Let Big Brother Hawk Anti-Virus Software 405
This requires a discussion of "positive externalities," which may seem pedantic to you if you remember the concept from econ class, in which case you can skim the next five paragraphs. When you buy anti-virus software, some of the benefits accrue to you — less risk of your data being lost to a virus, or of annoying spyware infecting your computer with pop-up ads — but some of the benefits also accrue to other people. Prior to anti-virus software being installed on your computer, your machine might have been infected and taken over by criminals who used it to send spam. Or it might have helped to propagate the virus to other people. (Note: I am using "virus" to incorporate related things like "worms" and not worrying about the distinction.) Or you might have thought there was a problem with your computer, not realizing the problem was caused by a virus, and wasted time calling the tech support line for your computer manufacturer or for some other product on your computer. (If the company charges for tech support, then you're paying the cost of your call rather than passing those costs on to others, but if the call is free, then the costs have to be passed on to the company and hence indirectly to their other customers.) When you install anti-virus software, the chances of all these things happening are reduced, and those are the benefits that accrue to others — positive externalities, in economics jargon.
The key assumption is that you can put a price on all of the positive externalities generated by a given person installing the anti-virus software. It's different for every person, but it always adds up to some value, something that is not microscopic, but also not fantastically larger than the purchase price of the anti-virus program. It's on the order of adding 1/100,000th of a penny's worth of value to the lives of 100 million other people, for a total positive externality of $10.
To see that this is a reasonable assumption, suppose that if I had a choice between living in a world where all 100 million other Internet users in the US had no anti-virus software installed (using round numbers to make things simpler), and living in a world where all of the other users in the US had anti-virus software installed, I would pay $10 more per year to live in the latter, counting only the benefits to me and not factoring in any altruistic desire to help protect fellow citizens. (I personally would pay a lot more than $10 because I use the Internet so much, but the average might be closer to $10. Also, what I'd really like is for more people in certain other countries to install anti-virus software — China comes to mind — but I'm leaving them out of this discussion because it would be harder for the US government to encourage that.) When everyone else in the US is using anti-virus software, the benefits are returned to me in various ways, such as it being easier for me to send and receive e-mail because there aren't so many botnet-infected machines sending spam. (This is independent of my decision as to whether to buy anti-virus software for myself or not.)
Now, once I've decided I'd pay $10 more to have all my fellow Americans install anti-virus software, I could draw a graph (while my friends are out snowboarding with their girlfriends) with "how many other US users have hypothetically installed anti-virus software" on the x-axis, and "how much would I pay to live in that world" on the y-axis. At the point on the graph where no other people have anti-virus software, I'm willing to pay $0 to live in that world. (Well, of course I'd pay a lot more than $0 to be alive in any world, but I'm comparing other worlds to that one, so I'm just using $0 as my baseline.) At the point on the x-axis where all 100 million other users have installed anti-virus software, I'm willing to pay $10 to live in that world instead. What does the graph look like in between those points? Well, I can assume it's upward-sloping — the more other people install anti-virus software, the better it is for me. I could also adopt the simplifying assumption that it's a straight line — so I would pay $3 to live in a world where 30 million other people have anti-virus software installed, $6 to live in a world where 60 million other people have it installed, etc. It's not really a straight line, because when the first 50 million Americans install anti-virus software, that still leaves 50 million others to get infected and do damage, but when the next 50 million install it, that has eliminated all the unguarded computers in the US, and made it a lot harder for viruses to spread, at least within our borders. In other words, the line representing the quality of life to me as a function of how many other people installed anti-virus software, would rise more slowly in the range 0-50 million than it would rise in the range 50-100 million. But as long as the curve doesn't make any sudden jumps — for example, I know that the 30-millionth person installing anti-virus software isn't suddenly going to make my quality of life go up by $1 — I know the curve generally has to rise smoothly. So for a really rough approximation I'll treat it as a straight line.
If the graph is a straight line with the value $0 when nobody else installs anti-virus software, and $10 when everybody else installs anti-virus software, then each additional user installing anti-virus software creates an additional benefit to me of 1/100,000th of a penny (so 1/100,000th of a penny, times 100 million, comes out to $10).
You may think it's ridiculous or meaningless to say that someone else installing anti-virus software can benefit me to the tune of 1/100,000th of a penny. I myself can't wrap my head around it. But I can use the necessary properties of the graph — that it starts at $0, ends at $10, must curve upward, and doesn't make any sudden jumps — to reason that it should be approximately true.
And then, if each other US Internet user derives an average of 1/100,000th of a penny's worth of benefit when you install anti-virus software, then the total benefit that you confer on other people by installing the software, comes out to 1/100,000th of a penny times 100 million, or $10. And that's not even counting all the spillover benefits to users in other countries each time an American installs anti-virus software, something that we could consider a kind of off-the-books foreign aid. (Even if we would really like for it to be reciprocated by all users in countries like China installing anti-virus software as well.)
This is actually not hard to reconcile with people's attitudes toward installing anti-virus software. It's recommended as something you should do not only for your own protection, but also as something you should do to be a "good Netizen" so as not to impose inconveniences on other people. If your installing anti-virus software only conferred about 1 penny's worth of total benefit on the rest of the world, nobody would bother exhorting you to do it as a kind of civic duty. On the other hand, if your installing anti-virus software conferred thousands of dollars' worth of good on the world (or, equivalently, not installing anti-virus software exposed the rest of the world to thousands of dollars' worth of risk or damage), then people would not only be exhorted to install it, it would probably be required by law, like functioning car brakes. The kind of pressure that we see today to install anti-virus software — gentle prodding but not outright compulsion — feels commensurate with a value between $1 and $100 of the benefits that a person confers on the rest of the world by installing it.
But this logic also means is that we are missing an opportunity to make everybody better off on average, by actually subsidizing the purchase of anti-virus software for some people who otherwise would not have bought it. Suppose each user confers $10 worth of positive externalities on other American Internet users when they install anti-virus software. Now first consider the case of an a program like Norton Anti-Virus which costs $40.
