Yesterday a friend sent me an article in the New York Times asking my opinion on a recommendation made by the author regarding improving performance on home PCs. In the article Five Controversial Ways to Speed Your PC, author Paul Boutin recommends that users “uninstall your antivirus software” because he perceives the threats are an overhyped and basically scaremongering by his fellow journalists.
I hope the writer has the guts to come back and tell his readers just how long his machine survived unprotected. I have seen studies where unprotected PCs have been connected to the Internet and are infected in minutes and part of a botnet in hours. In my opinion, this recommendation was irresponsible and could cause a lot of people to lose personal data on their home machines.
But this is just the kind of behavior that I pointed out in my recent post about “Stopping Stupid”. All of the security software, policies and configurations cannot protect against the human element, especially when it looks to do something like the recommendation for this NY Times article. Because you know that there are people in the workplace that read the article, decided that their AV software was the reason their machines at work were not as fast as they want, and started the process of disabling or eliminating their AV software on their work PC. If this were an old horror movie, CISOs and IT techs would be an angry mob on their way to Mr. Boutin’s office with torches and pitchforks.
That is why security configuration management tools have got to be more than a one-way push of configurations to ensure endpoint security. These products must have every machine, every day vigilance to verify that the configurations and policies are in place and take the steps to remediate the machines if they are not. The only way to fight incompetence or ignorance is through relentless repetition. And since stupid is a free-style art form, signature based tools and pre-written remediation scripts will not get the job done. The security configuration management tool has to be able to do situational remediation to address problems as they are encountered.
Lots of endpoint protection and configuration management tools may say they do exactly that, but they don’t. They are pushing scripts. I suggest you ask for more from your security configuration management tool and make sure you choose one that will stand against the crafty work of the maliciously intended cyber criminal as well as stand in the gap against user incompetence and ignorance.
Click here to subscribe
