Since there is NO WAY that ... FB... could possibly take all these words... hello Livejournal
Going to link to this from my FB. CAuse FB sucks. or i type too much, either way,IT, the pitfallsA hard hitting expose / apology to all the people who just want their email and programs to work.
(Valis, typing too much, their is going to be typos)
... THERE... .. i think...
IT, or "Information Technology" to people in HR, or "computer guy" to people on the floor, or "nerd" to jocks in high school, is, like i suppose most things, a delicate balance. It's similar to balancing an egg on it's end. Sure, you can do it. I've seen it done! But, you can't just go out, and balance and egg on it's end. you have to wait for the right conditions. The right day. The right tilt of the earth, the right alignment of planets, but when you get it right... oh man... LOOK, IT'S AN EGG, ON IT'S END!!! ... yeah, most people, even when you DO balance that egg, will look at you a bit strangely and congratulate you and will walk away slowly, thankful that at least you aren't on government assistance.
Leaving you there... looking at this egg... balanced... in perfect harmony... enraptured and in awe and so supremely proud of yourself. Because this may NEVER EVER EVER HAPPEN EVER AGAIN.
Just what am i talking about? Sorry, i'll explain. We in IT are in a constant battle. We are quite frankly in the crosshairs and cross fire. On one side, we have well meaning, industrious people who are trying to get the job done. They come in to work, they sit down, they use their email and computers in a way that helps them to get them from A to B more quickly and efficiently. This could be writing a term paper, this could be diagnosing and treating cancer. This can be purchasing a book on Amazon, this could be creating a new missle defense system. The end goal isnt really that important, what is important is that the technology between them and their goal is there, and it works, and it makes things work BETTER than parchment paper, wax seals and carrier pigeons.
On the other side are the people who realize that most people just need their IT to work. And they have sensed an opportunity to take from you everything that they can. They have nothing better to do than to dream up ways to disrupt your life, your work, and your flow. They know that in the same way that technology has made many aspects and tasks easier it has also made taking FROM you easier. A lot easier. They have been at this for a very long time and are constantly honing their craft. And they succeed way too often.
First, since when discussing this topic i'll just have to use a few terms you may not be familiar with, i'll explain them.
USER - the term "user" isn't a derogatory term, it's meant to denote someone who "uses" some aspect of technology. i am using this computer right now that i'm typing on, i'm the user, i'm the person who is benefitting from this box of wires, i'll use this term more so please keep this in mind.
(if however, you have 5 "baby momma's" and constantly mooch off of your friends, you are the OTHER kind of "user" and you just need to get your act together. seriously.)
FIREWALL - pretty much what you imagine. IT'S A WALL OF FIRE. but a special one, its one that only allows stuff in that you WANT in, and only allows things out what you want out. Everything else is burned up in the fire. Firewalls can vary in capabilities, but the goal is the same. Keep bad stuff out, let good stuff out and in.
SHOULDN'T (and SHOULD, it's evil cousin) - a completely useless and dangerous word that basically indicates something that has a lesser chance of happening than one would like. I HATE THIS WORD. hate it hate it hate it. It's not only a useless word, but counter-productive. Examples include, .. oh EVERYTHING. "Hey, lets build a ramp in the back yard so that we can ride our bike's and jump that ditch! The ramp SHOULD hold up cause we're securing it with the double whammy of Elmers glue and staples, and even if we miss we SHOULDN'T break any major bones or arteries cause we have our helmets on and our parents are loving and definitely not on the brink of a messy divorce. Lets go!"
AUGH... other examples include... Honey, do you know where my shoes are? "they should be in the closet" and "Honey, do you know where the fire extinguisher is?" "why? you should'nt be on fire."
I seriously can preach a seminar, and do, often, while i'm home, alone, that it doesn't matter what SHOULD be, or what SHOULD NOT be, what matters is what IS, and what IS is that you are lying on the ground with your femur sticking out of you in not normal ways, that you have looked for your shoes in the closet and that's why you are asking, and that OMG, I'M ON FIRE, JUST TELL ME WHERE THE EXTINGUISHER IS, YOU ARE WASTING MY TIME AND MY LIFE!
Joe User, the guy who gets to work, sits down, checks his email, and starts filling out purchase orders, starts typing up his latest spreadsheet or quarterly report, he's trying to get his work done. He's not thinking of, and probably isn't even aware, that the OTHER side of the street is out there on the porch with a pair of binoculars watching him while he's doing this and dreaming up ways to steal from him. And why should he, his primary goal is to fill out these reports, get that information in, show his boss he's a "go getter" and maybe get a ham at the company christmas raffle. mmmmhmmmmmm... ham...
