Why your BUSINESS PC isn't infected

The Quick Version

Businesses keep their Windows machines locked down in a way that is not practical for normal people to ever do with their own computers at home.


The Key Points

1. Business PCs are locked down in a way that is not practical for home PCs.

2. Your IT department tests all software in great detail before it gets on their PCs.

3. Your IT department are knowledgeable gatekeepers of what gets onto their PCs. Normal people like you are not.

download (1).jpeg

"But my work laptop never gets infected and that's running Windows, why is it such a problem on my home PC?".

The answer is your work PC has a particularly vicious night club bouncer on the door, called your IT department. Those folks know what a problem security is on Windows, so they lock it down as tightly as they possibly can before giving it to you. To see what I mean, try and install some software on your work laptop. You will be told to bugger off you're not an administrator (OK the exact message might be slightly more polite than that, but that's the sentiment you will be seeing).

If you ask IT people why they setup machines in the way they do, they will say something along the lines of "end users cannot be trusted, if we open up the system they will install all sorts of junk on it". So they become the gatekeeper and with good reason. Bad software could certainly make a mess of your laptop and might also spread to other systems in the company.

When I say gatekeeper I really do mean a very strict gatekeeper indeed. Let's go back to the night club bouncer analogy and think about how that would pan out with Windows PCs. At home your first line of protection is your anti-virus software. It has a "Black List" of bad programs that it will reject if it sees them (that's why your anti-virus updates itself every day, it's getting the latest list of bad guys). It's like the police hand every night club bouncer a list (with pictures) of all the criminals in town. The problem is the list is very long (millions of criminals) and the baddies change their appearance (grow a moustache) and we live in a big city and new scumbags get off the boat every day. Consequently a lot of very nasty people get into a lot of night clubs.

The IT department is a nightclub bouncer with a "White List". He will only let in people on his allowed list, which might only have 10 names on it. 10 names that he has personally checked out. Naturally he has performed the full body cavity search. He has asked around the other bouncers in town, not just to make sure they don't have a bad reputation, but to confirm they are known and have an exemplary reputation for behaving well. He has even gone around to their homes and met their mom to make sure they come from a good family. He has made them dance in the foyer of the club for days on end to make sure they don't commit any tasteless moves. He has even made them dance with each of the other people on the white list in turn to make sure no moves clash with any other. And our bouncer knows that if it doesn't do all of these things he will get fired and replaced with a bouncer who does.

I know this sounds like a ridiculous analogy, so I passed it around a few IT friends running corporate IT departments for a cross check. They laughed, but they said yep, that's pretty much how it is. They check out software and the companies supplying it in detail before they buy it. They have separate test systems and they test all the software coming into their company on those systems, checking that the software behaves and that it doesn't clash with anything else, before letting it loose on their users.

The IT Department are super fussy about what software goes on their Windows PCs and do everything they can to make sure nothing bad sneaks in. If they were to be slackers in this regard and something stopped the company trading they would be fired and replaced with more careful IT folk.

It's hardly surprising that they have gone to this much trouble to control what comes onto your computer.  They don't let you install that handy little widget that lets you grab copies of music you see on YouTube, because they know that when you install it, you are likely to get a whole bunch of Junk Software tacked on the back of it.

The question of who gets to be the gatekeeper on your system is a surprisingly important one and sadly it is often overlooked.

Businesses are typically stuck with using Windows because they have software that has been specifically written to run aspects of the business, software that only runs on Windows. They don't choose Windows because it's the best choice for security, they choose it because they have to. They can't suddenly change it because they have a lot of infrastructure that relies on it. They are the oil tanker that takes hours to change direction. You are the speed boat that can go where it likes.

Summary

Businesses keep their Windows machines locked down in a way that is not practical for normal people to ever do with their own computers at home.


But this is all nonsense!

The slaying of myths and misunderstandings

There's a staggering amount of misinformation and urban myth doing the rounds on the subject of home computers, often nonsense that is most definitely against your best interests. So let's prepare you for when someone "who knows about computers" comes knocking by covering the popular hogwash in advance.

But I have to have a Windows PC at home so it will be compatIble with the one at work!

Maybe, but probably not. When I watch people using their home computers to do tasks from their office they are typically doing some combination of these three things:

  1. Email.
  2. Editing Word and Excel Documents.
  3. Doing a remote connect to a desktop in the Office.

Taking those in turn:

1. Email

Everything does email. There are even TV sets that do email these days. Anything we have talked about here will do email.

2. Editing Word and Excel Documents

All of the machines we have talked about on these pages can create and edit Word and Excel files. Now, to be fair, it is true that some of the clones of Microsoft Office (like Google Docs on Chrome OS or OfficeSuite Pro on the iPad) have trouble opening some Microsoft Office files. It's not that they don't work at all, they just mess up the formatting a bit. It's not normally much of an issue for home users, but it can be if you are creating professional documents and using all the fanciest features of Word (that's where it typically has a problem). In which case you might want to get one of the machines that runs the official version of Microsoft Office (iPad or Mac).

3. Remote Connect

This is where you connect to the office so you can see exactly the same thing on your screen at home as you would see on your screen at work. Often this will just run in a web browser and will work with any kind of computer that can get onto the Internet (which is everything we are talking about here). If you want to do this it might be worth checking with your IT department if it will run on the equipment you have or plan to get, just in case they are doing something wacky.

Of course in all of these matters you should be asking yourself if they want you to do work at home, shouldn't they be supplying you with suitable kit to do it? In which case what your home computer is has no bearing on this.


Your Comments

Don't be shy, say what you think. The comment system below is there for anyone to ask a question or make a point. Especially don't hold back if you are a normal person just trying to make sense of it all. It's easy to get the opinions of geeks on geeky matters. Much more interesting to hear how this works out for you or what bits need more explanation. No such thing as a silly question, jump in.