I hear what you are saying and I'm sympathetic. I don't know what the answer is, but I'm afraid things are going to get worse before /if they are to get better. People should not have to be IT professionals to get their email or surf the web safely.
I agree.
Unfortunately, there are two factors conspiring to keep the Internet unsafe. The first is the incredible amount of money that can be made by writing viruses; it's one of the leading moneymakers for organized crime, especially in Eastern Europe, where it has largely replaced the old-school organized crime activities like extortion rackets and prostitution.
The second is that ISPs permit it to happen. ISPs can identify virus-infected computers, botnets, spam sources, and so on, but they deliberately choose not to do anything about it. They feel that doing things like disconnecting virus-infected computers would cost too much money; they would need to pay full-time staffers to police these issues (most ISPs, even large ones, have one or two part-timers manning their abuse desks), and then they would have to pay for all the support calls from angry customers saying "My Internet access doesn't work. How come I can't see the Internet?" From the perspective of the ISP, they would be paying people money in order to decrease their revenue and increase their expenses.
Unfortunately, that seems to be where things are headed. I wish I had the details, but I saw an article the other day that referred to some security researcher who has been tracking the activities of a "bot net" and the incredible degree of control that the bot controller appeared to have. It was estimated that this bot net numbered at least 2 million computers and could be more than 50 million. The controller seemed to be testing his network and was demonstrating the ability to "turn on or off" any number of computers that he/she wished at will.
You're tlking about W32/Storm, the most widespread virus in existence.
W32/Storm, which is believed to be written by virus writers in Russia, is very, very good at spreading for several reasons. The virus writers keep changing it, sometimes several times a day, so that antivirus software is always out of date. The virus writers are very clever at finding ways to trick people into infecting themselves--at first, infected emails claimed to be electronic greeting cards, then they claimed to be a program that can keep the RIAA from telling that you are using peer-to-peer file sharing software, then they claimed to be NFL game tracking software, now the infection is claiming to be a program that allows the victim to play 1,000 vintage arcade games for free. They change the "hook" they use to trick people about once a week or so.
And ISPs know about W32/Storm infections but take no action. I have personally sent lists of dozens of infected computers to Road Runner and Comcast security, ad three weeks later the infected computers are still connected, still infected, and still spreading the virus. The ISPs could stop it, but they just plain don't care.
Again, I don't know exactly what to say. I have several family members for which I am their only real tech support. One of them is running windows... I have already done more than one format and reinstall due to spyware infestations. He is running antivirus, antispyware, he is behind a NAT router and has automatic updates turned on. You can only practice so much security.
Antivirus is worthless against Storm. The virus writers change it too often. On top of that, infected computers randomly rearrange parts of the virus code every 30 minutes, which confuses antivirus programs and makes the antivirus signatures worthless. Essentially, antivirus software any more is scarcely worth the cardboard box it comes in.
Proper user behavior is really the only effective solution.
I disagree. It is not reasonable to expect Mom and Pop America to become computer security experts. Nor is it reasonable to expect that computer users can never be tricked. What
is reasonable, but so far has not been successful, is to expect ISPs to step up to the plate and take responsibility.
The traffic that is used to control virus-ifected computers, and the traffic generated by worms and vulnerability scanning software, is very, very easy to spot. A virus infected computer communicates with the virus writer, and that communication is pretty obvious. If you have 1,600 computers on your network that are all sending identical packets of information to a computer in Russia every 30 minutes, it does not take a rocket scientist to figure out what's going on!
The ISPs could shut these botnets down cold, if they wanted to. But doing so would mean spending money, and many ISPs, especially small and medium sized outfits, are losing money as it is.
So they do not take responsibility for the problem, they do not take action when they are informed of a problem, and the problem continues.
