Welcome to the SecAware blog

I spy with my beady eye ...

24 Dec 2008

Ultraportables - are they really "special"

"Ultraportable" lightweight slimline laptops are all the rage, apparently (I've been using them for years already - ahead of my time maybe, or just wary of the old luggable portables?). A Computerworld piece "Small laptops pose a big security threat" claims that because they run with "a stripped down" Linux or Windows XP operating system instead of, presumably, Vista, they are inherently insecure. Well maybe there are drawbacks but I'm not entirely convinced that they are significant - properly configured, I would rate XP and Linux at least as if not more secure than Vista.

On the physical security front, there are arguments both ways. Ultraportables may have less physical protection making them more vulnerable to knocks (less so the ones with solid state hard drives) and they are perhaps more likely to be lost or stolen due to their portability. On the other hand, I carry mine in a standard briefcase or portfolio rather than an obvious "laptop bag", making theft less likely I hope.

The article's comments on WiFi and USB connectivity are irrelevant since the same applies to standard laptops and I really don't agree with the author's comments to the effect that ultraportables are treated carelessly like toys, except perhaps in the case of the very cheap ones anyway. The truth is that, for many years now, the value of personal and corporate data on the average PC has far outstripped its hardware replacement value. The equipment is, in corporate terms, disposable with near zero book value though the data on it or accessible from it may well be the most valuable asset [not] on the company's books.

The article's final points about the need for user security awareness ring true at least.
"Employee education in acceptable-usage practices is a must, regardless of the IT security systems used, Enderle says. Leja agrees. "You have to count on continual security awareness," she says. "Make sure that [students or employees are] being conscientious, and then use the few tools that do exist to help."
Hear hear!

No comments:

Post a Comment