For anybody who personally values their own anti-virus protection at $40 or more, great — they'll buy the software, they get the value they want from it, and everybody else gets the positive externalities of that person's virus protection, for free. But consider the people who value the anti-virus software at somewhere between $35 and $40. With no government rebate, they won't buy the software.
But now suppose the government offers a $5 rebate (funded by a tax on all 100 million Internet users) to anyone who buys anti-virus software. Everybody who would have bought the software before, will obviously still buy it now that the government rebate has effectively lowered the price to $35, and now, all the people who value the software between $35 and $40 will buy it as well. For each person who purchases the software at the new price of $35, the following is true:
- The person who bought the anti-virus software is better off — they valued the software at at least $35, and they got it for $35. (Otherwise, they wouldn't have bought it.)
- The taxpayers who subsidized the purchase are better off. Each rebate cost the taxpayer one-hundred-millionth of $5. But when that user installed the anti-virus software, they conferred $10 worth of total benefit on all other Internet users in the US, so that benefits each Internet-using taxpayer one-hundred-millionth of $10. So they're ahead.
If this seems fanciful, we're still in the domain of standard economics textbook stuff. When positive externalities are involved, the free market by itself will usually not reach the optimal outcome; by adding in some government subsidies, you can achieve an outcome that leaves everyone better off than they were before (even after subtracting the cost of the taxes to fund the subsidies). Call them "subsidies even a libertarian could love." Steven Landsburg's books The Armchair Economist and More Sex Is Safer Sex, and Tim Harford's books The Undercover Economist and The Logic Of Life, explain the logic of externalities probably better than I can, and give other interesting examples. When I say "subsidies even a libertarian could love," consider that Landsburg once wrote that George W. Bush's tax plan was unfairly burdensome to the rich, because "it seems patently unfair to ask anyone to pay over 30 times as much as his neighbors." That's pretty, uh, libertarian. But even Landsburg has argued, in More Sex Is Safer Sex, that LoJack anti-car-theft devices should be heavily subsidized by the government, because they create positive externalities — when more people buy LoJacks, thieves are deterred from stealing everyone's cars, because there's no way to tell whether a particular car has a LoJack installed or not. To the extent that anti-virus software creates positive externalities, it should be subsidized as well.
A modified version of this logic applies even to free anti-virus programs like AVG Anti-Virus. AVG is only "free" if you don't count the costs of finding out about it in the first place, then downloading it, installing it, and leaving it running. All of these add up to costs that, for whatever reason, have led to many people choosing to run nothing at all, rather than to run AVG even though it's free. If the government ran a campaign announcing the rebates for purchasers of anti-virus software, they could also use the campaign to recommend certain free programs -- thus effectively offsetting the "costs" by providing a "subsidy" for those programs in the form of free advertising.
When I ran this past some people for comment, two respondents, Steven Landsburg and Esther Dyson, independently recommended versions of a popular alternative idea, which was to penalize people directly for spreading computer virus infections. Landsburg commented:
I certainly think there are huge externalities here, and they derive from the fact that idiots who don't know what they're doing insist on administering their own mail clients. I don't have a mail client on my machine precisely because I am one of those idiots and I don't want to be responsible for a virus grabbing my address book and running with it.
So I have long thought that mail clients should be taxed and/or (if it were technologically feasible) that individual users should be fined heavily if viruses spread from their machines (or send spam from their machines).
Esther Dyson suggested something similar:
One method to consider is — rather than subsidy — requiring the ISPs to post a bond for their customers and assume responsibility for their actions. They can ask their customers in turn either to buy an antivirus package, to sell one that the ISP will offer for free, or to post a bond guaranteeing that they know what they're doing and will do no harm. The ISP is then liable for the misbehavior of its customers and may forfeit the bond if some specified level of disruption is caused by its customers.
In theory, this works better than my idea because it precisely targets the undesirable behavior: We don't really want to penalize people for not running anti-virus software, we want to penalize people for not running anti-virus software and imposing costs on others as a result. It's not possible for 100 million people to charge one person 1/100,000th of a penny each for the inconvenience and risk that person creates by not installing anti-virus software, but it might be possible for one recipient of the virus to seek to punish the person who gave it to them.
However, I think this scheme would have more practical problems:
- You can only penalize the virus spreader if you know exactly who was responsible for passing it on to you. This works for old-school viruses that spread as e-mail attachments, but not for worms like Code Red that probe the network looking for other machines to infect — if you're infected as a result of a remote IP address probing your machine, it's unlikely that you would ever find out exactly when or how it happened, much less the owner of the IP address that infected you.
- If you found out that a friend spread a computer virus to your machine, you'd probably be under a lot of pressure from your friend not to turn them in.
- For people who did get taken to court for spreading viruses, there would be overhead costs associated with processing the case, over and above the actual fine that may be levied against the individual. (If the penalty happens outside the court system — for example by ISPs keeping the bond posted to them by a customer — at least some of those customers will probably feel wronged and sue the ISP, generating court costs either way.)
- If someone accidentally spread a virus to a large number of other machines, that could make their total liability far greater than what they could actually pay.
The idea of fining or otherwise punishing people for accidentally spreading viruses is something I've thought about too, but usually in a moment of venting. As Steven Landsburg dryly says, "Your solution (subsidized antivirus software) might be more effective, but mine would be more satisfying (to me)." I think the option of punishing people for propagating viruses is something that should be explored in more detail, but I can't offhand think of any solutions that would avoid the problems listed above. The fact is that anybody with an Internet connection has the potential to do enormous damage if their machine gets infected, and in most cases it would be too hard to track the harm back too them, and too harsh to make them pay the real cost of the damage.
