×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

SETI@Home A Security Threat, Says TVA

timothy posted more than 13 years ago | from the good-news-from-my-new-hometown dept.

Space 213

evenprime writes: "Richard Chambers, the Inspector General of the Tennessee Valley Authority, has declared that employee use of SETI@Home on TVA computers compromises computer security. I'm wondering why using SETI@Home on PCs with access to the internet would be a problem. As cheap as PCs are, you'd think that TVA would have separate internet/email PCs on every desktop, and so no form of malware could affect their machines used for power generation and/or managment."

Sorry! There are no comments related to the filter you selected.

Job satisfaction is same as stealing from company (1)

Anonymous Coward | more than 13 years ago | (#142473)

"Job satisfaction is the same as stealing from the company". - From a Dilbert cartoon.

Programming jobs at your company better have some aspect of fun to it or you will go bankrupt. No human is capable of being creative on demand for 8 hours per day. Creativity happens in bursts. And some game playing or net surfing when your in a mind-block can get the creative juices flowing again.

They might row faster if you *stop* cracking the whip so often.

Re:Two PCs on every desk? (1)

Anonymous Coward | more than 13 years ago | (#142474)

Two PCs on every desk?
Great, two Bill Gates.

typo (1)

Trepidity (597) | more than 13 years ago | (#142479)

I assume you meant "set up us."

Re:It's the economy, stupid... (1)

Kevin (2062) | more than 13 years ago | (#142481)

exactly...earnings are important. besides the cost of the pc itself, there is a kvm switch (or a seperate monitor); plus you have to make sure you have enough network drops for each additional computer...and then supporting all these extra "for fun" computers.

run seti at home if you like. f* aliens.

Re:Stealing as well (1)

Faceprint (2612) | more than 13 years ago | (#142482)

Did you ever think of turning them OFF? No security risk, and saves plenty of power! ;-)

interesting situation (1)

Faceprint (2612) | more than 13 years ago | (#142483)

I've got an interesting situation. I work on my personal machine at my job. I don't work from home, I just took my machine to work with me. My machine, both monitors, speakers, the whole set. I leave my machine on 24/7 (mind you, I tend to be working on it about 16/6 of that).

Am I stealing from the company? Technically, I guess I am. Am I security risk? Probably. I'm not as anal as I should be about my system. Hell, I'm such a power user that I get the pleasure of being outside the firewall, and I get to run my OS of choice instead of w2kpro.

If you were my employer, how would you feel? Happy, that I saved you the cost of another PC? Or mad that I don't fit nicely into the cookie cutter for employees?

Re:Risk? Uh... yeah?? (2)

matty (3385) | more than 13 years ago | (#142485)

Except that you can't stop breathing (without dying :). TVA employees can avoid installing SETI without ill effects. As a matter of fact, it will (minimally) increase the TVA's bottom line due to lower electricity usage.

It's a completely controllable risk (by not installing SETI), and well within their rights since they own the computers.

I don't know what you do for a living, but I'm a Network Admin and for myself and all the people I know who do PC support, one of the most annoying things is users thinking they can install whatever they want on their computers.

Not trolling, not flaming, just my 2 cents.......

what's the problem with this (5)

Archfeld (6757) | more than 13 years ago | (#142491)

Even SETI states, make sure your employer is OK with this before installing any software.

Seems very straight forward to me, security breach or not.

Re:sure (2)

BrookHarty (9119) | more than 13 years ago | (#142493)

Good point, they should charge for the spare cpu cycles. Goverment should be looking for every way to save/make money.

WTF is up with these Dipshit Senior Mangement? (2)

BrookHarty (9119) | more than 13 years ago | (#142494)

Anthony Smith, a senior manager of TVA's computer system, said the inspector general's office first detected the SETI programs on TVA computers, and managers made sure all were deleted.

The use of the SETI program on 17 TVA computers presented "some kind of risk," Smith said.
snip..
But SETI uses a high level of protective encryption, he found, so there was "a relatively low risk" to TVA.
Still, he said, the incident prompted managers to conduct a massive computer security awareness campaign.

Very freaking trival matter. They just found out about SETI@HOME over a year on some production boxes? If security was thier main concern, why didn't they use network security management software? There seems to be alot of personal Crusades by management on very trival matters. With companies understaffed and overworked, Some Senior Mangement opens his mouth and makes lame ass policy that has no bearing on the subject.

Security means more than banning some software to look like your on the ball. (Your not). How about getting off your fat ass, and fix your damn firewalls with decent ACLS, patch your damn DNS servers, and proxy your Internet connections.

--
the osi is missing a layer - layer 8 = politics

sure (3)

NMerriam (15122) | more than 13 years ago | (#142497)

As cheap as PCs are, you'd think that TVA would have separate internet/email PCs on every desktop

Sure, why not? It's only our tax dollars...

---------------------------------------------

Stealing as well (3)

Alfred (16073) | more than 13 years ago | (#142500)

Not only where they breaching security, they were stealing from their employer. Idle CPU time is not free, when SETI is running the CPU can't shutdown into low power mode...

the TVA nuclear connection (2)

TeknoDragon (17295) | more than 13 years ago | (#142501)

Oak Ridge is parially related to TVA, they do some very sensitive stuff there (like building THE bomb). I remember when I went in to one of their centers they give you a work over with the metal detectors and everything.

Uhmm (1)

NitsujTPU (19263) | more than 13 years ago | (#142507)

Part of this is that many companies allow ONLY authorized software to be installed. The company computers are for work, not for play. If one guy is downloading seti next door, the guy next to him might not think that it's a problem to download something from a less qualified site. There are a lot of viruses and such out on the net, and when you have a couple thousand people, someone is bound to get something nasty on your network if you let them run wild. The reason why companies are so worried about giving everyone a full internet condom is because most peoples' experience of browsing the net seems to be equivalent to sleeping around with prostitutes, they might get lucky, they might get... uhh, something else. I can remember a problem at work with people downloading a program that downloaded a whole STACK of backgrounds every day according to a timer. The program wasn't terribly efficient, and the bottom dropped out of the network twice a day when people's computers started downloading desktops. Unauthorized modems are one of the leading causes of breakins in corporate networks. It's all related. I'm sure that there isn't a rule that says "don't download SETI" rather, theres a rule that says that what runs on your computer is the business of the IT department, and it SHOULD be that way.

Re:Clueless seniors (5)

Black Parrot (19622) | more than 13 years ago | (#142508)

> God, this would just be hilarious if it wasn't so pathetic.

Actually, it's real simple. SETI@home is closed source. Neither the employee running it nor TVA management has the faintest idea what it really does. Therefore the TVA can reasonably be paranoid about it.

