>They might be accepted as helpful in some situations, but many security professionals would weigh the privacy against added help and recommend against them in this context.
I strongly disagree that there's any privacy loss. Internal IT staff could look at your browser history and traffic if they really want to anyway (and often they are required to in specific circumstances). Why is getting IDS alerts somehow worse than this?
I would have an issue with my ISP deploying a universal IDS, but it's a different story for my employer.
>Many, hopefully most, security professionals would also disagree with requiring AV on all endpoints.
There are certainly much better endpoint protection solutions, like whitelisting agents or virtualizing everything, but those are typically difficult to deploy in a large enterprise. Are you suggesting an enterprise should have no endpoint protection at all? If better anti-malware solutions aren't an option, you need something in the meantime. It'd be rather embarrassing if your entire network gets hit with a wormer circa 2005 because you have no AV and it slipped past your other controls.
I don't run AV on my home computers, but I am very glad it's deployed on my company's endpoints.
> I strongly disagree that there's any privacy loss. Internal IT staff could look at your browser history and traffic if they really want to anyway
They could, but then they would be doing naughty things (possibly breaking the law).
Also the relationship in academia between scientists/research groups and their host organization's administrative staff is often very different than the relationship between the typical corporate drone in an enterprise and the IT department.
In this case we see that the staff is revolting because of just this issue.
Re the "AV on all endpoints" question, I referring to possibilities outside the typical enterprise IT swamp. Increasingly endpoints aren't Windows PCs. Sometimes you don't have any of those.
I strongly disagree that there's any privacy loss. Internal IT staff could look at your browser history and traffic if they really want to anyway (and often they are required to in specific circumstances). Why is getting IDS alerts somehow worse than this?
I would have an issue with my ISP deploying a universal IDS, but it's a different story for my employer.
>Many, hopefully most, security professionals would also disagree with requiring AV on all endpoints.
There are certainly much better endpoint protection solutions, like whitelisting agents or virtualizing everything, but those are typically difficult to deploy in a large enterprise. Are you suggesting an enterprise should have no endpoint protection at all? If better anti-malware solutions aren't an option, you need something in the meantime. It'd be rather embarrassing if your entire network gets hit with a wormer circa 2005 because you have no AV and it slipped past your other controls.
I don't run AV on my home computers, but I am very glad it's deployed on my company's endpoints.