Many IT Managers Don't Use Security Software After All

from the that's-one-strategy... dept

Earlier this week, we pointed to a report saying that security holes in security software could be one of the biggest threats facing computers going forward. Well, now it appears that some IT managers have taken a strategy against such vulnerabilities by just not using security software: "29% don't use anti-spam software, 34% don't use anti-spyware software, 4% don't use anti-virus software and 9% don't have Internet firewalls."


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    dorpus, Jun 22nd, 2005 @ 6:11am

    A world of accidents

    Where we place resources on security issues is a matter of value systems. A pedestrian is 10 times as likely to get injured as a car driver, assuming you don't die first from falling telephone poles, break your neck on a wet stairway, get electrocuted while typing (because your toe touches the outlet), accidentally strangle yourself in bed, have a truck come through your wall, have a neighbor's TV set fall out of the sky on your head, get impaled by a falling tree branch, die of food poisoning from an ice coffee, have a tiger appear in your bedroom closet and kill you (escaped from the zoo), have a polar bear come out from under your bed, or have a passer-by's umbrella accidentally cut your carotid artery and make your neck spray a fire hydrant of blood, dying 10 seconds later.

    But of course, we are 10 times more likely to spontnaeously develop a disability than die accidentally. We are extremely likely to develop at least one disability before we die, to go deaf from listening to too much loud music, go blind from glaucoma, become clinically psychotic from Huntington's disease, require the use of a wheelchair, develop diabetes and get at least one foot amputated, develop acid reflux that makes us puke hot acid all over everything, develop a tumor in our nose that requires the nose to get amputated, develop blood clotting disorders that make us go around with black-and-blue skin, acquire a staph-A infection that requires extensive amputations, spontaneously develop multiple sclerosis despite no such family history, or a million other debilitating medical conditions, for which medical science currently has no cures.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Michael Vilain, Jun 22nd, 2005 @ 6:36am

      Re: A world of accidents

      Dorpus, I think you have it bass-ackwards. Not surprising, given some of your comments here. As a former Unix admin, I was only as good as my last backup. I don't know where the OP got their information, but even back in 1995, the IT managers I worked with took corporate security very seriously.

      Granted, it's a balancing act. Do you let a marketing weenie have a hole in the firewall for a tradeshow presentation? Do you filter out all email attachments coming in or set-up the virus scanner to stuff such emails into an "UNTRUSTED" folder for each user?

      I can't imagine an IT manager staying in the field or even in a job for very long if they don't think about data security first and foremost.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        dorpus, Jun 22nd, 2005 @ 6:44am

        Re: A world of accidents

        I used to be a unix admin too, at a world-class science lab, Fortune 500 companies, ISP's, among others. Most data loss occurred from people deleting their own files. It was a matter of utility vs. cost -- sure, you could build some bulletproof fortress, but if it takes people hours to perform simple tasks because they have to go through elaborate authorizations, then it's not worth it. Admins who obsess over security, without listening to the needs of other users, don't keep their jobs very long either. In the end, most people didn't care if a unix system crashed out and all the data was lost -- it meant job security for programmers.



         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Michael Vilain, Jun 22nd, 2005 @ 7:10am

          Re: A world of accidents

          I can see why you're not a Unix admin any longer. Yes, it's a balancing act. Users are there to _use_ a computer system. I'd take the backups daily and check logs every morning over news and coffee. Something that gets wedged _today_ is the user's problem. That hole in the firewall is not my call. I let higher-ups decide the risk/benefit analysis. A marketing person with a modem on their PC, connected to a regular phone line, and on the network--there's a real security threat. Again, if their boss says "Let them have it.", it's not my call. I just make sure they know they're opening up a back door into the network and document it. I also think that business tends to be less tolerant of downtime and data loss--it cost them money and uptime was reported monthly up the chain to the CEO.

          Having had a boss that obsessed over ISO 9001 compliance, endless documentation of process and procedures, change control, and hearing he was canned a month after I left, I can see where being percieved as a barrier to getting things done (even though change is not a good thing in a complex environment). Again, I was just a minion, not a decision maker. We never did make even 3 nines 5 uptime in the datacenter.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            dorpus, Jun 22nd, 2005 @ 7:23am

            Re: A world of accidents

            Yeah, ISO 9001 compliance, "six sigma", endless documentation of process and procedures, change control, I remember that late 90s shit.

            I'm not a unix admin anymore, for the same reason that being a plumber or truck driver is an unattractive career: important work that gets no respect. The medical world is full of sloth and inefficiency, but receives god-like respect from most people.


             

            reply to this | link to this | view in chronology ]

    •  
      identicon
      Mattb, Jun 22nd, 2005 @ 7:38am

      Re: A world of accidents

      Can this site please develop a feature that blocks/filters comments from certain users. I myself get tired of the inane comments by dorpus.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        dorpus, Jun 22nd, 2005 @ 7:43am

        Re: A world of accidents

        Mike doesn't know shit about computers, so Techdorp will have to keep running on Slashdot code from 1995.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Ivan Sick., Jun 22nd, 2005 @ 2:13pm

          Re: A world of accidents

          dorkus,
          1. What does somebody getting impaled by an umbrella have to do with poor network security?
          2. What impact would Mike have on techdorp? Wouldn't that be your site, meaning you choose how it's written?
          3. This site might be based on "Slashdot code from 1995", but it works, right? Nice and simple, short page loads, and no need to use bugmenot. Perfect.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            dorpus, Jun 22nd, 2005 @ 6:12pm

            Re: A world of accidents

            I just find it amusing that, in an industry that is always talking about "overnight obsolescence", "vertical learning curves", and "keeping your skills up to date", here are techies defending this stone-age website.

             

            reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jun 22nd, 2005 @ 4:10pm

        Re: A world of accidents

        "Can this site please develop a feature that blocks/filters comments from certain users. I myself get tired of the inane comments by dorpus." I'd like to second that emmotion.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Alex Moskalyuk, Jun 22nd, 2005 @ 9:05am

    That's me, at home

    People who don't run security software have as much fun admitting it as admitting alcoholism, but I don't run security software *on a permanent basis*. I don't download anything I don't trust off the Internet and I always keep that XP box patched off WindowsUpdate.

    Once a month or so I'd go to http://housecall.trendmicro.com to do a virus scan, once a week I'd run SpyBot with all the latest updates. Believe it or not, not a single virus or serious spyware (cookies don't count).

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    skebo, Jun 22nd, 2005 @ 10:35am

    work now or work later

    Pay now or pay later. I'd rather do the work now to protect my systems by running anti-virus/spam/spyware software and preventing a problem that will need to be fixed later if I don't run these apps. When you have drones opening every attachment they receive it's just smart to filter out the obviously bogus virus laden spam. Especially, when many of today's tools have such a low rate of false positives and they need very little configuration out of the box.
    Nothing causes more distruption than a virus replicating all over your network. Those man hours lost by the infected system's owner and the IT guy that has to fix them is $$$. $$$ that would be better spent up-front to prevent the disruption in the first place.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    me, Jun 23rd, 2005 @ 4:37pm

    No Subject Given

    It just might be reasonable. They will not click on suspicious attachments etc

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Dan Matthews, Jun 12th, 2006 @ 9:30am

    business finicial schooling

    Aveta Solutions – Six Sigma Online offers online six sigma training and certification classes for lean six sigma, black belts, green belts, and yellow belts. Payment Plans available.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Mark, Jan 18th, 2010 @ 6:56am

    How big are these companies?

    I think we need to know the size of the businesses involved in this poll if we are to glean anything from the numbers. I mean, most small businesses under 10 employees don't have a dire need for full protection, where as some companies would be absolutely rolling the dice by going without complete security software protection up and down. It just depends on the size and type of business involved..

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This