Seriously.

"The survey results showed a breakdown of each dollar spent on security, with 42 cents going for security products"

Those "products" around here in the real corporate universe are things like firewalls, VPN hardware, licenses for those appliances, etc., that are not platform-centric. Oh that's right....if your data center consists of Linux products, you don't need firewall, or guard against SMTP relays, or patch, etc (Christ).

Corporate IT services here in the U.S. can't afford armies of nerds to run around and install virus/anti-spyware, so we deny local admin righs to our users and hence don't bother. Only the poorly run companies do that. 

Licensing *non* microsoft products accounts for our biggest budget expense.


Oww man, if i had 20% of the budget for IT security we'd be dancing as if we had struck oil.

Unfortunately around here we're lucky if we get 0,0005% for IT MAINTENANCE supplies and IT security alone (which we usually spend on 8 cm case fans and the like), and the security budget DOES NOT PRACTICALLY EXIST AT ALL.

The only security we can do is applying some system policies in windows (by walking individually to each machine) and sealing the unused data ports in the back with adhesive LABEL paper (which we are forced to buy from our own pockets as we don't have any budget approved for security seals) ... not even proper security seal paper :(

Around here security means stand-alone systems, without any network connection (we have a ton of usb flash disks circulating though... and the occasional virus popping its head now and then).
The only proper security 'maintenance' we can afford to do is re-imaging the winblows xp partition when it gets screwed up.

I taught our users never to store anything valuable on c:\ and i even moved the desktop and my documents folders over to the e: partition in a \documents\ folder.


Around here the norm is:
c:\ - system partition (NTFS) - expect this to be re-imaged on short notice (or without any notice at all) as soon as the system is borked and/or someone complains about it, or if i feel like experimenting. This partition is never larger than 20 GBytes and it only contains the OS and the apps needed.

d:\ - swap partition... 4,1 GBytes, FAT32 filesystem with 64k cluster size. Usually hosts only the pagefile.sys file and the ghost 8.3 dos mode exe which is needed in case our recovery boot disk doesn't have the ghost executable.

e:\ - data partition,(NTFS), occupies all the remaining space on disk... usualy has a \_BACKUP\ directory in the root (only accessible as read-only for the administrators group, inaccessible for other users) which contains an image of the OS in c:\, made with ghost 8.3, used for rapid system re-images when the OS pukes its guts out.


For an example of the state of things around here: until this spring our mail server was an old Sun SPARCStation 5 workstation with a motorola 85 MHz cpu (yep.. 85 MHz is NOT A TYPO!) and 32 mbytes of ram (8 mb x 4 pieces of simm FTW) which was running the red hat linux 6.2 i had installed on it about 3 years ago when its monitor was still working.
The monitor had kicked the bucket ~2 years ago and the only way I could manage it was via SSH. It had a weird habit of crashing now and then, and to prevent that i set up a cron script to reboot it daily at 7 AM and 7 PM and force a full fsck on every reboot. That took care of the crashes once and for all.

We 'upgraded' it this year to a system with a P2/300 MHz cpu with 128 mbytes of ram (the system i used to have as a desktop machine) which now runs fedora 7... I got to use a P4/1GHz system instead of it.

and for an idea where all this happens....


.



.


.
(are you sure you want to know??)



.




.


.


I work in the freaking military...in a country that's a member of the European Union.
We're a small military company, about 50 people in total, and each has one or two computers to use (and i have to manage them all...yuck)

Our budget runs around 250+ million euros a year in total and i consider myself lucky if i can get ~1000 euros (yes, 1 thousand - NOT A TYPO!) a year for IT security and maintenance supplies, which, as i said, usually is spent on system case fans and a PSU now and then.


bleh... as i said... shit comes in.... shit goes out.


P.S. and don't even say the Millenium2/vista word around me!!!! that stupid system needs a network connection every couple of months for the stupid license auth.
Most of our systems around here are CLASSIFIED and any type of network connection is forbidden.

Even if vista was not the resource/DRM hog that it is, the stupid licensing mechanism nukes it from our books from the start. How the fuck are you supposed to use vista on such a system ? WHAT WAS MS THINKING ?