On the other hand, the option of a government publicity campaign to get people to install anti-virus software — at least the free ones, which should be a no-brainer — is something that seems like it should start bringing benefits right away. Government advertisements for free programs would require the least amount of paperwork to set up, because all the government would have to do would be to produce the TV ads and buy the airtime. (Other proposals, such as subsidies for non-free anti-virus software, or paying people outright to install anti-virus software, would require more overhead to implement. That doesn't mean they shouldn't be tried, but go for the low-hanging fruit first.) Now, what the ads should look like would be a question for advertising experts, but I would really hammer home the point: "Go to this government website and we have a list of recommended FREE anti-virus programs. These are not 'free trials' for something you have to pay for later. They are FREE. If you're not using anything at all, at least go get one of these." Along a list of the non-free programs for people who want even more protection, and links to third-party reviews of those.
More generally, I think that government-funded action to encourage better computer security is something that has not been given enough consideration. I think this is partly due to hostility to anything that smacks of government intervention (because of, among other things, numerous times the US government has attempted to censor the Internet), and partly because of an assumption that the free market will provide the best solution by itself. But if the government is actually on the right side of an issue — the side of promoting better computer security — then there's no reason to be petty and foul up their campaign just because we're still resentful that they once tried to make the Internet into a no-cussing zone. Hey, if the government thugs start to care more about computer viruses than about Internet porn, then they're learning! Give them a pat on the head and help them get the word out! And meanwhile, economic theory predicts that because of the externalities problem, the free market by itself won't lead to the optimal number of people using anti-virus software or keeping their computers secure. That's precisely the situation where a government-funded push toward more computer security can bring everyone more benefits than it costs. If you wear a Ron Paul t-shirt, but you found out about free anti-virus software software from a state-sponsored TV ad, nobody has to know.
What about the standard way ? (Score:5, Insightful)
Re:What about the standard way ? (Score:5, Insightful)
Going to have to agree with that.
All this talk about positive externalities and encouraging large numbers of people to do something might be better served by the government requiring higher minimum security standards for operating systems and charge pigouvian taxes to software makers who don't meet those standards.
Sadly this only works in the ideal world.
Lobbyists would destroy it (to the point where Windows 95 would pass) and the only people who would be hurt would be Free Software authors and SMBs who don't have enough representation.
FWIW most ISPs offer "free" anti-virus; most of the time it's McAffee or Norton. That and really virus scanners are a bandaid to poor security.
They're effectively a blacklist (with some mostly ineffective greylist heuristics), and blacklists aren't really useful against continual new threats.
Re: (Score:3, Insightful)
Although draconian, I say partition machines that are parts of botnets, those that distribute undeniable spam, and those that perform port probes. Yes, I know that spoofing makes that tougher, but it's a start so as to jolt people into taking responsibilities for their ownership in their own systems.
Route around the bastards, I say.
Re:What about the standard way ? (Score:5, Insightful)
This is not something the Federal Govt. is mandated to do?!?!
Where in the constitution would be the mandate for the feds to promote something like this? I know people try to squeeze everyting into the 'general welfare' statement, but, c'mon, this is a 'reach' even for something like that.
Re:What about the standard way ? (Score:5, Insightful)
Re: (Score:3, Insightful)
Damn, isn't it about time SOMEONE challenged the broad scope that has been given to the commerce clause. It has allowed the Feds to go WAY outside of what they're supposed to be doing!!
No, I wouldn't personally consider the commerce clause to be applicable to mandating anti-virus software for citizens. Then again, I'd not have thought that a farmer raising his own wheat for his own consumption, would somehow a
Re:What about the standard way ? (Score:5, Insightful)
I understand the argument of constitutionalism for certain things, like freedom of speech or protection of minorities, on the argument that the majority might get temporarily inflamed and do something terrible.
But persistent majorities for the last century have voted on a large and expansive government. It seems wrong to advocate their disenfranchisement.
Re: (Score:3, Insightful)
Well, I'd say some politicians have been voting for it...gives them more power and more jobs, but, really, I don't think the majority of American citizens have been voting for it. The politicians just don't represent what the people want for the past decades IMHO. They're owned by the corporations and special interests, but, the will of the people I believe, has long been derided and ignored. Hell, most of the
Re:What about the standard way ? (Score:4, Interesting)
Under your immensely broad determination, just about anything could be considered commerce.
The Supreme Court has ruled that a farmer who eats his own wheat is engaging in interstate commerce (Wickard v. Filburn). So yeah, anti-virus software could easily fall into that chasm of a loop hole, too.
You don't have to agree with something on principle to recognize the truth of it.
I See Your Nope, and Raise You an Uh-uh (Score:3, Informative)
Commerce Clause [wikipedia.org]. Thanks for making the argument that more education is needed.
Thankfully, the SCOTUS came to their senses a few years ago and declared that the CC is NOT a blanket justification for universal Federal authority over everything. Congress had used it to justify totalitarian powers up till that point. Any argument using the CC as its justification has to have a much more narrow focus now, or SCOTUS will throw it out. I can only hope that one day they'll make a similar ruling on the "general welfare" clause.
Is that so? In the last major case on the Commerce Clause, Gonzales v. Raich, 545 U.S. 1 (2005), the Supreme Court actually upheld, under the Commerce Clause, the application of the Controlled Substances Act to the growing of marijuana for medical purposes, even though this was a "non-economic" activity. So I wouldn't read the obituary of the Commerce Clause just yet -- it still has plenty of life in it.
As for the current proposal to subsidize and/or educate the public in the use of anti-virus software, I t
De-Fense! (clap clap) (Score:5, Interesting)
Where in the constitution would be the mandate for the feds to promote something like this? I know people try to squeeze everyting into the 'general welfare' statement
From the Constitution:
The Congress shall have power to lay and collect taxes, duties, imposts and excises, to pay the debts and provide for the common defense and general welfare of the United States
Other countries have used military botnets. Therefore, a campaign against botnets might even count as "defense", in addition to the "welfare" and "commerce" arguments that others have made.
