I would tend to agree. When I first was employed here and was told to
check out the software page I was never aware of such implications,
particularly with my experience at other universities where their
anti-virus was licensed for use by all students, faculty, and staff ...
on or off campus, campus owned computer or not. There was other software
available for licensed use only on campus, but that was held at a
separate file server (like we have \\files\mca and \\files\software) and
then the anti-virus solution (among others) were held publicly
downloadable via the web like our software page. I'm not suggesting we
separate them as well, but I would suggest at least separate sections on
the software page for software that is UVM licensed and for use
anywhere, UVM licensed and use only on campus, and then not UVM
licensed, but free. Just a suggestion though. Hopefully, however, the
university will think of its client-base when considering to license the
anti virus solution for off-campus... in my opinion is a much needed and
very necessary action... and it has worked out in my other experiences
at those other universities.
Bryan Fleming wrote:
> Good clarification, thanks Dean and Andrew. Is that true also of
> other licensed software such as endnote, ArcGIS and others? I'm
> looking at the specific of a personal machine for work use, and not
> using endnote to catalog your DVDs. ;) A gray area for sure though.
> So just a few thoughts worth considering..
> 1)With the VPN we can't access local networks while connected, this is
> to protect campus resources from whatever nastiness is present on your
> local network. (since many machines will route by default) But the
> computer that is connecting may have all sorts of nastiness on it
> which through the VPN can get access to the campus.
> 2)I know some staff/faculty members that bring their personal laptop
> on campus to do work. (again with the result of nastiness getting
> access to campus)
> 3)For planning for and in the event of a pandemic people are/would be
> specifically asked to be doing work on their personal machines.
> There is of course then the concern of sensitive data being used on
> compromised systems. An expensive and damaging potential problem.
> I'm not saying that antivirus is any sort of panacea, but it's one
> more part of the puzzle. Granted with Microsoft's protection now
> being free this may be less of a point than previously, but many users
> aren't aware of it as a solution.
> >From a security standpoint it looks to me like providing some sort of
> solution to staff & faculty might well be in UVM's best interest. And
> in fact may be far less expensive than privacy breach remediation and
> It seems like we should set some sort of policy with it published very
> very clearly (probably a link right on the the download for the VPN
> would be a good idea) for personal machines used for work (and there
> may be one, but the link on the vpn download still strikes me as a
> good idea), be it that it has to use protection we provide (if we were
> to update our license) or to use one of some suggested products
> ideally including at least one free solution. Perhaps adding them at
> least as links to the software download site for personal machines.
> Of course that may leave us needing to support those programs as well.
> This could be as simple (and inexpensive) as adding a link to the
> software download site to Microsoft security essentials for personal
> machines, linking a policy off the VPN download and planning to
> support security essentials. But for liability and prevention reasons
> it would seem like a good thing to make as explicit as possible.