[gomommago]

Hi all,

My network at work has banned my MacBook Pro from our network. Their reasoning is that it might be carrying an unknown virus, and so because it doesn't have their windoze virus protection program installed it's not allowed to play with the other computers. tptptptp Is this valid? Is there a way I can get into the network in order to get internet access without them knowing it's me (our network is wired, and I think they've shut me out based on my ip... but I'm not really clear on how it works, they've just installed iBoss and I think that's what might have somehow tattled on me)?

 

[a7mc]

Your IT dept are just being a$$holes. They need to do something to keep their jobs... if everyone at work saw how great your Mac was, they would be out of work.

They likely blocked you by MAC Address. You can maybe try this to spoof your MAC address: How to spoof your MAC address in Mac OS X

A7

 

[CubaMark]

Mother*****s. I came across stories of this happening, but not recently. Your IT folks are morons.

Download and install ClamXav (a great, free anti-virus program). Set the preferences to automatically update preferences daily, set the ClamXav Sentry to launch on login, and set a Quarantine folder (explore all of the options, but these are the key items). Be sure to add the folders you think you need to scan (like Mail download folders, or the general Downloads folders, or even the entire HDD).

Then show your brain-dead Windows-NT-loving PepsiMax drinkin' PlayStation obsessed IT dweebs that your Mac is now protected, and tell them to remove whatever restriction they've put in place to block your machine.

I used to say that you should confront such people with facts, evidence, etc., but they're kind of like Tea Partiers. Reality doesn't square with their worldview, so it's better to just go around 'em (as legally as possible).

Good luck...

 

[eggman]

Hi all,

My network at work has banned my MacBook Pro from our network. Their reasoning is that it might be carrying an unknown virus, and so because it doesn't have their windoze virus protection program installed it's not allowed to play with the other computers. tptptptp Is this valid? Is there a way I can get into the network in order to get internet access without them knowing it's me (our network is wired, and I think they've shut me out based on my ip... but I'm not really clear on how it works, they've just installed iBoss and I think that's what might have somehow tattled on me)?

Yes it is "valid" - it is their network, not yours. They get to make the rules - even silly ones. They are responsible for maintaining the network - they have (mistakenly I agree) decided that adding a Mac to the mix is a vulnerability. Your Mac could (though it is unlikely) transport malicious code (that would not affect it in the slightest) which could then get distributed to others on the network (same as if you brought it in on a big, expensive, designed in California USB key.)

Installing ClamAV (which I also agree with) may not (and legitimately NOT) be enough for them - because it is not the same as what they have chosen to protect the rest of the network (unless they've chosen ClamAV for Windows and they're installing the updates in sync with your configuration).

Getting around their security attempts by MAC address spoofing isn't a good idea - especially if your workplace has any kind of Acceptable Use Policy (did you have to sign anything when you started there?). If you have one of those disabling or evading a security measure could easily be grounds for dismissal or discipline - remember - it is not your network.

I would suggest reading up on iBoss (if that is the product being used) a quick glance at what I'm guessing is their web page would indicate that there are several ways that surfing with a Mac could get detected by this, and MAC address spoofing won't avoid all of them. This was the first time I've heard of iBoss - it appears to have won some awards from education groups for "'protecting" schools/small businesses. Your apparent lack of familiarity with the technology does not bode well for any kind of sustained "hack" in this situation - if you succeed in getting through this stuff the first time.

Networks/infrastructures are large complicated things - your IT people are just trying to keep their lives simple and their stuff functioning well (as well as it can anyway...) - the exact same way Apple does - but only supporting a small subset of hardware and software...

If you're desperate to surf - either use their machines, or walk to a coffee shop with your MBP. If work is insisting that you provide the machine - then you have a case (though you may have to take it to the executive, not to the IT Dept.) that you should be allowed to have your properly configured Mac on the network. You may find out that the executives are already talking on their iPhones and typing on their iPads and are quite willing to look at allowing Macs into the workplace.

Good luck, and be careful.

