Firewall, Ad-adware and Spybots on desktops.

[Eltano1]

We are a new department in my company and the whole group is conneted to the web, via the company's network, which is behind a corporate firewall. When I suggested to install firewall (Zonelabs) and ad-adwarea and spybot in our desktops to prevent pop-ups, trojan horses and viruses (via downloads and opening attachments), the Network grop told me that will be no necessary ( that the company's firewall is more than enough). I will like to know your opinion in this matter.

Best regards

Eltano

 

[MedicBob]

Possible. They might be running spyware, etc. on the firewall or proxy.

 

[mboy]

I wouldn't reco the firewall (it could screw things up for IT dept.), but adaware and spybot are good to have.
I wouldn't do anything without their blessing.

 

[spidey07]

your network department is clueless if they think a firewall is enough.

80% of all breaches of security are from INSIDE THE FIREWALL.

This includes worms, trojans, viruses, malware, spybots, etc. To protect against those you need personal firewalls, anti-virus, spyware removal and automated patch management

The entire industry is pushing to running these services on every single desktop.

I'm going so far as building the intelligence into the network gear to say "you don't have up to date virus, patch and spyware removal? You can't communicate with anything. NO LINK FOR YOU!"

 

[Eltano1]

Spidey, I'm glad that you make me feel that I wasn't wrong. But You know they are the ones that have to approve it.

Thanks again and best regards

Eltano

 

[spidey07]

Originally posted by: Eltano1
Spidey, I'm glad that you make me feel that I wasn't wrong. But You know they are the ones that have to approve it.

Thanks again and best regards

Eltano

Well there is a cost associated with everything.

Secure or easy to use/administer.

Its a sliding scale - the more secure, the more difficult and harder to use. Adding stuff to the desktop adds an administrative cost to it. And if the network team is already swamped then ofcourse they don't want to add to their workload. Delploying personal firewalls, developing rule sets, testing out applications, monitoring and updating the software = TONS of work and ongoing administration.

So sometimes the "answers" aren't technical in nature and there are other business drivers at work.

In my case there are thousands of nodes and hunderds of routers. Worm and virus outbreaks cost a significant amount of time/money in terms of lost productivity for business units and the IT staff. If we have to increase our administrative overhead and add a few FTEs to support that security then so be it. It winds up being cost avoidance anyway.