Far and away the safest option is to take an image of the machine in a known-good state and restore to that. It'll take about 15 minutes. I've tried what the GP suggested, but there's quite a few bits of malware where quite frankly, the time involved to get all its nasty claws out of the system would cost the customer (were you charging them a realistic rate) substantially more than the PC was ever worth.
Of course, it can make restoring the system while not impacting documents or programs installed since that point pretty difficult - but would you necessarily want to keep them as they are without some sort of scan (from a non-infected system) anyway? Chances are the mechanism used to install the various bits of malware is still stood in a "Downloads" folder and it'll be back on the system before you've even had a chance to close the door on your way out.
Where you wind up stuck is when the customer didn't get a system restore CD (and, feeling adventurous one day, looked at Disk Manager and thought "Hang on a minute - I paid for a 320GB disk. How come 20GB of it's not available for me to use? Soon see about that..."). Your options frequently boil down to "charge them for a new copy of Windows" or "pirate a copy". Guess what? If you won't pirate a copy, then as soon as you walk out the door leaving their computer untouched, they'll be on the phone to their nephew who will. But it'll be you has to pick up the pieces again six months later.
Really what's needed is for the System Restore tool in Windows to be put on some serious steroids. I'm thinking along the lines of "take a snapshot at each boot, make it really difficult to disable, keep snapshots until you really need space, allow the option to restore the system to exactly the state it was in at boot rather than "the state with any programs installed since then still available" and a bootable ISO on Microsoft's website which can check that the boot process and crucial system files all have known-good checksums, replacing them where necessary".
I'm unsure that any one has tapped into the full potential the Kinect. This is probably the first time Ms has been serious about developing a Xbox. As opposed to the original hack job or the farmed out 360. Hopefully their corporate culture won't kill the projects honest effort.
I'm unsure anyone ever will. History is rife with examples of optional extras that console manufacturers released only to find no decent games were ever made for them.
Probably because - well, let's say 10% of the userbase buys the optional controller. (Note I have no idea how realistic that number is - I suspect that if anything, it's hopelessly optimistic).
Okay, so that means a developer who writes a game which requires - or, for that matter, doesn't require but works a hell of a lot better with that optional controller - is eliminating 90% of their potential customer base before they've even written a line of code. And it's remarkably hard to secure funding when you have to tell the person signing the cheques that you're intentionally excluding 90% of your potential target market.
1. All the other manufacturers are thinking "Hey, that's really cheap for what it is. There must be room in the market for something more expensive (and hence greater profit margin)."
They're forgetting the fact that Apple are perceived as being a manufacturer of high-end luxury items and they're not, so when they punt a tablet at, say, price of iPad + 30%, it's not perceived by the buying public as a "fancier iPad". It's perceived as "Cheap manufacturer is living in cloud cuckoo land".
2. By the time you account for the processes involved in producing a half-decent tablet in the quantities Apple are producing them, it's really not overpriced. Someone else on this thread has posited that the "$499 iPad costs under $250 to manufacture" - but most consumer products cost well under half their retail price - frequently somewhat less - to manufacture. The techie stuff that we're used to, with razor-thin profit margins is essentially a freak of nature as far as retail is concerned. (This, BTW, is why there aren't many half-decent bricks & mortar retail stores left that specialise in selling computers - and the few that are frequently charge stupid prices. There isn't the margin to pay rent, put up fancy displays and pay staff to sit around waiting for customers to come in).
Retailers don't really want another product with absurdly small margins, which means that any iPad killer either needs to be drastically cheaper to manufacture or it needs to sell through e-tailers who can live with very tight margins. Which suddenly makes life a lot harder because you can't let people try the product in a shop before they buy it - you have to rely on advertising (expensive), reviews (fickle, it's going to be compared to an iPad so if you want to sell it for much more, you can expect the critic to point out that it costs a lot more than an iPad but may not actually be that much better) and word of mouth (which is going to be difficult when the first two things have essentially made the early adopters think twice about adopting).
In fact, they make it pretty darned easy for you to upgrade to a 3rd party firmware. And there are free 3rd party firmwares out there today that provide full IPv6 stacks (along with almost anything else).
Yep. But none of them support PPPoA (and are unlikely to, seeing as PPPoA requires hardware-specific support), which messes up more-or-less anyone on ADSL in the UK.
"Get an ADSL bridge!"
