Re: More Blathering

From: J. Random User (nospam_at_nospamnosiree.com)
Date: 09/26/03 

Date: Fri, 26 Sep 2003 00:56:00 GMT

"Leythos" <void@nowhere.com> wrote in message
news:MPG.19dc2360c4c261fd989cea@news-server.columbus.rr.com...
> It's nice for you to think this way in your dream world, but in the real
> world, where most of us are, you don't have any say in company policy or
> in what you can/can't do.
>
> The sooner you realize that you are ONLY an employee, the sooner you
> will be able to get a job and keep it. It's their company, not yours,
> remember that they make ALL THE RULES - your choices are to work for
> them or not.

Naw, I believe large companies should be forced to have less power over
their employees, if only for the reason that they HAVE such an unnaturally
large amount of power over them already.

It may not be the way things actually work, but I choose to believe that
this
is what is right.

> > *I* know that my actions would not have those consequences.
> > After due deliberation, the IT folks could probably see that as well.
> > Management didn't care. Their actions seemed to stem more from the fact
> > that I didn't follow their rules. I think they overreacted. And I
think it
>
> Two things to remember here - you didn't know enough about security to
> know if you could get out, which means you don't have any clue as to
> your possibly infecting the corporate network or not. If you didn't
> already know the answer you are just a computer user - that means, as a
> simple user, that you are actually the biggest security threat most
> companies have.

Okay -- given an HTTP connection, and a machine that has been set up with
all the latest virus definitions, and a browser that disallows Activex
controls and
applets, give me a couple of vectors that could bring a virus into the
network
from just browsing web pages.

Also, if I am browsing a known website that has no more potential to have
malicious
code on it than any other randomly chosen one, but due to technical reasons
(as in this
case), I can't reach it, what makes it more dangerous to view it via a proxy
run by a
well-known party with a reputation to consider?

> Second - they make the rules, your accepted them when you decided to
> work there, live with the consequences of your actions and learn from
> them.

There are many rules, including Laws of the Land, that I break, because I
don't agree with
them, even though I live here. I've considered their possible cost to
myself and others, and
have come to the conclusion that they are not actual threats. Except to my
job security,
at least, in this case.

> > I believe that a certain amount of personal use of a corporate network
> > should be
> > EXPECTED to be allowed, as we spend most of our day at work. Expecting
> > otherwise is WRONG of companies. Period. That's how I feel about it.
>
> And in the grand legal scheme of things, if they let one person do it
> they can't punish someone else doing it. Where do they draw the line,
> how many minutes, how many apps???

That decision should be made on a per-person basis, since each case is
different.
You needn't say "How much time will that take away from important business
of
the company, then?" I'm taking that into account.

> The "potential" for damage to Nike is in the millions - one rogue worm
> caused by your carelessness could shut them down for days. You seem to
> miss this point. Having been in a position to fire people for this, I
> can assure you that 99% of us would not fire a person if they admitted
> the infraction the first time we asked about it and didn't try and make
> excuses or justify their actions. The simple, "Yes, I was trying to
> screw around on company time in direct violation of rules - I'm sorry, I
> won't do it again" would have got you a second chance in my book.You
> would be on my IT *** list, and your stations/login put on strict
> monitoring.

Oh, I said pretty much what you said. I didn't grovel, but I did apologize.

> So, now you know how the big boys play (companies) - learn from it and
> you will recover easily. Keep your same ethic and you will continue to
> loose jobs and may even get the honor of crashing a company network :)

Woo-hoo, just what I want. :-/

> How about this - you violated company policy, you were fired for
> violating company policy. How does your abuse of company policy and
> getting the normal punishment make you any form of victim?

Because I think their policy is wrong.

> The guilty criminal is not a victim of anything, maybe being stupid or
> something like that, but not a victim in any way.

A "criminal" is someone who violates a law. Whether that law is just
or not is something else entirely.

> In this case, the company your were working for IS the victim - they
> invested resources in hiring you, getting you on the network, setting up
> your work, and then you abused them - sounds like they were hurt in this
> process by your actions.
>
> This never would have happened if you had followed company policy - you
> can only blame yourself.

I blame myself, certainly, for starting this chain of events. But I blame,
even more,
the guy who turned me in. And, as I've said, I think the policy is wrong.

> On a personal note: This conversation has been interesting to be because
> as someone that hires people I see more and more of them with your
> ethics - the one that says I owe you something I have - I've started
> hiring old-timers like myself because of people like you.

Sorry to disabuse you of that notion, but I *am* an "old-timer", too.
Spare me the "then you should know better, I have no sympathy at all for
you", please. :)