[matthewarkin]

Stanford students have to get software installed on their laptops to access the Stanford network. Supposedly this is to force us to have anti-virus installed and the latest security updates, but I doubt any student has actually looked into what the software does / could do.

[zbjornson]

I've actually dug pretty deeply into it. Briefly, it's IBM BigFix (previously Tivoli Endpoint) and allows university IT to remotely run any script with administrator privileges on your machine. I hate it and remove it after registration. It's one thing to use that on company/university-owned computers. I think it's unacceptable to run it on personally owned machines like Stanford does. Students who live on campus have no alternative ISP.

[mbreese]

Stanford gets attacked - a lot. The biggest threat to the network is personally owned machines that need legitimate access to the network. The only way for them to protect the rest of the network is to have some kind of monitoring on those personal machines. The only other alternative would be to run personal machines on a separate network entirely, which they may or may not do already. I'm not sure. And BigFix doesn't cover only students, but also all faculty and staff as well.

Honestly, if you think that's bad, try getting a server online (in the datacenter!). The network admins take their firewall rules very seriously (as well they should).

For me, the biggest pain is the two (yes, two) backup services that must be installed for my department.

[matthewarkin]

A simple hack, if you register your computer as non Windows/ OSX device you're not forced to run it.

[zbjornson]

That used to work but they've at least made it harder. They started using your browser UA string to detect OS, and somehow (forget details) they've made it more difficult to spoof that.

[joeyo]

Install it in a VM?