On Wed, 18 Oct 2006 13:01:17 -0400, Brad Kramer <[log in to unmask]> wrote:

>That being the case, I think it is prudent to mention that my interpretation
>of clean access is not a security tool, but rather a remediation tool.
>I personally don¹t care if a computer savvy student bypasses the agent
>install. They are probably capable of making sure their machine is patched
>and virus free.

I agree. I actually think it would be good to have something like an
"opt-out" policy. Something like "You get one shot at opt-out. If your
machine gets infected, your opt-out privileges will be revoked."

>That ³script² still does the only thing I care about for all computers, and
>that is tying a username to a mac address. IMHO that is the only true
>security function of CCA. And even that is rather limited because you are
>still relying on a student¹s username/password not being compromised.

I personally have no problem at all with that. That's a legitimate thing to
enforce accountability and prevent unauthorized use of network resources.
I DO have a problem with forcing the install of a tool on my personal
machines. That's what triggered the search for a bypass.