We In IT know Joe User. We have friends and family that are Joe user. (trust me, we are at their house on the weekends fixing their computers) And many times I am Joe user. Right now, i'm sitting, typing into notepad, and ijust want notepad to work and do what i need it to do. But me, being in IT, knows what Joe User does not know. That there are people just waiting for me to slip up, to let down my guard. And i know that if i do that, they have me. But Joe, he doesn't know that. His thought is that his computer and network need to just WORK and when he clicks something, something should happen, and at the end of the day his Boss needs to be happy with what he's done, and there's nothing wrong with that.
So, back to the battle and crosshairs. Here it is in a nutshell:
In IT, our job is to give Joe User the easiest path to his goal possible, enabling him to complete his tasks in a timely and uninterrupted manner, ultimately helping him to win that ham at Christmas.
That's one side.
On the other side, we have those bad guys who have sensed an inattentiveness and opportunity, one that they are all too happy to exploit. Us IT guys know... a split second lapse in judgement, in attentiveness, will lead quickly to disaster. We know that NOTHING is inocuous. Most people sit down at the computer and check Facebook, or the local news, or twitter, or espn, and then go about their day. We sit down and check the latest zero day exploits, the latest patches to vulnerabilities that were found maybe just a few hours ago. Why? Well what can i say... cause we find it interesting. Some people like to learn about how to turn a wine rack into a towel holder, some people like to learn about bit-flipping and how doing so you can gain root access to the kernel by injecting malicious code into memory and turn that internet enabled toaster that grandma just bought into a spam sending machine, offering male enhancement pills at reasonable prices. (yes, just recently the first hacked internet enabled refrigerator was found, sending out spam...)
One isn't any better or worse than the other, it's a matter of interest and preference. But this is what puts us, the IT guy, in the middle. The balance is this: Give Joe User all the tools he needs to get his work done efficiently while at the same time keeping him safe from those people who want to, quite frankly, steal from him.
I'ts a smaller tight rope than you may realize! The more freedom you give someone, the more opportunity you give to someone who is trying to trick them, or steal from them.
Here is a super secret tip... Dont tell... But... by and large... IT people... well... we dont have antivirus programs. OMG, okay, take down the pitchforks. Yes... it's true... for the most part... We dont run Antivirus software on a regular basis. This isn't because we are reckless... or uncaring about our own safety or data. This is because we ARE the antivirus software.
True story, the only time i actually got a computer virus it was my own darn fault. I was remoting in to a friends computer to help them out with some issue, and in order to do so i had to go outside of my own firewall, i had to put my laptop into the DMZ (Demilitarized zone). A dangerous... dangerous place where you are complete exposed to the elements and anyone can see you. I finished up helping my friend, and FORGOT to take my computer out of the DMZ and put it back behind the firewall. Half an hour later i walked back into the room and out of the corner of my eye i noticed that the hard drive activity light was blinking more than it should and the network lights were lighting up more than they should. Half an hour was all it took. My poor little laptop, left completely exposed to the internet elements, was completely infected with all sorts of viruses, malware, you name it. AND I DIDN'T HAVE TO CLICK A LINK OR OPEN AN EMAIL. What ensued was a 4 hour battle over control of my own computer and LOTS of expletives. (i won... but it was a pain)
What keeps me safe the rest of the time you may ask?
Well i'll tell you... I do.
I'm not saying that i dont have my own issues with Microsoft and windows and other operating systems, BUT, given your computer is behind a good firewall that is protecting it from random internet issues, i can pretty much guarantee you that if you bring your new computer home, connect it to a router to the internet (all routers these days have good firewalls) and you leave that computer turned on for 6 months to a year without touching it, and you come back after that time and try to use it, you'll find it just as you left it. Probably still in the middle of that game of solitaire.
Social engineering, the artform of using the latest vulnerabilities in programs that everyone uses every day in conjunction with preying upon the good intentions of everyone out there to inject software that you have no idea that you are installing or enabling that is there only to see what you do, steal your accounts and passwords, or use your computer to send out MORE malware, is the name of the game.
The difference between me, and Joe User, is that i am fairly confident that i know what i should NOT be doing. Joe User only knows, and rightly only cares about, what he wants to get done. We know this, and you know, we agree. You shouldn't have to be constantly aware that if you click that ONE thing, open that one email, check out that one picture, that suddenly software will be installed that will scour your hard drive for everything you hold dear, encrypt it, and then attempt to extort you for the key that will unlock your own information.
You shouldn't (SEE ABOVE) have to be aware of these things. And I totally agree. but, you need to be. but us IT people know you wont, and that's fine, but because you wont, we have to be.