Of course, the same logic applies equally to any other CSS software that they may be running. I think the world at large is slowly maturing to an understanding of the CSS risk, though management types will see it in "toys" like SETI@home before they see it in their precious COTS applications.

--

Re:Open Source has the same problem (5)

Black Parrot (19622) | more than 13 years ago | (#142509)

> The same goes for open source software.

[In addition to what MWright already said...]

That is correct. And in fact I habitually download pre-compiled binaries to run on my Linux system.

But remember that there is an almost zero-sum tradeoff between convenience and security. For my Linux system at home, getting 0wned would have a small cost, so I only expend a small effort preventing it. If I operated the TVA, a business, a space shuttle, or a government or military computer system, then I would invest a lot more trouble in security.

If the quoted guy doesn't want the TVA 0wned, then he needs to invest an appropriate amount of effort in making sure he doesn't let any trojan horses in the gate. If that means having his staff read code, it's a real simple calculation of the cost of reading the code vs the cost of getting 0wned. And I would estimate that the cost associated with having the TVA get 0wned is pretty darn high.

Even for my ultra-low-security home system, I don't download a precompiled binary from just anywhere. Every time I do it I make a very conscious decision of "how much do I trust this site?" vs "how much trouble would it be to go another route, such as compiling it myself?" vs "what are the consequences of getting 0wned?". Even for my ultra-low-security site, I just get the source if the only binary kit I can find is made by Joe Stranger.

As for reading the code, no, I don't audit the code for everything I run on the system. However, I'm pretty much a middle-of-the-crowd OSS user (not at all a guru), and in spite of that I do read quite a bit of code over a year's time, because I like to submit fixes and enhancements for the OSS that I use. And I know that there are thousands, probably tens of thousands, of people just like me doing the same thing. Trojans will be found, and the news will spread like wildfire on the internet. The very threat of that will inhibit trojaneers to some extent, because of the risk of getting caught, and the consequences (permanent anathema, no one ever using your software or your download site again, etc).

[Insert note here re the importance of downloading your code from a "mainstream" high-use site, to make sure your code is actually the same code that those thousands of other eyes are looking at. If you download code from Joe Stranger's Fly-by-Night FTP Site, then you may be getting a trojan that your friends aren't looking at, because you didn't get the same code.]

Using OSS doesn't guarantee security, but it seems to me that it is a creditable threat-reduction strategy. I think in the future you will start seeing critical installations like the TVA switch over to OSS as a matter of policy (or if they do stick with COTS software, they will arrange a source agreement with the vendor, and run copies that they compiled themselves to ensure that what they saw is what they really got). We have already seen several non-US governments making noises in that direction, and I think it will become a near-universal reality as the world gets used to the idea of OSS as a quality solution, and becomes aware of the security implications of "trust" vs "knowlege". You just have to look at the number of spyware vendors that got caught in the last 18 months to realize that corporate/governmental paranoia about this kind of thing is not only justified, but perhaps even a moral imperative.

As a side note, the strategy mentioned above about getting the source to CSS directly from the vendor and compiling it is probably less safe than using OSS, because the CSS vendor will never distribute its software as widely as OSS is distributed, so there will never be as many eyes looking at it. I would agree that catching a trojan due to a many-eyes approach is probabilistic, but more eyes slant the odds in your favor.

Also, a dishonest vendor could give you code with an obfuscated trojan, and give trojan-free code to all its other customers that it didn't feel any need to spy on, with the result that the only eyes actually looking at the trojanized code would be the people on your own staff that you assign to it. Bad odds there, unless you spend a lot of money paying a big staff to read code.

As the world becomes more aware of the risks of spyware and trojanized software, and more aware of the viability of OSS for many uses, institutions that absolutely must have security will start adopting OSS, even without reference to the other benefits of sharing source code. This will probably happen sooner rather than later.

The day we see a shareholder suit against a company that lost its ass due to spyware or trojanware will also be the day we start seeing a mass migration of lower-security sites, too.

In our contract-minded society I'm sure lots of suits will try vendor indemnification rather than OSS,but when you start thinking about the dollar cost you would have to assign to having the TVA 0wned by a hostile party (terrorist, extortionist, prankster with no sense of consequences, etc.), then you'll realize that vendor indemnification would be completly meaningless. Which is why I say that society needs to run its computers on "knowlege" rather than "trust". Hopefully the world's suits and lawmakers will figure this out without having to have a incident to elucidate it for them first.

Just my opinion, as always.

--

So? (2)

mindstrm (20013) | more than 13 years ago | (#142510)

Life isn't fair. Of *course* he doesn't lock the CEO out of his computer. I never made MY manager or anyone higher up my immediate food chain do this either. I instead paid personal attention to make sure they were secure.
But you can't do that to everyone, and you have to keep things secure.

It's my job to audit new software to be run on the network, and if it access the network in some way, and you don't need it, it's not going to be approved, plain and simple.

*sigh* (5)

mindstrm (20013) | more than 13 years ago | (#142513)

What they are saying, as I've said in past jobs...
1) Your computer is not your computer, it is the company's computer.
2) Your computer is to assist you in doing your job.
3) Security is important
4) So you don't run anything we don't approve of.

The security audit of a new app can be fairly simple.
Question #1: Do employees need to run this? NO. Jump to DENY

Anything running that access the network, unattended, is a *potential* security threat. running the most secure of secure ftp servers is still a threat if *you don't need one in the first place*.

Re:Hacking the TVA (1)

nnet (20306) | more than 13 years ago | (#142514)

The external web server is NOT part of the internal network, said network includes over 11,000 desktops.

Re:Stealing as well (2)

vanyel (28049) | more than 13 years ago | (#142515)

Oh nonsense. Someone "steals" more from the company by spacing out for a few minutes a day. And its clear the whole lot of them were clueless if they're talking about "letting outsiders in" --- the data seti downloads isn't executable. The only real risk is if they downloaded a hacked binary in the first place. This is just a case of a clueless, dictatorial management. Unfortunately, the comment here that is legit so far is that they *are* the employers machines, and if they want to be clueless and dictatorial about how they're used, they have that right. But they don't have any justification.

Re:Company computers are for work. (1)

nexthec (31732) | more than 13 years ago | (#142521)

Hey. It hink they should hire you with all that money they are saving on these "unwasted cycles".

the point is......they arent getting aything from running distributed apps.

Re:Stealing as well (2)

lomion (33716) | more than 13 years ago | (#142522)

Well you can control alot of that stuff fairly well. With unathorized software you've just taken some of those controls out of the picture. Ad and flash can be stopped in a number of ways, proxy, client side security controls, etc etc...

