OS and Software > No, I Will Not Fix Your #@$!! Computer > Email from IT re: Virus Infection Circa 2001

Email from IT re: Virus Infection Circa 2001

To answer your question, no I don't think it was unfair.

I have run into several situations where letters like this should have gone out for one reason or another. Half the time your worst offender is someone who has read the warning e-mail, acknowledged they read it, and then do whatever it is you told them not to do anyway. Such as don't open that virus that is going around, or please stop e-mailing the entire staff those 10 megapixel uncompressed pictures of your latest grandson to everyone.
--
How lucky am I to have known someone who is so hard to say good-bye to.

reply to Jeffrey
If I have learned anything during my stint in IT, it's that there is a reason you don't see the majority of the IT staff. There is a reason they are kept locked away from everyone else. Techies (myself included) don't communicate with anyone other than techies very well ... and generally feel that end users are incompetent and not very bright. (I have seen some of the most intelligent people in the world reduced to a quivering mass when confronted with what to us seems like a simple, logical action. "Excuse me? You clicked on WHAT?!?")

I read this letter and cringed because I have sent emails like this in the past -- early in my IT career. This letter was absolutely inappropriate and knowing what I know now, I would reprimand the employee for sending it and make him send an apology.

You can't expect your end users to understand all the aspects of your job just like you don't understand how to perform open heart surgery, or what EBITDA is.

It is my opinion that all too often my fellow colleagues (again, myself included) have too little patience and forget what we actually get paid to do. No one knows everything and expecting an end user (or even a manager, per a previous thread in here) to know everything that you do, plus some, is folly. That is why everyone has different jobs, because you all fit a necessary role -- which is why you have a "position," because you are a part of a team.

On a final note (it's well past my bedtime), I've noticed that people who don't learn constructive ways to vent their frustration or anger at the really difficult end users either flame out, or never progress very far in their career and get pigeonholed in a certain position ... which just adds to their frustration. Learning how to communicate effectively and how to deal with end users (with patience) is absolutely, unequivocally a skill you MUST learn if you want to move forward in your career.

reply to Jeffrey
I don't think the communication was necessarily out of line, given the timeframe in which it was sent.

I regularly have to deal with issues caused by users that ignore company policy. Sometimes, these issues lead to finger-pointing sessions in which I am targeted as being responsible for the problem.

My response is usually something like "I followed the rules...did you?"

In my organization, we unfortunately do not have anyone who will accept responsibility for policy enforcement. We have the policies, of course, but they are useless in most cases because there is no accountability.

I think the communication referenced above is in entirely within reason provided there was a clear prior understanding of an AUP and a clear understanding it would be enforced.
--
We were taking a vote when the ground came up and hit us.

reply to Jeffrey
I think it was necessary, but written by the wrong person. IT staff do have a responsibility to protect the network and more could have been done to prevent it. Then, it happened, and it is the IT staffs problem. They are sort of shifting the blame, and angrily, back towards the other employees.

A re-iteration of policies and original email would have been all they could do. To go into angry details accomplishes nothing and probably just embarrassed the person/s sending the email, or should have.

But in the end, the IT staff still have to do there job and clean up the mess. Sucks, but "yelling" at everyone for making there job more difficult is not going to help them in the long run. Patience, kindness, and just plain office courtesy is needed in those situations. It comes back to them and/or makes employees LESS likely to contact them with issues or problems, like a virus.

I get pissed, have little patience, and am just the same way but would never send something like that out. Nor would I treat an employee, a fellow worker, like that. You have to bite your lip a lot and sometimes just go home for the day, just like anyone else who has a shitty day doing there job.

reply to Jeffrey
A stupid use should not be able to take down a server like this.

Virus or not.

With servers if you are a large business they should be on a separate subnet. This subnet should be firewalled to protect it from rpc attacks. With exchange 2003/2007 rpc over http should be used even internally.

As for email viruses, why they did not have server and network filtering for a business that size is questionable.

reply to Matt
Thanks for the input everyone. It's been informative, for sure. I came across this letter in my "spring cleaning", and when I saw it, I figured that there must have been a reason I saved it back 8 years ago.

At the time (and still now) I found it to be an e-mail that was sent out of extreme frustration, or anger. It wasn't targeted properly, and as Matt and keyboard5684 have said, a communication like this of angry details didn't do much for myself, or a bunch of us in the office. I understand the point of it, and I can understand the frustration, but to me, it was just a poor choice to email it this way.

wilbilt , at the time of this email in 2001, there was no AUP in place, but merely branch-wide cooler talk by people like myself to other coworkers, suggestion "no, don't email that huge file to 100 people, don't stream video on our shared T1, don't load pirated software, etc."

bilbusb , I agree with you. When I read this letter in 2001, even with what little knowledge I had then, I was shocked that a company of this size did not have the proper hardware or software in place to stop these sorts of things. In 2001, there was no central patch management either; I ran around to each desktop on a Saturday for OT and loaded all the patches one at a time, at the request of my FTA friend. A nice way to kill a Saturday, make some OT, and severely choke the T1 for most of the day.

To shed some more light on this original memo sent out to all employees, it was written by the Director of IT, sent out to all employees with the Director of HR on the CC. In 2003, that VP of IT was let go when a new team came in.

I hear things have gotten better there. I would hope.
--
"Honesty may be the best policy, but it's important to remember that apparently, by elimination, dishonesty is the second-best policy." - George Carlin

[my ramblings]

reply to Jeffrey

reply to Jeffrey

said by Jeffrey:

wilbilt , at the time of this email in 2001, there was no AUP in place, but merely branch-wide cooler talk by people like myself to other coworkers, suggestion "no, don't email that huge file to 100 people, don't stream video on our shared T1, don't load pirated software, etc."

reply to wilbilt

reply to Jeffrey

reply to Jeffrey
I guess you can call me an old school IT guy. I have been doing IT work in the real world for over 11 years. If you count the work I did while I was in college, its 15 years. In all those years, I dealt with a variety of users and I learned one valuable lesson in all these years.

You have to protect the users from threats like this.

No user is going to know all the little things they need to do to protect themselves. No matter how many memos or policies you create, you can't expect them to follow those rules all the time. Mainly because a new threat or exploit comes out sometimes daily.

IT people are supposed to be up to date on these risks and have the proper tools in place to protect the organization. There are free tools out there if your company can't afford something nice. These tools really are affordable though and rolling them out takes little to no effort to do.

In addition, I have learned that training the users also helps. I do monthly brown bag lunch and learns with the employees at my workplace. I teach them about viruses, malware, spyware, trojans, and how to protect yourself from them. What tools you should be using and how to keep your computer running fast. I also hold them on the top 10 help desk tickets and how to fix problems associated with those topics. I get about half the company involved with these meetings. In the almost three years I have been a network admin and running these programs, the amount of help desk tickets have dropped steadily.

The best IT person is someone who is not a shut in closet geek. Yes, I love being a techie and I consider myself to be an inner geek. However, I also consider myself to be someone who gets along well with others. That is the value I bring to the organization besides being good at networks and infrastructure. The best IT people are the ones who are good with customer service and interacting with others. Lets face facts here, there are very very few IT jobs where you get to sit at your desk and not have any interaction with users at all. Doesn't matter what you do in IT, you will always have some interaction with users at some level.

Now, the answer to your question....

How do I feel about the letter? I feel its unnecessary. The right IT people in the company should have never let it get out of hand. They should have a CTO with a direction for the organization and fighting for the right tools to keep it protected. They should have network admins and engineers who know enough about security to see these security holes and plugging them. They should be making improvements to the system and being less reactive and more proactive. Puting the onus on the users for being uninformed or dumb is really stupid.
--
My domain - Nightfall.net

It's funny, when I first started at my current position, I was just like this. Always against the user, always with the "typical stupid user" comments. I found it amazing how everyone magically wanted to click the "You've won 1,000,000 dollars for being the 1,000,000th visitor", or when the shipping girl clicked the "UPS Tracking" emails and there was another mess to clean up.

I used to get so riled up but pretty soon realized that the only person I was doing anything to was myself, and I was just honestly causing my own frustration and raising my own blood pressure. These days, I just try and keep IDS and the gateway A/V up-to-date and the same goes for client A/V and spam filtering. I figure the least that gets to the users, the better off I am. On the off-chance I catch someone pegging our bandwidth for a long period of time, 90% of the time they didn't realize what they were doing was that bandwidth-heavy, or that it was that big of an issue. The other 10% I give a talking to and basically say that "I might be laidback...but the people who are my bosses aren't that much when I have to report a problem".

Pretty much takes care of anyone, including repeat offenders who love to click the ads and download whatever .exe's their heart's desires. I try to keep filtering to a minimum, because then it's less complaints to me, as we're a fairly laidback work environment as long as no one causes problems.
--
The one, the only, the Insder. :: Fighting phishing for life.

reply to Nightfall

reply to wilbilt

reply to Nightfall

quote:

---

"Writing a letter like this is not a pleasant task for us, but to be quite honest the company is at a loss as to what else we can do."

---