Grandma sends us an e-card? Awwww, she's getting on, i should click on that. Oh, someone took the time to send me PERSONALLY an email from nigeria? Well i should (twitch) hear him out. Scammers haven't changed over the years, they pray upon your good intentions, and the need to think that everyone is basically good inside, in order to trick you into doing things that you should (twitch) not do.
ENTER IT MAN! and the BALANCE i talked about like... 4 pages ago. The balance is this:
Give Joe User enough freedom that he can do what he needs to do, but not SO much that he can do things that could harm himself.
Think back... to kindergarten... and those safety scissors... Your parents bought you those scissors, and you took them to school, and if you're like me, you complained the whole way. MOM, i can't cut ANY of my favorite construction paper with these!!! I might as well use my TEETH. Give me some LASER SHEERS, i can make precise cuts from a mile away and Stacey in home room will think i'm cool! But no, she didn't give me my laser, precision cutting sheers. she gave me those dull barely capable safety scissors. Cause mom knew what i refused to accept. that, yeah, sure... if i had those laser sharp scissors, i could probably do some awesome things. but i would have lost LITERS of blood in the process.
NEWS FLASH, if you are reading this you are utilizing an exceptionally complex piece of machinery, the likes of which could not even be imagined 30 or even 20 years ago. you have more power at your fingertips than the astronauts, galileo, Sir Isaac Newton could have dreamed of. YOU HAVE A PAIR OF LASER, PRECISION, DIAMOND TIPPED SCISSORS right there. You're staring at it. With the computing power in front of you you could be researching ancient roman dialects, you could be exploring protein folding and helping to cure cancer. You could be helping NASA search for earthlike planets and possibly identifying intelligent signals from outer space.
But lets gets serious. I'm completely truthful, you COULD be doing all of those things. Even me, i could be doing those things to better humanity! Are we? Most probably not. (am i, definitely not) For example, I am typing this into Notepad. NOTEPAD. not Microsoft Word 365 cloud, (now, with more humidity) not into Google Documents (newest motto, No, Parsing what you type and giving you advertisements based on your words per minute isn't evil, who told you that?) NOTEPAD. I dont even know how old notepad is. I imagine that Notepad was discovered by an ancient race of Mayans who brought it into the temple cause someone found Notepad outside and it was shivering and in need of mead. or chocolate. or whatever the mayans gave wayward youth. In my other screen (IT people have more than one screen. it's a thing. we just have LOTS of stuff going on) i'm semi watching a show about sports mascots missing free throws. (Behind the Mask, now available on hulu plus!)
JUSTIN, BACK TO THE POINT, FOCUS.
Point is, you have an awesomely powerful pair of scissors in your hands. You are going to hurt yourself, unless I (responsible parents/IT people) put a FEW restrictions on how you use them. You are going to notice these restrictions, and sometimes they are going to conflict directly with what you want to do, and sometimes with what you need to do. And at that point, while we are protecting you from bad people, it's going to appear that WE are the ones that are the source of the problem.
That's just how it is. We know this, we have accepted it. We know that YOU are not going to like us from time to time. We try to keep these times to a minimum at best. And we pray that we can explain the benefit of these restrictions.
Backing up a bit, no, i dont use any antivirus software and its becuase when i wake up in the morning i pull in 5 websites that tell me of the latest vulnerabilities in software that were discovered and how to patch that software or avoid being caught by them.
I tell YOU to use antivirus software, religiously and i tell you to keep it updated DAILY, because YOU have other interests and would rather check in with your family members or maybe Regis and Kathy lee (are they still a thing?) and see if it's going to rain today before leaving the house.
And, becuase we KNOW that doing what one is told is something that people are usually against, we have to do other things that restrict what you can do with your Laser Scissors. We have to screen your email for viruses and block them before they reach your inbox. We have to block your computer from accessing advertising websites. We just HAVE to keep you from doing things that are potentially VERY dangerous for you to do. And there is the balance. Keep you from doing what you shouldn't (twitch) while enabling you to do everything you need and want to do.
If we are too restrictive, you inevitably run into roadblocks, and slow downs. if we are too open, you run into utter chaos and potentially lose everything. And then, if you DO get infected with something because you got an email saying you missed a western union moneygram that you should click HERE to redeem (puhlease, there is no western union, come on) and then your bank records are compromised, and then your savings are drained, who do you get mad at? YUP, you get mad at US because we failed to protect you from the bad guys. When only last week you were upset with us that you couldn't get to the Western Union website because you typed "western onion" into yahoo and clicked on the first thing that popped up (OMG, NEWS FLASH, SEARCH IS NOT YOUR FRIEND) and instead of the Western "Onion" page you got a page saying that you can't access that website because of security restrictions.
