44

I'm part of a small office in the middle of nowhere, and we just got absorbed into a large mega corporation.

Sometimes we watch porn, at the office, on company computers, using the company Internet. It makes good for a good background distraction. (I know I'm not the only one who does this so don't judge me.)

No, there are no filters or blocks in place. (No Websense, etc.)

I like this situation and don't want to screw it up by inadvertently getting a virus, spreading throughout the company and forcing them to solve the "problem" by blocking the sites.

So my question is: How can I watch porn safely, and not infect corporate data?

(Hint: saying, "No, don't surf porn at work" isn't an answer. I'm asking on behalf of colleagues that won't change their ways.)

Full disclosure

This story above is inspired by a person who approached me during a company acquisition of a branch office. I added humor and nuance to describe their desired ways of working so that I can use this knowledge to protect the truly vulnerable victims of indulgent and destructive behavior. I was the guy who worked at the acquirer.

Tsundoku
  • 127
  • 1
  • 5
TLDR
  • 700
  • 1
  • 7
  • 17

9 Answers9

39

The same way you shop online without getting your CC details stolen. Buy from reliable vendors that have established reputations as legitimate businesses. Don't go places where they are trying to bait people in to generate bot nets and steal personal info. If a deal is too good to be true, chances are good that it is.

That said, security also involves considering the other risks and there are other major potential issues that may arise, including legal issues that may actually make the situation illegal. It could very easily result in what would be considered a hostile work environment and could potentially run afoul of sexual harassment laws depending on where you are, so that should also be considered. (Even excessive crude joking can get companies in trouble in some locations.)

This is generally not a good idea for multiple reasons regardless of if you can do it securely or what you feel about porn personally.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • Fair point, @AJHenderson. The Big List of Porn (tblop) has been featured in [Lifehacker AfterHours](http://afterhours.lifehacker.com/tblop-is-a-safe-and-malware-free-portal-for-all-your-po-1558709124). That's a more credible link you may want to click first before the actual big list. – skytreader Jun 27 '14 at 20:24
19

Same way you can watch any other other website safely:

  • Use a modern and updated browser.
  • Do not download anything from a source you don't trust.
  • Do not run media plugins like Flash and Java by default.
  • Do not run media plugins like Flash and Java on a site that you don't trust, at all.
  • Do not under any circumstance install or run Adobe Reader, it is virtually one big security hole. If you need to read PDF files there are alternatives like the simple reader built into Chrome, or Foxit Reader which can also do a bunch of advanced stuff.
  • Do not grant any kind of permission to a site you don't trust.
  • Do not grant any kind of permission to a site you do trust unless you are certain that it actually originate from legitimate content which you need to access.
  • An ad blocker will mostly block one of the common attack routes, that is malware infested ads, but if you are following all the other advice correctly it shouldn't matter much as Flash ads are blocked anyway.
aaaaaaaaaaaa
  • 1,027
  • 6
  • 8
  • Java might be a risk, but Flash is so common and widely used that any exploits would get you anyway, on any website (shady ad networks, or shady ad providers on reputable ad networks, etc etc) – Joel L Jun 28 '14 at 20:18
  • @JoelL What is your point? It doesn't matter how many Flash ads are on pages you visit as long as you allow none of them to run, in that case the can't hurt you. – aaaaaaaaaaaa Jun 28 '14 at 20:57
  • — I mean that there aren't any real-life Flash issues that would force people to *always* block Flash. If there was, most computers browsing the web would get infected immediately. Of course disabling things does increase "theoretical" security, but I wouldn't say that's in any way a requirement for safe browsing. – Joel L Jun 28 '14 at 21:01
  • 3
    @JoelL Flash exploits have arisen from time to time. And your spread logic is flawed, Flash is everywhere, but only a tiny fraction of the Flash elements are under rouge control. You'd have to run a Flash with a known hole and come across one of the rouge elements at the same time to get infected. Thus you have to be unlucky, but it definitely happens. – aaaaaaaaaaaa Jun 28 '14 at 21:30
  • I really like this answer. Assuming the OP's network traffic is not being monitored (and that's a big IF), good browsing habits like keeping the browser up to date and not downloading (just viewing) should keep him safe. – Mark Micallef Jun 30 '14 at 04:06
  • This comment chain is interesting to read back on in 2018 when Flash is all but obsolete due to security concerns. – Monica Apologists Get Out Dec 19 '18 at 20:56
17
  1. Set up an intermediate Tor VM, one side connected to outside, the other to a dedicated virtual network.
  2. Set up a porn watching VM (with tissues included), connected to the Tor VM via the dedicated network.
  3. After the VM #2 is fully set up, power it down and take a snapshot.
  4. Power it up.
  5. ???
  6. After you've enjoyed all the great educational videos, power the VM down and revert back to the snapshot. This can be done automatically on e.g. VirtualBox.

Let us know whether this works for you!