Re:What about the standard way ? (Score:5, Funny)
Just loop "blah, blah cyber-terror yada blorg emerging network-centric threatspace blah, yadda, rogue state espionage etc. soforth pedophile super hackers drone bloviate organized crime identity theft" until everybody's eyes glaze over. At that point, anybody who opposes the measure is a shifty-eyed pedo-terrorist who wants the chinese to hack the pentagon. Problem solved.
I'm not sold on the idea; but it would be an easy sell.
Re: (Score:3, Interesting)
If you catch some weird disease, the CDC has the right to quarantine your ass. The government forces people to get vaccinations as well.
So why are economically damaging computer viruses spreading through the internet less deserving of government action than real viruses spreading through social networks?
I can see a lot of arguments for the reverse, namely that a single computer can infect far more machines than a single person can infect other people...
Re: (Score:3, Funny)
Not only is the government not mandated to do it, but there are some most excellent laws that prevent the government from competing with private industry. Not only does this lead to gov't subcontractors but actually requires it some places.
Otherwise, I'd guarantee that the DOE and Air Force would have come out with their own PC operating system already.
Re:What about the standard way ? (Score:4, Interesting)
They're effectively a blacklist (with some mostly ineffective greylist heuristics), and blacklists aren't really useful against continual new threats.
I can think of four ways to keep viruses and worms from spreading: operating system security, blacklists, greylists, and whitelists. Blacklists and greylists in mainstream antivirus software for Windows are less than perfect, as you point out. Whitelists implemented in non-free operating systems (such as Authenticode and game console lockouts) have tended to be unfriendly to microISVs and free software developers. This leaves OS security. OLPC's web site describes Bitfrost [laptop.org], an interesting security layer that provides finer-grained security than is seen on most Linux or Windows desktop installations without depending entirely on lists. For instance, an app's installer can request directory scanning privileges (P_DOCUMENT_RO) or network privileges (P_NET), not both.
Yes, and quis custodiet, anyway? (Score:5, Insightful)
I agree with the comment about positive externalities, which is a factor not always well understood by the libertarian-leaning computer community, but the problem is that I can't see a good argument that the government would do this well.
Frankly, working for the government, I would say that the government's understanding of computer security is negligible. Their advertisements would consist of warnings telling you to use non-rememberable twelve- or more character passwords with upper lower number and symbols, and to change all your passwords every ten days to a different non-rememberable twelve- etc password, and then warn you to never go to any website that isn't on the official government approved list, because you might get phished.
An alternate suggestion would be, go after the spammers and the malware distributors. Malware is getting distributed because people are making money off of it. Follow the money, and shut it down, and malware will go back to being a hobby of a small community of nerds.
Re: (Score:3, Insightful)
Re: (Score:2)
Right, which is why I suggested a license way back. People complained that I was being elitist, but come on. The only way that we're going to be able to cut down on the spamming, scamming and other cyber crimes is through making sure people are educated and towing the line.
It doesn't do me much good to behave responsibly when so many people are not doing so. Ultimately those people that have malware and virus infected computers cost me time and money.
Re: (Score:3, Insightful)
Thing is, spamming and scamming pretty much only affects the stupid and gullible...it really doesn't affect me, I'm smart enough not to open and click everything, nor do I involve myself in stupid get rich schemes.
Why should I even care if this is going on? If someone is an idiot...well, isn't that their right?
Re: (Score:3, Insightful)
And antivirus is not sufficient to protect "click-happy" users from themselves.
Look, there have been tons of ads about drugs and smoking, and plenty of morons still do those in large quantities. But it's still justified to try, because that's really the only thing that will work. Outlawing them really doesn't do a thing.
To abuse an analogy, suggesting antivirus is a bit like suggesting that everyone equip their mouths with a special "health detector", which beeps loudly and induces vomiting whenever it sees
Re: (Score:3, Informative)
Really, McAfee AntiVirus Enterprise Edition with all the goodies (anti-spyware) will get some honest files while missing most spyware. For instance it doesn't seem to like port scanners which is good for clients I guess? Maybe?
That sounds like something else the government already has to spy on you. Windows. The automatic delete feature will be added for *.mp3's and things like that with a government endorsed or enforced antivirus choice.
Re: (Score:2)
Educating users? What parallel reality are you from? ^^
It has never worked. So perhaps it would be time to learn that it never will. ^^
After years of designing the interface of an internally used program of a medium-sized company, I learned one thing for sure:
They will *not* ever learn to do it right, as long as they have a choice. So if you want users to use your software in the correct way, you have to make it the only way to use the program.
This does not mean that you can't offer a version for power-user
Re: (Score:3, Interesting)
Hmmph. (Score:3, Insightful)
Frequent Slashdot contributor Bennett Haselton writes with his idea for mass adoption of anti-virus software:
Wow, somebody's buddy just got hooked up. Posting cretinous articles is one thing, posting a contributor's own cretinous musings is quite another.
Here's an idea -- Let's assume for a second that the majority of business and government uses a specific family of operating systems from $MONOLITHIC_CORPORATION. Since that corporation is pocketting billions upon billions of dollars, then why not have them subsidize the ads?
The burden should fall upon the corporations which support their operating systems which have been demonstrated to be gaping security holes which would make even the great Goatse prolapse with envy.
Re: (Score:2)
Hey don't badmouth Cretin, he was probably my favorite character on Red Dwarf.
Re: (Score:2)
But the quote from Esther Dyson said the ISP is responsible, not the monolithic corporation who made the operating system.
And we all know the conventional wisdom that the structure of software doesn't have anything to do with security...it's all about popularity: any operating system would would be equally vulnerable if its market share were to grow to be as large as the one that currently dominates.
And you also forgot that the assumption that we all use the monolithic corporation's system is supposed to be
Re: (Score:3, Insightful)
Everybody is responsible.
Additionally, anyone who, by in
Re:Hmmph. (Score:4, Interesting)
The only OS security model which is bette than Windows in any meaningful, practical way is SE Linux. Eveyone else uses user-based access, which is no defense at all against a user who doesn't care about security. Any modern consumer OS (by which I mean: you don't have to recompile the kernel to add a new driver) will make it trivial for malware to install itself if the user can be convinced to enter the root password - and that's just not a very high bar.
The SE Linux model does a little better: by restricting access based on process profiles, and not based on users. The only real advantage there is that the user is conditioned to only needing the root password when installing software, so at least the bar is raised a notch as you have to trick the user into *knowingly* installing software. Not much better.
Combine that model, however, with a trusted host for software downloads (as any good package management system should have), and you raise the bar yet again. That would mostly limit malware to users who torrent cracked sofware or otherwise deliberately go outside the normal path for software installation. That would be a significant reduction in targets, but perhaps not enough to really matter (does reducing the number of infected systems by 90% really help much?).
Re: (Score:2)
So it should be Hondas fault if I don't maintain my car and that leads to an accident?
It would be, if the accident was caused by a design flaw that requireed unusual constant maintenance. If your Honda needed to have the rear wheel bearings adjusted every thousand miles, and you didn't do it and caused an accident, there would be a pretty good case to take Honda to court - "Why the hell do the bearings need adjusted all the time? No-one else has that!"
Both Linux and Mac OSX are getting to be somewhat ma
Nope (Score:5, Insightful)
"to the point where even some libertarians would agree."
Maybe he meant to write librarians, but no true libertarian thinks that the government should purchase ads for McAfee and Symantec.
Re: (Score:2)
The only software I want to subsidize is for my in-laws, so I don't have to fix their computer anymore.
And actually I did just that last October by installing Ubuntu 8.04, haven't had a call since.
Re: (Score:2)
"And actually I did just that last October by installing Ubuntu 8.04, haven't had a call since."
God, I nearly did the same thing to my in-laws. It's like their PC is a spyware/malware/virus magnet.
Almost (Score:2)
I converted my parents to Ubuntu. Dad loves it. :)
My brother and in-laws remain untouched, although I do have a "refuge" box stashed at the in-laws for when I didn't bring a laptop and need an available machine.
Re: (Score:2)
I'm a libertarian and I agree that government spending millions of our tax dollars on ads would save some users from their own stupidity.
That doesn't mean I think they should do it, it just means I agree that the government spending millions of our money to promote something will, ultimately, to some extent, promote it.
But you're right, no "real" libertarian would suggest this is what the government should do.
Right to keep and bear AVG (Score:2)
no true libertarian thinks that the government should purchase ads for McAfee and Symantec.
What do true libertarians think about state sponsorship of defense? Could software that implements a malware blacklist be considered arms to defend yourself against foreign military botnets?
Re: (Score:2, Interesting)
The government should be responsible for protecting infrastructure, not home or work computers. Libertarians wouldn't argue that the government should buy homeowners guns to protect themselves at home, just that they should allow homeowners to buy their own guns if they choose to do so.
Re: (Score:2)
Re: (Score:2)
Most libertarians try to shield themselves from the negative influence of the outside world (as it applies to their freedoms).
After all a secure computer system is pretty much a prerequisite for high levels of privacy.
Re: (Score:3, Interesting)
That's not true. Libertarians believe that government should not interfere absent a market failure, or defined instances where the free market will not work properly. Libertarians would support the SEC, to some extent, to cure the problem of asymmetric information. The SEC regulation regime is basically founded on truthful and standardized disclosure of material facts.
Libertarians would regulate pollution because there are negative externalities. A business can spend $10,000 to install pollution control sys
Re: (Score:3, Insightful)
Libertarians would not regulate pollution, they'd make the business that polluted pay for the damage they cause. With freedom comes responsibility. You can do what you like, but if it affects others, you have to pay for it.
Then we'd have more superfund sites created by corporations that hid the pollution until they cashed out and dissolved, leaving the Libertarians holding the now-stinking empty bag. Maybe it would work if we abolished "corporations" and made the owners of the business personally responsib
Re: (Score:2)
do we really want our tax dollars buying ads for McAfee and Symantec?
Re: (Score:2)
"no true libertarian thinks that the government should purchase ads for McAfee and Symantec"
And no true computer professional thinks that educating people on why viruses/trojans/spyware/botnets are a danger to them is purchasing an ad for McAfee and Symantec.
There are plenty of ways that education could be spread that would be completely product agnostic while reminding people that that Vista machine they just picked up is a gaping sack of attackable holes.
As a lib I say it is far better that the govt do so
Anti-Virus Software (Score:3, Funny)
Why not just hand out ubuntu cd's?
Dept. of Veterans Affairs uses VistA (Score:2)
Why not just hand out ubuntu cd's?
For one thing, the veterans' hospitals keep medical records using the VA's Computerized Patient Record System that runs on Vista [wikipedia.org].
Re: (Score:2)
Why not just a Windows tax? (Score:5, Interesting)
If the government imposed a flat tax, Mac and Linux users would end up taking up a disproportionate amount of the burden for the risks that they pose.
Let's just tax Windows.
Take a third of the proceeds to subsidize antivirus software and awareness ads and use the rest to pay people to switch to a better OS.
It could work!
Re: (Score:2)
Re: (Score:2, Interesting)
You want to tax Americans to fund Microsoft's incompetence?
Re: (Score:2)
Shilling? (Score:2)
You Seem to Forget a Generation (Score:2)
If the graph is a straight line with the value $0 when nobody else installs anti-virus software, and $10 when everybody else installs anti-virus software, then each additional user installing anti-virus software creates an additional benefit to me of 1/100,000th of a penny (so 1/100,000th of a penny, times 100 million, comes out to $10).
I have four living grandparents non of which own or use a computer much less the internet. While you may claim that it benefits them in some way, they don't give a damn. I think you have a good argument but why not tax internet connections from ISPs instead? You know, like there are home owner taxes there could be internet users taxes that tax specific people. Sure, now you're paying $12.50 instead of $10.00 but at least my retired grandfather isn't paying for your Slashdot habit.
I'm certain there
Re: (Score:3, Interesting)
Sure, now you're paying $12.50 instead of $10.00 but at least my retired grandfather isn't paying for your Slashdot habit.
Say, that gives me an idea. Since as we all know (we being slashdot users) that those of us on Slashdot are the most informed of all internet-goers on the planet... Why not just mandate Slashdot readership for all internet users? Hell, maybe even subsidize subscriptions. If more people read Slashdot and knew the things WE know... Well, no problem can hide from one hundred million pairs of eyes.
Just have the media sensationalize it ... (Score:3, Interesting)
Re: (Score:2)
Correction:
Even though on hind sight it doesn't seem to be worse then the standard flu.
Wheh something that new and virulent comes up, you must put caution first. While it don't happen often, occasional something appears that's very deadly. You do not want to wait until 1000 people get it before beginning to prepare. The risk is too high.
Of course, there was some over reaction. Here in Oregon a child 'probably' has it and the closed the school district for 2 days and the school for a week.
I wonder how much o
Comment removed (Score:3, Insightful)
Re: (Score:2)
Windows is pretty damned secured at this point. Well, Vista and Windows 7 are. The problem is:
1) Most Windows install are running software that isn't, for example, Adobe Reader or Sun Java. The only virus I've gotten in the last ten years of using Windows was the Vundo virus, on my work computer, through Sun Java. Make sure you're holding the right company to task: I'm certain that at this point there are far more security holes in popular third-party applications from companies like Adobe than in Windows i
Re: (Score:2)
The only virus I've gotten in the last ten years of using Windows was the Vundo virus, on my work computer, through Sun Java. Make sure you're holding the right company to task: I'm certain that at this point there are far more security holes in popular third-party applications from companies like Adobe than in Windows itself.
Damn I hate that one. I want to clear it off, but I can't because the wife needs a windows machine to access her online courses. I don't dare risk clearing off Windows during finals
Re: (Score:2)
By not allowing people who sell computers to also sell or recommend an OS.
That would give an opportunity to the market.
Xbox (Score:2)
Microsoft can't solve PEBCAK without taking control over the computer completely out of the user's hands.
Are you willing to give them that level control?
We already did. It was called Xbox. All code must be digitally signed by Microsoft.
But seriously, it's possible to improve the granularity of operating system security without resorting to application whitelisting like that seen on video game consoles. The Bitfrost [laptop.org] model looks interesting.
Re: (Score:3, Informative)
Very true. I had a revelation recently through my (very non-techy) dad: People cannot (or do not) discriminate between browser popups and system popups.
He opened a page and it said something about him having to update something important (yes, guess what...), and to CLICK HERE to do just that. Now, my dad is neither a dancing pig fan nor someone who lets down his guard easily (if you think I'm paranoid, you haven't met him yet), but it was pure luck that I was in the room and could leap at him before he cou
Reporters minimise threat (Score:2)
The other day, I heard a discussion on BBC Radio 4 in which an expert basically suggested that the threat from viruses, worms, etc., was not so severe. He stated that it would be impossible to kill the Internet in the UK, because doing this would require cables to be cut.
It seems to me that he was ignoring many treats, such as corrupting the routes published by key routers and the fact that many threats don't involve a complete meltdown of the Internet. Lesser threats were mentioned earlier in the discussio
Re: (Score:2)
It is overblown.
Both it's severity, and it's 'damages'
F---- THAT! (Score:2)
I'm not spending my taxes on free advertising for McAffee.
Re: (Score:2)
Causation & Fines (Score:4, Interesting)
One problem with trying to penalize people who spread viruses (at least on a tort theory) is the problem of causation, since you have to be both the cause-in-fact and the proximate cause to be liable for a tort. Here's an example of what that means and why it could be difficult to blame any single person for the spreading a virus, except maybe for the person who unleashed it in the first place:
Say there's a worm like Conficker that is very prolific and is being spread by many different means over the open Internet and where there are many exposed hosts. Say that for whatever reason I get infected, but that I happen to have detailed logs of the network traffic I received that shows that one A. Dumas who lives in Blackacre owned the IP address that I got my infection from. Say that further, this isn't some fluffy case where Dumas can claim it wasn't his computer or that he wasn't using it, instead Dumas was indeed sloppy and got himself infected with Conficker negligently. The problem is that while Dumas is the direct cause of me getting Conficker, he is likely going to be able to claim that he was not necessarily a but-for cause, meaning if he didn't infect me, somebody else would have. To make matters worse, with a worm like Conficker it would be likely that the "somebody else" would infect me in a very short period of time, possibly only minutes or seconds, after Dumas did it.
So the end result could go two ways depending upon how a court would look at causation. Some courts might let Dumas off from liability since you really couldn't prove he was the but-for cause, but instead only one random cause amongst millions of possibilities. Other courts would say that yes, Dumas is the cause, but that the damages would be whatever the cost to me is of having Conficker... for 5 minutes or however long I would reasonably had an uninfected computer but for Dumas's infecting me. That would likely lower the damage amounts greatly, and make suing somebody else pretty unattractive.
Of course, Tort law isn't the only way to handle this. The government could always come out an slap fines on people and the only thing they need to prove is that you were spreading the virus. I'm pretty pro-security, but I frankly think that would be a very bad idea that would lead to losses in freedoms much greater than anything people on Slashdot would imagine. If you are paranoid that some international phone calls were being intercepted before, imagine what it would be like when it is necessary to monitor everybody's network traffic to prove who had a virus and when they had it. Further, imagine all the insane regulations that would follow. For those of you naively thinking that this would somehow lead to Windows being banned from the Internet, think again. Given how the government works it would likely lead to any OS except for Windows and OS X being banned from use entirely. The reason would be that only Apple & Microsoft could effectively afford to pay the massive "licensing fees" and hire armies of lawyers to cut through the red-tape needed to get government approval to connect to the Internet.... not a pretty scenario at all.
