At work, I am required to encrypt anything containing sensitive information and the receiver is required to know how to decrypt it...which takes no knowledge at all since it all happens in the background. Any time I need to transmit sensitive information from an environment that does not have encryption/decryption capability, it goes by fax or snailmail. It's so 20th century.

1. Make the laws on government bidding so complex that very few CAN understand them. Requires power.

2. Grease the skids to overcome the inevitable subjectivity inherent with people trying to interpret complex rules (crony capitalism). Requires money.

3. Shazam! You win the bidding process.

Sigh. Well, if there is a silver lining, it will force Apple down the same road (to hell?) that Microsoft was forced down years ago to create a more secure OS. We know Microsoft isn't there, and now Apple OSs are going to get the same level of scrutiny. Maybe criminals will begin to lose interest in exploiting Windows? (HEY! That really is a silver lining!)

I work in a medium size organization. Similar to other responders here in small organizations, we fall under a Support Division whose lead reports to Operations (i.e., a COO). I don't mind that we're in the same department as office supplies, furniture, telephones, and facility management, except when it comes to funding where we're competing against -- you guessed it -- office supplies, furniture, telephones, and facility management. Given my druthers I'd rather report to the COO, not because I have a bad boss (I don't), but because IS/IT merits higher visibility in the food chain.

I'd rather they stare at me than put me through all the security crap that costs billions of dollars in equipment and TSA personnel. Somehow, the Israelis have figured out how to use behavioral recognition w/o all the extraneous BS according to everything I've read on the subject thus far.

Current fears of government involvement/takeover of private businesses aside, given the reliance of the DoD on the Windows ecosystem, it is reasonable to expect they -- and other security organizations such as the NSA -- have some level of access to the code developers (not necessarily to the code itself). MS has a vested interest in thier sucess because they couldn't afford the headline, "DoD drops Windows for Linux."

While there could be a backdoor, a more rationale conclusion is the involvement of these government agencies is to help insure the O/S has the capability to be highly securable. Very few programmers outside of government have the same security worldview as the NSA/DoD, so MS needs that government expertise to assist them. http://iase.disa.mil/stigs/index.html

My company's solution is to lock down the systems so tightly as to turn network systems into standalone systems.

Current U.S. law prohibits cyber attacks against systems in other nation-states.

Agreed: I don't have the right to tell you what you run on your computer, just what you run if you want to connect to the internet, a public medium, as are public roads for which we need to take a test to get a license. That technical and political issues have to be dealt with in a comply & connect strategy is a given, but not a reason not to do it. The chaos of the maladies now so ingrained into the unsuspecting user's computers begs for a solution many will find unpalatable. My favorite, actually, is licensing, not comply & connect.

This is a needed first step towards a comply & connect policy for all computers that people want to connect to the internet. The very arguable question is how far to take that policy. I think simply making sure an approved anti-virus program is installed, and redirecting computers that don't to an AV download site (be it Comcast's or Cox's free McAfee versions or somewhere else) ought to be adequate. No AV, no connect until you install it.

I doubt Symantec's warning was geared to a Slashdot audience, but towards those Neanderthal carbon interface devices that refuse to pay for an AV service or application. Usually, I just want to slap users (twice) and then ask what problem their having with their system. MS didn't develop free AV software to compete with other AV companies, but to protect their OS against negligent, recalcitrant, cheapskate, or just plain ignorant users.

It can also be said the AV manufactures over-priced their products, putting AV protection out-of-reach for some, regardless of their intellect.

"Enterprise readiness," along with "supportable," was a term taken from the original poster. I don't know what it means to him.

To me it means if the proposed solution can accomodate the existing infrastructure, and is sufficiently scalable to support projected growth for the next 5 years (my number, because I don't want to have continually revisit a product because it wasn't adequately scalable -- or supportable, for that matter).

Consider the possibility management might be wise to be concerned about supportability and enterprise-readiness. The good news is at least they're thinking about those things. Of course, I don't know your management like you do, and you may have cause to believe their actions are borne of being awash in perks.

But as crazy as it may seem, let's assume they're really interested in what's best for the company. Is your solution better, faster, cheaper, supportable, and enterprise-ready? If so, sell your idea to them in management language. A "suggestion" isn't enough. It's their sandbox.

I wonder how much Rep. Barney Frank (D-MA) paid him?