If what Mr Johnson says is true then I think you should comment on this.

Also is there some serious money to upgrade the Council IT systems in the budgets?

I agree that our roads should be upgraded, but too much is being spent on pavements which are not in serious disorder. So next year reduce pavement spending and increase infrastructure IT spending.

Lack of regularly updated security software.
Failure to apply security updates to the operating systems and other software in a timely manner.
IT staff performing routine work using administratrative accounts.
Absence of internal firewalls, eg. between telephone and mail servers and the rest of the network.
Bypassing of security features in software, such as allowing Outlook to open .exe files.
Allowing users local administration rights on workstations.

This sort of thing is shoddy practice in a ten seat organisation. In one of the largest local authorities in the UK it’s inexcusable. In the private sector several people would have left the building with their personal items in a carrier bag by now but I don’t suppose that will happen here.

And why do the updates insist on refering to “protect from a virus” rather than “recover from” or “virus threat” when they mean “virus infection”?

If you want someone to write some of those difficult questions I’d be delighted to help. Seriously.

I don’t think the current administration is going to apologise for not rushing into spending £ millions undoing all that. We’d rather use the capital for parks, street lights, heritage buildings, swimming pools, libraries, etc.

Don’t let the facts spoil a good rant:

Report: Rise in virus attacks costs firms dearly

More companies suffered extensive virus infections in 2003 than in the previous year and spent on average almost $100,000 to clean up each attack, according to new research.

The Computer Virus Prevalence Survey found that last year, almost a third of the hundreds of businesses polled worldwide had suffered a virus “disaster,” defined as 25 or more computers infected by a single virus in the same incident. The report was released on Friday by the ICSA Labs subsidiary of security firm TruSecure.

“The re-emergence of ‘outbreak events’ and the success of mass-mailers in early 2004 illustrates that organizations are not making enough progress in their defense against malicious code,” Larry Bridwell, a content-security program manager at ICSA Labs, said in a statement.

The survey polled 300 randomly selected companies and found that 92 had had major virus incidents in 2003, up from 80 in the year before. The cost to recover from the incidents also increased, to almost $100,000 last year from $81,000 in 2002. Moreover, nearly 11 percent of all their machines were infected every month, according to the survey.

The numbers indicate that antivirus software isn’t proof against infection. Almost all of the companies surveyed said that at least 90 percent of their desktops have antivirus protection, but still a third of the companies suffered virus disasters.

The issues is not that such software doesn’t work, but that it is inherently reactive, Bridwell said. First, a virus has to be detected, and then a cure has to be created and downloaded to all antivirus tools.

“No matter how fast the antivirus industry is, no one can react fast enough,” he said. “Corporations are having to be much more proactive in their policies.”

The MSBlast worm, also known as Blaster, affected the most computers among the businesses surveyed, infecting almost 130,000 systems of the some 960,000 computers used by the companies. Other top threats were the Microsoft SQL Slammer worm and the Sobig and Klez mass-mailing computer viruses.

More than 80 percent of virus disasters involved one or more computer servers. The servers had to be taken down for an average of 17 hours as a result, the report said. While companies estimated the average dollar cost of a virus disaster at nearly $100,000, the most common answer was much less, at $10,000.

More than three-quarters of respondents said that outages had caused a loss of productivity, and two-thirds indicated that a major effect of an attack was to make a PC inaccessible. Corrupted files and inaccessible data were the other top virus effects.

Reference here is slightly old but I haven’t got time to find a better one. You might like to back up your assertions with some facts, however old, Eric.

‘..our technical architecture is rather closely coupled.’

Web site/email and telephones coupled? How did that pass any reasonable risk assessment exercise.

Organisations aren’t blighted by viruses. Organisations fail to prevent viruses infecting their systems.

Also I know of no major UK organisation whose web site, email system and phone sytem all failed at the same time for four consecutive days.

On balance I’d rather pay more Council Tax in order to have reliable digital information services.

We appreciate your saying sorry.