Re:Stealing as well (3)

lomion (33716) | more than 13 years ago | (#142523)

Not only that, but any network is only secure as its weakest link. Often times a network is broken into not from that hardened server but from a wokrstation or unsecured box on the lan.

It is a ssecurity risk when you have unauthorized software installed especially one that access the internet in some way. What happens if a trojaned version of Seti@home were installed and some ppl used that to get into the internal LAN?

Re:Stealing as well (3)

lomion (33716) | more than 13 years ago | (#142524)

That is why you control what can and cannot be installed and only let authorized copies be used. If its unauthorized software then this could happen easily. Installing Eudora from a cd is alot safer in this case or using a created disk image for the entire pc with Eudora installed as well.

Re:I can see it now (3)

Sierra Charlie (37047) | more than 13 years ago | (#142527)

It all comes down to employers simply not understanding what the application is for and using it as a scape goat for any problem that comes. It happens at my university.

It may seem odd to those who have never had to administrate a network, but the TVA happens to be absolutely correct.

It's not SETI software in particular that is a problem; it's having your users downloading random, useless software from the internet and running it on company (and likely priveleged) machines.

Every time that program starts running, it can do whatever it wants. It could be detecting aliens in the vicinity of Betelgeuse or it could be streaming your password file the SETI server so that it can pass it around for decryption. You can't tell; you didn't compile it...you don't even have the source. Even if you did, the admins don't have time to check the code just so you can have a pretty E.T. phonin' screensaver.

"But we trust SETI", you say. Why? You can't speak personally for the competence and/or ethics of the SETI programmers. If you could, you still wouldn't be able to tell if the binary had been modified after it left their hands. The program is also executing around arbitrary data downloaded from the internet...could it be made to misbehave with bad data from a man-in-the-middle? I dunno.

Maybe all of that seems unlikely, but this is the same policy that guards against the Marketing department's "Dog of the day" screensavers and Trojan Horse emails. As recently evidenced, it's true that you can have backdoors in production software, but at least there's a business return in exchange for the risk.

It's too easy to scoff at this as "employers not understanding" when you don't understand big picture.

I can see it now (2)

macdaddy (38372) | more than 13 years ago | (#142528)

"Notepad compromised our security." It all comes down to employers simply not understanding what the application is for and using it as a scape goat for any problem that comes. It happens at my university. Everytime something goes wrong the network is blamed. I can't check my email. The network must be down. I can't stream my local radio station. The network is "full". I can't play my Flash games. The network in my building sucks. We're out of coffee. The network needs to be replace; we need a router in every building. Literally. I hear that shit all day long, not just from users but from co-workers within our IT department! ARGH! The agony.....

--

Re:I can see it now (3)

macdaddy (38372) | more than 13 years ago | (#142530)

It may seem odd to those who have never had to administrate a network...

Odd you mention that because that's exactly what I do. I'm the Network & Systems Manager at one of the 6 Regents universities here in the State of Kansas, which will remain nameless. I also recommend distributed.net and SETI to the users of this university and have a lab cracking on the RC5 challenge. Source? What do we care about source? Better put, are we allowed to care about the security problems found in the source of the software our users download? No. We're a university. We don't have that luxury. If we as a 4-year university could say what you can and can't install for security reasons, the first things to go would be Outlook, IE, Irix, and Windows. Do we trust MSN Messanger? AIM? ICQ? What about all the various IRC clients? MUDs? Local sploits should always be a concern? Can we say what our users can and can't install? Not a chance in hell. As a net & sysadmin you have to remember one thing. Never trust your own network. Period.

Given my placement in the arena you think I'm not in, I can very easily and with great authority comment on "employers not understanding" small parts of the big picture.

--

Security risk-- for WHO? (3)

marcsiry (38594) | more than 13 years ago | (#142532)

THEY just don't want you to know what sort of traffic is REALLY moving between the TVA and the Greys.

TVA=MIB?!?!

Re:What you don't know... (2)

Medieval (41719) | more than 13 years ago | (#142533)

At one point, foreign government spies checked out the number of pizzas being ordered by the White House to determine if there was something up at the White House. It is now policy that employees of the White House are not allowed to order food from anywhere but the White House kitchen.

Re:Security (3)

M-G (44998) | more than 13 years ago | (#142534)

Yep....it makes me wonder just how concerned they are about security if people have been running SETI for over a year before they discovered it. Why didn't they find the application sooner? Why didn't they see the processes running sooner? Why didn't they notice the freakin' traffic to and from berkeley.edu?

The security risk here isn't SETI, but rather TVA's seeming inability to notice violations of their security policies. Maybe I can pick up a Y2K surplus generator on the cheap, since now that we know how much attention they pay to their network, it's going to be a big cracking target...

From someone (sort-of) in the know... (1)

AllenAtUT (48287) | more than 13 years ago | (#142535)

Just so you know, I'm an intern working with some UNIX sysadmins at TVA this summer... Okay, folks, I understand the whole issue with SETI not being a huge security risk, but everyone who mentioned that it's a business decision is right. It's a clear violation of stated policy (see Communications practices 7 [tva.gov] and eight [tva.gov] ). Overall, they're pretty good about personal use of the net. Basically, the standard is the same as a personal phone call, i.e. as long as it doesn't interfere with work. Yeah, desktops are pretty much locked down, EXCEPT for the screen savers... they figure people will know enough not to violate policy. Of course, even some IT managers don't listen, but that's another story. So, before everyone goes nuts over this, keep in mind that we're talking about the IG of the Agency, not necessarily an admin who knows the "right" words to use when talking to other computer folks. They mean well :). Of course, that's just my opinion.
Allen Cain

Re:What you don't know... (5)

Tackhead (54550) | more than 13 years ago | (#142537)

> > Richard Chambers, TVA's inspector general, said: "If you're allowing others to tap into your computer, you have got some additional risk there."
>
> This sounds suspiciously like a comment from someone who has no idea what SETI@Home does, and is condemning a random program that happened to access the Internet.

1) You're right. There's probably a much greater security thread from spyware that comes with things like RealPlayer, and/or users installing stuff like AudioGalaxy or Comet Cursor, etc. on their machines.

2) He's also right. Maybe for the TVA, this is a little paranoid, but a keyword search on "covert channels" provides some insight.

Suppose you were a KGB agent assigned to find out when the TVA was most worried about blackouts. You'd be very interested in knowing when large numbers of TVA employees were working overtime at the head office.