Yet another door for malware (Score:2)
If the government sponsored public service announcements advising antivirus protection, every attempt would be made by malware distributors to make their malware look even more like antivirus software than before and would likely be made to resemble norton/symantec or mcafee software products.
Interestingly enough, some people here are already preaching "abstinence" by suggesting people learn what not to do with their computers and where not to go on the internet.
There will always be amazingly stupid people
WTF? (Score:2)
Since when a computer without AV software is somehow 'insecure'?
Is author so thoroughly conditioned that he can't even imagine that it's perfectly possible to use Windows without getting viruses?
Negative Externality First (Score:3, Interesting)
I'm all for educating users about the harm they are causing by using insecure operating systems and engaging in dangerous behavior.
However:
subsidizing the purchase of anti-virus software
Don't dip your damned hand into my pocket and hand money to McAfee before we first educate these people. Then start holding them accountable for the damage they cause. Then, and only then, as a last resort if nothing else works, can we talk about holding their hands because there is no other way out.
I support methadone clinics, but first I support putting junkies who steal in jail. Same thing here. People are wantonly engaged in destructive behavior and you propose that we first harvest the positive externality, before addressing the negative externality of their destructive behavior. I am a strong believer in externalities and the balancing thereof. But let's start with the negative side, with holding the junkies accountable for their behavior.
Re: (Score:2)
Also, it's the woman's fault she got raped, she wore a short dress!
Stop blaming the victim.
I went to the extreme to make a point.
However, yes you are correct, don't subsidize the purchase of anti-virus.
Education about how to behave would be good as well as education on the Virus Risk between Windows, Apple and Linux would be nice as well.
!= Libertarianism (Score:2)
By making anti-virus software a matter of public policy, the government will be encouraging people to use Windows ahead of alternatives, whose achilles heels are not being masked by government action. PSAs about the efficacy of free anti-virus programs is also going to further the illusion that Windo
Anti-virus, anti-malware, anti-... (Score:5, Insightful)
OK, here's a comparison to chew on:
You are getting overweight, feeling wheezy, have bad breath and sometimes feel like your heart is beating irregularly. Feeling uncomfortable with these facts and symptoms you consult a doctor. After a short conversation you tell the doctor that you eat out at McDonalds every day.
Now the roads diverge:
scenario A)
The doctor tells you that you should take a diet pill every day, should use mint drops to cover your bad breath, should come back once per month to have your heart checked and get someone to assist you when you feel wheezy.
scenario B)
The doctor tells you that eating at McDonalds every day does tend to do these things to people. A burger every now and then does not do harm but if you only eat burgers you tend to develop these problems. He tells you about alternatives to McDonalds where more healthy food is served, advises you to cook a meal for yourself once per week, to get some exercise and to quit frequenting McDonalds.
Which doctor would you rather have?
And if your answer is 'A', then would you want the government to sponsor diet pills and mint drops as well?
If there is a cure for the disease then why only treat the symptoms?
Re: (Score:3, Insightful)
OK, how about this then:
Your neighbourhood is being plagued by gangsters. They demand 'protection money' from business owners, otherwise bad things will happen to their livelihood. Cars go up in smoke, windows break, inventory gets damaged, stuff gets stolen. There are two politicians who claim to have a good solution:
Politician A proposes to set up a fund to pay off the gangsters. They will stop destroying stuff, society as a whole progresses, everyone is happy.
Politician B proposes to hunt down the gangst
National Security Threat (Score:2, Interesting)
Although I'm no fan of AV s/w - I completely agree. At what point does a T-1 connected grandma become an officially recognized threat to national security? The U.S. at least, seems about one attack shy (using history as a guide) of such a designation...
Government purchase options (Score:2)
If the governments would refuse to buy insecure software then the software makers would have a big reason to make their systems secure.
The government needs to lead not push the people.
The government requirements would create a secure purchase option which people could select.
profiteering (Score:5, Interesting)
One big problem with this proposal is profiteering. Any time government offers to inject some money into the private sector, powerful commercial interests will line up to feed at the public trough. We saw it in the Iraq war, with Halliburton. We're seeing it with banks that are gaming the federal bailout system, maneuvering so that they can be subsidized without accountability. And it's always the most politically well connected private interests that are able to play this game successfully, e.g., it sure didn't hurt that Halliburton was in bed with Dick Cheney. So if this proposal were enacted, I predict that Symantec, for instance, would make out like bandits, while zero money would flow to ClamAV
Another problem is that this kind of thing takes on its own momentum, and tends to continue indefinitely long after its justification is gone. We've seen this with farm subsidies, which were meant as an emergency measure to try to help family farms survive the Great Depression. Now it's just a subsidy to agribusiness. As far as antivirus software, IMO it's already long outlived its usefulness; it's become a kind of snake oil, a kind of difficult-to-remove malware in and of itself, used by people would would rather pay $40 for a bandaid rather than taking proper security precautions.
And yet another problem is that this kind of thing subsidizes dumb behavior. In the case of antivirus software, it subsidizes MS's poor design of its operating system, which makes it more vulnerable to viruses than MacOS or Linux. It also subsidizes dumb behavior by users who click on executable email attachments from strangers.
As far as the economic justification, I don't buy it for a second. Since I don't run Windows, I don't suffer a lot of direct negative economic effects from viruses. The effects I do suffer are small and indirect. Mostly I get a negative effect because I get spam from botnets. However, I don't believe for one second that increasing adoption of antivirus software by some percentage will have any significant effect on the amount of spam I get from botnets.
What an idiot (Score:2)
First off, pretty much every average users PC has cmoe with AV software for years. IT ahsn't helped.
Guess what? it will never help. Even the bast AV software is weak sauce.
No, people need a hardware solution built into there net card. One the checks for unwanted behavior..perferable with jumper setting. Yeah, you read that right, jumper settings. Make them have to do something besides clicks a few lying links or buttons to turn off the physical security.
That's how to lock down bots.
