Is there something technically forcing the privilege elevation to install a driver ?
Yes. With few exceptions, drivers need admin permissions to be installed. In part that's because they need admin permissions to run, and malicious drivers have absolutely been exploited in the past.
Some hardware (e.g. mice, keyboards, storage) don't need additional drivers to be installed, but that's because the OS uses generic drivers, or has a whitelisted source (e.g. Windows Update)
Also, you asked 3 completely different and unrelated questions:
#3 could be broken down even further, covering how/when admin is granted, as well as how devices are procured.
At my (large) employer, we absolutely would've told you to pound sand for getting that device outside of official channels and bypassing a security review. Especially since you described it as a data logger.
Why are corporate IT policies the way they are?
I thought about this the other day when asking my IT department why they won't let me carry a USB stick between home and work to be able to work from home and instead lock down the USB access and instruct me to use Google Drive instead....
I decided that most corporations only cosplay their IT security inasmuch as it only matters up to and not beyond the point of economic convenience.
If any of these companies truly cared about security, they would at the very least be using a hardened fork of Chrome with Google Services stripped out. They'd be self-hosting their own servers connected only via a VPN or some sort, etc... etc...
But that shit takes money and staff to maintain it. So they'll give everything to third parties to manage instead and then send out pop-quiz emails about phishing every couple of weeks followed by sternly worded emails when a person fails it.
(Sorry...off my anti-depressants until pay day, so I have a lot of micro rants that have built up...haha)
Microsoft and cos security is infinitely better than 99.99% of companies can manage self hosting their own stuff. They give guarantees too.
google drive because of microsoft? what?
and how is the security of google drive better than a pendrive?
https://au.pcmag.com/security/91915/dont-plug-it-in-how-to-prevent-a-usb-attack
This is one of the many reasons you’re not in charge of IT security.
executable files can just as well downloaded from google drive. and if you didn't disable autorun on the system that's on you.
Read my link. Simply plugging in a USB stick can compromise your entire business.
google drive because of microsoft? what?
and how is the security of google drive better than a pendrive?
Even if it didn’t, you can bet your IT department would have a GPO or policy preventing its installation. Why do you think that you can bring and hook up a piece of unapproved hardware that may do more than what it says without the company (who owns the device) vets it?
If it was Linux, you'd still need sudo rights to install a driver and you'll have to run through the same mousetrap, just Linux not Windows.
Though Linux has a MUCH bigger list of inbuilt drivers ready to go in the kernel
Linux distros have to ship all these drivers because otherwise someone would try that distro and say "nothing works, this sucks" if they had to go hunt for drivers to install. Windows computers really are the same way, but they're almost always preconfigured.
Market share. Basic permissions model.
Which is less time consuming and therefore cheaper.
due to corporate IT policies
I think that answers your question right there. If you got the device outside of that realm, you'd probably have no issues. Talk to your security and IT people about why that is. There are huge security risks for people being admin over their systems.
For context, I run my home computer as a non-admin user most of the time, unless I need to make some deep changes, which is not often. Maybe once a month. This saves me from accidentally installing a rootkit or other software. I run my children and wife under the same context so they don't need to worry either. Yes, it takes me a bit of time to go through and approve some updates, but that's worth it to not need to worry as much about viruses and keeping data secure.
The amount of time it takes your IT department to do something is another complaint that should be directed at them. We get those kinds of complaints constantly, but it's the fact we have everyone asking the same things or completely meaningless ones. You're in the queue, please give us patience.
This saves me from accidentally installing a rootkit or other software.
This sentence surprised me a bit. When and how often do you run that risk?
Before the last few years, I was on a lot of torrenting sites. Really before a lot of software became what we now know as FOSS, it was the way we traded software. So, there was a potential much higher then than now. I've been doing this computer thing for closer to 30+ years, so my habits come from headaches and other learned lessons.
Workers not having the ability to install any old software that they want is a feature. It’s so dumb old Timmy can’t compromise the entire companies network of devices by opening OneNightInParis.mp4.exe.
The customer for anyone selling PC components or accessories is whomever owns the PC. And if you dont have admin rights, you essentially don't own the PC.
Would you let your teenage kid approve a mechanic you don't know making changes to your car?
Laziness usually. Most people give it when pushed.
Good thing is most of these will work inside of a virtual machine. So it becomes kind of a moot issue
Windows has the market share and linux dev time means extra cost for a small market.
Gross. Tell your IT director about solutions to this problem, like autoelevate or similar. I mean there's a security tradeoff but, you can have windows prompts for admins automatically prompt an IT admin to review and enter their credentials or deny and request more info. And it's a very easy deployment for any intermediate IT person.
Edit: autoelevate DOES NOT AUTOMATICALLY ALLOW.
Christ. I mean, bad job on the devs naming it but don't downvote me based on a couple dumbass knee jerk responses. It does this appropriately. Lemmy sucks sometimes.
No competent IT director would allow that.
Maybe google it before pretending you know what it does based on the name?
Talk about something no competent IT director would do 🙄.
No change control on admin privileges.... that can't be bad right lol
there's software to do this appropriately like ThreatLocker for example but in most cases Auto elevation is a horrible idea from a security standpoint
Autoelevate does handle this appropriately.
It automatically sends the prompt to a designated group of admin users for review. It 100% removes admin rights from end user machines.
It doesn't automatically allow anything.
So many people in this thread responding to text without looking into anything -- talk about bad security practices.
I think there are multiple things called autoelevate then.
Top Google result.
that means fucking nothing these days
Actually, we do have now an approved way to get admin privileges through a dedicated application. However, on my experience if you run one installer it works, but if the installer calls for a second installer (let's say one for the driver and a ne for the software). So I end up having to still bother IT.
!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!