[samirageb]

CS/CE offer no discernable value to the IT scene, unfortunately. Define 'take care'. Not install spyware knowingly? Ok great. How about making sure that software you install don't conflict with regular updates that are made to all systems every month? Or what about making sure that you're not introducing problems in the areas of authentication or monitoring, by changing specific settings or services that are running for a purpose. Unless you have ever worked in IT, you likely have very little knowledge on the havoc you could cause for seemingly simple changes.

As for JRE vs. VLC, how do you JRE's status isn't simply a false negative? How many applications in your organization actually utilize the JRE? Is it a non-issue? Are you aware if there are any measures already taken to mitigate known JRE exploits? There is quite a large difference between exploits that exist in an environment vs. those that exist in an application that you actively execute.

Granted I'm not defending the specifics, I personally think VLC is likely fine. But that doesn't change the points made above. In IT, it's always better to go with the devil you know, than the devil you don't.

[petervandijck]

"Better to go with the devil you know, than the devil you don't." The devil you know. Better for you. Meanwhile I get sabotaged from doing my job well. And my job impacts the bottom line more than yours.

[samirageb]

"My job impacts the bottom line more than yours."

That couldn't be further from the truth. If I make mistakes, websites, phone systems, <insert service name here> become inaccessible for an unknown duration. That's best case. Worst case, data loss. Depending on the nature of the outage, it could ruin the company.

Try selling to a potential customer when their email domain continues to get bounced, or their voice mails never reach you and you'll find out very quickly who has a greater impact on the organization.