Yes, I make a living from installing inadequate, doomed-to-fail-several-times-a-year, expensive computer defense solutions and fighting the computer bad guys, but I'd love not to have to do it. Really. How wonderful would our lives be if we actually spent more time helping end-users be more productive? Instead of showing an end-user how to be more innovative with their computer, I'm troubleshooting to find why it's so slow, removing adware and spyware, reinstalling, and fighting rootkits.

Denying all unauthorized software by default leads to more innovation, lower costs, and fewer complaints. The people rallying against this recommendation haven't tried it.

But if you simply can't justify denying all unauthorized software by default, consider making two classes of end-users. The users who "get" computer security -- and don't install stupid things -- can have free rein. But the 98 percent of your users who've just gotta install that free screensaver or free game should be locked down.

If you still disagree with me, tune in next week and I'll show you where you fit into the Grimes Hierarchy of Computer Security model.