Banning Instant Messenger at Work

My colleague sent me a link on this ZDNet Australia feature story:

Banning IM at work

It reveals that quite a lot of companies have started banning instant messenger (IM) software at the workplace. Not just the financial and law firms, where leaked information can cause considerable damage, but also firms in all kinds of disciplines. Companies want to track all kinds of conversation going in and out of the local network, and a lot of IM application cannot provide sufficient auditing features. Moreover, security experts say it is like opening another hole on your computer that might attract virus and Trojan horses.

But, does banning IM really make the work a safer place? To really survive attacks from Internet, you need ban a lot more things. What about emails that spreads virus like wild fire? (Oh. What's this attachment that ends with .PIF? Let me double click on it...) What about the security holes in your Internet Explorer? (Err, how come my documents disappeared after I visited that Internet site with fancy Java stuff?) Can you be sure that you are downloading trust worthy stuff through Windows Update? What about other updates like virus definitions, product auto-updates, etc - are you sure they don't contain Trojan? (Hmm... This update is signed by MicroHard Inc. What the heck. Just click on Okay...) How about phone conversations with the outside world - wouldn't it be picked up by that evil dude at the local exchange? (Sounds like someone else is laughing as well when I just said that joke...) What about the removable media on the computers that employees can use to potentially take things out from the "secured" environment - floppy, CD record-able, USB keys, ZIP disk, etc? (huh? Where is my diskette that was in the floppy drive yesterday?)

Banning the IM won't solve the problem. Maybe we should all move back to main frame boxes and WISE60 text terminals...