Dmitry Janushkevich
  • 992
  • 5
  • 10
  • 13
    Why Tor? He said there's no filtering/monitoring to avoid. It would be incredibly slow and put unnecessarily load on the network. – Jeremy Jun 27 '14 at 23:17
  • 1
    Tor is there to isolate and proxy the dedicated host-only network. One can install a HTTP proxy instead as well, or maybe use a VPN, but for me setting up Tor is easier. Also, there are pre-built Tor VMs on the net for grabs, which should save some work on setting up. In theory, one could also use both Tor and browser on the same VM. – Dmitry Janushkevich Jun 28 '14 at 08:22
13

It's a myth that pornsites are more risky to use than other website when it comes to malware. A report published by Symantec in 2011 identified that you can get malware from pretty much any kind of website, even those which can be work-related for many professions. Pornsites did in fact rank lower than many other categories of websites. Most infections originated from reputable websites which got compromised by hackers to spread malware.

That means when your company expects anyone to use the web for any purpose, your network admins should take precautions to protect your workstations from malware. Now that you got acquired by a larger corporation which likely has a professional IT staff, they will likely soon start doing this.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • 9
    This may be true, but porn is a standard vector for social engineering attacks, presumably because users are more likely to open/run a document that claims to give them access to porn. – Ari Trachtenberg Jun 27 '14 at 15:30
  • 2
    @AriTrachtenberg frankly, I'm _less_ likely to open/run a document that claims to give me access to porn. – John Dvorak Jun 28 '14 at 10:36
6

I too, like s3x. Is nice. But, I don't watch a pr0n at work and suggest that you avoid this activities, especially if you cannot get a quickie along with it. However, if you still want a eye relief at work, I suggest the following:

  1. Get a sandboxing software like bufferzone pro or sandboxie. Run your browser from the sandbox. Delete the contents of the sandbox when you are done.

  2. Use firefox with noscript plugin as your pr0n browser. This block many active contents such as java, flash etc. When you go to pr0n site, tell noscript to only enable scripts which will enable the video to play. Its easy to figure out this process.

Note that sandboxes or VMs don't guarantee 100% security because its possible for malware to detect if they are running inside a VM and maybe even escape it. I don't know how easy it is or if it has happened, but its something to be aware of. Google this - anti virtual machine, OR virtual machine detection

Here is a link on malware with VM detection - http://blog.malwarebytes.org/intelligence/2014/02/a-look-at-malware-with-virtual-machine-detection/ A SO post on VM detection - https://reverseengineering.stackexchange.com/questions/1686/how-to-detect-a-virtualized-environment

I hope your are not work for NASA, DARPA, CIA and such. If not, then I still suggest that you get big mobile phone for this purpose. You can go to restroom for "break".

Community
  • 1
Erran Morad
  • 161
  • 4
4

Try installing sandboxie http://www.sandboxie.com/ and running your browser through it. Also enable the option when the last program closes to delete all the sandbox contents. I believe the free version should suffice.

Naturally all the usual advice applies, get familiar with the software, take care of your antivirus etc and be extra cautious about what you do.

voger
  • 141
  • 2
1

Do you really need to use your work machine for pr0n? Can you use your personal cell phone / tablet / computer? That is the preferred approach here.

If not (got that urge), I recommend Chrome Incognito Mode in the browser. Use Chrome. And a consistent pr0n site that hasn't caused problems for you in the past. Do your homework, don't just google what you are searching for, for example.

Ideally you should reserve this type of activity for personal devices... otherwise you're flirting with trouble.

schroeder
  • 123,438
  • 55
  • 284
  • 319
AckSynFool
  • 111
  • 4
-1

Use a free VPN to protect yourself against the sysadmin.

Visit only reputable sites to protect against malware (what you asked).

Make sure your desk is not against a window because glass reflects.

Only watch. Wanking is unprofessional. Pentesting is ... gray area, as in "much better".

Also VMs and spoofed MACs are a good idea indeed.

Vorac
  • 1,817
  • 3
  • 20
  • 27
  • 1
    VPNs and VMs are already covered by many other answers with much more detail and relevance. The rest is about not getting caught while at work, and "professionalism", which is explicitly out of scope of the question. You don't explain your "spoofed MACs" comment, but that appears to be unrelated to the question or anything else you mention in your answer. – schroeder Aug 03 '20 at 07:44
  • @schroeder thank you for the constructive criticism. The point of my answer is "concise and to the point", not that I am introducing marvelous information. Do you think I should remove it? – Vorac Aug 03 '20 at 08:05
  • 1
    It's just not adding anything. You don't provide relevance, explanation, focus, and you're not on point. It's not quite an answer. – schroeder Aug 03 '20 at 08:08
-1

A USB with Tails as OS. The Amnesic Incognito Live System (Tails) was built for safety and confidentiality. It even has a Tor browser built-in.

Assuming you are in the office: It will be better to use your phone's Hotspot.

Obligatory: Please, don't surf porn at work

Blind2k
  • 14
  • 3
  • Since the context is that they are using the company computers, I don't think that a new OS would be possible. Using the hotspot won't protect the computer from viruses or passing them on to the network when connecting back to the corporate network. – schroeder Jul 15 '22 at 19:51