Nov 1999
Status: Offline
Reply With Quote
Nov 19, 2003, 11:34 AM
 
Originally posted by jasong:
There are safety issues. Get those buggy, virus ridden wintels off your Mac network!
Exactly.

This is a common trick among the Windows folks. They cite that their are "safety issues" when dealing with mixed environments, while neglecting to point out that their own environment of choice is to blame for most of them.

IE did this when they dropped Netscape-style plugin support, actually. They claimed "security issues" even though no security issues were ever found with the Netscape-style system.
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
     
mitchell_pgh
Posting Junkie
Join Date: Feb 2000
Location: Washington, DC
Status: Offline
Reply With Quote
Nov 19, 2003, 12:30 PM
 
This actually happened to me.

I am the only person on our university LAN (in our building) to use OS X. When I was giving a presentation (from my laptop) with Keynote, the people wanted to see something I was working on on my desktop computer, so I quickly connected to my desktop system (on the same LAN) and all of the computers in the building came up.

Talk about jaws dropping. They instantly saw me as a threat. I didn't even have access to the computers!

I also tried to explain that Apache was a better web server then IIS (security wise). Again, I was treated as a malicious hacker.

I also tried to explain that our printers were wide open for hacking (FTP and telnet services were wise open with no password) Again, I was treated as a malicious hacker.

Now every time anything goes wrong with the system, they look at me...
     
SomeToast
Senior User
Join Date: Jan 1999
Location: California - Bay Area
Status: Offline
Reply With Quote
Nov 19, 2003, 01:43 PM
 
Originally posted by mcsjgs:
You might also point out to them that the G5 just won computer of the year award from PC Magazine, a windoze publication, no less!
Just be sure that when you tell them, you don't use terms like "Windoze" or "Microsloth."
     
Brass
Professional Poster
Join Date: Nov 2000
Location: Tasmania, Australia
Status: Offline
Reply With Quote
Nov 19, 2003, 05:17 PM
 
Some IT support people have the erroneous idea that the more different types of computers there are on campus, the more problems there will be for us to deal with. Of course this is just illogical, but an easy mistake to make. The truth is that the more computers, the more problems, no matter what type they are. And also the more types of computers, the wider variety of problems.

This is the real sticking point (even if they don't admit it), and is what you were aluding to when you suggested they just don't know anything about Macs. The real problem is probably that they are afraid of having to deal with the unknown.

Rather than creating a them (IT) against us (clients) argument, a good strategy might be to first outline all the advantages of a multiplatform network (many advantages have been listed here already by others), and all the advantages of Mac OS X over Windows in general (without degrading Windows, and making it clear that you understand Windows has it's place), and then... the crucial part of this strategy...

suggest that the IT personnel be given extensive training in Mac OS X administration and support so that they are well equipped to support both platforms. You can even explain this to the IT people in that it will make them so much more employable and valuable to their employer.

This way, instead of saying, "We can't support Macs, let's get rid of them", they can say, "We can't support Macs, let's learn how". Instead of alienating the mac using clientelle, they'll be held in high esteem by the mac users. Everyone wins.

Training can be expensive, but it need not be so. It can be done in-house, by a professional. It can even be done for free, in a self-paced mode (would require a lot of discipline though).
     
kooBi  (op)
Junior Member
Join Date: May 2001
Location: Perth, Western Australia
Status: Offline
Reply With Quote
Nov 19, 2003, 11:36 PM
 
Top replies everyone, thanks a lot. And I really like the sound of that strategy Brass. I'll write this stuff up as a paper once I've spoken to the Res. Comm. and found out what their real gripe with Macs is.

Thanks again.
     
SJ
Junior Member
Join Date: Dec 2000
Location: Earth
Status: Offline
Reply With Quote
Nov 19, 2003, 11:55 PM
 
Originally posted by kooBi:
Top replies everyone, thanks a lot. And I really like the sound of that strategy Brass. I'll write this stuff up as a paper once I've spoken to the Res. Comm. and found out what their real gripe with Macs is.

Thanks again.
Additionally, you could post this question to the WA Mac Users group....

http://www.wamug.org.au

They could also give you a hand. Seeing as you either work at Curtin, Murdoch, ECU or UWA (Possibly Notre Dame) it would be good to coordinate your efforts with other users.
     
machem
Forum Regular
Join Date: Sep 2003
Location: Great Central Valley
Status: Offline
Reply With Quote
Nov 20, 2003, 01:33 AM
 
My own IT people at my (smallish) University are now very "customer-oriented"; in other words, they treat end-users as customers to support, rather than interlopers on "their" systems. This is the way the campus (academic and business units) have wanted it forever, and we finally have a hierarchy that both knows and believes it.


There is no question of support for any particular system; our IT have come to realize that Apple machines won't go away, Unices won't go away, etc. They are focusing on real issues like security, access, uptime, and hardware and network maintenence.

For this to happen and work, the administration has to believe that professionals can make the decision as to what machine works for them, and that this choice is an important facet of academia. Would they ever meddle in a decision on which kind of rotovap a chemical synthesis guys is going to buy? Of course not.

When I arrived at my U ten years ago, we had no internet. No, I'm not kidding. We have had the big I in my bldg six years now, fiber for three. We have gone from the stone age to something approaching modernity.

Try and get involved with how IT works at your U (if you can). Be patient, reasonable and persistient. Make allies (Win, Unix/linux and Mac). Don't give up, and good luck.
1.25GHz 1024M SD 15" AlBook
     
Gee4orce
Professional Poster
Join Date: Dec 2000
Location: Staffs, UK
Status: Offline
Reply With Quote
Nov 20, 2003, 04:13 AM
 
Sounds like these IT departments are relying on 'security through obscurity' - which basically means they hope that if they can hide the machines on the network from people browsing, then they are safe from hackers.

This is absolutely, demonstrably, totally WRONG. In fact, this kind of security policy should immediately trigger a full audit of their network security. You cannot just assume 'if I hide these machines, nobody will find them and nobody will hack them'...

The fastest compromise I've heard of, for a computer just connected to the internet, with no 'advertising' it's presence, was fifteen minutes ! It's highly likely that there are hackers on your uni network simply running amok !
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 09:23 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,