Many IT Managers Don't Use Security Software After All
from the that's-one-strategy... dept
Earlier this week, we pointed to a report saying that security holes in security software could be one of the biggest threats facing computers going forward. Well, now it appears that some IT managers have taken a strategy against such vulnerabilities by just not using security software: “29% don’t use anti-spam software, 34% don’t use anti-spyware software, 4% don’t use anti-virus software and 9% don’t have Internet firewalls.”
Comments on “Many IT Managers Don't Use Security Software After All”
A world of accidents
Where we place resources on security issues is a matter of value systems. A pedestrian is 10 times as likely to get injured as a car driver, assuming you don’t die first from falling telephone poles, break your neck on a wet stairway, get electrocuted while typing (because your toe touches the outlet), accidentally strangle yourself in bed, have a truck come through your wall, have a neighbor’s TV set fall out of the sky on your head, get impaled by a falling tree branch, die of food poisoning from an ice coffee, have a tiger appear in your bedroom closet and kill you (escaped from the zoo), have a polar bear come out from under your bed, or have a passer-by’s umbrella accidentally cut your carotid artery and make your neck spray a fire hydrant of blood, dying 10 seconds later.
But of course, we are 10 times more likely to spontnaeously develop a disability than die accidentally. We are extremely likely to develop at least one disability before we die, to go deaf from listening to too much loud music, go blind from glaucoma, become clinically psychotic from Huntington’s disease, require the use of a wheelchair, develop diabetes and get at least one foot amputated, develop acid reflux that makes us puke hot acid all over everything, develop a tumor in our nose that requires the nose to get amputated, develop blood clotting disorders that make us go around with black-and-blue skin, acquire a staph-A infection that requires extensive amputations, spontaneously develop multiple sclerosis despite no such family history, or a million other debilitating medical conditions, for which medical science currently has no cures.
Re: A world of accidents
Dorpus, I think you have it bass-ackwards. Not surprising, given some of your comments here. As a former Unix admin, I was only as good as my last backup. I don’t know where the OP got their information, but even back in 1995, the IT managers I worked with took corporate security very seriously.
Granted, it’s a balancing act. Do you let a marketing weenie have a hole in the firewall for a tradeshow presentation? Do you filter out all email attachments coming in or set-up the virus scanner to stuff such emails into an “UNTRUSTED” folder for each user?
I can’t imagine an IT manager staying in the field or even in a job for very long if they don’t think about data security first and foremost.
Re: Re: A world of accidents
I used to be a unix admin too, at a world-class science lab, Fortune 500 companies, ISP’s, among others. Most data loss occurred from people deleting their own files. It was a matter of utility vs. cost — sure, you could build some bulletproof fortress, but if it takes people hours to perform simple tasks because they have to go through elaborate authorizations, then it’s not worth it. Admins who obsess over security, without listening to the needs of other users, don’t keep their jobs very long either. In the end, most people didn’t care if a unix system crashed out and all the data was lost — it meant job security for programmers.
Re: Re: Re: A world of accidents
I can see why you’re not a Unix admin any longer. Yes, it’s a balancing act. Users are there to _use_ a computer system. I’d take the backups daily and check logs every morning over news and coffee. Something that gets wedged _today_ is the user’s problem. That hole in the firewall is not my call. I let higher-ups decide the risk/benefit analysis. A marketing person with a modem on their PC, connected to a regular phone line, and on the network–there’s a real security threat. Again, if their boss says “Let them have it.”, it’s not my call. I just make sure they know they’re opening up a back door into the network and document it. I also think that business tends to be less tolerant of downtime and data loss–it cost them money and uptime was reported monthly up the chain to the CEO.
Having had a boss that obsessed over ISO 9001 compliance, endless documentation of process and procedures, change control, and hearing he was canned a month after I left, I can see where being percieved as a barrier to getting things done (even though change is not a good thing in a complex environment). Again, I was just a minion, not a decision maker. We never did make even 3 nines 5 uptime in the datacenter.
Re: Re: Re:2 A world of accidents
Yeah, ISO 9001 compliance, “six sigma”, endless documentation of process and procedures, change control, I remember that late 90s shit.
I’m not a unix admin anymore, for the same reason that being a plumber or truck driver is an unattractive career: important work that gets no respect. The medical world is full of sloth and inefficiency, but receives god-like respect from most people.
Re: A world of accidents
Can this site please develop a feature that blocks/filters comments from certain users. I myself get tired of the inane comments by dorpus.
Re: Re: A world of accidents
Mike doesn’t know shit about computers, so Techdorp will have to keep running on Slashdot code from 1995.
Re: Re: Re: A world of accidents
dorkus,
1. What does somebody getting impaled by an umbrella have to do with poor network security?
2. What impact would Mike have on techdorp? Wouldn’t that be your site, meaning you choose how it’s written?
3. This site might be based on “Slashdot code from 1995”, but it works, right? Nice and simple, short page loads, and no need to use bugmenot. Perfect.
Re: Re: Re:2 A world of accidents
I just find it amusing that, in an industry that is always talking about “overnight obsolescence”, “vertical learning curves”, and “keeping your skills up to date”, here are techies defending this stone-age website.
Re: Re: Re:3 A world of accidents
there are those that talk & those that do. you do a lot of talking dorpus and seem easily amused.
if it aint broke, dont fix it.
Re: Re: Re:3 A world of accidents
Feel free to leave anytime, Dorpus. We promise not to miss you.
Re: Re: A world of accidents
“Can this site please develop a feature that blocks/filters comments from certain users. I myself get tired of the inane comments by dorpus.”
I’d like to second that emmotion.
That's me, at home
People who don’t run security software have as much fun admitting it as admitting alcoholism, but I don’t run security software *on a permanent basis*. I don’t download anything I don’t trust off the Internet and I always keep that XP box patched off WindowsUpdate.
Once a month or so I’d go to http://housecall.trendmicro.com to do a virus scan, once a week I’d run SpyBot with all the latest updates. Believe it or not, not a single virus or serious spyware (cookies don’t count).
work now or work later
Pay now or pay later. I’d rather do the work now to protect my systems by running anti-virus/spam/spyware software and preventing a problem that will need to be fixed later if I don’t run these apps. When you have drones opening every attachment they receive it’s just smart to filter out the obviously bogus virus laden spam. Especially, when many of today’s tools have such a low rate of false positives and they need very little configuration out of the box.
Nothing causes more distruption than a virus replicating all over your network. Those man hours lost by the infected system’s owner and the IT guy that has to fix them is $$$. $$$ that would be better spent up-front to prevent the disruption in the first place.
No Subject Given
It just might be reasonable. They will not click on suspicious attachments etc
business finicial schooling
Aveta Solutions – Six Sigma Online offers online six sigma training and certification classes for lean six sigma, black belts, green belts, and yellow belts. Payment Plans available.
How big are these companies?
I think we need to know the size of the businesses involved in this poll if we are to glean anything from the numbers. I mean, most small businesses under 10 employees don’t have a dire need for full protection, where as some companies would be absolutely rolling the dice by going without complete security software protection up and down. It just depends on the size and type of business involved..