Oh goodie. So my options are either:
One piece of sucky hardware running sucky firmware.
Two pieces of sucky hardware, one with sucky firmware and the other not so bad.
IME, you can't add two things that suck together and expect the overall level of suckitude to drop.
So - what, ISPs will write to their customers saying "You'll need to upgrade your router. A firmware upgrade may be available cheaply or even free, check with the manufacturer's website"?
How many routers do you think actually get firmware upgrades in the field? I'd be surprised if it was 10%.
I suspect that all the manufacturers are cutting costs by shaving quality, and until the disappointing reviews hit the web, they can get away with selling crap at high prices.
They haven't yet.
I've seen quite a few reviews from supposedly reputable publications where they openly admit to not doing long-term tests. I suspect quite a few of them, the test consists of "Turn it on and set up. Does it connect to the Internet? Tick, that's a 60% review straight away. Does the wireless work? Tick, 70%. Can I get wireless in another part of the house? Tick. 80%. Do the menus on the UI present a huge number of options, many of which I don't understand? Ah, it has a lot of features then. Tick. 90%."
The latest version of Debian Stable was released about a month ago. It's not great for the desktop, mainly because other distributions (most notably Ubuntu) have overtaken Debian - mainly because they've opted for a pragmatic "hey, it works, who cares about the license as long as it's legal to distribute?" approach.
But put Debian on a server and it absolutely shines.
Stable, reliable, timely security updates which don't tend to break anything, upgrading in place usually works pretty damn well. And while it might sometimes take a while to get the latest versions of a given package, by the time they reach Debian Stable you know they're usually pretty damn solid. Which is what you want on a server.
Purely out of curiosity, why is it always the UK's NHS that's held up in the US as the example of "This is socialised healthcare, it's terrible, we mustn't do it"?
Most of the first world has some sort of socialised healthcare - Canada does, most of Europe, Australia. And they all operate in slightly different ways to the NHS - usually by heavily subsidising healthcare but not making it entirely free. But we don't hear Americans saying "Canada has social healthcare, look how terrible it is!". We don't hear "France has social healthcare, look how terrible it is!" Why not?
I think it makes more sense not to think of the iPad as a computer, but rather as special purpose device intended for browsing the web and running a limited selection of applications.
It may be that you want something more flexible. That would be a netbook.
Maybe I've misunderstood you, but anti-aliasing doesn't make everything look crap. Not if you do it properly.
Unfortunately very few operating systems do it properly and if you don't, everything looks like a blurred mess. Historically, Windows didn't. Not sure if that's still the case.
Quite obviously, it increases the security of one's occupation, as Windows will forever have security issues, thus, there will always be a need for a Windows guy to say "hey, our ship is tight." Meanwhile, the true security experts that are in the midst of massive Windows installations does indeed have trouble sleeping at night. Or... at least he should.
Actually, no, it's not obvious.
What exactly does a typical piece of malware need to do that cannot be done as a non-admin?
Run at boot/login? Nope, don't need to be an admin. Run without presenting any obvious UI or other sign you're running to the user? Don't need to be admin. Read the user's files and data? Obviously not, that makes no sense at all. Establish a TCP session with an arbitrary server? No, anyone can do that. Send a copy of itself by email? That's no different to sending any other attachment. Anyone can do that.
No responsible IT professional has looked for a half-decent remote admin tool, seen something calling itself "darkComet RAT" and thought to themselves "Hey, that looks legitimate!". Same's true of BackOrifice, and for the same reason - the very name stinks of blackhat stuff, which is absolutely the last thing any respectable IT professional wants to be associated with.
Really? A remote access tool, once installed, allows...wait for it...remote access!
There is a world of difference between a remote access tool that you have to actively make an effort to install and once it's installed it flashes up a big window on the end-users desktop saying "Your system is being accessed remotely! Allow/Deny? The person accessing wants to view your logs! Allow/Deny? The person accessing wants to view your screen! Allow/Deny?" and a remote access tool that uses known flaws to get installed then sits quietly in the background doing all this but giving no hint at all to the person sitting at the PC.
Never really thought of it like that, always thought of a virus as being something that requires a running program to infect and spread by.
A worm, OTOH, doesn't necessarily attach itself to a running program.
In common parlance today, "virus" has become a bit of an umbrella term for more-or-less any sort of malware. If you want to be strict about it, that's not correct, but let's face it - as far as the general public is concerned, that ship sailed a long time ago.
