September 26, 2004

Homer Simpson Lives!

You've seen Homer repeatedly do things that cause him injury. He's simply too stupid to understand that the pain will go away if he stops doing what hurts him. Well, here's an example of an actual, large corporation whose collective intelligence apparently barely manages to equal Homer's:

"For the last three weeks I have been assisting a large organization that has been virtually brought to a standstill by a Botnet...

"The organization began to experience loss of Internet connectivity...Their network was under extreme load and continually kept shutting down....we discovered that their Norton Anti-Virus definitions were not getting updated...half of the workstations and some of the servers were infected with W32.GAOBOT...

"We did discover that we had several machines throughout the organization that had various spyware and other downloaded games and programs...In spite of the Policies in place that prohibit download and installation of software, in spite of the policies in place that prohibit P2P applications, despite the Firewalls and protective measures that the organization had taken, despite installing a managed anti-virus solution they got infiltrated...

"We have already identified...policies that need to be put in place and procedures that need to be updated. All of this will be reviewed after this has passed and hopefully we can find solutions to yet better protect their systems." [emphasis mine]


So, their solution is more and/or different policies despite having abundant evidence right before their eyes that "policies" are ineffective solutions! Uh, okay...

The other remarkable thing about this sad tale is that the corporation decided to use server systems that run essentially the same system software as its trouble-prone client desktops. Smart move!

Try to imagine how much this high-level security expertise cost them for this one incident alone. Try to imagine the collateral costs in lost productivity and lost sales. And now try to imagine how or why it would never occur to anyone in that organization to replace its systems--and especially its servers--with systems that have inherently low susceptibility to security threats.

Of course, doing so just might reduce the organization's dependency on all this expensive top-flight security and troubleshooting expertise...

0 Comments:

Post a Comment

<< Home