

Fail Client: How Linux Fails At The Corporate Desktop - lordpenguin
http://www.thepowerbase.com/2012/07/fail-client-how-linux-fails-at-the-corporate-desktop/

======
bediger4000
This article misses the most import reason (outside of Express/Outlook, which
really is a reason): lack of checklist compliance.

Most corporate "infosec" policies require all kinds of oddities like difficult
password format, running an anti-virus, software pushes, micro-managing
browser proxy, encrypted disks, "personal firewall", on and on and on.
Corporate infosec standards are written to compensate for Windows weaknesses,
and so require a large number of tweaks to a base linux configuration.

While each of these things individually is possible, all of them together is
difficult, and non-standard and causes problems by interacting poorly. Windows
at least nominally has all the features demanded by corporate infosec
policies. Some infosec policy drone can check off a checklist of features, and
give the green light to Windows far easier than he/she/it/them can do the same
for a Linux desktop.

~~~
gizmo720
How do those changes interact poorly? A difficult password format requires a
change to /etc/login.defs. Software pushes (if I understand what you mean by
them) can be handled by the package manager (this would require the most work
as you need to set up your own repository, but I imagine that is nessasary on
windows as well). Configuring a browser proxy is done in the browser (or
system wide). Encrypted /home directorys are the default on Ubuntu, and using
TrueCrypt (or similar) fuel HD encryption is possible. Personal firewall is
handled by ip tables.

GNU/Linux, by the nature of its userbase, has been forced to tolerate far more
severe changes. The same software is used in countless configurations, on
countless operating systems, some of which are neither GNU nor Linux. And once
you have it set up, you could just make a master image and clone that to your
target machines. Or, you could make a corporate linux distro with all of these
requirements built in by default.

------
dbarnes202
his article misses the most import reason (outside of Express/Outlook, which
really is a reason): lack of checklist compliance. Most corporate "infosec"
policies require all kinds of oddities like difficult password format, running
an anti-virus, software pushes, micro-managing browser proxy, encrypted disks,
"personal firewall", on and on and on. Corporate infosec standards are written
to compensate for Windows weaknesses, and so require a large number of tweaks
to a base linux configuration."

I totally agree with that and see that on a day to day basis as well. But I
decided to keep the article short and let the debate commence. How can one
secure something like google apps if you're a huge corporate entity? Also when
your information is in the public domain and being controlled by say google.
it's easier for say the feds to obtain your data because google lawyers aren't
going to file injunctions for you or use any stall tactics. They will just
comply and hand it over. Large multinational corporations don't want that.