The rest of the things you cite are polish things, it's a bit like pointing to the warmed seats in a car and saying that you've innovated, after you ripped somebody else off for all the important bits of the car.
That's all I ever hear from the Apple-haters; "Nothing but polish. Simply good marketing, blah, blah,woof, woof." Can't you boys learn a new song? It isn't true, never been true. You're just too jealous to see that.
Even if it was true, it is absolutely absurd to dismiss polish as being worthless.
"Polish" is the difference between Gentoo and Ubuntu. The difference between cheap and expensive USB hubs circa 2003. The difference between Windows Vista and Windows 7. The difference between the first and the current crop of Dell Vostro's. The difference between impressing your date and giving her the impression that you really don't care about your appearance.
It's OK to say "I do not place much value on the polish Apple provide, I shall therefore go for a substantially cheaper Acer laptop". Really, it is. Nobody is going to call you out for doing that - or at least, you can safely ignore anyone who does. But if you're going to say "I do not place much value on the polish Apple provide, neither should you and you're a moron if you do" - well, that's a bit different.
Given that most USB peripherals I've purchased still include a sheet that you can't avoid seeing when you open the package, demanding that you install the driver on the CD before even thinking about plugging in the device into a power supply, let alone a USB port, and said install requires a reboot of Windows, just how bad was the USB support back then?
Windows '95 had a couple of extra releases over the years, but back then you couldn't download an update to retrofit those features free of charge to an existing PC. IIRC you had to buy a new copy and reinstall Windows.
The last release of Windows '95 supported USB. On paper.
However, I don't recall seeing a single USB peripheral which supported Win95. I think even Microsoft recognised that they'd done a half-arsed job of supporting USB in '95, because it was a big selling point of '98.
As a follow up question, are there any devices which work if you select the 'search for driver on the internet' [or something to that effect] option in Windows?
I've had a fair bit of luck doing exactly that with inbuilt devices (like video cards) where I've reinstalled Windows from an Enterprise copy that doesn't have all the necessary drivers. Practically zero luck with peripherals though - I'm not sure I'd even bother when so many peripherals get 70% of their functionality from the software included on the CD rather than just the plain driver.
It remains to be seen if things will change drastically with this government, but if the last government was anything to go by they'll find a way around it in order to use whatever they damn well please - and if that's Office, so be it.
Off the top of my head, I can picture:
"It's only guidance, we're not obliged to follow it."
"We only said the IP must be royalty free. We didn't say there couldn't be other conditions attached." (spoken as Microsoft announce a program which will allow anyone to implement MS-XML royalty free on condition that it's implemented in a closed-source, commercial product with no code inherited from any open source project even if the licensing of the project would otherwise allow it. IOW "By all means write your own office app which reads our file format, but you'll have to start from scratch and you won't be able to gain mindshare by giving it away for free")
"Read the small print carefully. We're allowed to ignore this guidance if there is no viable product which uses open standards. Our conditions for "viable product" include "Offers the best compatibility on the market with our existing couple of million documents in.doc format""
To be fair, while you've been able to resize fonts and icons independently of screen resolution in Windows since.... well, a very long time ago, there's quite a few applications that don't deal very gracefully with it. For that matter, Windows itself didn't deal terribly gracefully until Vista came along - IIRC the icons built into Vista and 7 are stored as vector images.
Of course it's silly. And it was a small company, they wouldn't have been well-served by having their PCs locked down so heavily - and besides they hadn't invested in a domain so I couldn't easily have done so.
The point I'm making is that in a large company you'll come across dozens of edge cases like that. For the most part, you'd probably find that no two cases are exactly the same, but if every one results in a call to the helpdesk (and remember the IT department is frequently judged according to the number of calls that come in - fewer calls firstly mean you must be doing something right, and secondly mean that you don't need such a large department to deal with them) then it's essentially a death by a thousand cuts.
I should add that IMV it is possible to tighten policies too tightly - and it's a bad thing to do because you wind up taking just as many calls but instead they're from angry people demanding an exception to the policy. You need to look at the type of business and design policies accordingly - it may be that you do nothing more complicated than redirecting the "My Documents" folder to a network share so it gets backed up.
Slashdot Mirror
Absolutely.
Far and away the safest option is to take an image of the machine in a known-good state and restore to that. It'll take about 15 minutes. I've tried what the GP suggested, but there's quite a few bits of malware where quite frankly, the time involved to get all its nasty claws out of the system would cost the customer (were you charging them a realistic rate) substantially more than the PC was ever worth.
Of course, it can make restoring the system while not impacting documents or programs installed since that point pretty difficult - but would you necessarily want to keep them as they are without some sort of scan (from a non-infected system) anyway? Chances are the mechanism used to install the various bits of malware is still stood in a "Downloads" folder and it'll be back on the system before you've even had a chance to close the door on your way out.
Where you wind up stuck is when the customer didn't get a system restore CD (and, feeling adventurous one day, looked at Disk Manager and thought "Hang on a minute - I paid for a 320GB disk. How come 20GB of it's not available for me to use? Soon see about that..."). Your options frequently boil down to "charge them for a new copy of Windows" or "pirate a copy". Guess what? If you won't pirate a copy, then as soon as you walk out the door leaving their computer untouched, they'll be on the phone to their nephew who will. But it'll be you has to pick up the pieces again six months later.
Really what's needed is for the System Restore tool in Windows to be put on some serious steroids. I'm thinking along the lines of "take a snapshot at each boot, make it really difficult to disable, keep snapshots until you really need space, allow the option to restore the system to exactly the state it was in at boot rather than "the state with any programs installed since then still available" and a bootable ISO on Microsoft's website which can check that the boot process and crucial system files all have known-good checksums, replacing them where necessary".
Mechanics who deal with people who figured the 'little oil can light' wasn't anything serious and kept driving.
Mechanics generally draw the line at fixing the results of that for free. Yet computer repairers are often expected to do exactly that.
I'm unsure that any one has tapped into the full potential the Kinect. This is probably the first time Ms has been serious about developing a Xbox. As opposed to the original hack job or the farmed out 360. Hopefully their corporate culture won't kill the projects honest effort.
I'm unsure anyone ever will. History is rife with examples of optional extras that console manufacturers released only to find no decent games were ever made for them.
Probably because - well, let's say 10% of the userbase buys the optional controller. (Note I have no idea how realistic that number is - I suspect that if anything, it's hopelessly optimistic).
Okay, so that means a developer who writes a game which requires - or, for that matter, doesn't require but works a hell of a lot better with that optional controller - is eliminating 90% of their potential customer base before they've even written a line of code. And it's remarkably hard to secure funding when you have to tell the person signing the cheques that you're intentionally excluding 90% of your potential target market.
I can think of two possible answers:
1. All the other manufacturers are thinking "Hey, that's really cheap for what it is. There must be room in the market for something more expensive (and hence greater profit margin)."
They're forgetting the fact that Apple are perceived as being a manufacturer of high-end luxury items and they're not, so when they punt a tablet at, say, price of iPad + 30%, it's not perceived by the buying public as a "fancier iPad". It's perceived as "Cheap manufacturer is living in cloud cuckoo land".
2. By the time you account for the processes involved in producing a half-decent tablet in the quantities Apple are producing them, it's really not overpriced. Someone else on this thread has posited that the "$499 iPad costs under $250 to manufacture" - but most consumer products cost well under half their retail price - frequently somewhat less - to manufacture. The techie stuff that we're used to, with razor-thin profit margins is essentially a freak of nature as far as retail is concerned. (This, BTW, is why there aren't many half-decent bricks & mortar retail stores left that specialise in selling computers - and the few that are frequently charge stupid prices. There isn't the margin to pay rent, put up fancy displays and pay staff to sit around waiting for customers to come in).
Retailers don't really want another product with absurdly small margins, which means that any iPad killer either needs to be drastically cheaper to manufacture or it needs to sell through e-tailers who can live with very tight margins. Which suddenly makes life a lot harder because you can't let people try the product in a shop before they buy it - you have to rely on advertising (expensive), reviews (fickle, it's going to be compared to an iPad so if you want to sell it for much more, you can expect the critic to point out that it costs a lot more than an iPad but may not actually be that much better) and word of mouth (which is going to be difficult when the first two things have essentially made the early adopters think twice about adopting).
They do this to eliminate the checks and balances provided by the constitutional court.
That being the case, what exactly is the point in having the constitution in the first place?
Probably because it would commoditise routers.
Go into any retail store and look at the packaging of home routers, there is a product that desperately does not want to be seen as a commodity item.