Rather than hax0r the head office's computers (exposing yourself to risk), or have an agent staking out the head office (exposing the agent to risk), you'd just eyeball SETI@Home's publicly-accessible stats.

You could then deduce that something was FUBAR in Tennesee when "Team TVA", which was churning out one unit every 70 minutes from 5:00pm to 9:00am, dropped their stats precipitously - say, damn near nothing getting done until 11:00 pm, one unit every 120 minutes from 11:00 pm to 1:00am, and only going to the "regular" 70 minutes per unit from 1:00 am to 9:00am.

In fact, in the simplified case I've specified above, you could not only make an educated guess as to how many employees were working overtime, and for how long, you could even make an educated guess as to what hardware platform was being used by The Guy Who Stayed Until 1:00 In The Morning.

Like I said, for the TVA, this is probably paranoia. But for other agencies, information leaked by covert channels can be deadly serious.

(In business too -- at a small enough company, suppose you saw similar data patterns and you knew what CPU power the CFO's PC had. If the CFO's up all night, every night, on the last week of the quarter, maybe he's desperately trying to make up the numbers. Such information could be worth millions of dollars, and it wouldn't even be insider trading, because you're only making an educated guess based on the working hours of the CFO.)

I hate to side with an ignorant bureaucrat, but in this case, he's right. (Even if, in all likelihood, he hasn't the faintest clue as to why he's right ;-)

Re:Let's be realistic here... (1)

pipeb0mb (60758) | more than 13 years ago | (#142538)

You essentially matched all of my points with validation...yet you say I have no idea what I am talking about.

You're exactly right, no application can be 'hack proof'.

Again, I agree...all OS' are 'hackable', but Windows is a little less so than most. (Mainly due to the fact that it's what the script kiddies use.)

NO ONE uses signatures or the means to validate them except for the big boys, which is too bad, as it would alleviate many of the 'viruses' and 'trojans' we see on the 6 o'clock news.
Calm down; take a pill...I think we're on the same side.

Re:Stealing as well (3)

gad_zuki! (70830) | more than 13 years ago | (#142542)

I don't believe any MS OS gives HLT instructions to cool or "power down" the processor. I'm draining 70+ watts regardless if SETI is on or off. Unix is a whole other story.

If anything, the constant disk accesses will keep the HDs from shutting down and might affect auto stand-by or hibernation setups. I don't know of any business that knocks anything but laptops into a real hibernation state. As long as that space heater, err Monitor is shutting down after 10 or 15 mins of idle you're sitting pretty. The rest is pretty trivial.

You're stretching the definition of stealing more than I can tolerate. What has been taken exactly and where is it stored? Whats the *real* loss? Its one thing to go against policy its another to defent policy with accusations of criminal intent. "He knew he was stealing from the company, sir!" Might as well start charging employees who fire up the browser for bandwidth costs if you're serious about "stealing."

Oh, the irony! (4)

dougmc (70836) | more than 13 years ago | (#142543)

When you click on the original news story, a pop-up appears with a `Task Bar Update' that downloads an application that puts `live temperature and storm warnings next to your PC clock along with live news updates'.

It also says these are `100% safe and completely free.' This program is just as dangerous as Seti@HOME could be.

TVA is right -- Seti@HOME is a risk. It's probably a small risk, but for all we know, the client could have code in it that allows Seti@HOME to take control of your box at will, for example.

It also will cause your computer to use more power, and to run slower (ok, just a tiny bit slower, but still.) All this, and it offers the company *nothing* (after all, it's not TVA's job to help SETI.)

And the boxes belong to TVA. Therefore, they're completely in their rights to ban Seti@HOME, and they're doing the right thing.

SETI@Home and denial of service (3)

alispguru (72689) | more than 13 years ago | (#142545)

There might be a legitimate reason for keeping SETI@Home (or any random application) off of a major organization's computers. Go look at this issue of Risks digest [ncl.ac.uk] . The problem described here is not a security issue, but a feature of the SETI software that can cause a few copies of it to wedge a net connection if it can't reliably get to its server.

It can be considered a conflict of interest. (1)

Ryokurin (74729) | more than 13 years ago | (#142546)

The reason why TVA is making a big issue of this is because of the fact that if the wrong person found out about it they could possibly catch hell for it.

Think about it, Although they are trying to make themselves selfsufficient, and a private company, they still depend on a little bit of goverment funding to exist. All they need is a conservative to use the existance of software that uses the machine in ways unintended from their original use of purchase as a reason to hang their asses.

Also it should be noted that they dont allow the installation of software other than their own anyway, just as most corporations, and goverment agencys dont, because one, it could make it unstable, and two it increases the chances of hacks, and three, it could be a potential conflict of interest.

Who can not say that one instances of Seti could be installed with sub7 attatched, or for that matter, what about that inspirational screensaver with something else more heinous?

Re:Right: unaudited apps + waste of (nuclear) powe (1)

Ryokurin (74729) | more than 13 years ago | (#142547)

Yes. they are anal on power comsumption, as they are the power company or a good majority of the south.

Re:California (1)

Ryokurin (74729) | more than 13 years ago | (#142548)

Heh, you better be somewhat worried about them. TVA is almost your only hope of not having more rolling blackouts this summer. They are one of the few utility companies thats going to have power to sell to California.

Not to meantion the South helped research the Atomic Bomb, A good majority of Nasa is in the south, and also missles such as the Patriot was designed, and manufactured there as well.

Hicks indeed.

What about ICQ? (1)

MobyDisk (75490) | more than 13 years ago | (#142549)

I wonder how many people in their corporate network run ICQ, MSN messenger, AOL instant messenger, Internet Explorer, or any number of other insecure apps.

If this is really an issue, then they should block the ports and/or the site.

Re:Oh, the irony! (2)

jesser (77961) | more than 13 years ago | (#142550)

It's probably a small risk, but for all we know, the client could have code in it that allows Seti@HOME to take control of your box at will, for example.

A more likely problem is a potential buffer overflow in the code the client uses to communicate with the central SETI@HOME server. Then if someone were to spoof or break into the server, they would instantly be able to gain access to all computers running the SETI@HOME software. I don't know if such a hole is present in the SETI@HOME software, but remember when AOL intentionally exploited [slashdot.org] a similar hole in AIM?

Why not use distributed computing for more? (5)

Crimplene Prakman (82370) | more than 13 years ago | (#142553)


I am absolutely amazed that employers do not use the power of their idle PCs THEMSELVES!

There are so many applications out there already - SETI@home being one, others include a few at distributed.net [distributed.net] , FightAids@Home.org [fightaidsathome.org] , and there are others cropping up, supporting cancer research, some commercial projects, code-cracking. Many many popular (in a geeky or tear-jerky way) projects that interest us enough to donate our unused cycles.

