Helping people with computers... one answer at a time.
Botnets seem to be everywhere, and have become the single greatest source of spam and other malware transmission. Is it hopeless? Not at all.
The "Money Section" in USA Today recently had a cover story about the exploding negative influence (attacks, whatever) of Botnet scams and related evil-doings. The thrust in part seems to be that our current malware and virus protections may be woefully inadequate. Do you have an opinion about this expanding threat that you'd like to share with your faithful readers? How might we give ourselves greater protection from what is clearly an insidious attack by those who wish to use the Internet for their own gains - illicit in the extreme?
The article in question, "Botnet scams are exploding" gives a fairly broad overview of how botnets operate, and the massive amounts of illicit activities that occur because of them.
My opinion? Simple:
Computer users don't take security seriously enough.
Please understand that I'm not trying to blame computer users. Far from it, botnet operators and the people that profit from them are the real culprits here.
But the fact of the matter is that computer users are, in general, too unaware, too lax, and too unwilling to be educated about or inconvenienced by security measures.
I totally understand that in an ideal world, they shouldn't have to be. But the fact is this is not an ideal world. The pragmatic reality is that users must become more security conscious.
... that the number of machines that are unprotected by any kind of firewall is surprisingly large.
... that the number of machines unprotected by any kind of anti-virus and anti-spyware software would also surprise you.
... that the number of people who have anti-virus and anti-virus software installed whose databases have never been updated would shock you.
... that the number of machines that have not once taken any update to Windows or Windows components is huge.
... that the number of people who'll click on links or open attachments from unknown sources is also depressingly large.
All those factors, together, make for what can only be described as a "target rich environment" for malware and botnet operators out there. It's really no wonder that the problem is as bad as it is.
I also believe that the people who need to know about all this are the folks least likely to be reading this article. They have no interest in learning about this stuff - which, as I said, I totally understand. They just want to get their job done; they just want to use, not maintain, their computer.
But there's simply no substitute for knowing enough to keep your computer safe. In my opinion, it's an absolute requirement to using a computer these days. It's "part of the job".
I look at it like owning an automobile. I would love to have a car that never, ever needed maintenance, would never be broken into, and would always work flawlessly. That car doesn't exist. You must maintain your car, or it will break down. You must lock your car when you visit an unknown neighborhood, or you run the risk of vandalism or theft. Sometimes things on your car break, and you have to get them fixed.
The same is true with your computer. You must take steps to keep it safe.
And too many people do not.
As a result, we have massive botnets, tons of spam, and constant virus and spyware attacks.
So what, pragmatically, can be done?
I know a lot of people lay the blame on Microsoft for writing sloppy software. I do and I don't. They're a big and easy target, both for nay-sayers and for malware authors, but to point the finger at only Microsoft is both naive and unrealistic. Could they do better? Should they do better? Of course. But expecting perfection, from any software, expecting Microsoft to "just fix it" ... well, that's not a very realistic solution to the problem we're facing today.
In my opinion the real, pragmatic response is to keep educating computer users on what it means to operate their computers securely. As computer users we are the first line of defense. We're also the ones that ultimately pay the price when things go wrong, so it's in our own best interest to make sure we're being as secure and safe as we possibly can be.
If everyone followed all of the commonly accepted practices for computer security:
get behind a firewall
run anti-virus software and keep it up to date
run anti-spyware software and keep it up to date
keep their computer software, particularly their operating system, as up to date as possible
take responsibility for their own actions and get educated, learning to recognize what is and is not "safe"
botnets and other threats would not disappear. But they would be dealt a serious blow, and the problem would not be nearly as massive as it appears to be today.
And even though it seems daunting, it doesn't have to be. Most everything in that list is one-time, and/or automatic. And I can tell you with certainty that it works.
The hardest part? Getting folks to accept the need for a little education.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.