Neil Schneider wrote:
Productivity is impacted heavily by systems that become unusable due to unauthorized software being installed. Productivity is impacted by systems that are infected with worms, viruses and trojan horses. And these things arrive inside a network, through the installation of unauthorized software, all the time.
And this is the crux. *Someone* has to make a tradeoff between the productivity hit due to "deny everything unless expressly authorized by the Nazis in the IS department" and the productivity hit due to "lame user just infected every PC in the company because he opened a virus file named Kournikova".
I just moved a CEO from a Windows machine to a Mac OS X machine. Why? Because I simply could not support him on Windows because he was constantly being pestered by software that *insisted* on running as Administrator (Why does *Winamp* need Administrator? Sheesh). On OS X, he gets pestered about root once every couple of weeks, and generally just shrugs and dumps the software in the trash.
I think you're confusing productivity with convenience.
There *is* a correlation between the two, you know.
No, I wouldn't agree, and that's the point. Security always impacts useability.
That is certainly not universal. For example, using your employee badge for all internal computer access is likely more secure *and* more useable for the majority of employees.
That's why so much of Microsoft's software has so many security holes, because they emphasize useability at the expense of security. If programmers continue to abuse port 80, corporate firewalls will soon block all access to port 80 or install full stateful proxies that can detect non-http traffic on that port and block it. If you want to talk about inconvenience, try operating with a full proxy firewall for a while and see how it inconveniences you.
Personally, I would *cheer* if corporations started blocking port 80. IS departments would have to finally come up with a useful method for solving the tension between usability and security rather than just "allow 80 and block everything else".
Besides, if you really want to help improve security, we need to get off of privileged ports like 80, anyhow.
-a -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