Now, a company such as TVA - that would rather its employees does NOT use their cycles for such tasks - would do well to provide some other diversion to occupy the screens of its employees. Hey, they could even license the software from SETI, Entropia [entropia.com] , or some other vendor of distributed computing solutions, tart it up to look nice with their logo, and plug in some of their own research models. I'm sure their scientists have some energy calculations that could benefit from massively parallel computing.

And what of the rest of the world's processors? In a large customer service department in any medium-large sized company - even one with no real scientific research needs - there will be many PCs available for many hours. It would be a simple matter for such a company to rent out its spare cycles, again using the same software, with suitable logos. Except this time it would be managed internally, with no risk of external network corruption. The information server could be housed safely with the rest of the company's servers, making a quiet buck in the background, with everyone happy.

Ah, but that would be too sensible, wouldn't it?

/prak
--
We may be human, but we're still animals.

Hacking the TVA (1)

phunhippy (86447) | more than 13 years ago | (#142554)

So let me get this straight... TVA is paranoid about being hacked....

SETI@Home is a violation of Security protocol...

www.tva.gov is running Apache on an HPUX machine.. pretty secure...

Workers of the TVA are running windows... doesn't this violate the security protocol?

:)

Re:Company computers are for work. (2)

Greyfox (87712) | more than 13 years ago | (#142555)

That's why they call it "work"! If it was supposed to be fun, they'd call it "Happy fun time!"

Re:Open Source has the same problem (1)

MWright (88261) | more than 13 years ago | (#142556)

It's true that any one person will probably not look at the code for a program, but, chances are there will be someone else who will look at the code instead. Of course, one shoudn't trust that someone else will for very important things; however, you can be far more certain that an open-source program is free of backdoors than a closed-source program. Furthermore, knowing that the code will be seen by anyone else who wants to look is enough motivation for most people to not include backdoors at all.


-----

Right: unaudited apps + waste of (nuclear) power (3)

peterw (88369) | more than 13 years ago | (#142557)

To all the folks claiming SETI@home is safe: how many of you have thoroughly audited its source code? The rest of you can drop that claim. Adding any software to a system represents a security risk. Give TVA some credit for showing their employees some respect and not locking down the workstations so that management is a headache. Obviously TVA has a policy against installing unapproved software, and these folks broke that rule. They're at work, so they should follow the rules. [Sidenote: if TVA trusts JVMs, then seti@home might be OK as a Web applet.]

Power consumption: TVA is very sensitive to this issue, though it seems some posters do not know this (what a shock!). TVA has many, many employees, and the power they use is not free (has anyone been following the California power crisis press coverage?). Every extra watt that TVA burns because some dufus won't let his screen go to DPMS suspend/off mode is potentially just more nuclear waste to be dealt with.

Re:Clueless seniors (2)

Trinity-Infinity (91335) | more than 13 years ago | (#142559)

SETI@home is closed source. Neither the employee running it nor TVA management has the faintest idea what it really does. Therefore the TVA can reasonably be paranoid about it.

Amen! Its those reasons that I use when I try to pursuade others not to use Windows... I get the impression MS is trying to do something sneaky when most any windows app I use tries to install the latest version of IE automagically... :-/

ANY downloaded software is a security threat (1)

El (94934) | more than 13 years ago | (#142560)

If you haven't diligently reviewed the source and then compiled it yourself, _any_ software could contain trojans... even say, software coming out of a certain monolithic company in Redmond. In the Open Source community we rely on many eyes examining the code to detect malicious insertions, but even this isn't foolproof. In general, it's good idea to assume that any code that hasn't been running for several months _may_ contain back doors. The assumption is that if the software is running on enough machines, within a few months to a year _somebody_ should have detected the problem, although there are no guarantees. In this case, running a new update of the SETI code DOES represent a security risk.

Re:I can see it now (2)

crucini (98210) | more than 13 years ago | (#142562)

That was a pretty cool response. I was halfway in agreement with the control freaks here - I can certainly understand the fear of having trojaned boxes behind the firewall. But Universities continue to show that openness is possible.
My question in these situations is always, "Why do all the machines have to be at the same trust level?" Or to put it differently, maybe it's time to rely more on host-based security and less on firewalls. Given a big enough site, there must always be hostiles behind the firewall. So why not put the desktops on their own network behind a different firewall from servers? Let them infect each other. Of course, even if you completely distrust the desktop machines (best way IMO) it would still be upsetting to have SS7 on them capturing every password.
Maybe NSA's trusted linux will solve this stuff.

Re:Stealing as well (1)

scotch (102596) | more than 13 years ago | (#142564)

Not only that, but any network is only secure as its weakest link.

Not only that, but profit is the difference between revenue and expenses.

Well, when you think about it... (2)

11thangel (103409) | more than 13 years ago | (#142565)

SETI @home is pretty much just trying to find patterns in random data. Which is pretty much what you do with TCP sequence prediction. Of course it's a security risk, its the worlds biggest connection hijacker!

Re:Stealing as well (1)

n3rd (111397) | more than 13 years ago | (#142572)

Idle CPU time is not free

Yes it is. CPUs run at 100% usage all of the time, even if a process or processes aren't using all of the CPU. Checkout the System Idle Process in the Windows NT task manager.

when SETI is running the CPU can't shutdown into low power mode..

This is only true for Pentium 4 CPUs, which I doubt many government agencies are currently using.

Again, either a CPU is on and using X power and 100% of its capacity, or it's not.

I can see thier point. (2)

uncledrax (112438) | more than 13 years ago | (#142573)

"Downloading the program from the University of California at Berkeley, called SETIhome (Search for Extraterrestrial Intelligence), was both a violation of written TVA policy and computer security, and future violations could result in dismissal, managers told the guilty employees. "

This makes it improper the the employees to do this.

" Richard Chambers, TVA's inspector general, said: "If you're allowing others to tap into your computer, you have got some additional risk there." "

This is a fact. It's true. Oh yes, It's true.

However:
It is correct that SETI@Home poses pretty much to real risk, but since it was a violation of exsisting policy, and if they are that anal about security (a good thing really).

For those that work in large office enviroments, you know how much junk users stick on 'thier' computers (most of which is unstable 'neat-ware'.
And that is part of the issue. Many users do feel that they practically 'own' the computer, when in fact it is the companies, and they can govern how it is to be used.

