Re: Save some money now, we'll deal with it when we get breeched
Back to the real world: If you can somehow get across the message that over 99% of malware infections are caused by the user clicking on something clearly identifiable as malware (like: "Install our free pornvid viewer") then there is some hope of progress.
I personally think that IT staff have about 99% of the responsibility there when it relates to work computers. Software Restriction Policies have been (freely) available in Windows now since XP, which is what, eighteen years ago now?
SRP's allow an administrator to easily select what executable code a user can and cannot run. Changing the security defualt level from "unrestricted" to "disallowed" radically changes the security landscape. Instead of the user being able to run any program from any location the user is then only able to run programs from allowed locations, which by defualt is to only allow the windows system files to run.
If you lock the user to only be able to run programs from locations that they can't write to, then it becomes impossible for a normal user to run any form of unauthorised file containing executable code. (while still allowing them to open word docs, etc) Authorising files is easy, you can do it via a hash of the file or by path. Doing it by path is the easiest way of proceeding; just put policy rules for "unrestricted" to allow any programs to run from %program files% and from %authorised network share%
Hey presto, users can now only run programs that an admin has installed, assuming that you have taken the basic precaution of not letting the users write to the location they can run programs from.
Combine this with locking down other very notorious security holes (only run authorised signed macros) and lock flash down, set Adobe Reader not to download or run stuff via the GPO they provide that barely anybody uses and your attack profile starts shrinking. If you start systematically securing the remaining holes then it doesn't take long before the available attack surface becomes vanishingly small.
Biting the hand that feeds IT
