Apparently (according to rumour 😉 ) half of you lot work in IT so I thought I might get a rational second opinion….

I want to have the ability to download some files from a website at work (CAD related) as and when something interesting comes up that I want to have a look at. Some of these files are staight Solidworks files and download fine, but some are a bit larger and are downloaded as zip files. My place of work (a school) blocks all non network managers (so thats all teachers, admin staff & pupils) from downloading loads of files types inc .exe files and zip files. I have been told no, never, we won’t ever give you permission to download zips as you might plaugue the place with viruses. We also can’t access dropbox and the like from within the school- same reason.

What I want to know is:-
1. In this modern day and age is this reasonable in your opinion? Obviously the school has a firewall and all our laptops and PCs are protected with Sophos AV. Is there really a danger of this, or is this a case of over cautious NMs sitting in an ivory tower?

2. Is there a clever way of downloading zips to a third party website, unpacking them there and then downloading the contents instead?

Many thanks

1) Perfectly reasonable to block access to .exe and .zip files. Even if it’s not a virus they don;t necessarily want you downloading executables that might do who knows what to the network.

2) ask whoever put them up to do it unzipped?

1. In this modern day and age is this reasonable in your opinion?

Has to be balanced against the business benefits of allowing it in context. In a school I’d say it was a reasonable position.

2. Do it at home and take a USB stick in? I suspect that is banned too though.

Is it worth the risk / hassle?

Depending on how clever their filtering software is, renaming the .zip’s to .txt’s before sending often works. (Edit: And I’ve just seen you’re talking about websites rather than email, the principle still remains intact though)

But yes, I’d see what your IT people are doing as reasonable. Your desktop Av is just one layer of defence, security is all about building up multiple layers. Think of an onion.

What’s unreasonable is them just saying no without providing an alternative solution where there is obviously a business requirement. if it was me i’d say you can’t do it ‘that way’ and provide a method where people can arrange to have zip files brought in in a secure manner.

Thanks – always good to get the advise of others who know what they are talking about rather than just accepting it or making a fool of yourself by making a fuss about a reasonable decision.

I’ll go back to them and ask if they can produce a reasonable (and time efficient for them and me) work around.

Sophos can scan inside .zip files. /shrug

If it’s a single website, perhaps they can whitelist just that site for you?

samuri – Member
But yes, I’d see what your IT people are doing as reasonable. Your desktop Av is just one layer of defence, security is all about building up multiple layers. Think of an onion.

You called?

convert – ask one of your IT geeks to download it and unpack it for you. They should have a facility (sandbox) somewhere for doing this, otherwise how could they ever install anything onto the system?

Sophos can scan inside .zip files. Not sure as I’m seeing the problem myself. /shrug

If it’s a single website, perhaps they can whitelist just that site for you?

But I guess they might say that whilst the listing of the file claims to be a zipped solidworks file it might contain an .exe. And they don’t operate a culture of trust – i.e. even though I’m a senior member of staff and relatively IT savvy I can’t be trusted not to open the exe.

convert – ask one of your IT geeks to download it and unpack it for you. They should have a facility (sandbox) somewhere for doing this, otherwise how could they ever install anything onto the system?

I can, and I guess this will be the way ahead but it’s the frustration of time delays. I can see how it will pan out…..I’m working with a kid and we find a file that looks like it might help us understand something, but I can’t download it. So I put in a request – 24hr later I’ll get a support ticket from IT telling me the request will be actioned within 5 working days. 5 days later I’ll get an email telling me the file is ready for me in a shared area. By that time, the moment has come and gone and we have found a work-around or moved on. Kids are very here and now and coursework deadlines are tight – that’s just too slow when the file was sitting right there in front of us waiting to be used. Maybe that says something about our IT support too….

Good gods.

In 2012, checking whether a file is safe or not really shouldn’t be a manual procedure performed by an IT department. Are they stuck for something to do?

I appreciate that a school is probably the single most hostile environment there is for IT so it’s not an easy job. But if my systems infrastructure meant I had to sit there all day manually downloading zip files for people in case they might contain something which might be executable, I’d sack myself for incompetence.

Think of an onion

Thats pretty much the limit of my abilities, and just thinking about one makes my eyes water.