Re:Security in Tennessee ?? (1)

sPaKr (116314) | more than 13 years ago | (#142575)

Built the BOMB? So einstien and Oppenhimer were Hillibillies? man you really have been drinking to much SHINE

Open Source has the same problem (1)

Mold (136317) | more than 13 years ago | (#142583)

The same goes for open source software. I mean really, how often do you download a program and then read through the thousands of lines of code that make it. Oh sure, I can go in and change something that bothers me, which is nice, but if there isn't anything bothering me about it, and nothing I want to add, then why would I look at the code? And even when I do, I generally jump straight to where I need to go.

If there is hole, and it was intentional, then it's probably in some obscure section of the code I'm not going to look at.

Most companies don't have the time to search for this sort of problem, and in the case where the software wasn't supposed to be on the computers anyways, they aren't going to waste time and money to find these problems.

Re:Security (3)

coolgeek (140561) | more than 13 years ago | (#142584)

What they're really saying is that "a computer being connected to the internet is a security threat."

I believe calling SETI a risk is going a bit far, and I also don't believe that is their point. The point is about the user's behavior. Installing unauthorized software on their computer systems _is_ a risk.

Two PCs on every desk? (1)

Clyde (150895) | more than 13 years ago | (#142591)

"As cheap as PCs are, you'd think that TVA would have separate internet/email PCs on every desktop..." Wow, that's what I call a silly statement. Do they need an extra pc on every desk for internet access (so no sensitive data from other PC is exposed)??? Or do they need an extra pc on every desk to run dedicated SETI processing?

Re:Stealing as well (1)

TVmisGuided (151197) | more than 13 years ago | (#142592)

when SETI is running the CPU can't shutdown into low power mode...

Yep...very important to a power utility. And an important message to their customers too..."don't run this software, because it'll keep your home computer from dropping to standby mode, thereby raising your electric bill...no, wait, PLEASE run this software!"

Okay, I'll shut up now...I really shouldn't respond to such as this without eating first.

Re:Stealing as well (1)

shepd (155729) | more than 13 years ago | (#142593)

What would happen if a trojaned version of Webshots, Eudora, Spinner, or Minesweeper were installed?

The same thing. Maybe they should just ask Maxtor to provide a write protect jumper on the Hard Drives, or just get rid of internet access entirely.

Company toilets are for use at breaks only (2)

shepd (155729) | more than 13 years ago | (#142594)

And so is the company water fountain.

And company furniture is for work only. Not for you to rest your drinks, food, and children's pictures on.

And the company floor is not for you to stand your own furniture on, just in case you were thinking of avoiding company rules.

Better learn how to both use the toilet and drink at the same time. And learn how to time both those urges to happen for exactly 15 minutes minus walking distance once every four hours.

"Employee #3782372, your typing rate has been below company standards for the past 240 seconds. You have been sent an automated pink slip as a result. Your pink slip will be recalled upon your resumption of a 40 wpm typing rate, and warning sent in its place. Note employee #3782372, you already have 2 of the 3 warnings necessary before being fired. Please clean your desk out tonight."

I have a quote from a cartoon that's appropriate here (picture a steward readying the whip for a sweatshop worker): "Nike - Do it. Or ELSE!"

California (1)

PolyDwarf (156355) | more than 13 years ago | (#142595)

They just looked at what happened in California, and figured that it could happen to them.

Some one set us up the screensaver! (1)

ErikTheRed (162431) | more than 13 years ago | (#142596)

All your power plants are belong to us!

Re:typo (1)

ErikTheRed (162431) | more than 13 years ago | (#142597)

What you say? Please excuse my misuse of bad grammar.

Loaded article (1)

magarity (164372) | more than 13 years ago | (#142598)

Those /.ers who are not from that part of the country may not realize it, but the language in that news article was completely loaded to make the people running SETI@Home look like dangerous wierdos rather than people who just didn't read the employee handbook closely. That's the scariest part of that article; the insight into local culture and thinking. I bet that if it were one of the distributed cancer research programs, it wouldn't have made the news (although that would have been also shut down per TVA policy). As it is, searching for signs of alien life is tabloid fodder there.

Re:Why not use distributed computing for more? (2)

ortholattice (175065) | more than 13 years ago | (#142600)

Oops. Before someone calls me on this - if they haven't already - of course the electricity is already deductible and can't be deducted twice. So the issue is whether the donated computer usage, vs. depreciation, would be allowable and economically advantageous. I'm not an accountant or lawyer :)

Re:Why not use distributed computing for more? (3)

ortholattice (175065) | more than 13 years ago | (#142601)

I am absolutely amazed that employers do not use the power of their idle PCs THEMSELVES!

Could an employer deduct as a charitable donation the percent computer usage donated to such causes? That would make it a LOT more attractive. Of course, eventually the computer is deducted anyway as it depreciates, but this might effectively accelerate the deduction. Plus some of the electricity used might be deductible.

Re:Company computers are for work. (1)

tritiumsys (176498) | more than 13 years ago | (#142602)

While you are completely right, is Seti@Home enjoyment, or a usefull utility that would make use of something that isnt being used? Companies should be allowed to dictate whatever they want regarding their computer systems, however, Seti@Home should not be branded along the likes of Hoop it up or pr0n.

-Rick

Stupid Users? (1)

Firethorn (177587) | more than 13 years ago | (#142603)

I'd hardly call the average user running SETI stupid.

That said, I have to agree that if they want to run SETI, do it at home. My work says very explicitly: No unapproved software. Period. Even microsoft's been compromised at times. The more stuff you keep off your computer, the easier it is to keep it secure.

I also wouldn't call a web server hack unrelated. I just checked, and the executable appears to be on the web server. If I can compromise the web server, I could replace that executable with whatever I want. Like a backdoor program that reports who it's compromised to somewhere. Depending on how quiet I was about it, it could be days before somebody noticed.

Translation of 'Some kind of risk': There could be a problem with it, but we don't want to spend the resources to precisely determine what the actual risk factor is. If we do it for the SETI client, we'll have to do it for all the little programs people download and mail to each other.


Firethorn

Re:I can see it now (1)

Enigma2175 (179646) | more than 13 years ago | (#142607)

The program is also executing around arbitrary data downloaded from the internet...

No, it is not executing arbitrary data, it is analyzing the data. The only thing that is executed is the program itself. It then performs a series of mathematical calculations on the data. The data is never executed, it would be very difficult if not impossible to compromise a SETI client with a simple man-in-the-middle attack.


Enigma

Re:Stealing as well (4)

darkith (183433) | more than 13 years ago | (#142608)

False. The System Idle process isn't actually a real thread, it performs no cycles and the CPU is allowed to perform a HLT instruction.

