Hacker News new | ask | show | jobs
by lynx23 701 days ago
EDRs are the devil's spyware. Especially since corporate "security" people are now pushing for EDRs to run on Linux. Argument is that the cloud nature of the thing makes it necessary that it runs everywhere. Fact is, since my company forced me to install this black box, my system is definitely less secure. Before that, I didnt have a single incoming port enabled. Now, my system talks to all sorts of external things which I have no knowledge about and no control over.
1 comments
tsimionescu 701 days ago
If your system was processing any valuable information owned by the company (code, PII, etc) than the company is likely much safer today than it was when you had exclusive control over that system, even if they introduced several vulnerabilities. Previously, if you decided/were coerced to do something against the company's interests, you could do whatever you wanted from that system and they never would have even known. Now, they have some chance to prevent you from doing that, or at least find out in a reasonable amount of time.

Security is a complicated topic, and employees are also potential attack vectors. A system that is in the complete control of a malicious employee is a security problem for the company just as much as a system that was corrupted by an external cracker.

link
lynx23 701 days ago
Well, now we're getting somewhere. If my company distrusts me so much that it needs to put a black box in place to prevent me from fucking it over, it shouldn't hire me as an admin for tons and tons of infrastructure. Distrust goes both ways. Increase the pressure, and maybe, maybe, your employee will just leave for another company that doesn't behave that way (yet). The timing is great, because some employees still remember how they were treated during 2020/21.
link
tsimionescu 701 days ago
Any company that fully trusts all of its employees to handle my secrets is a company I don't want to do business with. I would bet you don't want, say, every hospital janitor to have access to your personal medical records either. So, you probably also want the hospital not to trust its employees and to keep certain data under lock and key. Same with a bank and your money.

It's no different with software.

link