Beware That Company Box You Took
Dead dot-coms are still alive in some ex-employees' computers. But these haunted hard drives harbor huge security holes instead of
memories.
Inexperienced home users running corporate-configured computers are a security disaster just waiting to happen, said Christopher Budd,
a manager at Microsoft's Security Response Center.
Many who worked for now-defunct businesses inherited or appropriated the computers they had been using at the office. These
computers are typically configured for use on a corporate network protected by skilled system administrators, firewalls and other
industrial-strength security measures.
When removed from their network, taken home and hooked up to a modem, the computers are immediately transformed into easy targets
for malicious hackers.
And it's not just the recently fired who are running these highly vulnerable machines. Bargain hunters are also at risk, said Jack Danahy, manager of the Server Security Division at WatchGuard Technologies.
"Take a look at how many powerful machines are suddenly for sale cheap at places like eBay. There are kabillions of these machines, and I'd guess that many come from closed-down businesses and haven't been reconfigured," Danahy said. "Chances are good that the systems administrator was fired before the accountant, and nobody was left to clean up these machines before they got sold for 10 cents on the dollar."
Kerry Rondell took her laptop home when the Web design company she worked for suddenly went out of business in July. Employees were allowed to take computers and other office equipment in lieu of severance pay.
Rondell said that after a week or so, her computer began "acting funny." Shortly after, she started getting e-mails warning her that her machine, which runs Windows 2000, was infected with the Code Red II worm.
"I didn't know what to do so I took the computer to a repair shop," Rondell said. "They told me yes, my machine was infected with that Code (Red) worm, and it was also infested with programs that could let hackers look at whatever is on my computer. My whole life is on that machine. I feel like I've been raped."
Microsoft's Windows 2000 and NT are the operating systems of choice for many networked business computers, but some security experts say that these systems are not the best choice for unskilled users.
"I don't think NT/2000 is suitable for the average home user," said Robin Keir, chief software engineer of security firm Foundstone. "Many of these people can barely use AOL, so they don't stand a chance trying to configure their network protocols and security settings."
Microsoft's Budd said Windows 2000 and NT operating systems are quite secure, but he is worried about people running machines that were configured for use on corporate networks.
"Microsoft Windows 2000 and NT are proven secure platforms that are used successfully by millions of customers," Budd said. "In this case, though, people are using configurations that they've inherited from the previous owners. This is never a good idea and has the potential to lead to disaster."
One of Windows 2000/NT's major selling points is that the systems allow knowledgeable users to configure the system to suit their individual requirements, Budd said.
"But clearly, settings that are appropriate for an enterprise will not be appropriate for home use," Budd said. "This may lead to a number of problems, including security issues."
Marquis Grove of Security News Portal thinks that the "more earnest" users will make the effort to reconfigure their machines for home use and will also perform other essential chores such as regularly patching their software and updating antiviral applications.
But Grove believes that many of these "fully loaded" machines are now owned by people who have always relied on a systems administrator to secure and maintain their machines.