 

[fjnmusic]

I get the same attitude from
IT and administration, and I am a teacher in the school system. If the schools switched to Apple, the IT dept would be redundant, or much smaller at least. Rather than use the POS Lenovo thinkpad they provide, I just use my MacBook, tether it to my iPhone for Internet access ( up to 6 GB a month) and then I don't worry about limitations. Our school has a no-cellphone policy, but oh well. It's not a phone; it's a breakthrough internet device.

 

[pcronin]

I get the same attitude from
IT and administration, and I am a teacher in the school system. If the schools switched to Apple, the IT dept would be redundant, or much smaller at least. Rather than use the POS Lenovo thinkpad they provide, I just use my MacBook, tether it to my iPhone for Internet access ( up to 6 GB a month) and then I don't worry about limitations. Our school has a no-cellphone policy, but oh well. It's not a phone; it's a breakthrough internet device.

Speaking as a member of the IT dept, no.
Eggman has it right, it's THEIR network. They have policies in place for a reason. Our particular policy involves NO personal machines on the network. Be it a windows, mac, or handheld device, if it isn't provided by us, it isn't networked.

If you're bringing in a personal machine, especially as a teacher, you're opening yourself up to a whole mess of worms. Virii are the least of your(or the IT dept) worries.

I doubt iBoss has anything to do with any blocking going on, as it's easy to find out what kind of computer is on your network by checking the DHCP server to get the MAC address, googling the MAC and finding out manufacture info. Or, they could have just seen the unauthorized computer on your desk while doing something else and decided to be non confrontational about it.

This attitude of the OP and the others supporting him are the reasons the kiddies think that (insert crazy website here) is so totally ok for school, and the schools are so (expletive) (derogatory term) for thinking we should be on it. This is like saying that it's OK to take money from a cash register because it's open, or because you know how to get it open. It's against the law, and at work/school, the policy is the law. (Just like Judge Dread.)

Despite what people here think, logic and reasoning are what make the best IT folk around. In this case, they have logically concluded that as they don't have admin rights to your machine to make sure all security patches are up to date and because they maybe don't have a OS X version of their chosen AV solution, that it is safer for all to no longer allow access.

fjn, I appreciate your resourcefulness as a fellow tech enthusiast, however I hope no one in your school/district's IT dept is on this site. Knowingly violating policy, publicly bragging about it, circumventing internet access policy... well it could be an outcome very unfortunate for your career.

 

[Dennis Nedry]

[deleted]

 

[pcronin]

Wow.

Frankly, this entire thread should probably be nuked into a thousand glittery pieces. Circumventing corporate IT policy is not what Ehmac is about. This isn't a request for "help". It's a request for digital break & entering.

-DN

+9000 This.

 

[bsenka]

I get the same attitude from
IT and administration, and I am a teacher in the school system. If the schools switched to Apple, the IT dept would be redundant, or much smaller at least. Rather than use the POS Lenovo thinkpad they provide, I just use my MacBook, tether it to my iPhone for Internet access ( up to 6 GB a month) and then I don't worry about limitations. Our school has a no-cellphone policy, but oh well. It's not a phone; it's a breakthrough internet device.

I know several people who do similar things. People have got work to do, and they're sick of having the systems always locked down to the point of having to track down an IT person everything they need to change something, only to get nothing but grief from them anyway.

So they bring their own machines in, work on those, then transfer the files to the network with a USB drive. No regrets.

 

[krs]

I can just see it - instead of a PC vs Mac thread this is becoming an IT vs User thread.

My company with 90 000 employees worldwise used to use Macs throughout except for some very specific production and development areas which were Unix at the time.
Everything went well, the location I was in had 2000 employees with one support person looking after the telephone system and the computers.
Then some VP decided to switch the whole company to PCs because of cost savings - supposedly. That was in the Windows 95 timeframe.
Productivity went out the Window, in my location they had to boost the IT staff to eight (!) (from essentially 1/2 a person with the Macs and those eight still couldn't handle all the trouble calls. It usually took half aday before they managed to come around to fix the Windows machines at the time, but what surprised me most (and the reason I'm posting this) is that the IT guys in out firm at least, had no clue how their users actually used the computers.
Simple example - I worked with MS Word, Excel, Powerpoint, Outlook and FTP access to a remote database all at the same time with the Macs.
When we switched to PCs at the time, one could not do this - the machines would constantly crash.
ITs solution was to close each application before opening a different one. For them that was "normal operation" - for us in Product Management that was just unacceptable - it would take us five times as long to do a job if we couldn't keep multiple applications open. Big conflict between IT and users.
I have no problem with IT controlling the network and deciding what can be connected and what cannot, but their lack of appreciation of the user requirements is sometimes shocking.

