Because the life of a virus administrator is feast or famine, time spent not in the middle of a shit-storm is spent doing extremely mundane maintenance tasks. Somehow even the inclusion of a Friday the 13th in this week did nothing to spark the script kiddies to produce a worth-while virus.

To pass some of this time, I scan our servers for non-business related material that might be deleted to free up some space. Usually, to the delight of my co-workers I’ll find a few gigs of MP3s and a few funny videos, as well as a bunch of stuff that would be disturbing enough if stored at home, nevermind on a work server.

Because employees do store presentations and other business related files on our servers, I can’t merely find all the movie files on the server and wipe them out. In that case, I would have some very irritated suit-wearing types calling in an air strike on my management chain. To avoid this, I have to open each file individually to verify whether 423adoc.mpg is a business related file or a 10 second video of a monkey drinking his own pee.

Today, there were no less than six times that I exclaimed “Oh geez!” while scrambling to close videos that employees felt strongly enough about that they stored them on our servers. There were videos of military killings of all sorts, gay sex acts that were graphic enough to make me wince, some lady repeatedly kicking a masked naked guy in the family jewels while he counted it off, and something called “cumshot blooper porno” which I had a feeling was not a powerpoint marketing presentation. There was even a huge directory of porno called simply “naughty pictures”.

As an admin, I am never really amazed at the way a typical user leaves his common sense at the front door, but I can’t help but wonder why they do it. The only two reasons that I can think for storing porno on a server at work are that they are sex addicts and can’t help themselves, or they think that the admins will never catch him or her.

As for the unfortunate sex addicted females, I can do nothing more than offer counseling. For the typical non-sex addicted users, I can only help by cluing you in to some simple but powerful facts to induce just enough paranoia to help you keep your jobs.

1. Don’t think that no one is watching: Chances are that unless you are creating an encrypted tunnel to your home machine and surfing the web from there, every site that you download videos from is being logged on a proxy server. I can see your blank expression from here. A proxy server is a server between you and the internet. It’s job is to log everywhere you go to better control where you go. So clear your temporary internet files and history all you want. It won’t cover your tracks.
2. Your home directory isn’t private: Repeat: Your home directory is not private. Yea, your buddies can’t get into it, but chances are that your manager can gain access to it simply by calling someone who always has access to it: Your administrator. One of the typical administrator’s jobs besides keeping the “Excel TV” on your desk running, is keeping the servers running. If we run low on space, guess where we look to reclaim it first? That’s right: your “private” home directories, which are usually full of Chinese music MP3s and movies of babies giving the finger.
3. Don’t be obvious: If you find a button labeled do not press, do you press it? Hell yes, you do! It’s human nature. Do you think your admins are any different? Now what do you think happens when you label a directory on a server “Private,” “Funny Videos,” or “Naughty Pictures”? Yea, that’s right. The admin gets curious. If you stored your non-business related material as Fund_C202\C202_train.mpg or [BigBossName]\[Bossname]_presentation2003″, maybe we wouldn’t even bother with it. Flying under the radar doesn’t guarantee you won’t get caught, but at least it lessens the chances. Maybe.
4. Leave home movies at home: I know you’re proud of your first born, and I think it’s really great that you have taken to videotaping every fart, burp, and gurgle, but home movies are named as such for a reason. They should be left at home. Usually, they are not only really, really boring for administrators to watch, but they are usually uncompressed and eat up huge amounts of server space.
5. Don’t make temporary judgment errors permanent: Another job of the administrator is making sure that when you errantly answer to “Are you SURE that you want to delete this file?” with a steadfast “YES,” he can recover it after you remember that it was business critical. Do you think that the admin magically pulls the data out of thin air (as he would have you believe)? No, he or she backs up all the data on the server to tape on a daily basis. So, even if you put that file on the server for a single day, it is guaranteed to be available to professionally bite you in the ass for at least 30 days (if not more) depending on the company data availability policy.
6. Admins sniff your packets (when you’re not looking): If the words “intrusion detection” or “computer forensics” sound like a something done by robots with lasers in some geeky movie that “those nerds in the basement” would see, I have news for you: They’re not. They are methods that corporations use to root out trouble employees. They use key loggers that capture every keystroke, they use sniffers that capture all communication to and from your PC, and I’ve even heard of cases where they come in at night, replicate your hard drive, and put it back in your machine without you knowing. That’s a fact.
7. A Deletion is not really a deletion: Let’s just say that you’ve heeded this warning and decided stop downloading all those funny files and porn at work. Say you even go so far as to delete all the files not only off of the server, but off your local machine. Good for you! They’ll never get you, right? Mmm No, actually. See, on a Windows machine, a deletion of a file is not really a deletion. If you think of a Windows machine’s file system as if it were a book, the request to delete page 23 doesn’t rip out page 23, it simply erases page 23 from the index, leaving page 23 in the book. A windows deletion actually leaves data there for anyone savvy enough to look for it.

Now if you are a star employee, a smart company will turn a blind eye to your monkey pee addiction or may quietly ask you to stop. If you’re not a star (like most people) and you accidentally fill up a server with monkey pee videos and it crashes, or if the company is looking to save a few bucks by firing you rather than laying you off, a good place for them to start investigating is your violations of the company policy against monkey pee videos.

Can you get around all this and store tons of porn wherever you want? I’m not going to say that it’s impossible, but it would take quite a bit of work. You can install a free file recovery tool called PCInspector to examine or recover any files that you’ve deleted that haven’t yet been overwritten. You could also use another free tool called Eraser to overwrite all “free” space on your drive to government standards to prevent others from using file recovery tools to examine them. Or, you might be able to avoid detection by using OpenSSH to set up that encrypted tunnel to your home machine and surf the web from there.

Are you seeing the amount of work that it’s going to take to learn to stay ahead of people whose jobs depend on staying one step ahead of you? Even after all that work, you might not even avoid our monkey pee sensors, anyway. Is seeing a monkey drink pee that important that it can’t wait 8 hours until you get home? Don’t say I didn’t warn you.

Be paranoid. Be careful. Befriend a Geek.

Note: I did find a sick, but funny commercial for the Ford Sportka (995 KB) (Cat lovers or the sensitive need not look).

Posted in Work