You might but I never get tired of this rant…
In a slightly sensational article, Ryan Naraine tackles the issue of botnets with regards to the what, how, and why and while he takes the approach that ISPs need to tackle the issue head on the real reason botnets are an issue is tucked away in his closing paragraphs.
…the large percentage of computer users running Windows versions without up-to-date patches, creates an environment that’s ripe for abuse.
B-I-N-G-O, Ryan. That is the problem, not the ISPs and not the security firms. The fact that the most popular OS is easy to exploit finds itself coupled with the average user who knows little to nothing about basic security practices is a recipe for disaster. the onus falls on the shoulders of Microsoft for these problems, for allowing its OSes to run as root, and worse for allowing its partners to write software that requires the user to run as root is a grievous transgression.
In all honesty, I cannot fully expect that my mother-in-law with limited computing experience can fully understand more than the basic computer safety practices, it is akin to expecting me to understand all of the physics and engineering involved in flying every time I travel. As I rely on the pilots and mechanics to ensure my safety as much as she relies on her software providers to ensure that she sold a safe product. She has enough presence of mind not to click on “security alert” pop ups and she knows the importance of staying patched and keeping anti-virus up-to-date, all of which goes a long way in securing the PC, but she does not how to troubleshoot spyware and malware issues and any amount of time spent online running as root will ensure that you will encounter infections of some sort. If you think otherwise you are either a liar or deluded.
So what is the average user to do? Not much until the market shifts towards OSes built with security first and ease of use second or until the government steps in and requires that Microsoft adhere to good security practices much like they require other manufactures not to sell a dangerous product. Like cars, imagine if they had recalls on OSes? Class action suits? However, it is unlikely as there is no real tangible cost to the user beyond frustration with a sluggish computer but that irritation bleeds away as they grow used to it. “This is just how my computer runs,” is the oft heard excuse and the average user does not know any better. No matter how you might explain to them why they should choose a different OS purchases are made with dollars in mind and with what they are most familiar with so the weakest OS will win for today and I’m going to continue advocating that people use a different system each and everytime they ask me.