 

[Dennis Nedry]

[deleted]

 

[fjnmusic]

I know several people who do similar things. People have got work to do, and they're sick of having the systems always locked down to the point of having to track down an IT person everything they need to change something, only to get nothing but grief from them anyway.

So they bring their own machines in, work on those, then transfer the files to the network with a USB drive. No regrets.

Agreed, bsenka. I think the previous dude totally missed the point of what I said. I am using my own machine with my own Internet access so there is absolutely no contact with the school's wifi system and hence zero risk of "contamination." There is no violation of any user agreement with the school system. More kids do this today too with rocket sticks and laptops; it's really no different than bringing your own calculator or iPod Touch.

It also means I am subsidizing the school's resources by a couple thousand dollars out of my own pocket, but I would rather have technology that I know works. What the school district has chosen to invest in, namely Windows XP machines and smart boards, just doesn't cut it from a teaching stand point. 6GB/month of 3G access is plenty for me to what I need to do, and if IT doesn't like it, I'd say they've kind of missed the point of the curricular technology outcomes.

 

[pcronin]

Agreed, bsenka. I think the previous dude totally missed the point of what I said. I am using my own machine with my own Internet access so there is absolutely no contact with the school's wifi system and hence zero risk of "contamination." There is no violation of any user agreement with the school system. More kids do this today too with rocket sticks and laptops; it's really no different than bringing your own calculator or iPod Touch.

It also means I am subsidizing the school's resources by a couple thousand dollars out of my own pocket, but I would rather have technology that I know works. What the school district has chosen to invest in, namely Windows XP machines and smart boards, just doesn't cut it from a teaching stand point. 6GB/month of 3G access is plenty for me to what I need to do, and if IT doesn't like it, I'd say they've kind of missed the point of the curricular technology outcomes.

So I see you're an anarchist. That's cool, I used to be one too. The point you sir are missing, is that if you read your policy regarding circumventing web filters and the dept firewall. It's not all about a risk of 'contamination', but the *possibility* that you or someone else would use your outside 'net to do something nefarious, look at porn, or otherwise break the law. Does your school let kids sit in class and txt or surf the web on their phones? If so, then maybe what you're doing will be fine with administration/IT. If you as a teacher have to remove these "breakthrough internet device"s, then maybe you should have a think or discussion with your policy makers about the why on that.

The Dept of Ed IT is *all about* curricular tech outcomes. That's why we exist. You should be able to *request* a MB/P through the appropriate channels, and then it will be controlled and supported by IT. I know you all like to think Macs never have issues, but please be realistic. I have fewer calls for the Macs around my buildings it's true, however when I *do* get a call for them, it's quite the doozy. As Dennis said, when a PC fails, normally it takes 20 minutes to grab a spare box and re-image and go. When a Mac fails, aside from not being able to swap parts (easily/without voiding warrenty) and it taking usually at minimum a week for the local apple service center to get it back to us, I would then have to do a full OS and application reinstall.

 

[fjnmusic]

So I see you're an anarchist. That's cool, I used to be one too. The point you sir are missing, is that if you read your policy regarding circumventing web filters and the dept firewall. It's not all about a risk of 'contamination', but the *possibility* that you or someone else would use your outside 'net to do something nefarious, look at porn, or otherwise break the law. Does your school let kids sit in class and txt or surf the web on their phones? If so, then maybe what you're doing will be fine with administration/IT. If you as a teacher have to remove these "breakthrough internet device"s, then maybe you should have a think or discussion with your policy makers about the why on that.

