"Us versus them" thinking permeates IT security the second someone in a corporation opens an infected email attachment and swells everyone's inbox with spam that promises girlie pictures and romantic messages. Systems administrators blame the end user and the end user takes it for granted that the administrator should cut off email carrying viruses and worms at the pass.
Who's to blame? And, does it really matter? A Hurwitz Group analyst said this inclination to assign blame is counter-productive.
"The entire stance of pitting the end-user against the systems administrator is destructive," said Pete Lindstrom, senior analyst of security strategies for the Hurwitz Group. "The thing that's interesting to me is that it's too easy to point fingers. Share the blame and solve the problem by working together for a better solution than what you have now."
A recent searchSecurity poll, however, indicates that users and managers are still playing the blame game. The poll quizzed users on the biggest contributor in the spread of viruses and 63% of respondents pointed the finger at poorly educated users. Systems managers were also singled out, with 24% of respondents blaming managers for not keeping up with anti-virus measures and 8% blaming managers for not blocking VisualBasic scripting at the email gateway. The remaining 5% of respondents said brilliant virus writers were the root of virus evil.
"I don't know if I believe that end users are all that savvy. And I don't know if they should be," Lindstrom said. "Both sides would rather blame than accept the risk. We all know there's no easy answer."
Certainly, there's plenty of blame to toss around, if not solutions, Lindstrom said. The end-user, for example, should know better than to open a suspicious email attachment. Those who don't, however, should know enough to follow a corporate security policy on opening attachments. That puts the onus on systems administrators to craft worthy policies and make sure end-users are well versed on its ins and outs. Then there's the question of filtering VB attachments at the gateway and whether they ever serve a purpose?
"If systems administrators stop this scripting type of traffic, the real question becomes 'does any of this scripting traffic ever have any value to business,' and the answer is often 'yes,' " Lindstrom said. "It would be great if systems administrators could block these things at the gateway. There are tools that can handle this, but we all know that they're not always effective. The only way to block these things correctly is to block important types of communication as well. And then it becomes the never-ending trade-off of security versus productivity."
Productivity usually wins that battle, leaving Lindstrom to theorize that a combination of education, technology and cooperation could go a long way in curtailing the spread of viruses.
"If we don't do a good job educating the end-user, you can't blame them when they do something human," he said. "The mix-up usually comes when people are trusting of the email they receive because it's reasonable that the sender would not do anything destructive. And, if it's unreasonable, they shouldn't be clicking and opening attachments any way."
Lindstrom suggests client-side protection, rather than solely relying on gateway security, may be a more effective virus deterrent.
"There are tools that can be effective like Pelican and Ubizen that act on the client PC rather than at the gateway," he said. "It brings things a little closer, but that's the type of action that has to be taken. You have to stop the bullet in mid-air before it does any damage when you know the gun is being pointed at you. It's this last-ditch type of security effort that is most significant. "
FOR MORE INFORMATION: