So your users cannot… will not… be trained.

What’s worse, there’s no reliable way to keep all those desk/laptops 100% up-to-date and secure. Not to worry. You can still do a lot to keep them from hurting themselves and your organization.

Set your firewall to allow outgoing SMTP only from outbound mail servers. Worms like Bagle propagate by installing an SMTP server on the victim, stealing the address book, then mailing themselves out. Disallowing client-based SMTP breaks the chain.

Set your content filter to defang dangerous code hidden in email messages. Clients like Outlook automatically execute embedded script, like Javascript and VBScript, as well as HTML. Break the code, and you destroy its ability to attack its victim.

Set your content filter to strip or disable executable attachments. Most of the big payloads arrive via attachment. Strip the worst, like EXEs and PIFs, then rename the rest so users have to save to disk and rename before viewing. (Lets the brain kick in.)

Of course, it goes without saying that your email content filter at the network border should interdict known… as well as yet-to-be-discovered… viruses.

Will this protect you from every virus? Nope. But it’ll stop a huge chunk of the worst. And one infected machine won’t necessarily lead to a network-full.

All things considered, it’s worth the effort.