Weve come almost full circle in the never-ending battle against computer viruses. A year ago we oudly blamed Microsoft for the Swiss cheese architecture of its Outlook e-mail clients exploitation by the ILoveYou virus. Then we switched to blaming the IT administrators for improperly filtering attachments and setting up clients so they could not execute certain worm code, such as VB scripting. Now the buck is being passed again, this time to the users themselves.
The latest tack from IT managers is to treat users who open attachments the way Seinfelds Soup Nazi reacted to impolite patrons: “No e-mail for you!”
This appears to be the last resort among administrators fed up with users who have been duped once again by a VBScript virus. While there is still plenty of blame to go around, including toward Microsoft and corporate administrators, its now time for the end users to take some responsibility.
Many IT shops are taking a more direct approach. In addition to scanning for attachments before they even get to the server, they are now stopping them outright. Other companies have resorted to hunting down irresponsible users and either taking away or limiting their access.
These kinds of secret-police tactics are an obvious overreaction, but justified under the circumstances. Users clearly have not gotten the message about attachments or recognizing what file extensions should raise red flags in their in-boxes. As one colleague of mine quipped, “You could name a file This is a virus.exe, and someone would still open it.”
But just as clearly, we see that the patches that Microsoft has issued either dont work in all cases or are not being installed and used properly, and thats the job of the IT administrator. So after you are done busting heads around the office, take some time to see if you have done everything possible to stop the next bombshell from spreading.