The Dept of Ed IT is *all about* curricular tech outcomes. That's why we exist. You should be able to *request* a MB/P through the appropriate channels, and then it will be controlled and supported by IT. I know you all like to think Macs never have issues, but please be realistic. I have fewer calls for the Macs around my buildings it's true, however when I *do* get a call for them, it's quite the doozy. As Dennis said, when a PC fails, normally it takes 20 minutes to grab a spare box and re-image and go. When a Mac fails, aside from not being able to swap parts (easily/without voiding warrenty) and it taking usually at minimum a week for the local apple service center to get it back to us, I would then have to do a full OS and application reinstall.

You think I didn't already try that route? We had a lab's worth of older G3 Macs three years ago that we used for iMovie and such, only to have them disappear entirely when I was away for a year. And they didn't have problems either, but in my (red)neck of the woods, they don't take too kindly to Macs in any form. I have requested one teacher Mac many a time and was denied, so I finally bought my own MacBook, which I use everyday, for both my teaching gig and as a gigging musician. My district is fine with me using my own MacBook as long as it's a stand alone machine and not jury-rigged to the school's wifi, which is exactly how I use it. They don't have a problem with this arrangement, so I'm not sure why you do. In fact, my school thinkpad had to rely on my airport express plugged into the school's ethernet, with the district's temporary blessing, for a while until they could configure it properly. Temporary in this case was about two months. This is why I am a fan of Apple tech; it "just works" a heck of a lot more often than what our IT department has bought into.

 

[pcronin]

You think I didn't already try that route? We had a lab's worth of older G3 Macs three years ago that we used for iMovie and such, only to have them disappear entirely when I was away for a year. And they didn't have problems either, but in my (red)neck of the woods, they don't take too kindly to Macs in any form. I have requested one teacher Mac many a time and was denied, so I finally bought my own MacBook, which I use everyday, for both my teaching gig and as a gigging musician. My district is fine with me using my own MacBook as long as it's a stand alone machine and not jury-rigged to the school's wifi, which is exactly how I use it. They don't have a problem with this arrangement, so I'm not sure why you do. In fact, my school thinkpad had to rely on my airport express plugged into the school's ethernet, with the district's temporary blessing, for a while until they could configure it properly. Temporary in this case was about two months. This is why I am a fan of Apple tech; it "just works" a heck of a lot more often than what our IT department has bought into.

I've only a problem with your initial attitude. If you in fact have the IT dept's blessing, then more power to you. You never mentioned "permission" before, you just stated you did it and damn the man. I'm surprised they blessed having an AP that wasn't configured and controlled by them, but if that's the case, again, more power to you. I feel sad that your techs didn't get to the issue for two months. That is defiantly way too long to let an issue like that go.

For the lab, the only thing I can think is they saw their age, and the fact they no longer had support for security and such, and couldn't have the newer versions of the OS installed. As for being denied, I don't know how your prov works, but here they have Innovative Learning Funds where teachers request whatever random tech they want. There are many teachers here running around with MB/Ps that even have boot camp and have hardly booted into OS X. I think they just wanted the shinny, but that's another story.

The attitude of the OP and the first couple of responses is the biggest issue in this "struggle". We in IT are not mac hating orgers. A lot of us believe in best tool for the job, even if some people don't agree. The policies are in place to protect everyone involved, just like laws in everyday life. Not all laws make sense, or are agreeable.

 

[bsenka]

We in IT are not mac hating orgers. A lot of us believe in best tool for the job, even if some people don't agree. The policies are in place to protect everyone involved, just like laws in everyday life. Not all laws make sense, or are agreeable.

The problem is, in most workplaces, most of the IT people ARE Mac haters, and their policies are seldom in place for any other reason than to stroke their egos. They are usually control freaks who have no one to blame but themselves if people get tired of it and just ignore the edicts.

 

[pcronin]

The problem is, in most workplaces, most of the IT people ARE Mac haters, and their policies are seldom in place for any other reason than to stroke their egos. They are usually control freaks who have no one to blame but themselves if people get tired of it and just ignore the edicts.

Remember that when you're in the unemployment line for breaking policy. Try telling people in your next interview that you were fired from your last job because you ignored policy. This is the entitlement attitude I was referring to.

On the other side of the coin, just picture what would happen without the tight controls. Virii run rampant on any Windows based machine, which will bring the network to a crawl and even the nice shinny "immune" Macs won't be able to do anything.

