bit-tech.net

Who's To Blame?

Following on from the recent market research by TNS on the apathy and general disassociation the majority of office workers have over their IT systems, I thought I might put my experiences into the melting pot.

The recent hoo-hah has been over the MyDoom (and now Netsky-B) virus, and the sudden shock that your average White-Collar worker might not care in the slightest about its existence. Every article I've read regarding this seems to think that IT illiterate desk jockeys are the scum of the earth and that they not only deserve everything they get if they contract the virus, but also they deserve to be strung up for even allowing it onto their machine in the first place.

"...in this world of high paced living and fast food, the fishing rod has firmly been replaced by Sushi."

Well, I have a wake up call for the IT die-hards who feel that way. I'm afraid your precious users couldn't care less. They don't know, and they never will.

Sure, when I was young and spunky in IT, I wanted to train everyone as well. I was a fierce proponent of the adage 'Give a man a fish and he'll eat for a day, teach a man to fish and he'll eat his whole life' (or something). Unfortunately, the man has to want to be taught to fish; in this world of high paced living and fast food, the fishing rod has firmly been replaced by Sushi.

Of course I understand how much easier our lives would be if they were wary of opening untrusted Emails, forwarding on pointless jokes and movies we've all seen 5 years previous or not using passwords which are ridiculously easy to guess. Unfortunately, our existence is to protect these people, because they do not have the time or inclination to make 'Netiquette' a part of their job. If only everyone could be like us, but they're not.

It's all very well to sit back and blame your average pen pusher for everything which goes wrong with his or her PC, how many times have you thought 'I have better things to do than to explain which printer tray has the continuation paper in it?', however, do you? Do you really? IT resources are calculated around the fact that 50% of your time is ensuring the guys out there doing *their* jobs can carry on doing it regardless of the fact that they don't know a URL from a CRT. You wouldn't have time to think about how much more you'd get done if this didn't happen, because they would be cutting people from your department faster than you could say 'redundancy'.

We have systems in place which so far have stopped over a thousand occurrences of the MyDoom virus and Netsky-B hit us without a blip. Our staff have been warned about it, but on the whole they have been blissfully unaware of its impact on the company, which is how it should be. MyDoom isn't a 'bad' virus, it's not even very clever, our blocking systems are neither complex nor expensive and are easily within the budgetary reach of all but the tiniest companies; however I see reports of business far larger than us spreading the virus. If you seriously expect to tell me that it's the staff and not the person who either didn't suggest, or didn't authorise the purchasing of even the most basic AV/Mail protection solution then you're seriously aiming for the wrong target. You want to know how to stop MyDoom? Block ZIP, BAT, CMD, PIF, EXE, and SCR files, problem solved... in fact, why would you even allow these files into your network via Email? AV is at times complicated, however if it never gets as far as your AV system anyway, what's the problem?

Oh hold on, it also spreads via Kazaa. Well, I'm sorry if I sound a little suspicious but frankly if you pick this up over Kazza then you deserve everything you get because a) What the hell are you doing letting users run Kazaa anyway? And b) they didn't exactly write Mydoom to propagate over it because of the amount of legitimate use it gets..

Back to top

Chris Caines


The world is geared around making things easier for you, your VCR, your car, your cooker. Every time you turn or a device, or use a service which negates you having to learn something, you're just going through the same motions as any office worker does who's trying to achieve their goals. When you start your engine, use an ATM or ring a family member 4000 miles away, think about all the people who put the effort into making that easier for you, making it a problem you don't have to deal with. If the world was designed by dogmatic IT staff, we'd all be using crank handles to start our cars.

"Block ZIP, BAT, CMD, PIF, EXE, and SCR files, problem solved... in fact, why would you even allow these files into your network via Email?"

Sticking with the motor analogy, if everyone kept to the speed limit or wore seatbelts then the cars wouldn't have to be designed to stop on a penny or be 'impact resistant'. However, the manufacturers have woken up to the fact that people would prefer not to be dead than to stick to 30mph. Yes, it's wrong, but no amount of shouting 'He deserved it' is going to change the fact that the car didn't stop in time. If you don't want viruses on your network, wouldn't the energy you expend on shouting at someone's line manager be better spent bartering for a better system of protection? That way if your CEO comes in and starts panicking that his golf buddy's company has been devastated by a couple of employees who didn’t read the IT Email, you can say 'It's no problem, our guys won't even know it's there' and sit back with the smug satisfaction that's going to ensure your next pay rise.

A salesman (for example) only cares about the sale and his PC is there to help him do a job, *your* job is to ensure it does it as best as it can. You want them not to download porn? Go out and buy a product to stop them doing it. You want them to have complex passwords, enforce it! You have all the power you need to ensure that the teeming masses don't turn your network into a war zone, asking them nicely just isn't going to cut it and you're going to have to use that noggin of yours to think of new and inventive ways to make sure your company stays clean… That's what you're paid for.

How many finance teams scowl at the IT department every time they flop down a badly filled out expense form missing receipts? Step out of your head for a moment and you'll realise you're no angel yourself.

If you want your life to be a little easier, you can aid them or even enforce them with technology, but there's no way they're going to take that rod from you and go fishing.