Because I'm the mommy, that's why!

Rob Rosenberger, Vmyths co-founder
Friday, 4 January 2002 A VMYTHS READER who probably needs anonymity asked the following question:

My company blocks Hotmail and other Internet Mail sites, and gives the following explanation: "Unfortunately, Web based e-mail services cannot be opened because of the potential of viruses infecting the...network." Is there reason to believe this is a true statement, or an excuse to keep us off Hotmail for other reasons?

The old saying "because I'm the mommy, that's why!" has turned into "because it protects us from viruses, that's why!"

Good question! Answer: "yes and yes." We'll talk about the "other reasons" after we cover the issue of viruses. Only a small handful of "freemail" sites bother to check email attachments for viruses. Hotmail does it, for example, but their network sometimes fails to detect them. When new viruses come out, the possibility exists for employees to infect their PCs via any non-corporate email account. I said "non-corporate email" because this problem doesn't limit itself to just freemail. I've worked in the past with network administrators who log into their home networks just to read personal email. It also includes reserve military officers who can access email from civilian computers. (The military runs plenty of antivirus software, but they habitually lose containment whenever a new virus comes along. You can guess my opinion of home network email servers.) So any employee could bring a virus into the company just by using any non-corporate email account. This threat manifests itself in the real world for a rather obvious reason — few employees see it as their job to constantly update their antivirus software. The more network users you have, the more you need centralized antivirus software management. Hence many corporate, government, and military PCs automatically download the latest "approved" antivirus update every time an employee logs onto the network. Employees generally can't stop these updates — they occur as part of the network "login script." In theory, then, any employee who goes through this rigmarole should feel safe enough to access a Hotmail account. Right?

A company with centralized antivirus software management should feel safe enough to let employees use Hotmail. Right?

In theory, yes. In reality, no. Shallow thinkers block Hotmail to protect their inferior antivirus technology. In theory, yes. In reality, no. Let's suppose you & I work for a firm where they centralize the antivirus update process. You & I get the latest approved antivirus update every morning when we fire up our PCs. Immediately after you & I log in, you check your reserve military email and I check Hotmail. And we both accidentally run an infected attachment on our PCs. We wind up infecting the whole firm with a devastating über-virus — because the company's latest approved antivirus update doesn't detect it. ~~Who will take the fall in this scenario? You & I will, of course. But I insist it is not our fault. Rather, it's a consequence of the firm's decision to deploy inferior antivirus technology~~. Uh, let's just forget I wrote that.
A FIRM MIGHT block non-corporate email access as a tactical antivirus solution until they implement a strategic antivirus solution. However, few companies care enough to face the fact they prefer an inferior antivirus technology. They also don't care enough to ~~punish~~quarantine "typhoid macro" employees. Shallow thinkers will incorrectly ban Hotmail et al. as a long-term antivirus solution. An unrelated circumstance can make this logic error work to the company's advantage. Face it: your boss didn't hire you to answer personal or military email during work hours. Logically, your firm would forbid non-corporate email access as a long-term productivity solution. Hence firms feel justified for one correct reason and one incorrect reason when they block non-corporate email. This leads to an obvious question. Why would a firm give employees an illogical reason for a logical decision? The answer boils down to politics. Enforcers blame it on the scourge of viruses because it's not their job to defend management's policy against reading personal email. The old saying "because I'm the mommy, that's why!" has turned into "because it protects us from viruses, that's why!" Shallow thinkers use the threat of viruses to justify a multitude of non-virus policies just so you won't debate their decisions. Some firms, for example, ban the popular SETI@Home screensaver as a security threat and/or as a bandwidth hog. It is neither. In reality management probably just wants to eliminate a nagging tech support problem — but if they admit it, some employees might debate the decision.
Many network gurus have special dispensation to use Hotmail at work. It's so widespread among Fortune 1000 firms that I'd bet money on it.
Virus hysteria spawns from disinformation, you know. Ironically, if you pressure your network gurus, you'll find many of them have special dispensation to use Hotmail and other non-corporate email accounts. It's so widespread among Fortune 1000 firms that I'd bet money on it. They'll give you two reasons for it:

they occasionally "need" an external email account to test their internal email network (a legal no-no), and
they "know" better than the average employee how to avoid viruses even though they use the exact same corporate-approved antivirus software.
If your network administrators give these reasons, tell them "Rob Rosenberger predicted you'd say that."