Analyst: iPods a network security risk

Companies should consider banning portable storage devices such as Apple's iPod from corporate networks, as they can be used to introduce malware or steal corporate data, according to an analyst.

Small portable storage products can bypass perimeter defenses like firewalls and introduce malware such as Trojans or viruses onto company networks, research company Gartner said in a report issued this week.

Analysts have warned for some time of the dangers of using portable devices, but the report points out these also now include "disk-based MP3 players, such as Apple's iPod, and digital cameras with smart media cards, memory sticks, compact flash and other memory media."

Another potential danger is that the devices--which typically make use of USB and FireWire--could be used to steal large amounts of company data, as they are faster to download to than CDs. Additionally, the size of the portable devices means they can be easily misplaced or stolen.

Gartner advises companies to forbid the use of uncontrolled, privately owned devices with corporate PCs and to adopt personal firewalls to limit activity on USB ports.

"Businesses must ensure that the right procedures and technologies are adopted to securely manage the use of portable storage devices like USB 'keychain' drives," the report states. "This will help to limit damage from malicious code, loss of proprietary information or intellectual property, and consequent lawsuits and loss of reputation."

Andrew Donoghue of ZDNet UK reported from London.

Misleading headline

Because of the headline to this story, I expected to find a juicy
article about the Apple iPod, but instead found an article on
portable storage devices and the dangers they can pose to
company networks. Another shabby writer biting off the
popularity of the iPod.

[thedoge]

Not only misleading, but biased

In fact, this entire article is pretty much "non-news". Portable storage devices have been a potential threat to corporate networks for decades - ever since the first floppy disk drive showed up on a networked PC, to be exact. An iPod is no more of a risk than any other storage device, as the article itself states.

In fact, given that iPods and other similar devices are optimized for storing music (and are therefore more likely to be used for that purpose), they're probably less of a concern than (say) USB flash memory devices, which are intended for data storage and might be more likely to either steal company secrets or provide a virus or worm infestation vector.

We get enough distortion and hype in the mainstream media. We can do without it here, I think.

Are you using your iPod to do buisness?

Then why would you think it was acceptable to attach it to a buisness PC??

Simple issue.

[198775425444042216790779840523]

No $hit

Like this is new. Great reporting. This is pretty much a no
brainer in the IT world. Was it a slow news day or something?

[drwho]

Must have been...

...a slow new day cause they are recycling other OLD NEWS as well like the article about the "100% FREE MP3's for life" one. That showed up a while ago on ZD NET Anchordesk if I recall...

[iKenny]

CNET's Apple bias

Despite the fact that this article is about portable drives and MP3
players IN GENERAL, I note that CNET takes another jab at Apple
with their misleading headline, suggesting that only iPods can
pose a security risk.
These jabs have become fairly frequent; note the other headline
about the online music store opening in
Asia: "Fee-based Web music hits Asia--but where's Apple?"
Another reader pointed out that Apple is only mentioned in two
of the 19 paragraphs; the rest of the article is about the music
downloading business in Asia. So why mention Apple at all in the
headline??

To CNET's editors: Either write about Apple without a negative
bias in non-opinion pieces, or don't write about them at all. It
only makes you look bad.

[friday04]

This is just WRONG

So some theif uses something in the wrong way and we're all made to suffer? How very RIAA of the analysts here.

I use my iPod everyday at work and sync my Outlook contacts, calendars, and tasks from my PC to my iPod. The iPod has an alarm that goes off to remind me of meetings and such, especially useful when I'm not sitting right in front of my computer all day like an analyst.

I also use my iPod to transfer large files to and from work. These files are usually 100s of MBs and burning CDs is just a poor use of time and energy.

The iPod is just as useful as the PDA or cell phone which companies have embraced. Don't knock things you don't understand. Do research first, then speak.

[gmcbay]

Clothes -- Security Risk

Breaking news!!

It turns out that employees could use pockets in their clothing to smuggle weapons into a workplace or to steal CDs containing secret corporate data.

It is recommended that clothes be banned in the workplace!


(Whatever happened to, you know, trusting your employees to not do bad things?)

[rdlink]

Very Well Put

I usually trust what Gartner says, but this borders on the paranoid and ridiculous.

ANYTHING, other than an absolutely closed system poses risks to a network. But do we want to go back to the days of dummy terminals connected to unix servers or mainframes, with no internet access? I think not. Most companies couldn't support their core business without PCs and the internet. So we take the reasonable risks of letting our employees have access to the internet, be able to use CD and DVD drives, and, as in my case, encourage them to use USB drives, since they're inherently more stable than floppies, and give you more MB for your money.

True, except for the rare instance the iPod can't be considered a business tool. But sometimes a company must realize that employee morale is worth a certain amount of risk for the good of the company.

How about if we just try to educate our users to the risk, and have them help us mitigate it.

If you're really worried about it you can set your virus scan program up to automatically scan any drive that connects to a PC. If data theft is such a concern, maybe it's time to talk to HR, not IT.

[TekSavvy]

Guess why this is ridiculous

If iPod's pose a threat to networks because they may spread a virus since they are an external drive, we should take all floppy and cd drives out of pc's as well. You can transfer a virus from any storage device, not just an iPod. 100's of virus's are transferred via floppy's, not iPod or USB flash drives, though the possibility exists with each device. If we removed all drives, we wouldn't be able to work. After you read this, just go home for the day...

[bentonbl]

Oh, My God, Lets do the time warp again

Gee, Aren't analysts smart. Just figuring out that removable media introduces vulnerabilities to information systems. The very first viruses were spread on Floppies, the (almost) original removable media. This information has only been around for 20 years or so.

[jeaninej]

You Might As Well Get Rid of Email Also

It may be more difficult to mail a virus to the office but stealing sensitive information and emailing it outside of the corporate network. Then you could also add printers, faxes, copy machines and pen & paper to the list of banned office technology, because they too can be used to steal information.

[tobyp--2008]

How Embarrassing

CNet must really be struggling to find negative news about
Apple. Even a elementary school student could identify that this
article is about "portable devices" and not only the iPod (as
insinuated by the title). Andrew Donoghue, are you trying to
out-spin Ina Fried?

Where's that darned link?

Just as I thought, can't find the "Report Offensive Content" link in the main body of the article, and my intelligence felt deeply offended by the content too.

[S R]

What else do you expect from CNET...

knowing CNET reporting team $ucks at reporting anything.. and
they always have a twist to make Microsoft look good and Apple
look bad.

[nmc]

Another bag of shite report

What can I say that hasn't already been mentioned by the good
patrons of this more and more shoddy newsletter....

FECKIN WAKE UP AND "REPORT", NOT RECYCLE BIASED/FALSE/
BAD/MISLEADING INFORMATION LIKE YOU USUALLY DO!!!!

You know, I hope your stoopid machine gets a lethal virus, you
deserve it for being an arse!