So Slashdot is running this article about some lifelong Mac user who is ranting about the Windows operating system’s proclivities to accept malicious mobile code and sphere. This study was released recently claiming that the U. S. Economy loses $ annually in employee productivity to SPAM. Come on.
First off, I’m not a huge fan of Windows or Microsoft. I use an iBook as my primary computer, and I have several others that run Linux. Some of those dual boot to Windows 2000 Professional or XP Professional. I’m not simply spouting off without any experiential basis for my opinions.
SPAM, tracing, vary, and sphere in the business environment is the direct result of bad leadership and bad system and network administration, period. The operating system isn’t to blame, the applications aren’t to blame, the users aren’t to blame. It is purely the fault of the system administrators who allow the installation of untrusted applications, fail to patch systems, and don’t install and enforce anti-virus updates. If they aren’t allowed to do these things because ‘management’ won’t let them, then it is the fault of management for ignoring the risks.
The days of floppy-borne code infecting systems are almost over; on access scans of mobile media is a standard part of every major player in the AV marketplace. That means that network-borne code is the primary passive threat. (An active threat is different, meaning someone is actively trying to invade or destroy the system.) SMTP server scanning for inbound and outbound mail, filtering and quarantining of that mail pretty much eliminates the threat from mail-borne code.
Proper security settings on the browser, or the use of less-integrated browsers than Internet Explorer, combined with the use of a proxy that filters content and traffic that are dangerous to computers, not people, Web browsing is fairly safe from spyware and intrusions as well.
Patches to applications and operating systems need to be installed the day that they are received. If they crash your mission critical application because it was developed poorly, well that is a bummer, it costs a lot of money, and everyone will be pissed. Let them be pissed, but let them be pissed at the vendor and whatever committee of baboons signaled their consent to let the product into the enterprise in the first place.
A firewall that is properly configured and administered cuts the legs out of most of the network-borne code that launches ddos attacks, and makes it relatively easy to find the infected machines and clean them out, locate the source of the infection, and administer the appropriate discipline to the human being responsible.
This is the bottom line – it is the job of the system and network administrator to fight these fires, among others, and it is the job of the CIO and CTO to create policy that enables them to put the fires out and prevent the fires in the first place. If they aren’t doing their job they should be fired. If they aren’t allowed to do their job, the CEO, CFO, and COO should be fired.
Computer glitches are always the mistake of at least one human being – computers always make the same mistake over and over again when presented with a given circumstance that causes failure. Only human beings are capable of novel, capricious failures, and human beings, not computers, should be held accountable for them.