Many CPUs have power saving capability, it's a matter of correct configuration in the bios and OS. For example, my dual Celerons (not the FCPPGA Celeron 2s, but the original PPGA) do a very nice power saving operation under Win2K with ACPI enabled in the bios. Temperatures go down significantly...nice for hot days. I stopped running RC5 for just this reason.

Re:Security (1)

sulli (195030) | more than 13 years ago | (#142611)

Could be if the SETI@Home guys turned out to be blackhat terrorists who, discovering it's TVA, DDoS them and take out power to the South ... hey, you know, you can never be too careful when you're in the security business!

Right Decision / Wrong Logic (1)

dkemist (199970) | more than 13 years ago | (#142612)

There are enough different aspects of this to make a few points. First, regardless of any "security" implications, any employer providing PCs (and the power to run them during those off cycles) has full rights to dictate what can and can't be run on them. For example, I've seen some employers try to force people to use all the powersave screensaver options to make sure that there's no electric consumption when the PC is not in use.

Beyond that part, there's the security debate. From the quotes in the article, it would seem that the people here are quite clueless. A web-site compromise of email addresses somehow leads to "some kind of risk" associated with the client?? That doesn't quite make sense. However, another good point that was raised in another post was the fact that the SETI client is closed source. It's doubtful, but what if the evil minds at Berkely really put a 3l33t r00tkit backdoor in the latest client? There'd really be little most people could do to detect it and stop it.

Of course, that's probably being paranoid, but the bottom line is, I'd still hate to walk into a reasonably secure government facility and see the SETI screensaver going. This is probably one of those cases where people end up at the right decision, just using the wrong logic.

Re:Why not use distributed computing for more? (1)

kr4jb (200152) | more than 13 years ago | (#142613)

When I worked for [large un-named Candian Telecom giant [nortelnetworks.com] ], our management was convinced that unix workstations automatically shared their processor loads. So each manager had a nice workstation running nothing but a screen saver.

Re:Stealing as well (1)

DarkEdgeX (212110) | more than 13 years ago | (#142614)

Yes it is. CPUs run at 100% usage all of the time, even if a process or processes aren't using all of the CPU. Checkout the System Idle Process in the Windows NT task manager.

This isn't entirely true, atleast not for laptops. I don't know what kind of systems these people were using (desktops or laptops, or a mix) but newer Pentium III based laptops DO in fact have a low-power consumption mode that switches the processor to a lower clock speed to save energy. Desktop Pentium III's don't have this feature AFAIK though, so you're right there. FYI: Intel refers to this clock-speed changing energy saving crap as "SpeedStep" technology.

Plus, atleast in the case of Windows 2000, and systems setup to support it, SETI@Home may not allow the system to enter a hibernation state or 'sleep' after X hours of idle use. (Not sure about this, in any event I think you can setup certain apps or processes to be ignored for this task.)

Re:No, clueless users... (3)

cprael (215426) | more than 13 years ago | (#142621)

>> best they can come up with is, "some kind of risk"?

And that isn't a good answer? Do you expect them to analyze the Seti@home software to determine exactly what risks are involved? Do you expect them to do the same for every piece of crapware that is out there that the user "might" install on their system?

No, it isn't a good answer. The statements imply a significant amount of risk based on running Seti@Home. Technically, they're correct. Risk is a non-zero number in this case. HOWEVER, that doesn't mean that it also isn't a trivial number, something in the range of 10^-4 or more. Given the current data set (0 security breaches in 2 million users), it's more in the 10^-6 or -7 range _at worst_. So we're talking something over 4 orders of magnitude difference from what they've decided to imply.

Now, speaking as the owner of a company, I can understand what they're doing, and the policy statement behind the "why". But they _damn_ well better go sanitize the rest of the TVA for unauthorized software (that cutesy screen saver someone bought, or the bootleg copy of Photoshop your graphic artist is using to maintain your marcomm because you're too stingy to buy a license), or they're going to look like a really hypocritical mob. Just my two cents.

Re:Stealing as well (1)

Weh (219305) | more than 13 years ago | (#142622)

I'm no expert on this but I do numerical analysis type stuff at the office. It involves serious number crunching. I've got a temperature sensor on the CPU, it appears to get hotter when it has to do lots of calculations. Wouldn't that indicate that the power consumption goes up with CPU load ?

Clueless seniors (1)

Alatar (227876) | more than 13 years ago | (#142623)

Richard Chambers, TVA's inspector general, said: "If you're allowing others to tap into your computer, you have got some additional risk there."

Anthony Smith, a senior manager of TVA's computer system [said] use of the SETI program on 17 TVA computers presented "some kind of risk".

God, this would just be hilarious if it wasn't so pathetic. Sure, use of the pointless SETI program was against policy, and should have never been done in the first place...it's an example of stupid users installing software on their workstations that accomplishes nothing and increases complexity when troubleshooting is needed. But, when asked to clarify exactly what problem existed, the best they can come up with is, "some kind of risk"? God, what crap. And these guys are senior, and supposedly know what they're doing...this is the kind of knee-jerk response you expect when you put a freshly-minted MCSE in charge of a firewall. "We can't do that [desperately needed service], it's some kind of security risk." They go on to cite a breakin to the SETI web server (completely disconnected with the client, but try explaining that to these clueless morons). I hope I never, ever have to work in a shop like this.

Re:I can see thier point. (1)

Alatar (227876) | more than 13 years ago | (#142624)

Ah, but the SETI client does not "tap into your computer"...it makes an outgoing connection, and downloads data.

Risk? Uh... yeah?? (1)

jrockway (229604) | more than 13 years ago | (#142625)

The use of the SETI program on 17 TVA computers presented "some kind of risk," Smith said.

Breathing presents "some kind of risk," Jon said.
No more breathing, folks. You're a fire hazard.
--Jon

Re:Risk? Uh... yeah?? (1)

jrockway (229604) | more than 13 years ago | (#142626)

It was kind of a joke. It's funny (okay, maybe not). Laugh. ANYWAY, though... breating does HEAT the air, which means running the energy-sucking air conditioning more :)

Re:Company computers are for work. (2)

jrockway (229604) | more than 13 years ago | (#142627)

But when SETI kicks in, you're not using the machine. It actually saves the company money by not wasting CPU cycles. So there.

Re:Company computers are for work. (1)

jesseraf (230545) | more than 13 years ago | (#142630)

it costs them power though.
in all reality, it's not your decision to make.

Re:Company computers are for work. (2)

FreeMath (230584) | more than 13 years ago | (#142631)

How dare you think about enjoying work. Thou shalt be miserable. Get back to your slave labour.