In fact, they make it pretty darned easy for you to upgrade to a 3rd party firmware. And there are free 3rd party firmwares out there today that provide full IPv6 stacks (along with almost anything else).
Yep. But none of them support PPPoA (and are unlikely to, seeing as PPPoA requires hardware-specific support), which messes up more-or-less anyone on ADSL in the UK.
"Get an ADSL bridge!"
Oh goodie. So my options are either:
IME, you can't add two things that suck together and expect the overall level of suckitude to drop.
So - what, ISPs will write to their customers saying "You'll need to upgrade your router. A firmware upgrade may be available cheaply or even free, check with the manufacturer's website"?
How many routers do you think actually get firmware upgrades in the field? I'd be surprised if it was 10%.
I suspect that all the manufacturers are cutting costs by shaving quality, and until the disappointing reviews hit the web, they can get away with selling crap at high prices.
They haven't yet.
I've seen quite a few reviews from supposedly reputable publications where they openly admit to not doing long-term tests. I suspect quite a few of them, the test consists of "Turn it on and set up. Does it connect to the Internet? Tick, that's a 60% review straight away. Does the wireless work? Tick, 70%. Can I get wireless in another part of the house? Tick. 80%. Do the menus on the UI present a huge number of options, many of which I don't understand? Ah, it has a lot of features then. Tick. 90%."
Perhaps they don't want to upset advertisers.
Seriously, are you trolling?
The latest version of Debian Stable was released about a month ago. It's not great for the desktop, mainly because other distributions (most notably Ubuntu) have overtaken Debian - mainly because they've opted for a pragmatic "hey, it works, who cares about the license as long as it's legal to distribute?" approach.
But put Debian on a server and it absolutely shines.
Stable, reliable, timely security updates which don't tend to break anything, upgrading in place usually works pretty damn well. And while it might sometimes take a while to get the latest versions of a given package, by the time they reach Debian Stable you know they're usually pretty damn solid. Which is what you want on a server.
Purely out of curiosity, why is it always the UK's NHS that's held up in the US as the example of "This is socialised healthcare, it's terrible, we mustn't do it"?
Most of the first world has some sort of socialised healthcare - Canada does, most of Europe, Australia. And they all operate in slightly different ways to the NHS - usually by heavily subsidising healthcare but not making it entirely free. But we don't hear Americans saying "Canada has social healthcare, look how terrible it is!". We don't hear "France has social healthcare, look how terrible it is!" Why not?
Always assuming his NDA had no time limit, of course.
It's well over six years since he'd have signed it.
I think it makes more sense not to think of the iPad as a computer, but rather as special purpose device intended for browsing the web and running a limited selection of applications.
It may be that you want something more flexible. That would be a netbook.
Maybe I've misunderstood you, but anti-aliasing doesn't make everything look crap. Not if you do it properly.
Unfortunately very few operating systems do it properly and if you don't, everything looks like a blurred mess. Historically, Windows didn't. Not sure if that's still the case.
RISC OS did a reasonable job, as does OS X.
How is that more secure?
Quite obviously, it increases the security of one's occupation, as Windows will forever have security issues, thus, there will always be a need for a Windows guy to say "hey, our ship is tight." Meanwhile, the true security experts that are in the midst of massive Windows installations does indeed have trouble sleeping at night. Or... at least he should.
Actually, no, it's not obvious.
What exactly does a typical piece of malware need to do that cannot be done as a non-admin?
Run at boot/login? Nope, don't need to be an admin.
Run without presenting any obvious UI or other sign you're running to the user? Don't need to be admin.
Read the user's files and data? Obviously not, that makes no sense at all.
Establish a TCP session with an arbitrary server? No, anyone can do that.
Send a copy of itself by email? That's no different to sending any other attachment. Anyone can do that.
FWIW, I agree with the GP.
No responsible IT professional has looked for a half-decent remote admin tool, seen something calling itself "darkComet RAT" and thought to themselves "Hey, that looks legitimate!". Same's true of BackOrifice, and for the same reason - the very name stinks of blackhat stuff, which is absolutely the last thing any respectable IT professional wants to be associated with.
Really? A remote access tool, once installed, allows...wait for it...remote access!
There is a world of difference between a remote access tool that you have to actively make an effort to install and once it's installed it flashes up a big window on the end-users desktop saying "Your system is being accessed remotely! Allow/Deny? The person accessing wants to view your logs! Allow/Deny? The person accessing wants to view your screen! Allow/Deny?" and a remote access tool that uses known flaws to get installed then sits quietly in the background doing all this but giving no hint at all to the person sitting at the PC.
Nobody looking for a genuine remote admin tool picks up something with a name like "darkComet-RAT" and thinks "Hey, this looks legitimate!".
Now, if you were to tell me that darkComet-RAT was a fork of some other remote-admin tool in common use - THAT I could believe.
Never really thought of it like that, always thought of a virus as being something that requires a running program to infect and spread by.
A worm, OTOH, doesn't necessarily attach itself to a running program.
In common parlance today, "virus" has become a bit of an umbrella term for more-or-less any sort of malware. If you want to be strict about it, that's not correct, but let's face it - as far as the general public is concerned, that ship sailed a long time ago.
There are very few true viruses in the wild at all these days. The great majority are actually trojans or worms.
The rest of the things you cite are polish things, it's a bit like pointing to the warmed seats in a car and saying that you've innovated, after you ripped somebody else off for all the important bits of the car.
That's all I ever hear from the Apple-haters; "Nothing but polish. Simply good marketing, blah, blah,woof, woof." Can't you boys learn a new song? It isn't true, never been true. You're just too jealous to see that.
Even if it was true, it is absolutely absurd to dismiss polish as being worthless.
"Polish" is the difference between Gentoo and Ubuntu. The difference between cheap and expensive USB hubs circa 2003. The difference between Windows Vista and Windows 7. The difference between the first and the current crop of Dell Vostro's. The difference between impressing your date and giving her the impression that you really don't care about your appearance.
It's OK to say "I do not place much value on the polish Apple provide, I shall therefore go for a substantially cheaper Acer laptop". Really, it is. Nobody is going to call you out for doing that - or at least, you can safely ignore anyone who does. But if you're going to say "I do not place much value on the polish Apple provide, neither should you and you're a moron if you do" - well, that's a bit different.
Given that most USB peripherals I've purchased still include a sheet that you can't avoid seeing when you open the package, demanding that you install the driver on the CD before even thinking about plugging in the device into a power supply, let alone a USB port, and said install requires a reboot of Windows, just how bad was the USB support back then?
Windows '95 had a couple of extra releases over the years, but back then you couldn't download an update to retrofit those features free of charge to an existing PC. IIRC you had to buy a new copy and reinstall Windows.
The last release of Windows '95 supported USB. On paper.
However, I don't recall seeing a single USB peripheral which supported Win95. I think even Microsoft recognised that they'd done a half-arsed job of supporting USB in '95, because it was a big selling point of '98.
As a follow up question, are there any devices which work if you select the 'search for driver on the internet' [or something to that effect] option in Windows?
I've had a fair bit of luck doing exactly that with inbuilt devices (like video cards) where I've reinstalled Windows from an Enterprise copy that doesn't have all the necessary drivers. Practically zero luck with peripherals though - I'm not sure I'd even bother when so many peripherals get 70% of their functionality from the software included on the CD rather than just the plain driver.
It remains to be seen if things will change drastically with this government, but if the last government was anything to go by they'll find a way around it in order to use whatever they damn well please - and if that's Office, so be it.
Off the top of my head, I can picture:
To be fair, while you've been able to resize fonts and icons independently of screen resolution in Windows since.... well, a very long time ago, there's quite a few applications that don't deal very gracefully with it. For that matter, Windows itself didn't deal terribly gracefully until Vista came along - IIRC the icons built into Vista and 7 are stored as vector images.
Of course it's silly. And it was a small company, they wouldn't have been well-served by having their PCs locked down so heavily - and besides they hadn't invested in a domain so I couldn't easily have done so.
The point I'm making is that in a large company you'll come across dozens of edge cases like that. For the most part, you'd probably find that no two cases are exactly the same, but if every one results in a call to the helpdesk (and remember the IT department is frequently judged according to the number of calls that come in - fewer calls firstly mean you must be doing something right, and secondly mean that you don't need such a large department to deal with them) then it's essentially a death by a thousand cuts.
I should add that IMV it is possible to tighten policies too tightly - and it's a bad thing to do because you wind up taking just as many calls but instead they're from angry people demanding an exception to the policy. You need to look at the type of business and design policies accordingly - it may be that you do nothing more complicated than redirecting the "My Documents" folder to a network share so it gets backed up.