Blowhard McGillcutty

The following is an email from a coworker. It is important to note a few things first.
A) This was sent in November, the restriction of removing admin rights from computers was executed in September.
B) The person writing this is a developer.
C) This is the Federal Government, a job where you have to pass a background check, get fingerprinted, etc.
D) The author was involved in a situation which forced the agency to purchase a piece of software that the team independently purchased (with their own money) and installed illegally and then the author broke the license by installing it on too many computers, but they HAD TO HAVE IT ( the agency re-purchased the software) because it was what they were developing the app on.

I had a discussion with L about the requirement to restrict Admin rights on laptops. As you may recall (L would recall since he is the one who told you what the reasoning was in the first place!), IT made the case that as long as we run computers on a network those computers that are running with admin rights are vulnerable to hacker attacks. In other words, malware software cannot be installed on a computer if the computer is not running with admin privileges. From a purely technical perspective, it is difficult to refute that argument.

To better address the security issues I put together a list of questions we should present to IT and other security personnel at our next meeting. Feel free to add to this list. Perhaps there are solutions and we just need to be better educated ourselves as to how we can work more effectively in more secure environments.

Is the risk of being infected with malware great enough to justify draconian (Really?)security measures to prevent an attack? (I don't know. Why not ask someone who has had their identity stolen?)
What documentation is there to show the extent of the risk? (Yes. It is called the news. Check it out.)
Does the law of diminishing returns apply when it comes to computer security? (Probably. But we have way more freedom than most government agencies. I can youtube, google, and even blog from work, so I doubt we have too much security.)
How adequate are existing network security measures? Can firewalls and anti virus software be used to prevent malware from reaching a computer? (Hmm. You might have a point. I am sure that anti-virus software is a scam. Also firewalls. They were only invented to bilk us out of money. The lack of viruses is not evidence at all. thanks for bringing this to our attention. We will remove them immediately.)
Does restricting admin access to their systems have a significant impact on the ability of IT professionals to do their jobs? If so, to what extent? Are mitigation efforts effective? (What is this called? Some sort of logical fallacy i am sure.)
Some software writes to the user's hard drive during the course of running and using the software. If the user does not have admin rights then the software cannot run. Should IT professionals use only software that does not require them to have admin rights in order to use it effectively? (Maybe the IT PROFESSIONAL could figure out a way to give that specific software those rights.)
Should IT consider open source software as an alternative to more expensive software products which are more difficult to use on systems having tighter security restrictions? Are there security concerns when running open source software? (How is open-source software easier to use on a system without admin rights? Are you saying no open source software writes to the hard drive? Or was there something specific you had in mind? Yet another logical fallacy, I am sure of it.)

So you want the Federal government to justify it's security policies to you with documentation of the risk posed by allowing users to install unauthorized software? Well, despite the fact that the reasons are obvious to anyone who knows anything about computer viruses, trojans and other types of malware, here is my reason: I WANT MY $200 DOLLARS BACK FOR THAT SOFTWARE ASSHOLE.
Those were my tax dollars you forced our agency to spend.
Dicks like you costing the government money because you think you know better than anyone else should be fired at the least. Preferably rolled in tallow and dropped into a pit of hyenas.