In the beginning, there were pictures of women on the Internet, and they were without clothing. And the industry created content-filtering software to protect children from the images, and it was good. Not great, but pretty good.
Youd think there would have been major technological advances in the content-filtering industry since its genesis back in the mid-90s, but you might be surprised. At the heart of it all is still a group of people surfing the Web and rating URLs for various characteristics.
The characteristics used to be things most of us agreed were objectionable, or at least we would say so in public. Things such as pornography, violence, racism. Certainly, this is still a big reason for buying such products for an enterprise or anywhere else, such as a library.
Now, were also hearing about filtering as a productivity tool. Are your employees spending company time buying flowers for their wives? Block them! Are they checking the score of the ball game? Not if you have anything to say about it. Obviously, you have to prevent them from using Monster.com and other job sites (unless, perhaps, they are in HR and recruiting). You can even stop them from checking their personal Hotmail account.
I dont want to go overboard on the subject. Technology like this can be used for reasonable purposes. Maybe Im just old-fashioned, but I have no trouble telling my employees that they can get their online porno at home if they must have it. There are other categories I can imagine have no place at all at ones place of work.
But when shopping and other light, innocent distractions are blocked entirely, its a sure sign that youre working for Scrooge and Marley. Clearly, its possible to abuse such things—one vendor told me about some huge percentage of enterprise bandwidth used for management of fantasy football teams—unless its your job to manage your fantasy football team (is your company hiring?). But its also possible to use them only slightly and still get your work done.
The better tools have more flexibility in their management. A PC Magazine review earlier this year talked about some of the management options. Some products allow you to specify the times of day, lunch hour for example, when nonwork stuff may be done.
A better option, at least as far as Im concerned, is to set a certain percentage of time, say 10 minutes in any four-hour window, when such sites may be visited, although the statelessness of most of the Web could make it difficult to determine the duration of a visit to a page. Im not sure whether any of the vendors try to do this.
The best solution is not to block such things, but to log their access. A good tool will log everything and provide reporting tools to let you know that employee so-and-so is chatting about boy bands for half of the day. Then you can do your management job and tell her to do hers. By not blocking things, employees who arent abusive will know you trust them, and maybe you wont have to block Monster.com after all.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
More from Larry Seltzer