Many IT Managers Don't Use Security Software After All

from the that's-one-strategy... dept

Earlier this week, we pointed to a report saying that security holes in security software could be one of the biggest threats facing computers going forward. Well, now it appears that some IT managers have taken a strategy against such vulnerabilities by just not using security software: “29% don’t use anti-spam software, 34% don’t use anti-spyware software, 4% don’t use anti-virus software and 9% don’t have Internet firewalls.”


Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Many IT Managers Don't Use Security Software After All”

Subscribe: RSS Leave a comment
17 Comments
dorpus says:

A world of accidents

Where we place resources on security issues is a matter of value systems. A pedestrian is 10 times as likely to get injured as a car driver, assuming you don’t die first from falling telephone poles, break your neck on a wet stairway, get electrocuted while typing (because your toe touches the outlet), accidentally strangle yourself in bed, have a truck come through your wall, have a neighbor’s TV set fall out of the sky on your head, get impaled by a falling tree branch, die of food poisoning from an ice coffee, have a tiger appear in your bedroom closet and kill you (escaped from the zoo), have a polar bear come out from under your bed, or have a passer-by’s umbrella accidentally cut your carotid artery and make your neck spray a fire hydrant of blood, dying 10 seconds later.

But of course, we are 10 times more likely to spontnaeously develop a disability than die accidentally. We are extremely likely to develop at least one disability before we die, to go deaf from listening to too much loud music, go blind from glaucoma, become clinically psychotic from Huntington’s disease, require the use of a wheelchair, develop diabetes and get at least one foot amputated, develop acid reflux that makes us puke hot acid all over everything, develop a tumor in our nose that requires the nose to get amputated, develop blood clotting disorders that make us go around with black-and-blue skin, acquire a staph-A infection that requires extensive amputations, spontaneously develop multiple sclerosis despite no such family history, or a million other debilitating medical conditions, for which medical science currently has no cures.

Michael Vilain says:

Re: A world of accidents

Dorpus, I think you have it bass-ackwards. Not surprising, given some of your comments here. As a former Unix admin, I was only as good as my last backup. I don’t know where the OP got their information, but even back in 1995, the IT managers I worked with took corporate security very seriously.

Granted, it’s a balancing act. Do you let a marketing weenie have a hole in the firewall for a tradeshow presentation? Do you filter out all email attachments coming in or set-up the virus scanner to stuff such emails into an “UNTRUSTED” folder for each user?

I can’t imagine an IT manager staying in the field or even in a job for very long if they don’t think about data security first and foremost.

dorpus says:

Re: Re: A world of accidents

I used to be a unix admin too, at a world-class science lab, Fortune 500 companies, ISP’s, among others. Most data loss occurred from people deleting their own files. It was a matter of utility vs. cost — sure, you could build some bulletproof fortress, but if it takes people hours to perform simple tasks because they have to go through elaborate authorizations, then it’s not worth it. Admins who obsess over security, without listening to the needs of other users, don’t keep their jobs very long either. In the end, most people didn’t care if a unix system crashed out and all the data was lost — it meant job security for programmers.

Michael Vilain says:

Re: Re: Re: A world of accidents

I can see why you’re not a Unix admin any longer. Yes, it’s a balancing act. Users are there to _use_ a computer system. I’d take the backups daily and check logs every morning over news and coffee. Something that gets wedged _today_ is the user’s problem. That hole in the firewall is not my call. I let higher-ups decide the risk/benefit analysis. A marketing person with a modem on their PC, connected to a regular phone line, and on the network–there’s a real security threat. Again, if their boss says “Let them have it.”, it’s not my call. I just make sure they know they’re opening up a back door into the network and document it. I also think that business tends to be less tolerant of downtime and data loss–it cost them money and uptime was reported monthly up the chain to the CEO.

Having had a boss that obsessed over ISO 9001 compliance, endless documentation of process and procedures, change control, and hearing he was canned a month after I left, I can see where being percieved as a barrier to getting things done (even though change is not a good thing in a complex environment). Again, I was just a minion, not a decision maker. We never did make even 3 nines 5 uptime in the datacenter.

dorpus says:

Re: Re: Re:2 A world of accidents

Yeah, ISO 9001 compliance, “six sigma”, endless documentation of process and procedures, change control, I remember that late 90s shit.

I’m not a unix admin anymore, for the same reason that being a plumber or truck driver is an unattractive career: important work that gets no respect. The medical world is full of sloth and inefficiency, but receives god-like respect from most people.

Ivan Sick. says:

Re: Re: Re: A world of accidents

dorkus,
1. What does somebody getting impaled by an umbrella have to do with poor network security?
2. What impact would Mike have on techdorp? Wouldn’t that be your site, meaning you choose how it’s written?
3. This site might be based on “Slashdot code from 1995”, but it works, right? Nice and simple, short page loads, and no need to use bugmenot. Perfect.

Alex Moskalyuk (user link) says:

That's me, at home

People who don’t run security software have as much fun admitting it as admitting alcoholism, but I don’t run security software *on a permanent basis*. I don’t download anything I don’t trust off the Internet and I always keep that XP box patched off WindowsUpdate.

Once a month or so I’d go to http://housecall.trendmicro.com to do a virus scan, once a week I’d run SpyBot with all the latest updates. Believe it or not, not a single virus or serious spyware (cookies don’t count).

skebo says:

work now or work later

Pay now or pay later. I’d rather do the work now to protect my systems by running anti-virus/spam/spyware software and preventing a problem that will need to be fixed later if I don’t run these apps. When you have drones opening every attachment they receive it’s just smart to filter out the obviously bogus virus laden spam. Especially, when many of today’s tools have such a low rate of false positives and they need very little configuration out of the box.
Nothing causes more distruption than a virus replicating all over your network. Those man hours lost by the infected system’s owner and the IT guy that has to fix them is $$$. $$$ that would be better spent up-front to prevent the disruption in the first place.

Mark says:

How big are these companies?

I think we need to know the size of the businesses involved in this poll if we are to glean anything from the numbers. I mean, most small businesses under 10 employees don’t have a dire need for full protection, where as some companies would be absolutely rolling the dice by going without complete security software protection up and down. It just depends on the size and type of business involved..

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »