KoshClassic asks: "What is the right balance between security and productivity, in the corporate IT environment? Looking back at my company, 10 years ago, our machines were connected directly to the Internet, no proxy, no firewall, no antivirus software. Today, my company's proxy server blocks access to: 'bad' web sites (such as Google Groups; our 'antivirus' software prevents our machines (even machines that host production applications) from carrying out legitimate functions, such as the sending of email via SMTP; and individual employees are forced to apply security patches with little or no notice, under threat of their machines loosing network access, if they do not comply by the deadline. On one hand, you can never be too secure, however on the other hand, have we become so secure that we're stifling our own ability to get things done? What is the situation like at other companies?"