Alas, those days are gone, and end-to-end security now requires complete control over everything, from the keyboard to the hard drives spinning in the data center. We can no longer depend on the kindness of strangers on the Internet. We can't even trust our friends and co-workers to keep us safe from technological malfeasance.

At Boston's Beth Israel Deaconess Medical Center and Harvard Medical School, over half our help desk calls are related to spyware, Trojan horses and keystroke loggers planted on desktops from infected Web sites. Wireless access points need to be secured with usernames and passwords for both employees and guests to prevent virus-infected laptops from launching denial-of-service attacks. Visiting faculty members who plug their laptops into the wired network could introduce maladies to other users. Employees who use home computers (beyond the control of our antivirus program) to access Web-based resources risk having their credentials intercepted by spyware.

In a hostile environment where 2 million spam messages are filtered every day and hackers attack every seven seconds, what are we to do?

We could thwart keystroke loggers by using hardware tokens with constantly changing PINs.

We could use 802.1x technologies to require credentials for every device, preventing unsanctioned network access by visiting faculty.