You can also have it do
would you trust them? (Score:2)
Where in the hell is this a function of government (Score:2)
I am so tired of people doing whatever they can to justify the newest benefit to themselves or others they feel need help.
Two issues.
IT IS NOT YOUR MONEY.
Where in the hell is it in the Constitution that this is a function of government.
That is the problem with people today. Anyone can find a justification for their piece of someone else's pie. Get it ? Your demanding that other people's money be spent on a problem you perceive.
And people wonder how we end up with trillion dollar deficits. Not only is t
Re: (Score:2)
That's a great idea. Similar to that, the govt should also:
The danger is, some nanny-staters will agree with some of the "ideas" above.
Gah... (Score:2)
MS was found guilty of abusing their monopoly in the OS market because they 'integrated' IE the system.
Yet for years we have had to deal with the consequence of that because of any value was done because of it.
Telling people that they need to go spend more money on software seems to really be missing the point.
Yawn (Score:2)
Alternative Protection? (Score:2)
Oookkkaaayyy... where can I get software that can protect me from an overbearing and overreaching government?
(I love this nation, but will never, ever, put my faith and/or trust in any government.)
More proof he is an idiot (Score:2)
"These are not 'free trials' for something you have to pay for later. They are FREE. If you're not using anything at all, at least go get one of these." Along a list of the non-free programs for people who want even more protection, and links to third-party reviews of those. "
Really? why would you assume non-free means more protection? I mean, the way you put it the 'FREE' AV tools would just be ads and extremely limited to make people pay for the 'government approved' upgrade.
Re: (Score:2)
antivirus software == crap (Score:5, Insightful)
So far you could say the same things for anti-spyware software. But wait, there's more. Unique to antivirus software is the virus-like quality of the software itself. Have you ever tried to uninstall one of these things? Working at a university PC support center I used to see this a LOT. You're never going to get every last bit of the antivirus software off a computer. And then what happens when you want to install a new antivirus? Or when a user wants to be 'extra safe' and installs two antivirus programs simultaneously?
I say no thanks to that. Get a router with a firewall and sit behind it. Make sure everyone on your network is smart about suspicious links, scripts, email, IMs, etc. Common sense is free and works much better than anti-* software. When all else fails, reformat & reinstall.
Lets smoke (Score:3, Insightful)
Someone lost the clue where the problem is, and what are the best steps to solve it. Is like asking government to just give aspirines to stop the swine flu.
NSA already distributes Linux improvements (Score:3, Interesting)
Re:This is ridiculous (Score:5, Insightful)
It's worse -it's a disguised bail-out of Microsoft and anti-virus vendors.
It would help keep the idea alive that it's okay to sell virus-prone software. Why not use the same money to push for more development and higher adoption of linux or bsd?
Or create 2 internets - one for windows users, and one for people with a clue.
Re:This is ridiculous (Score:4, Insightful)
Or create 2 internets - one for windows users, and one for people with a clue.
That second internet isn't going to be very big.
Re: (Score:2)
That second internet isn't going to be very big.
Good. It will be be a return to the days before the Eternal September, and before Usenet was nothing but spam and viruses.
Re: (Score:2)
No thanks for an Internet License (Score:5, Interesting)
And thank you for proving exactly why I wouldn't support such an initiative.
It would give the government the go-ahead to truly regulate the internet for our own good. It would be for the children, against the terrorists, and ... progressive.
You would be giving the government the authority to limit your speech in the guise of protection. Very likely worthless protection with a whole helping of surveillance and record keeping.
Then, when you step out of line, your license is not renewed. Or, more likely, since you run Linux, a dangerously mutable untrustworthy operating system, you wouldn't be granted a license at all.
No thanks, I don't need or want a license to exercise my rights.
Re: (Score:2)
Without a license a Windows computer is pretty dangerous to society.
FTFY
Dancing bunnies (Score:2)
Users do not install viruses. Viruses install themselves trough gaping security holes / backdoors.
During the Trojan War, the people of Troy were said to have installed dancing horses [wikipedia.org], which came pre-infected with the special forces of Greece. Nowadays, users install dancing bunnies [codinghorror.com], which come pre-infected with viruses and worms and other sorts of malware.
Re: (Score:2)
AVG is pretty good. Small foot print and it doesn't spread crap all over your computer.
I have read F-Secure is also pretty good.
Re:Can't Pay Me (Score:5, Insightful)
The entire article is predicated on the idea that anti-virus software is effective at stopping malware.
But today, that simply isn't true. With the proliferation of web exploits and constantly-updated payloads, the traditional signature-based methods of detecting malware are almost totally useless. OK, they still pick up the odd old-school mail worm or whatever, but no-one's going to get infected by those these days; it's all about the web exploits.
(Even against the pen-drive infectors, which should be slower to mutate and easier to track, they're doing pathetically badly at the moment.)
Heuristics-based detections can pick up a few more trojans, but at the expense of user-befuddling and potentially dangerous false positives. Behaviour blocking is the only approach likely to be effective, but today's implementations are shonky and unreliable. This sort of stuff - full per-program-permissions - really needs to be provided at an OS level, not as a wobbly vendor layer on top.
Encouraging people to spend money on ineffective, performance-butchering anti-virus software is what we're doing too much of already, not something we need to be asking the Government to do more of. All it does is give users a false sense of security.
Re: (Score:3, Interesting)
That's the classic hallmark sign of a wrong solution. To the problem of Windows insecurity, that is. It's sort of like a scientist who keeps getting surprised at each new discovery and never thinks that maybe there's something wrong with his theory when it has zero
Re: (Score:2)
It is why I asked instead of flamed :)
Re: (Score:2)
Hawk: [merriam-webster.com]
hawk
Function: transitive verb
Etymology: back-formation from hawker
Date: 1713
: to offer for sale by calling out in the street ; broadly : sell
It would penalize free software (Score:2)
Let's say we have every single consumer operating system pass rigourous security tests before it is sold to the public.
How would Ubuntu, Fedora, Mandriva, or FreeBSD pass such a test?