I doubt there are really "haters". They see the management tools for Windows, and have invested time, energy, and money in learning the Windows world, as that is where the jobs are. You bring in a Mac or 12, and now they have to convince the budget folk to not only buy the machines, but also buy an OS X server, pay for training and give them the chance to actually learn something new and alien while still working the 40+ hours/week it takes to be an IT professional.

Take whatever you do for a job, and how you've done your job for the last X years. Now imagine there was a similar but quite different way of doing your job. Now picture your reaction when you're faced with having to learn the new way of doing it at the same time as continuing to do your full time job the same way. Realize that you're not going to have anyone new hired to help with the workload, no assistants or interns, and even the probability that the multiple hundreds of dollars worth of textbooks and CBT/online courses comes out of your own pocket and your own evenings and weekends. Are you going to jump at this new learning with no raise? I didn't think so.

 

[fjnmusic]

I've only a problem with your initial attitude. If you in fact have the IT dept's blessing, then more power to you. You never mentioned "permission" before, you just stated you did it and damn the man. I'm surprised they blessed having an AP that wasn't configured and controlled by them, but if that's the case, again, more power to you. I feel sad that your techs didn't get to the issue for two months. That is defiantly way too long to let an issue like that go.

For the lab, the only thing I can think is they saw their age, and the fact they no longer had support for security and such, and couldn't have the newer versions of the OS installed. As for being denied, I don't know how your prov works, but here they have Innovative Learning Funds where teachers request whatever random tech they want. There are many teachers here running around with MB/Ps that even have boot camp and have hardly booted into OS X. I think they just wanted the shinny, but that's another story.

The attitude of the OP and the first couple of responses is the biggest issue in this "struggle". We in IT are not mac hating orgers. A lot of us believe in best tool for the job, even if some people don't agree. The policies are in place to protect everyone involved, just like laws in everyday life. Not all laws make sense, or are agreeable.

If it were simply about the best tool for the job, we would see far more Macs in the school system, as we did long long ago. But it's about the least expensive solution where I work, not the best one, and methinks the downtime and purchase and maintenance of anti-malware software and lack of ability to customize any of the district machines, as well as regular interruptions of service, has to be a cost to consider as well. These PC's may cost less initially, but they cost way more over the long haul. If I can run my own network at home with an iMac, two MacBooks, two iPads, two AppleTV's, as well as an iPhone and iPod Touch, no anti-virus software at all, and have these computers on and available all the time without running into issues, I don't see why the education system can't. Seems more like fear of change to me. The world will change as Mac/Apple adoption increases whether IT is ready or not, my "anarchist" use of my own MacBook tethered to my own iPhone as a case in point.

For the record, I have nothing against the IT people themselves, who can be very helpful. However, they do tend to be myopic when it comes to new and emerging technology, ironic as that sounds. Ralph Fowler school in St. Albert, by contrast, has tried a very interesting policy this year, where students are required to have an iPhone/iPod Touch (which they can even borrow from the library) so they always have access to internet information sources. There's something to be said for having a computer in your pocket, for a fraction of the price of ThinkPad. All that's needed is internet WiFi access and some vision.

 

[CubaMark]

...just picture what would happen without the tight controls. Virii run rampant on any Windows based machine, which will bring the network to a crawl and even the nice shinny "immune" Macs won't be able to do anything.

Don't have to "picture it"... I once worked with a national organization that assigned me a DULL laptop. When it and the rest of the corporate network went down due to a virus (for three days!) I was the *only* one in the eastern Canada office able to work... because I always had my own Mac laptop with me, with internet access via a nearby WiFi café.

I doubt there are really "haters".

Seriously. 15 years dealing with an unnamed Halifax University's computer network gives me ample evidence that your doubts are not based in real-world experience. Don't get me started....

As for the OP (who has vanished, methinks?), my initial reaction and choice of terminology was perhaps a bit too strong... but I have years of frustration in dealing with IT people who for whatever reason just didn't "get" it, or were purposefully obstructionist. The solution I offered involved consultation with the IT folks - cooperation is always better than confrontation, especially with geeks who have total access to your data, email, etc.

 

[CubaMark]