[pletsch]

The article says Trellix but the same could be written about any EDR from a capability standpoint. To add to the staff's point about giving root access, and while that's more on Microsoft needing to get vendors out of the kernel, it shouldn't be a compromise users have to make.

With that said, I find myself agreeing with the mandate, if you're using university resources, they have a responsibility to protect those resources and EDR is table stakes these days.. but they also need to be providing any devices required for the job, allowing BYOD for restricted data makes an already tough environment to secure harder than it needs to be.

[jltsiren]

There is a complicating factor. Universities are not your average top-down hierarchies. While some aspects of the work do belong to the employer, other aspects are yours (or you PI's), and they may follow you to your next job. While administrative matters and sensitive data tend to belong to the university, everything you create as an academic is usually yours.

It's pretty common, particularly among researchers who do not handle sensitive data, to have a burner laptop for accessing university resources and personal devices for the actual work. Many people also use personal email addresses for work. Work email rarely survives changes in employment, making it too short-lived for many purposes.

[mindslight]

If top-down surveillance spyware has become "table stakes", then it's time to flip the table.

[asacrowflies]

Light it on fire afterwards

[musicale]

Intrusive, malware-like "security" software running on user devices introduces undesirable security and privacy risks.

Moreover, universities should avoid the chilling effects of intrusive monitoring of faculty and student devices, as well as the potential legal liability.

A better solution is resource access revocation upon detection of bad behavior, with an administrative escalation path to manage false positives.