Forgot your password?
typodupeerror
Government Security United States

Let Big Brother Hawk Anti-Virus Software 405

Posted by Soulskill
from the universal-cyber-health-care dept.
Frequent Slashdot contributor Bennett Haselton writes with his idea for mass adoption of anti-virus software: "If the US government did more to encourage people to keep their computers secure — by buying TV ads to publicize free private-sector anti-virus programs, or subsidizing the purchase of anti-virus software — we'd all be better off, on average. That's not just idealistic nanny-statism, but something you can argue mathematically, to the point where even some libertarians would agree." Read on for the rest of Bennett's thoughts.

This requires a discussion of "positive externalities," which may seem pedantic to you if you remember the concept from econ class, in which case you can skim the next five paragraphs. When you buy anti-virus software, some of the benefits accrue to you — less risk of your data being lost to a virus, or of annoying spyware infecting your computer with pop-up ads — but some of the benefits also accrue to other people. Prior to anti-virus software being installed on your computer, your machine might have been infected and taken over by criminals who used it to send spam. Or it might have helped to propagate the virus to other people. (Note: I am using "virus" to incorporate related things like "worms" and not worrying about the distinction.) Or you might have thought there was a problem with your computer, not realizing the problem was caused by a virus, and wasted time calling the tech support line for your computer manufacturer or for some other product on your computer. (If the company charges for tech support, then you're paying the cost of your call rather than passing those costs on to others, but if the call is free, then the costs have to be passed on to the company and hence indirectly to their other customers.) When you install anti-virus software, the chances of all these things happening are reduced, and those are the benefits that accrue to others — positive externalities, in economics jargon.

The key assumption is that you can put a price on all of the positive externalities generated by a given person installing the anti-virus software. It's different for every person, but it always adds up to some value, something that is not microscopic, but also not fantastically larger than the purchase price of the anti-virus program. It's on the order of adding 1/100,000th of a penny's worth of value to the lives of 100 million other people, for a total positive externality of $10.

To see that this is a reasonable assumption, suppose that if I had a choice between living in a world where all 100 million other Internet users in the US had no anti-virus software installed (using round numbers to make things simpler), and living in a world where all of the other users in the US had anti-virus software installed, I would pay $10 more per year to live in the latter, counting only the benefits to me and not factoring in any altruistic desire to help protect fellow citizens. (I personally would pay a lot more than $10 because I use the Internet so much, but the average might be closer to $10. Also, what I'd really like is for more people in certain other countries to install anti-virus software — China comes to mind — but I'm leaving them out of this discussion because it would be harder for the US government to encourage that.) When everyone else in the US is using anti-virus software, the benefits are returned to me in various ways, such as it being easier for me to send and receive e-mail because there aren't so many botnet-infected machines sending spam. (This is independent of my decision as to whether to buy anti-virus software for myself or not.)

Now, once I've decided I'd pay $10 more to have all my fellow Americans install anti-virus software, I could draw a graph (while my friends are out snowboarding with their girlfriends) with "how many other US users have hypothetically installed anti-virus software" on the x-axis, and "how much would I pay to live in that world" on the y-axis. At the point on the graph where no other people have anti-virus software, I'm willing to pay $0 to live in that world. (Well, of course I'd pay a lot more than $0 to be alive in any world, but I'm comparing other worlds to that one, so I'm just using $0 as my baseline.) At the point on the x-axis where all 100 million other users have installed anti-virus software, I'm willing to pay $10 to live in that world instead. What does the graph look like in between those points? Well, I can assume it's upward-sloping — the more other people install anti-virus software, the better it is for me. I could also adopt the simplifying assumption that it's a straight line — so I would pay $3 to live in a world where 30 million other people have anti-virus software installed, $6 to live in a world where 60 million other people have it installed, etc. It's not really a straight line, because when the first 50 million Americans install anti-virus software, that still leaves 50 million others to get infected and do damage, but when the next 50 million install it, that has eliminated all the unguarded computers in the US, and made it a lot harder for viruses to spread, at least within our borders. In other words, the line representing the quality of life to me as a function of how many other people installed anti-virus software, would rise more slowly in the range 0-50 million than it would rise in the range 50-100 million. But as long as the curve doesn't make any sudden jumps — for example, I know that the 30-millionth person installing anti-virus software isn't suddenly going to make my quality of life go up by $1 — I know the curve generally has to rise smoothly. So for a really rough approximation I'll treat it as a straight line.

If the graph is a straight line with the value $0 when nobody else installs anti-virus software, and $10 when everybody else installs anti-virus software, then each additional user installing anti-virus software creates an additional benefit to me of 1/100,000th of a penny (so 1/100,000th of a penny, times 100 million, comes out to $10).

You may think it's ridiculous or meaningless to say that someone else installing anti-virus software can benefit me to the tune of 1/100,000th of a penny. I myself can't wrap my head around it. But I can use the necessary properties of the graph — that it starts at $0, ends at $10, must curve upward, and doesn't make any sudden jumps — to reason that it should be approximately true.

And then, if each other US Internet user derives an average of 1/100,000th of a penny's worth of benefit when you install anti-virus software, then the total benefit that you confer on other people by installing the software, comes out to 1/100,000th of a penny times 100 million, or $10. And that's not even counting all the spillover benefits to users in other countries each time an American installs anti-virus software, something that we could consider a kind of off-the-books foreign aid. (Even if we would really like for it to be reciprocated by all users in countries like China installing anti-virus software as well.)

