Yes, There Ought To Be a Law (or "Why We Should Sue Clueless Endusers for Sending Spam")
- Why Do End Users Persist in Bad Practices?
- If Technology Alone Doesn't Work, What's the Answer?
- Best Practices for End Users
- Key Points To Remember
We all know that one of the primary reasons for the deluge of spam and malware constantly clogging our inboxes is the clueless "lus3rs" (losers) who always click file attachments even in obvious spam, and who don't bother with anti-virals, firewalls, or spybot removers. Here are some other, less obvious reasons:
Ridiculously vulnerable operating systems and applications
Unsecured additions like Active X or Windows Scripting Host
Malware creators are the least important problem. Without bad programming and bad user practices, malware would be a curiosity, not a threat. The main problem is the broadband home/business user on the Net 24/7 with no security. Not that dial-up users can't be taken over, but a broadband-connected computer can spread a whole lot more spam/malware than a dial-up system can.
Technological solutions have been suggested and tried, but no end-user technological solutions can work if the end users who are making problems for us fail to download/run/activate those solutions. For example, vendors have put out many patches for applications and operating systems to eliminate vulnerabilities. Why are there still unpatched systems? The patches required to bring a base install of an OS up to date with respect to security can run more than 100MB, making them effectively inaccessible to dial-up users.
Patches frequently have problems of their own, affecting both OS and applications. For instance, this Woody's Watch article describes serious troubles with Office XP SP3.
Why Do End Users Persist in Bad Practices?
It's not just that they don't know any betterthey don't want to know any better. They have no reason to pay attention to warnings; they believe they're better off not knowing because knowing might make them responsible.
These users don't care enough to read tech sites or even articles about securing their computers in general-interest publications. They don't want to know that they're Internet polluters. They expect somebody else to handle any problems their computers cause to the rest of us. They just want to web surf and email and not be bothered. I sympathize, but it's not that easy right now. A Windows computer left to itself on the Internet will be taken over by bots spreading malware and spam.
A user unwilling to protect the rest of us from the public nuisance his machine can become should either unplug it, or confine his Net use to public Internet terminals secured by somebody else. If users won't inconvenience themselves voluntarily to protect the rest of us, they must be compelled to do so.