I wrote my latest Guardian column after hearing security experts lament, for the nth time, that sensitive systems like MRI machines, defense-contractor computers, and so on should never be connected to the Internet, and when these are compromised by spies, malware or worms, it's the fault of bad network policy.
I realized that this lament was like the one you hear from people who bemoan kids having sex and getting pregnant or catching diseases, "If they'd just abstain…"
Abstinence programs don't work — not in IT, and not for teens' sex:
Every time a state secret disappears from an internet-connected PC, every time a hospital computer reboots itself in the middle of a surgical procedure because it has just downloaded the latest patch, every time an MRI machine gets infected with an internet worm, I hear security experts declaiming, "Those computers should never be connected to the internet!" and shaking their heads at the foolish users and the foolish IT department that gave rise to a situation where sensitive functions were being executed on a computer connected to the seething, malware-haunted public internet.
But no amount of head-shaking is going to change the fact that computers, by and large, get connected. It's what they're designed to do. You might connect to the internet without even meaning to (for example, if your computer knows that it's allowed to connect to a BT Wi-Fi access point, it will connect and disconnect from hundreds of them if you carry it with you through the streets of London).
Operating systems are getting more promiscuous about net connections, not less: expect operating systems to start seeking out Bluetooth-enabled 3G phones and using them to reach out to the net when nothing else is available.
All evidence suggests that keeping computers off the internet is a losing battle. And even if you think you can discipline your workers into staying offline, wouldn't it be lovely if you had a security solution that worked even if someone broke the rules? "You shouldn't be having net at your age, but if you do, you should at least practice safe hex."