This is actually not hard to reconcile with people's attitudes toward installing anti-virus software. It's recommended as something you should do not only for your own protection, but also as something you should do to be a "good Netizen" so as not to impose inconveniences on other people. If your installing anti-virus software only conferred about 1 penny's worth of total benefit on the rest of the world, nobody would bother exhorting you to do it as a kind of civic duty. On the other hand, if your installing anti-virus software conferred thousands of dollars' worth of good on the world (or, equivalently, not installing anti-virus software exposed the rest of the world to thousands of dollars' worth of risk or damage), then people would not only be exhorted to install it, it would probably be required by law, like functioning car brakes. The kind of pressure that we see today to install anti-virus software — gentle prodding but not outright compulsion — feels commensurate with a value between $1 and $100 of the benefits that a person confers on the rest of the world by installing it.

But this logic also means is that we are missing an opportunity to make everybody better off on average, by actually subsidizing the purchase of anti-virus software for some people who otherwise would not have bought it. Suppose each user confers $10 worth of positive externalities on other American Internet users when they install anti-virus software. Now first consider the case of an a program like Norton Anti-Virus which costs $40.

For anybody who personally values their own anti-virus protection at $40 or more, great — they'll buy the software, they get the value they want from it, and everybody else gets the positive externalities of that person's virus protection, for free. But consider the people who value the anti-virus software at somewhere between $35 and $40. With no government rebate, they won't buy the software.

But now suppose the government offers a $5 rebate (funded by a tax on all 100 million Internet users) to anyone who buys anti-virus software. Everybody who would have bought the software before, will obviously still buy it now that the government rebate has effectively lowered the price to $35, and now, all the people who value the software between $35 and $40 will buy it as well. For each person who purchases the software at the new price of $35, the following is true:

  • The person who bought the anti-virus software is better off — they valued the software at at least $35, and they got it for $35. (Otherwise, they wouldn't have bought it.)
  • The taxpayers who subsidized the purchase are better off. Each rebate cost the taxpayer one-hundred-millionth of $5. But when that user installed the anti-virus software, they conferred $10 worth of total benefit on all other Internet users in the US, so that benefits each Internet-using taxpayer one-hundred-millionth of $10. So they're ahead.

If this seems fanciful, we're still in the domain of standard economics textbook stuff. When positive externalities are involved, the free market by itself will usually not reach the optimal outcome; by adding in some government subsidies, you can achieve an outcome that leaves everyone better off than they were before (even after subtracting the cost of the taxes to fund the subsidies). Call them "subsidies even a libertarian could love." Steven Landsburg's books The Armchair Economist and More Sex Is Safer Sex, and Tim Harford's books The Undercover Economist and The Logic Of Life, explain the logic of externalities probably better than I can, and give other interesting examples. When I say "subsidies even a libertarian could love," consider that Landsburg once wrote that George W. Bush's tax plan was unfairly burdensome to the rich, because "it seems patently unfair to ask anyone to pay over 30 times as much as his neighbors." That's pretty, uh, libertarian. But even Landsburg has argued, in More Sex Is Safer Sex, that LoJack anti-car-theft devices should be heavily subsidized by the government, because they create positive externalities — when more people buy LoJacks, thieves are deterred from stealing everyone's cars, because there's no way to tell whether a particular car has a LoJack installed or not. To the extent that anti-virus software creates positive externalities, it should be subsidized as well.

A modified version of this logic applies even to free anti-virus programs like AVG Anti-Virus. AVG is only "free" if you don't count the costs of finding out about it in the first place, then downloading it, installing it, and leaving it running. All of these add up to costs that, for whatever reason, have led to many people choosing to run nothing at all, rather than to run AVG even though it's free. If the government ran a campaign announcing the rebates for purchasers of anti-virus software, they could also use the campaign to recommend certain free programs -- thus effectively offsetting the "costs" by providing a "subsidy" for those programs in the form of free advertising.

When I ran this past some people for comment, two respondents, Steven Landsburg and Esther Dyson, independently recommended versions of a popular alternative idea, which was to penalize people directly for spreading computer virus infections. Landsburg commented:

I certainly think there are huge externalities here, and they derive from the fact that idiots who don't know what they're doing insist on administering their own mail clients. I don't have a mail client on my machine precisely because I am one of those idiots and I don't want to be responsible for a virus grabbing my address book and running with it.

So I have long thought that mail clients should be taxed and/or (if it were technologically feasible) that individual users should be fined heavily if viruses spread from their machines (or send spam from their machines).

Esther Dyson suggested something similar:

One method to consider is — rather than subsidy — requiring the ISPs to post a bond for their customers and assume responsibility for their actions. They can ask their customers in turn either to buy an antivirus package, to sell one that the ISP will offer for free, or to post a bond guaranteeing that they know what they're doing and will do no harm. The ISP is then liable for the misbehavior of its customers and may forfeit the bond if some specified level of disruption is caused by its customers.

In theory, this works better than my idea because it precisely targets the undesirable behavior: We don't really want to penalize people for not running anti-virus software, we want to penalize people for not running anti-virus software and imposing costs on others as a result. It's not possible for 100 million people to charge one person 1/100,000th of a penny each for the inconvenience and risk that person creates by not installing anti-virus software, but it might be possible for one recipient of the virus to seek to punish the person who gave it to them.

However, I think this scheme would have more practical problems:

  1. You can only penalize the virus spreader if you know exactly who was responsible for passing it on to you. This works for old-school viruses that spread as e-mail attachments, but not for worms like Code Red that probe the network looking for other machines to infect — if you're infected as a result of a remote IP address probing your machine, it's unlikely that you would ever find out exactly when or how it happened, much less the owner of the IP address that infected you.
  2. If you found out that a friend spread a computer virus to your machine, you'd probably be under a lot of pressure from your friend not to turn them in.
  3. For people who did get taken to court for spreading viruses, there would be overhead costs associated with processing the case, over and above the actual fine that may be levied against the individual. (If the penalty happens outside the court system — for example by ISPs keeping the bond posted to them by a customer — at least some of those customers will probably feel wronged and sue the ISP, generating court costs either way.)
  4. If someone accidentally spread a virus to a large number of other machines, that could make their total liability far greater than what they could actually pay.

The idea of fining or otherwise punishing people for accidentally spreading viruses is something I've thought about too, but usually in a moment of venting. As Steven Landsburg dryly says, "Your solution (subsidized antivirus software) might be more effective, but mine would be more satisfying (to me)." I think the option of punishing people for propagating viruses is something that should be explored in more detail, but I can't offhand think of any solutions that would avoid the problems listed above. The fact is that anybody with an Internet connection has the potential to do enormous damage if their machine gets infected, and in most cases it would be too hard to track the harm back too them, and too harsh to make them pay the real cost of the damage.

On the other hand, the option of a government publicity campaign to get people to install anti-virus software — at least the free ones, which should be a no-brainer — is something that seems like it should start bringing benefits right away. Government advertisements for free programs would require the least amount of paperwork to set up, because all the government would have to do would be to produce the TV ads and buy the airtime. (Other proposals, such as subsidies for non-free anti-virus software, or paying people outright to install anti-virus software, would require more overhead to implement. That doesn't mean they shouldn't be tried, but go for the low-hanging fruit first.) Now, what the ads should look like would be a question for advertising experts, but I would really hammer home the point: "Go to this government website and we have a list of recommended FREE anti-virus programs. These are not 'free trials' for something you have to pay for later. They are FREE. If you're not using anything at all, at least go get one of these." Along a list of the non-free programs for people who want even more protection, and links to third-party reviews of those.

More generally, I think that government-funded action to encourage better computer security is something that has not been given enough consideration. I think this is partly due to hostility to anything that smacks of government intervention (because of, among other things, numerous times the US government has attempted to censor the Internet), and partly because of an assumption that the free market will provide the best solution by itself. But if the government is actually on the right side of an issue — the side of promoting better computer security — then there's no reason to be petty and foul up their campaign just because we're still resentful that they once tried to make the Internet into a no-cussing zone. Hey, if the government thugs start to care more about computer viruses than about Internet porn, then they're learning! Give them a pat on the head and help them get the word out! And meanwhile, economic theory predicts that because of the externalities problem, the free market by itself won't lead to the optimal number of people using anti-virus software or keeping their computers secure. That's precisely the situation where a government-funded push toward more computer security can bring everyone more benefits than it costs. If you wear a Ron Paul t-shirt, but you found out about free anti-virus software software from a state-sponsored TV ad, nobody has to know.

This discussion has been archived. No new comments can be posted.

Let Big Brother Hawk Anti-Virus Software

Comments Filter:
  • by godrik (1287354) on Wednesday May 06, 2009 @10:25AM (#27845351)
    that is securing operating systems and educating users so that they don't install viruses ? This can also be push forward with tax dollars and would be more useful IMHO.
    • by Benanov (583592) <{gro.fsf.rebmem} {ta} {pmek.nairb}> on Wednesday May 06, 2009 @10:30AM (#27845417) Journal

      Going to have to agree with that.

      All this talk about positive externalities and encouraging large numbers of people to do something might be better served by the government requiring higher minimum security standards for operating systems and charge pigouvian taxes to software makers who don't meet those standards.

      Sadly this only works in the ideal world.

      Lobbyists would destroy it (to the point where Windows 95 would pass) and the only people who would be hurt would be Free Software authors and SMBs who don't have enough representation.

      FWIW most ISPs offer "free" anti-virus; most of the time it's McAffee or Norton. That and really virus scanners are a bandaid to poor security.

      They're effectively a blacklist (with some mostly ineffective greylist heuristics), and blacklists aren't really useful against continual new threats.

      • Re: (Score:3, Insightful)

        by postbigbang (761081)

        Although draconian, I say partition machines that are parts of botnets, those that distribute undeniable spam, and those that perform port probes. Yes, I know that spoofing makes that tougher, but it's a start so as to jolt people into taking responsibilities for their ownership in their own systems.

        Route around the bastards, I say.

        • by cayenne8 (626475) on Wednesday May 06, 2009 @10:39AM (#27845573) Homepage Journal
          Just one problem with all these suggestions.

          This is not something the Federal Govt. is mandated to do?!?!

          Where in the constitution would be the mandate for the feds to promote something like this? I know people try to squeeze everyting into the 'general welfare' statement, but, c'mon, this is a 'reach' even for something like that.

          • by Rogerborg (306625) on Wednesday May 06, 2009 @10:46AM (#27845679) Homepage
            Commerce Clause [wikipedia.org]. Thanks for making the argument that more education is needed.
            • Re: (Score:3, Insightful)

              by cayenne8 (626475)
              "Commerce Clause [wikipedia.org]. Thanks for making the argument that more education is needed."

              Damn, isn't it about time SOMEONE challenged the broad scope that has been given to the commerce clause. It has allowed the Feds to go WAY outside of what they're supposed to be doing!!

              No, I wouldn't personally consider the commerce clause to be applicable to mandating anti-virus software for citizens. Then again, I'd not have thought that a farmer raising his own wheat for his own consumption, would somehow a

              • by DavidShor (928926) <{supergeek717} {at} {gmail.com}> on Wednesday May 06, 2009 @04:45PM (#27851013) Homepage
                Sorry, I don't see why what the founding fathers thought the fed's "should" be doing 300 years ago should outrank what the majority of citizens TODAY want the federal government to do.

                I understand the argument of constitutionalism for certain things, like freedom of speech or protection of minorities, on the argument that the majority might get temporarily inflamed and do something terrible.

                But persistent majorities for the last century have voted on a large and expansive government. It seems wrong to advocate their disenfranchisement.

                • Re: (Score:3, Insightful)

                  by cayenne8 (626475)
                  "But persistent majorities for the last century have voted on a large and expansive government. "

                  Well, I'd say some politicians have been voting for it...gives them more power and more jobs, but, really, I don't think the majority of American citizens have been voting for it. The politicians just don't represent what the people want for the past decades IMHO. They're owned by the corporations and special interests, but, the will of the people I believe, has long been derided and ignored. Hell, most of the

          • by tepples (727027) <{tepples} {at} {gmail.com}> on Wednesday May 06, 2009 @10:47AM (#27845709) Homepage Journal

            Where in the constitution would be the mandate for the feds to promote something like this? I know people try to squeeze everyting into the 'general welfare' statement

            From the Constitution:

            The Congress shall have power to lay and collect taxes, duties, imposts and excises, to pay the debts and provide for the common defense and general welfare of the United States

            Other countries have used military botnets. Therefore, a campaign against botnets might even count as "defense", in addition to the "welfare" and "commerce" arguments that others have made.

          • by fuzzyfuzzyfungus (1223518) on Wednesday May 06, 2009 @10:50AM (#27845753) Journal
            If I were pushing this plan, I wouldn't try "general welfare", I'd go for "security".

            Just loop "blah, blah cyber-terror yada blorg emerging network-centric threatspace blah, yadda, rogue state espionage etc. soforth pedophile super hackers drone bloviate organized crime identity theft" until everybody's eyes glaze over. At that point, anybody who opposes the measure is a shifty-eyed pedo-terrorist who wants the chinese to hack the pentagon. Problem solved.

            I'm not sold on the idea; but it would be an easy sell.
          • Re: (Score:3, Funny)

            by earlymon (1116185)

            Not only is the government not mandated to do it, but there are some most excellent laws that prevent the government from competing with private industry. Not only does this lead to gov't subcontractors but actually requires it some places.

            Otherwise, I'd guarantee that the DOE and Air Force would have come out with their own PC operating system already.

      • by tepples (727027) <{tepples} {at} {gmail.com}> on Wednesday May 06, 2009 @10:40AM (#27845583) Homepage Journal

        They're effectively a blacklist (with some mostly ineffective greylist heuristics), and blacklists aren't really useful against continual new threats.

        I can think of four ways to keep viruses and worms from spreading: operating system security, blacklists, greylists, and whitelists. Blacklists and greylists in mainstream antivirus software for Windows are less than perfect, as you point out. Whitelists implemented in non-free operating systems (such as Authenticode and game console lockouts) have tended to be unfriendly to microISVs and free software developers. This leaves OS security. OLPC's web site describes Bitfrost [laptop.org], an interesting security layer that provides finer-grained security than is seen on most Linux or Windows desktop installations without depending entirely on lists. For instance, an app's installer can request directory scanning privileges (P_DOCUMENT_RO) or network privileges (P_NET), not both.

    • by Geoffrey.landis (926948) on Wednesday May 06, 2009 @10:36AM (#27845527) Homepage

      I agree with the comment about positive externalities, which is a factor not always well understood by the libertarian-leaning computer community, but the problem is that I can't see a good argument that the government would do this well.

      Frankly, working for the government, I would say that the government's understanding of computer security is negligible. Their advertisements would consist of warnings telling you to use non-rememberable twelve- or more character passwords with upper lower number and symbols, and to change all your passwords every ten days to a different non-rememberable twelve- etc password, and then warn you to never go to any website that isn't on the official government approved list, because you might get phished.

      An alternate suggestion would be, go after the spammers and the malware distributors. Malware is getting distributed because people are making money off of it. Follow the money, and shut it down, and malware will go back to being a hobby of a small community of nerds.

    • Re: (Score:3, Insightful)

      by mc1138 (718275)
      They'll just make a better idiot. I'm not saying anti-virus alone will do it, but I've found through practical experience that trying to educate users really only works with those are willing and able to learn. A vast majority of computer users are click happy and impatient willing to click anything and everything to get on with their day.
      • by hedwards (940851)

        Right, which is why I suggested a license way back. People complained that I was being elitist, but come on. The only way that we're going to be able to cut down on the spamming, scamming and other cyber crimes is through making sure people are educated and towing the line.

        It doesn't do me much good to behave responsibly when so many people are not doing so. Ultimately those people that have malware and virus infected computers cost me time and money.

        • Re: (Score:3, Insightful)

          by cayenne8 (626475)
          "The only way that we're going to be able to cut down on the spamming, scamming and other cyber crimes is through making sure people are educated and towing the line."

          Thing is, spamming and scamming pretty much only affects the stupid and gullible...it really doesn't affect me, I'm smart enough not to open and click everything, nor do I involve myself in stupid get rich schemes.

          Why should I even care if this is going on? If someone is an idiot...well, isn't that their right?

      • Re: (Score:3, Insightful)

        And antivirus is not sufficient to protect "click-happy" users from themselves.

        Look, there have been tons of ads about drugs and smoking, and plenty of morons still do those in large quantities. But it's still justified to try, because that's really the only thing that will work. Outlawing them really doesn't do a thing.

        To abuse an analogy, suggesting antivirus is a bit like suggesting that everyone equip their mouths with a special "health detector", which beeps loudly and induces vomiting whenever it sees

    • Re: (Score:3, Informative)

      by EvilBudMan (588716)

      Really, McAfee AntiVirus Enterprise Edition with all the goodies (anti-spyware) will get some honest files while missing most spyware. For instance it doesn't seem to like port scanners which is good for clients I guess? Maybe?

      That sounds like something else the government already has to spy on you. Windows. The automatic delete feature will be added for *.mp3's and things like that with a government endorsed or enforced antivirus choice.

    • Educating users? What parallel reality are you from? ^^

      It has never worked. So perhaps it would be time to learn that it never will. ^^

      After years of designing the interface of an internally used program of a medium-sized company, I learned one thing for sure:
      They will *not* ever learn to do it right, as long as they have a choice. So if you want users to use your software in the correct way, you have to make it the only way to use the program.
      This does not mean that you can't offer a version for power-user

  • Hmmph. (Score:3, Insightful)

    by Anonymous Coward on Wednesday May 06, 2009 @10:25AM (#27845357)

    Frequent Slashdot contributor Bennett Haselton writes with his idea for mass adoption of anti-virus software:

    Wow, somebody's buddy just got hooked up. Posting cretinous articles is one thing, posting a contributor's own cretinous musings is quite another.

    Here's an idea -- Let's assume for a second that the majority of business and government uses a specific family of operating systems from $MONOLITHIC_CORPORATION. Since that corporation is pocketting billions upon billions of dollars, then why not have them subsidize the ads?

    The burden should fall upon the corporations which support their operating systems which have been demonstrated to be gaping security holes which would make even the great Goatse prolapse with envy.

    • by hedwards (940851)

      Hey don't badmouth Cretin, he was probably my favorite character on Red Dwarf.

    • by pohl (872)

      But the quote from Esther Dyson said the ISP is responsible, not the monolithic corporation who made the operating system.

      And we all know the conventional wisdom that the structure of software doesn't have anything to do with security...it's all about popularity: any operating system would would be equally vulnerable if its market share were to grow to be as large as the one that currently dominates.

      And you also forgot that the assumption that we all use the monolithic corporation's system is supposed to be

      • Re: (Score:3, Insightful)

        by Ifni (545998)

        Everybody is responsible.

        1. No OS is secure, though some are inherently moreso than others, hence the OS makers are responsible
        2. Any idiot user can, by ignorance and bad practice, reduce the most secure OS to a virus ridden hell-box if given sufficient time, so the users are responsible
        3. The ISPs own the bandwidth and many of the resources used to spread viruses, and hence are responsible
        4. The criminals that research, design, build, and deploy the viruses are most directly responsible

        Additionally, anyone who, by in

  • Nope (Score:5, Insightful)

    by Anita Coney (648748) on Wednesday May 06, 2009 @10:28AM (#27845391) Homepage

    "to the point where even some libertarians would agree."

    Maybe he meant to write librarians, but no true libertarian thinks that the government should purchase ads for McAfee and Symantec.

    • The only software I want to subsidize is for my in-laws, so I don't have to fix their computer anymore.

      And actually I did just that last October by installing Ubuntu 8.04, haven't had a call since.

      • "And actually I did just that last October by installing Ubuntu 8.04, haven't had a call since."

        God, I nearly did the same thing to my in-laws. It's like their PC is a spyware/malware/virus magnet.

        • I converted my parents to Ubuntu. Dad loves it. :)

          My brother and in-laws remain untouched, although I do have a "refuge" box stashed at the in-laws for when I didn't bring a laptop and need an available machine.

    • by gfxguy (98788)

      I'm a libertarian and I agree that government spending millions of our tax dollars on ads would save some users from their own stupidity.

      That doesn't mean I think they should do it, it just means I agree that the government spending millions of our money to promote something will, ultimately, to some extent, promote it.

      But you're right, no "real" libertarian would suggest this is what the government should do.

    • no true libertarian thinks that the government should purchase ads for McAfee and Symantec.

      What do true libertarians think about state sponsorship of defense? Could software that implements a malware blacklist be considered arms to defend yourself against foreign military botnets?

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        The government should be responsible for protecting infrastructure, not home or work computers. Libertarians wouldn't argue that the government should buy homeowners guns to protect themselves at home, just that they should allow homeowners to buy their own guns if they choose to do so.

    • by Benanov (583592)

      Most libertarians try to shield themselves from the negative influence of the outside world (as it applies to their freedoms).

      After all a secure computer system is pretty much a prerequisite for high levels of privacy.

    • Re: (Score:3, Interesting)

      by darkmeridian (119044)

      That's not true. Libertarians believe that government should not interfere absent a market failure, or defined instances where the free market will not work properly. Libertarians would support the SEC, to some extent, to cure the problem of asymmetric information. The SEC regulation regime is basically founded on truthful and standardized disclosure of material facts.

      Libertarians would regulate pollution because there are negative externalities. A business can spend $10,000 to install pollution control sys

    • by jockeys (753885)
      agreed. let's look at this realistically: it would wind up being nothing more than state-sponsorship of a few select producers of AV. it stands to reason that the bigger the lobby group, the more attention that corporation would receive.

      do we really want our tax dollars buying ads for McAfee and Symantec?
    • by Jahf (21968)

      "no true libertarian thinks that the government should purchase ads for McAfee and Symantec"

      And no true computer professional thinks that educating people on why viruses/trojans/spyware/botnets are a danger to them is purchasing an ad for McAfee and Symantec.

      There are plenty of ways that education could be spread that would be completely product agnostic while reminding people that that Vista machine they just picked up is a gaping sack of attackable holes.

      As a lib I say it is far better that the govt do so

  • by Anonymous Coward on Wednesday May 06, 2009 @10:31AM (#27845441)

    Why not just hand out ubuntu cd's?

    • Why not just hand out ubuntu cd's?

      For one thing, the veterans' hospitals keep medical records using the VA's Computerized Patient Record System that runs on Vista [wikipedia.org].

      • by irtza (893217)
        Well, I am assuming this was a joke, but for those who do not get it - This is a EMR software package that is platform independent (unless you consider it a package) and has been ported to Linux as it states further down in the same article linked to by parent. If I had mod points, I would have just modded parent funny and let non-medical people figure it out. Instead I have done what any worthy /.er would do - kill the joke.
  • by Telephone Sanitizer (989116) on Wednesday May 06, 2009 @10:32AM (#27845467)

    If the government imposed a flat tax, Mac and Linux users would end up taking up a disproportionate amount of the burden for the risks that they pose.

