Standardizing & Improving Security -- An Oxymoron for Our Times

In the ironically-labeled memorandum M-07-11 (feeling lucky?), officials at the Office of Management and Budget say that adopting standardized configurations for Windows desktops in federal agencies will somehow create a situation in which “[i]nformation is more secure, overall network performance is improved, and overall operating costs are lower.” Each of these claims is questionable, but the essential truth is that standardizing desktop configurations will have tiny security impacts, will entail enormous unfunded costs and will potentially make federal networks less secure.

This is not to say that configuration management practices in the federal government are beyond reproach, but we need to admit a few realities: