I recently visited a university for an event where I was expected to bring a computer and do work using the campus wifi. On first connection, I was asked to download a "SafeConnect Policy Key" (.exe) which, according to its description, was designed to verify the degree to which I engage in what the University viewed as proper information security practices, such as applying all patches and updates to the operating system and running an acceptable antivirus.
So in order to prove that I have good information security practices, I'm supposed to download and run an .exe file from an unknown author? It seems like that should be an automatic failing mark, not a mandatory requirement.
Further, as far as I can tell this is executable software which would continue running on my computer forever, with no clear way to remove it, reducing performance and causing who knows what other issues, even though I'm only planning to be performing duties for this nonprofit at this location for a day or so.
This is a common requirement at many universities. UCSC has a description of its operation here. UNC doesn't explain well how it works but provides an installation guide including instructions to provide administrator credentials and/or override security warnings from the operating system.
Requiring these steps seems like a poor way to secure or teach about cybersecurity, but this seems to be a common policy at lots of institutions, and I can't change that requirement at any of them. (Nor was there a good way of knowing about these requirements in advance of arrival).
What is the most appropriate response to such a situation?