    Let's just tax Windows.

    Take a third of the proceeds to subsidize antivirus software and awareness ads and use the rest to pay people to switch to a better OS.

    It could work!

    • Indeed. Or to take TFA's argument one step further, perhaps the gubment should give Microsoft money so they could make an operating system that was secure.
  • Yes, because right now, after bailing out the financial system, and the auto industry, some industries, like the multi billion dollar security sector, are feeling left out. Where's our share of the grift?
  • If the graph is a straight line with the value $0 when nobody else installs anti-virus software, and $10 when everybody else installs anti-virus software, then each additional user installing anti-virus software creates an additional benefit to me of 1/100,000th of a penny (so 1/100,000th of a penny, times 100 million, comes out to $10).

    I have four living grandparents non of which own or use a computer much less the internet. While you may claim that it benefits them in some way, they don't give a damn. I think you have a good argument but why not tax internet connections from ISPs instead? You know, like there are home owner taxes there could be internet users taxes that tax specific people. Sure, now you're paying $12.50 instead of $10.00 but at least my retired grandfather isn't paying for your Slashdot habit.

    I'm certain there

    • Re: (Score:3, Interesting)

      by jeffmeden (135043)

      Sure, now you're paying $12.50 instead of $10.00 but at least my retired grandfather isn't paying for your Slashdot habit.

      Say, that gives me an idea. Since as we all know (we being slashdot users) that those of us on Slashdot are the most informed of all internet-goers on the planet... Why not just mandate Slashdot readership for all internet users? Hell, maybe even subsidize subscriptions. If more people read Slashdot and knew the things WE know... Well, no problem can hide from one hundred million pairs of eyes.

  • by xmas2003 (739875) * on Wednesday May 06, 2009 @10:35AM (#27845517) Homepage
    As we saw recently, tons of media coverage about the swine flu caused a dramatic change in people's behavior and basically destroyed the Mexican tourist market ... even though it didn't seem much worse that the "average" flu ...
    • by geekoid (135745)

      Correction:

      Even though on hind sight it doesn't seem to be worse then the standard flu.

      Wheh something that new and virulent comes up, you must put caution first. While it don't happen often, occasional something appears that's very deadly. You do not want to wait until 1000 people get it before beginning to prepare. The risk is too high.
      Of course, there was some over reaction. Here in Oregon a child 'probably' has it and the closed the school district for 2 days and the school for a week.
      I wonder how much o

  • the problem is not (Score:3, Insightful)

    by nimbius (983462) on Wednesday May 06, 2009 @10:36AM (#27845525) Homepage
    the fact that people dont use antivirus software. the problem is windows is an OS that tends to get brutalized every week or two by a new virus, and the manufacturer does not appear to care.

    a better idea would be to make an incentive for OS vendors to build a better product.
    • by Blakey Rat (99501)

      Windows is pretty damned secured at this point. Well, Vista and Windows 7 are. The problem is:

      1) Most Windows install are running software that isn't, for example, Adobe Reader or Sun Java. The only virus I've gotten in the last ten years of using Windows was the Vundo virus, on my work computer, through Sun Java. Make sure you're holding the right company to task: I'm certain that at this point there are far more security holes in popular third-party applications from companies like Adobe than in Windows i

      • The only virus I've gotten in the last ten years of using Windows was the Vundo virus, on my work computer, through Sun Java. Make sure you're holding the right company to task: I'm certain that at this point there are far more security holes in popular third-party applications from companies like Adobe than in Windows itself.

        Damn I hate that one. I want to clear it off, but I can't because the wife needs a windows machine to access her online courses. I don't dare risk clearing off Windows during finals

    • by geekoid (135745)

      By not allowing people who sell computers to also sell or recommend an OS.

      That would give an opportunity to the market.

  • The other day, I heard a discussion on BBC Radio 4 in which an expert basically suggested that the threat from viruses, worms, etc., was not so severe. He stated that it would be impossible to kill the Internet in the UK, because doing this would require cables to be cut.

    It seems to me that he was ignoring many treats, such as corrupting the routes published by key routers and the fact that many threats don't involve a complete meltdown of the Internet. Lesser threats were mentioned earlier in the discussio

  • I'm not spending my taxes on free advertising for McAffee.

    • Ditto to that. Shouldn't they instead tax the unsafe operating systems (mostly, if not only Windows) that are sold for money and require people to then pay more money for antivirus? Taxing the usage of internet for providing antivirus seems lame when you have an operating system that has little need of it right now, such as Linux and OSX (mostly). Plus it certainly disregards the growing number of free antivirus programs that can be used by consumers.
  • Causation & Fines (Score:4, Interesting)

    by CajunArson (465943) on Wednesday May 06, 2009 @10:39AM (#27845571) Journal

    One problem with trying to penalize people who spread viruses (at least on a tort theory) is the problem of causation, since you have to be both the cause-in-fact and the proximate cause to be liable for a tort. Here's an example of what that means and why it could be difficult to blame any single person for the spreading a virus, except maybe for the person who unleashed it in the first place:
          Say there's a worm like Conficker that is very prolific and is being spread by many different means over the open Internet and where there are many exposed hosts. Say that for whatever reason I get infected, but that I happen to have detailed logs of the network traffic I received that shows that one A. Dumas who lives in Blackacre owned the IP address that I got my infection from. Say that further, this isn't some fluffy case where Dumas can claim it wasn't his computer or that he wasn't using it, instead Dumas was indeed sloppy and got himself infected with Conficker negligently. The problem is that while Dumas is the direct cause of me getting Conficker, he is likely going to be able to claim that he was not necessarily a but-for cause, meaning if he didn't infect me, somebody else would have. To make matters worse, with a worm like Conficker it would be likely that the "somebody else" would infect me in a very short period of time, possibly only minutes or seconds, after Dumas did it.
          So the end result could go two ways depending upon how a court would look at causation. Some courts might let Dumas off from liability since you really couldn't prove he was the but-for cause, but instead only one random cause amongst millions of possibilities. Other courts would say that yes, Dumas is the cause, but that the damages would be whatever the cost to me is of having Conficker... for 5 minutes or however long I would reasonably had an uninfected computer but for Dumas's infecting me. That would likely lower the damage amounts greatly, and make suing somebody else pretty unattractive.

        Of course, Tort law isn't the only way to handle this. The government could always come out an slap fines on people and the only thing they need to prove is that you were spreading the virus. I'm pretty pro-security, but I frankly think that would be a very bad idea that would lead to losses in freedoms much greater than anything people on Slashdot would imagine. If you are paranoid that some international phone calls were being intercepted before, imagine what it would be like when it is necessary to monitor everybody's network traffic to prove who had a virus and when they had it. Further, imagine all the insane regulations that would follow. For those of you naively thinking that this would somehow lead to Windows being banned from the Internet, think again. Given how the government works it would likely lead to any OS except for Windows and OS X being banned from use entirely. The reason would be that only Apple & Microsoft could effectively afford to pay the massive "licensing fees" and hire armies of lawyers to cut through the red-tape needed to get government approval to connect to the Internet.... not a pretty scenario at all.

  • If the government sponsored public service announcements advising antivirus protection, every attempt would be made by malware distributors to make their malware look even more like antivirus software than before and would likely be made to resemble norton/symantec or mcafee software products.

    Interestingly enough, some people here are already preaching "abstinence" by suggesting people learn what not to do with their computers and where not to go on the internet.

    There will always be amazingly stupid people

  • by Cyberax (705495)

    Since when a computer without AV software is somehow 'insecure'?

    Is author so thoroughly conditioned that he can't even imagine that it's perfectly possible to use Windows without getting viruses?

  • by Bob9113 (14996) on Wednesday May 06, 2009 @10:43AM (#27845629) Homepage

    I'm all for educating users about the harm they are causing by using insecure operating systems and engaging in dangerous behavior.

    However:
    subsidizing the purchase of anti-virus software

    Don't dip your damned hand into my pocket and hand money to McAfee before we first educate these people. Then start holding them accountable for the damage they cause. Then, and only then, as a last resort if nothing else works, can we talk about holding their hands because there is no other way out.

    I support methadone clinics, but first I support putting junkies who steal in jail. Same thing here. People are wantonly engaged in destructive behavior and you propose that we first harvest the positive externality, before addressing the negative externality of their destructive behavior. I am a strong believer in externalities and the balancing thereof. But let's start with the negative side, with holding the junkies accountable for their behavior.

    • by geekoid (135745)

      Also, it's the woman's fault she got raped, she wore a short dress!

      Stop blaming the victim.

      I went to the extreme to make a point.

      However, yes you are correct, don't subsidize the purchase of anti-virus.

      Education about how to behave would be good as well as education on the Virus Risk between Windows, Apple and Linux would be nice as well.

  • State subsidies for antivirus programs are going to have all sorts of unforeseen and undesirable consequences. Beyond the whole spending money they don't have thing, virii are predominantly a Windows problem.

    By making anti-virus software a matter of public policy, the government will be encouraging people to use Windows ahead of alternatives, whose achilles heels are not being masked by government action. PSAs about the efficacy of free anti-virus programs is also going to further the illusion that Windo
  • by knarf (34928) on Wednesday May 06, 2009 @10:46AM (#27845687) Homepage

    OK, here's a comparison to chew on:

    You are getting overweight, feeling wheezy, have bad breath and sometimes feel like your heart is beating irregularly. Feeling uncomfortable with these facts and symptoms you consult a doctor. After a short conversation you tell the doctor that you eat out at McDonalds every day.

    Now the roads diverge:

    scenario A)

    The doctor tells you that you should take a diet pill every day, should use mint drops to cover your bad breath, should come back once per month to have your heart checked and get someone to assist you when you feel wheezy.

    scenario B)

    The doctor tells you that eating at McDonalds every day does tend to do these things to people. A burger every now and then does not do harm but if you only eat burgers you tend to develop these problems. He tells you about alternatives to McDonalds where more healthy food is served, advises you to cook a meal for yourself once per week, to get some exercise and to quit frequenting McDonalds.

    Which doctor would you rather have?

    And if your answer is 'A', then would you want the government to sponsor diet pills and mint drops as well?

    If there is a cure for the disease then why only treat the symptoms?

  • More generally, I think that government-funded action to encourage better computer security is something that has not been given enough consideration.

    Although I'm no fan of AV s/w - I completely agree. At what point does a T-1 connected grandma become an officially recognized threat to national security? The U.S. at least, seems about one attack shy (using history as a guide) of such a designation...

  • If the governments would refuse to buy insecure software then the software makers would have a big reason to make their systems secure.

    The government needs to lead not push the people.

    The government requirements would create a secure purchase option which people could select.

