To the Ministry's main lobby The Ministry Blog
concert setlists

7 June, 2006

Complacency spawns zombies

There's a spare PC in my office, very occasionally used by visiting staff.  Before today, the last time it was switched on was in November, so it hasn't been kept up to date with security patches.  The result is that it wouldn't allow someone to log in this morning, as it's a potential network vulnerability.

Fair enough, but when I contacted ISS, I was told to leave it connected to the network for an hour or so, and it'd discover the patches for itself.

I'm sure the internal network is secure, and on a purely practical level, this procedure works, but I have to question whether this conveys the right message to (often tech-illiterate) users: that it's safe and good practice to connect an unpatched computer to a network, and that "it'll sort itself out".

I can quite imagine someone buying a PC for home use, connecting it to the internet, then happily watching it spontaneously install, er, security-related software. "What's wrong with that? That's what the security professionals at work seem to recommend!"

Wouldn't it be better to invent some 'updating' interface, even an entirely spurious one, to give the impression that security updates are a big deal, and that network activity without them is unacceptable?

Comments

Is this the same ISS helpdesk that phoned us up to ask us where to find the webspace? Nuff said...

Posted by Calephetos at June 7, 2006 04:18 PM
.
Site Home Tull Tour History Annotated Passion Play
.
Day in the life... Page design and original graphics © NRT, 2003