Re:Why not use distributed computing for more? (1)

KagakuNinja (236659) | more than 13 years ago | (#142634)

You know, it is OK to turn those PCs off at night. They are going to be thrown out in 5 years (or less), who cares about the alleged damage caused by turning them off occasionally...

What's their OS? (1)

arfy (236686) | more than 13 years ago | (#142635)

Betcha they've lost more time to VB scripting, Outlook viruses, IE security holes, GPFs or BSODs than the silly SETI screensaver.

Heck, they've probably lost more time trying to comply with silly directives from Richard Chambers than they ever will from the SETI screensaver.

What you don't know... (1)

corky6921 (240602) | more than 13 years ago | (#142638)

Richard Chambers, TVA's inspector general, said: "If you're allowing others to tap into your computer, you have got some additional risk there."

This sounds suspiciously like a comment from someone who has no idea what SETI@Home does, and is condemning a random program that happened to access the Internet.

Think of how many people in that office probably check their bank accounts online, or send email through Yahoo! or Hotmail, or download warez or pr0n through the company's computers. Come on, what would hackers really see in a SETI@Home chunk? ("Damn, Joe now has 568 units, and I only have 565...")

Re:No, clueless users... (2)

MadCow42 (243108) | more than 13 years ago | (#142639)

I guess my real point is that the company shouldn't have to go to the trouble of even investigating if there is a security risk with Seti@home... it's not in their best interests to invest the time. After all, what corporate benefit would there be to running the Seti@home program on a few computers? (sure, if they ran it company wide, they could get some miles out of it, but not on an individual user basis)

To the Sysadmin, it's "unknown" software... could be benign, could be hazardous. They shouldn't have to be put in the position to have to make that distinction. They have better things to do (well... usually...) q:]

You and I might know enough about Seti@home specifically to be sure it won't cause a problem... but you probably spent at least 30 minutes reading up about Seti@home before coming to that conclusion. For a sysadmin that gets no benefit from it, that's 30 minutes wasted.

playing-the-devils-advocate-ly-yours...

MadCow

No, clueless users... (4)

MadCow42 (243108) | more than 13 years ago | (#142640)

>> best they can come up with is, "some kind of risk"?

And that isn't a good answer? Do you expect them to analyze the Seti@home software to determine exactly what risks are involved? Do you expect them to do the same for every piece of crapware that is out there that the user "might" install on their system?

Sure, Seti@home is mentioned specifically, but it's not a problem that's specific to that code. No Sysadmin could realistically do anything but "forbid" basically all non-company-issued software, especially those that connect to the Internet.

Now, on the other hand, if a company wanted to support Seti@home specifically, it would be feasible to test it so that they could determine the risks... but that's one out of millions of programs that the user might want to install.

MadCow.

Bustin' Hippies @ Home (1)

ip4noman (263310) | more than 13 years ago | (#142648)

> Actually, it's real simple. SETI@home is closed source. Neither the employee

> running it nor TVA management has the faintest idea what it really does.
I have a friend who's into SETI. I always tell him that he's really cracking PGP for the Feds on the most massively parallel computer every dreamed of....

Re:Ack (2)

SomeoneYouDontKnow (267893) | more than 13 years ago | (#142650)

It's the Tennessee Valley Authority, a huge federally-owned power company.

You can visit its Web site at http://www.tva.gov [tva.gov]

Company computers are for work. (1)

glrotate (300695) | more than 13 years ago | (#142651)

Not your enjoyment.

Perhaps.... (2)

JohnnyKnoxville (311956) | more than 13 years ago | (#142658)

Aliens will be more likely to contact if we make it easier to hack into our computers. In that case maybe this is all a a good thing.

Why not block the site? (1)

Datameister (322070) | more than 13 years ago | (#142661)

Why didn't TVA prevent employees from hitting the site to begin with?

Re:Stealing as well (1)

TheAwfulTruth (325623) | more than 13 years ago | (#142664)

Windows most certainly DOES idle the cpu when there are no interrupts pending, check your CPU temp with windows idle and seti NOT running. Then check it 10 minutes after seti is running. On my machine (intel) there is a 30% increase in CPU temp when running the RC5 client! That is certainly an indication of increased current usage. I finally gave it up when I realised it was costing me about $10 a month to do someone elses work :( Windows also has a comprehensive power saving system when it is set up. I now hibernate my home and work machines every night (Both desktops, works exactly the same as laptops). Unfortunately people that like to run SETI and other distributed apps are less likely to even allow their machines to go into energy saving mode and are less likely to power them off at night because they won't get their block counts. This also applies to some screen savers. We've had some people with screen savers here that are constantly going out on the web and downloading images and crap all night. Keeping the machine alive constantly. Now imagine an entire office building like that. The cost of excess power because of machines reconfigures by the employees could easily run into $1000's a year. "Stealing" may be too strong of a word, but don't underestimate the amount of "Waste" that SETI has caused...

Re:Company computers are for work. (1)

shiftless (410350) | more than 13 years ago | (#142666)

How does this save the company money? It could be argued that this actually COSTS the company money in terms of the power used to power the hard disk as it writes data to disk.

SETI Explained! (1)

K4GPB (413101) | more than 13 years ago | (#142668)

How SETI Really Works [howstuffworks.com] .

suggestions == troll? (1)

idonotexist (450877) | more than 13 years ago | (#142678)

Instead of bitching, I offer suggestions and ask for other suggestions. As a result, I am labelled a troll. I guess it is back to bitching?

Hypocrites (1)

Shortcut to CmdrTaco (460807) | more than 13 years ago | (#142681)

Why is it that the same crowd that proudly proclaims that "I will not run software for which I have no source" thinks that they have a God-given right to run whatever they please on their employer's computers, security and property rights be damned?

Grow up, kiddies. Don't work for a critical infrastructure provider if you want to run your company-owned PC your own way.

--Shortcut to CmdrTaco

Security (1)

RaboKrabekian (461040) | more than 13 years ago | (#142683)

Isn't SETI just as insecure as any internet application? What they're really saying is that "a computer being connected to the internet is a security threat."

Re:Security (1)

RaboKrabekian (461040) | more than 13 years ago | (#142684)

I agree that installing unauthorized software on a computer is a risk - but why single out SETI@Home? It sounds to me like they're just trying to grab headlines by marking one particular piece of software. When was the last time Slashdot reported that "Company X has decided to limit users' ability to install software on there system." Or even, "Company X realizes unauthorized software can pose a security risk!" So why is this noteworthy other than that the newsmakers decided to mention SETI@Home when describing their inadequacy as sysadmins?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?