  • profiteering (Score:5, Interesting)

    by bcrowell (177657) on Wednesday May 06, 2009 @10:51AM (#27845761) Homepage

    One big problem with this proposal is profiteering. Any time government offers to inject some money into the private sector, powerful commercial interests will line up to feed at the public trough. We saw it in the Iraq war, with Halliburton. We're seeing it with banks that are gaming the federal bailout system, maneuvering so that they can be subsidized without accountability. And it's always the most politically well connected private interests that are able to play this game successfully, e.g., it sure didn't hurt that Halliburton was in bed with Dick Cheney. So if this proposal were enacted, I predict that Symantec, for instance, would make out like bandits, while zero money would flow to ClamAV

    Another problem is that this kind of thing takes on its own momentum, and tends to continue indefinitely long after its justification is gone. We've seen this with farm subsidies, which were meant as an emergency measure to try to help family farms survive the Great Depression. Now it's just a subsidy to agribusiness. As far as antivirus software, IMO it's already long outlived its usefulness; it's become a kind of snake oil, a kind of difficult-to-remove malware in and of itself, used by people would would rather pay $40 for a bandaid rather than taking proper security precautions.

    And yet another problem is that this kind of thing subsidizes dumb behavior. In the case of antivirus software, it subsidizes MS's poor design of its operating system, which makes it more vulnerable to viruses than MacOS or Linux. It also subsidizes dumb behavior by users who click on executable email attachments from strangers.

    As far as the economic justification, I don't buy it for a second. Since I don't run Windows, I don't suffer a lot of direct negative economic effects from viruses. The effects I do suffer are small and indirect. Mostly I get a negative effect because I get spam from botnets. However, I don't believe for one second that increasing adoption of antivirus software by some percentage will have any significant effect on the amount of spam I get from botnets.

  • First off, pretty much every average users PC has cmoe with AV software for years. IT ahsn't helped.

    Guess what? it will never help. Even the bast AV software is weak sauce.

    No, people need a hardware solution built into there net card. One the checks for unwanted behavior..perferable with jumper setting. Yeah, you read that right, jumper settings. Make them have to do something besides clicks a few lying links or buttons to turn off the physical security.

    That's how to lock down bots.

    You can also have it do

  • while i do agree with the early posters suggesting making OSs to be secure and impervious to viruses and other misc. malware and trojans, but knowing the governments track record of poking their nose in to places it does not belong = invasion of privacy when its not warranted i would prefer to use an OS that is not vulnerable to the virus du jour.
  • I am so tired of people doing whatever they can to justify the newest benefit to themselves or others they feel need help.

    Two issues.

    IT IS NOT YOUR MONEY.

    Where in the hell is it in the Constitution that this is a function of government.

    That is the problem with people today. Anyone can find a justification for their piece of someone else's pie. Get it ? Your demanding that other people's money be spent on a problem you perceive.

    And people wonder how we end up with trillion dollar deficits. Not only is t

    • by homer_s (799572)
      When I see arguments like this (govt. should do X - look at how society will benefit from that), I usually say:

      That's a great idea. Similar to that, the govt should also:
      • Regulate dating and marriage - this will lead to a lower divorce rate and improve society
      • Regulate when and how many children a couple can have - imagine the benefits to soceity
      • etc

      The danger is, some nanny-staters will agree with some of the "ideas" above.

  • MS was found guilty of abusing their monopoly in the OS market because they 'integrated' IE the system.

    Yet for years we have had to deal with the consequence of that because of any value was done because of it.

    Telling people that they need to go spend more money on software seems to really be missing the point.

  • tl; dr
  • Oookkkaaayyy... where can I get software that can protect me from an overbearing and overreaching government?

    (I love this nation, but will never, ever, put my faith and/or trust in any government.)

  • "These are not 'free trials' for something you have to pay for later. They are FREE. If you're not using anything at all, at least go get one of these." Along a list of the non-free programs for people who want even more protection, and links to third-party reviews of those. "

    Really? why would you assume non-free means more protection? I mean, the way you put it the 'FREE' AV tools would just be ads and extremely limited to make people pay for the 'government approved' upgrade.

  • (A) The cost of running the proposed federal "$5 rebate program" is likely to exceed the amount of money actually distributed.

    (B) The rebate shifts the cost of securing my PC to all taxpayers.

    (C) The "externality" here is that the cost of me failing to secure my system leaves my system open for use by a hacker. This decreases the cost to the hacker to acquire another bot in his botnet. In the aggregate, the externality is manifested as a large botnet used in a DDoS attack. The cost to defend against a

  • by castironpigeon (1056188) on Wednesday May 06, 2009 @11:14AM (#27846157)
    There's not a single anti-virus software out there that's worth the trouble to pirate, let alone pay for. The virus database is always one step behind virus makers. The heuristic virus detection is awful and is much more likely to mark legitimate software as a virus than the virus itself. And if you do happen to get infected with a virus and it actually gets detected there's no way the anti-virus is going to clean it out completely.

    So far you could say the same things for anti-spyware software. But wait, there's more. Unique to antivirus software is the virus-like quality of the software itself. Have you ever tried to uninstall one of these things? Working at a university PC support center I used to see this a LOT. You're never going to get every last bit of the antivirus software off a computer. And then what happens when you want to install a new antivirus? Or when a user wants to be 'extra safe' and installs two antivirus programs simultaneously? /facepalm

    I say no thanks to that. Get a router with a firewall and sit behind it. Make sure everyone on your network is smart about suspicious links, scripts, email, IMs, etc. Common sense is free and works much better than anti-* software. When all else fails, reformat & reinstall.
  • Lets smoke (Score:3, Insightful)

    by gmuslera (3436) on Wednesday May 06, 2009 @12:21PM (#27847141) Homepage Journal
    Instead of government taxing big tobacco, banning or disencourage its use, will promote and encourage its use, claiming that most have filters, and we have cheaper clinics that treats smoking related diseases,

    Someone lost the clue where the problem is, and what are the best steps to solve it. Is like asking government to just give aspirines to stop the swine flu.
  • by flyingfsck (986395) on Wednesday May 06, 2009 @01:06PM (#27847845)
    They should just go all the way and make a government approved Linux distribution.

"I'm not afraid of dying, I just don't want to be there when it happens." -- Woody Allen

Working...