The “Money Section” in USA Today recently had a cover story about the
exploding negative influence (attacks, whatever) of Botnet scams and related
evil-doings. The thrust in part seems to be that our current malware and virus
protections may be woefully inadequate. Do you have an opinion about this
expanding threat that you’d like to share with your faithful readers? How might
we give ourselves greater protection from what is clearly an insidious attack
by those who wish to use the Internet for their own gains – illicit in the
The article in question, “Botnet scams are exploding” gives a fairly broad overview of
how botnets operate, and the massive amounts of illicit activities that occur
because of them.
My opinion? Simple:
Computer users don’t take security seriously enough.
Become a Patron of Ask Leo! and go ad-free!
Please understand that I’m not trying to blame computer users. Far
from it, botnet operators and the people that profit from them are the real
But the fact of the matter is that computer users are, in general, too
unaware, too lax, and too unwilling to be educated about or inconvenienced by
I totally understand that in an ideal world, they shouldn’t have to
be. But the fact is this is not an ideal world. The pragmatic reality is
that users must become more security conscious.
… that the number of machines that are unprotected by any kind of firewall
is surprisingly large.
… that the number of machines unprotected by any kind of anti-virus and
anti-spyware software would also surprise you.
… that the number of people who have anti-virus and anti-virus software
installed whose databases have never been updated would shock you.
… that the number of machines that have not once taken any update
to Windows or Windows components is huge.
… that the number of people who’ll click on links or open attachments from
unknown sources is also depressingly large.
maintenance, would never be broken into, and would always work flawlessly. That
car doesn’t exist. … The same is true with your computer.”
All those factors, together, make for what can only be described as a
“target rich environment” for malware and botnet operators out there. It’s
really no wonder that the problem is as bad as it is.
I also believe that the people who need to know about all this are the folks
least likely to be reading this article. They have no interest in learning
about this stuff – which, as I said, I totally understand. They just want to
get their job done; they just want to use, not maintain, their
But there’s simply no substitute for knowing enough to keep your computer
safe. In my opinion, it’s an absolute requirement to using a computer these
days. It’s “part of the job”.
I look at it like owning an automobile. I would love to have a car
that never, ever needed maintenance, would never be broken into, and would
always work flawlessly. That car doesn’t exist. You must maintain your car, or
it will break down. You must lock your car when you visit an unknown neighborhood,
or you run the risk of vandalism or theft. Sometimes things on your car break,
and you have to get them fixed.
The same is true with your computer. You must take steps to keep it
And too many people do not.
As a result, we have massive botnets, tons of spam, and constant virus and
So what, pragmatically, can be done?
I know a lot of people lay the blame on Microsoft for writing sloppy
software. I do and I don’t. They’re a big and easy target, both for nay-sayers
and for malware authors, but to point the finger at only Microsoft is both
naive and unrealistic. Could they do better? Should they do better? Of course.
But expecting perfection, from any software, expecting Microsoft to “just fix
it” … well, that’s not a very realistic solution to the problem we’re facing
In my opinion the real, pragmatic response is to keep educating computer
users on what it means to operate their computers securely. As computer users
we are the first line of defense. We’re also the ones that ultimately pay the
price when things go wrong, so it’s in our own best interest to make sure we’re
being as secure and safe as we possibly can be.
If everyone followed all of the commonly accepted practices for computer
get behind a firewall
run anti-virus software and keep it up to date
run anti-spyware software and keep it up to date
keep their computer software, particularly their operating system, as up to
date as possible
take responsibility for their own actions and get educated, learning to
recognize what is and is not “safe”
botnets and other threats would not disappear. But they would be dealt a
serious blow, and the problem would not be nearly as massive as it appears to
And even though it seems daunting, it doesn’t have to be. Most everything in
that list is one-time, and/or automatic. And I can tell you with certainty that
The hardest part? Getting folks to accept the need for a little