"We reject your configuration rules and substitute our own."

Why do we do this?

Frankendate: 12.18.2007:  Entry 004h

 
 


Last week one of my customers was hammered by a virus that attacked their windoze infrastructure once again. How did this happen? I could say that they purchased a lousy firewall and that's how it got in. I would be lying; they have a very recent Cisco ASA firewall which is programmed by someone expert in the field. I could claim they ignored protection of their PCs and servers with anti-virus software. Well again I would be lying as they utilize the latest version of Symantec anti-virus on all their PCs and servers.

After the attack was noticed there were at the least 5 man days of services to banish the virus from their systems. That's the easy number to tally as it's fairly straight forward to add up the hours spent cleaning the virus. The difficult number to tally though is the lost productivity for the company staff. Untold hours of PCs not working, access denied to company assets, inability to read or reply to emails. In this case they actually may need to rebuild servers to assure they are clean and that the virus won't re-appear clobbering performance once again.

But it's not all bad. The customer continued to run their business. Their product was produced and their shipments continued. Raw materials were received, production orders were created, bar code labels were printed, applied, and scanned. Accounting folks did their jobs. How did this happen even though PCs and servers were crashing all around? Two characters: "i5". You see their primary business application runs on i. The i never flinched. The i never wavered. The i was oblivious to the virus because it is immune. Bravo!

So why does the customer not run everything on i? It's all perception. Perception that i cannot do it all (hint: it can) perception that i isn't the most cost effective (hint: it is) perception that system i is some antique (hint:It's not) based on an architecture from the 70s. (hint: true, but it's a GOOD architecture!) Add the cost of this event to the cost of the winDOHs servers and they don't look so cheap now do they? What carried their freight through this? i5 again. Reliable. Solid. Cost Effective.

Years ago I knew a lady who's sister would have been killed had she been wearing her seat belt in an accident. As a result this lady absolutely refused to wear her seatbelt. One occurrence was taken as representative of all. I'm not saying you must wear a seatbelt but you clearly must admit that all statistics indicate you are MUCH more likely to survive an accident while wearing one.

So if this virus was the only situation where a corporate network was partially or totally disabled by a virus then you could accuse me of being like the lady who won't wear a seatbelt. But it isn't true.

Just yesterday another customer called with virus issues and they too work hard to prevent viruses. Some years ago I was at a customer when the network guys were informed that *ALL servers were to be shut down until further notice due to a virus outbreak. Interestingly not one person even considered shutting down their iSeries. Production continued in all four countries running on their i820. When the corporate tech weenies showed up they were livid that the system was still running. "WHAT IS THAT THING DOING RUNNING!" they demanded. We calmly replied that it was running production, in two US locations, in Canada, in Mexico, yes even in China. And no it doesn't have a virus. Despite all that the i820 was gone within months replaced with PC servers that I'm certain have nowhere near the uptime that i820 displayed.

Bottom line: Duct tape, nails, screws, boards, sheet metal, zip-ties, whatever. Tt doesn't matter what your defense is when you're running windoze, eventually it will be breached. It's not if, or how, it's when. Instead do it right to start with and leave the duct tape and zip ties in your tool box.


Where does your company run?

- DrF

i Want an i

 © Copyright 2007 Frankeni.com
 

i want an i
 
400 Key