But you know what, we just have to grin, and bear it. we get the call... and we take the heat, because we have to. And while you are explaining that while it's unlikely that your 95 year old familily member knew how to send you money by "instagramatron" that we shoudln't be KEEPING YOU FROM WHAT YOU NEED TO DO. And you're right. We shoudln't (twitch) be keeping you from what you need to do. But sometimes, in order to keep you safe, we do need to block SOME things that you DO really need to do. It's gonna happen. With the ever changing landscape, really, we just have to err on the side of caution. put it this way:
you can be mad at us for putting up a road block temporarily, that you call us and we take down and then you go about your day
OR, you can be mad at us for letting you get somewhere that looked legitamate but was not, that instead installed software that stole your bank information, your social security information, that then drained your bank account, encrypted all your family photos and held them for ransom, stole your identity, and sent a message to a colonizing alien civilization that this family is ripe for harvest.
i have the urge to say that it's a no win situation as far as the IT guy is concerned. You're going to be mad at us either way, because that balance is so very hard to maintain. But it's really not. Even if we're the brunt of the fury, in most cases, we do know that we are trying to work in your best interest. We're hopeful that one day, you and i, me and Joe Blow, will meet up and have a beer, and Joe will say, Hey, Justin, you kinda pissed me off when i couldn't get to that website that my sisters cousin emailed me about last week. I could have learned how to run my car on water and stop sending money to the middle east.
And i could smile, order another round and say, Man... that email was sent by a gang of russians who are running a botnet that are compromising internet enabled toasters to send out spam, the link would have compromised your computer, sent all of your pictures to the Kremlin, and you would have had to pay $400.00 to get back the ONLY copy you have of the video of your daughters bar mitzvah, and that's IF they decided to send you the encryption password AFTER you gave them the money.
And there is the balance. The one that's so hard to make right. Sometimes, admittedly, we FAIL. Our urge is to keep everything updated as much as possible, since most updates are ones that resolve security problems. Unfortunately, sometimes updates to some software negatively impact some OTHER software that you need to use to function. We realize that this is a possibility, and we do our best to catch these things before you do. Sometimes we dont catch it in time. But when we realize it, we do our best to make it right. Unfortunately, what the end user see's is not all of the things that we have protected them against, it's the couple of times that what we've blocked are actually things they need. It's an accepted danger and one we try our best to keep from happening.
To come full circle, the Balance?
If end users were allowed to and wanted to do anything and everything we would set them up with a computer, a username "administrator" a password with "password" or "none", open to anything and everything. And yes, The end user could do whatever they needed/wanted to do on the internet.
For maybe 10-15 minutes. Maybe. After that, the computer would be an unworkable pile of virus infected spam bots and totally unusable.
On the other side, to keep your computer TRULY safe, and i know, it's hard to say this.. and i'm only being honest here... You woudln't be allowed to touch it. Or work on it. Plus it'd be behind a restrictive firewall. It would be a clock basically. NOT an alarm clock, cause you would need to be able to set the alarm time on an alarm clock. no, just a clock. an expensive clock. but hey, it would work FLAWLESSLY for YEARS AND YEARS. isn't that what your watch has been doing?
That balance, between enabling you to get your work done efficiently, effectively, quickly, with as few restrictions as possible, while at the same time protecting you from those who spend their nights dreaming of ways to break in, to convince you that you should click where you shouldn't (twitch), of passwords you could be using... Its a difficult one. and really, if we do our job PERFECTLY, you wont even notice. Perfect is hard to do. if we do our job WELL, then you're just going to be upset at us. you'll be upset when you cant get to that website... when you can't open that email... when you JUST want to install that ONE free software package.
If we do our job POORLY, then you're calling us, and packing your computer in celophane, shipping it to us, and then we tell you that everything is lost. We dont want you to lose everything. You dont need to know how fine that line is, between being held hostage to someone in siberia, and getting a blocked page when clicking a web link. We dont want you to be upset with us because you are blocked from something. BUT, we will accept it and try to fix it. Because we know that it's better than some alternatives.
Cause hey, be honest. You need to focus on what you need to do. WE focus on the threats that are out there. A good mesh is obtained when there is good communication between us. Have you hugged your IT guy recently? Please do. And if you do, do me a favor. Give him a BIG hug, and when you pull him in close, you need to whisper, loudly into his ear... "I need skype to work because my daughter just had a baby and they are far away. I keep getting a page saying my request is denied."
And in THAT case... well... for YOU, we'll make it happen.
The Apology? Sorry... we'll try to not let it happen again.
My one request would be this... that when you get through the day... and everything has worked.. that you've sent the emails, accessed the programs, uploaded the documents, sent out the information and received the responses... That JUST occasionally... you stop for a second and realize... that we just balanced a very precarious egg for you, and succeeded. We might not get it tomorrow, but darnit... for today... we got it right.