Network News

X My Profile
View More Activity

A Billion-Dollar Boondoggle?

Just spent a few minutes leafing through the latest edition of Consumer Reports, which this month features advice on helping people stay safe online. The magazine references a study saying that over the past two years, at-home computer users invested more than $2.6 billion in software to protect their computers.

Nothing shocking there, right? One need only look at the annual earnings of companies like Symantec to know that it's not a bad time to be in the computer security business.

What really made me catch my breath was the revelation that consumers also spent about $9 billion for computer repairs and parts due to damage inflicted by viruses and spyware. I wonder if this estimate takes into account the  money people spent on simply buying new computers when the old one gets so infested with junk that it becomes unusable. Given that computer repair technicians charge around $100 an hour, in many cases total replacement may be the more reasonable course.

Now, sure, maybe a portion of that multibillion dollar repair bill should go to a certain company in Redmond. And maybe the security software companies themselves are partly to blame for selling us programs that don't work all the time. For example, the dirty little secret of the antivirus industry has always been that because the software generally relies on "signatures" or snippets of known viruses in order to detect them, each time there's a big new virus outbreak about 10 percent of the industry's customers invariably serve as the guinea pigs for the rest of them. This shortcoming is especially dangerous given the increase in targeted attacks against corporations here and abroad.

Fundamental flaws aside, the sad truth is that while computer security software can be intimidating for some people, many folks do not take the time to learn how to properly configure it. My guess is that in a great many cases, people are driven to purchase security software after a virus, worm or spyware package has already taken up residence on their machines. Whether most of the software out there is up to dealing with today's nastier threats is fodder for another debate, but in the end, no piece of software is going to protect users from the biggest threat to computer security -- themselves.

For the record, I am a relatively frequent buyer of software. Not counting games, I probably spent at least $300 last year on maybe a dozen or so software programs, but I think only a couple of them were security-related.

By Brian Krebs  |  August 15, 2005; 6:30 PM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Worm Exploiting Microsoft Hole
Next: Reason #4,643 To Just Say 'No' to Spam


Internet at home has become a nightmare. In the last 12 months, I have spent countless hours (100+) and at least $250 searching out viruses and spyware; erasing hard drives and reloading software due to killer viruses; buying new anti-virus and spyware software; installed new hard drive for killer viruses that got into the boot portion of the hard drive. Arrrrgh!!! I am shifting to an Apple for our home online computer and giving the PC to my kids for offline homework. No more Bill Gates for surfing the net.

Posted by: DonE | August 15, 2005 5:37 PM | Report abuse

So why keep people feeding Redmond with their
$$$s ??? I switched to Linux 2 years ago and never
looked back.

Posted by: Enthusiast | August 15, 2005 5:38 PM | Report abuse

I agree just bought a mac and threw the PC into the trash, don't want to have anything else to do with Microsoft crap software,I don't need the headaches.

Posted by: Fedayeen | August 15, 2005 6:41 PM | Report abuse

Now, Microsoft's shoddy programming may have something to do with the cost of doing business, by no means is Linux and Apple perfect in their coding as well. The main reason that Microsoft is the main target for "crackers" is that about 90% of the home pc market is running Windows. If Linux or Darwin were the dominant OS in the market, you don't think the crackers would target those systems as well. No matter the operating system, the box has to be properly secured before going on the openness of the internet (although it may take more work on a Windows machine).

Posted by: Geek | August 15, 2005 7:09 PM | Report abuse

A few simple steps that will go a long way to keeping your PC squeaky clean. In order of importance.

1) Even if you only have one computer hooked up to the internet, buy a router. They're $50 and are both a hardware and software firewall.

2) Spend the $35 /year on anti virus software for your email. McAffe and Norton are pretty much the same you don't need the endless supply of other junk they want to sell you.

3) Use Firefox not IE

4) Unless you need all the bells and whistles (calendar, journal, tasks, etc from Office-Outlook) use Mozilla Thunderbird as your email client and set it to download all email as text. If you miss an included photo just ask you friends to send them as attachments.

5) Use you head don't open unknown attachments, don't install unknown software of the web no matter how innocuous it sounds.

5) Lastly install Ad-Aware from lavasoft and run a system scan after you've been on any of "those sites".

If you're not willing to do this buy a Mac. Given their business track record (see recent patent on ipod software) I doubt they'll ever amount to more than 7% of the market.

Posted by: Norm | August 15, 2005 8:28 PM | Report abuse

After you've finished cleaning up the mess and securing the PC, remember this principle:
Never share a computer with anyone. P.C. stands for personal computer. This is particularly important for families, i.e. do not prepare your taxes on the same machine the kids use to play their games.

Given that much of the crap sneaks in during web surfing, install "block lists" of known, dangerous sites to restrict their ability to harm you OR prevent connecting to them at all. Like antivirus software, you should regularly update both methods.

Method A: Add sites to the Restricted Zone of Internet Explorer.

Method B: Use a modified HOSTS file to block all contact with specific sites. As a bonus, this method blocks most ads.

Method C: Use both Methods A and C.

Posted by: Ken | August 15, 2005 9:13 PM | Report abuse

Get a Mac and stop worrying. It really is very simple.

Posted by: Phil | August 15, 2005 9:56 PM | Report abuse

What I see as the key to Internet security is just having a basic education and understanding of how your comptuer works, and what to be careful of online. I don't think there is a security problem at all, other than the fact that people are uninformed or careless.

My computer is always connected to the Internet via cable broadband or a university network. I haven't gotten a virus in 5 years, except a little tiny one when I went to a site which would have surprised me if it _didn't_ have a virus. Of course for that one, I expected it and killed it right away with Norton Antivirus. Otherwise, I am virus/worm/trojan free.

I don't do anything special. I surf the Internet on average 13 hours a day (I'm not exagerating), use email all the time, download stuff out the wazoo, etc. I know enough to handle a virus if I meet one, but I don't meet any, despite the huge news releases on dangerous viruses ravaging the world.

I just don't click on pop-up ads, I don't bother reading spam, and I tend not to go to websites that spell their names really funkily (like gamez or fr33). I find no problem with the vast majority of the Internet. I went without a firewall and without Antivirus for several months recently, with no problems whatsoever. In fact, I don't have a firewall right now, because all they do is slow down my computer and mess up our home network.

I don't see what the big deal is. Why can't people just be a little sensible? If you are going to use the Internet, and you fear getting your computer trashed, learn a tiny bit about it, and you'll never have a problem! Maybe I should blog about this...

Posted by: Rob Parks | August 15, 2005 10:15 PM | Report abuse

Everyone is on the wrong path, $2.6 billion is a LOT of money, do you think ANYONE is interested in really fixing the underlying issues? Anyone with enough resources to actually do it, that is.
MS usually only gets your cash once when you buy your PC, Symantic, McAfee & Co. get it every month/year, year after year after year. If they actually wrote something that stopped virii dead, they'd be killing the goose that lays the big gold egg.

Posted by: Sean | August 15, 2005 10:29 PM | Report abuse

The problem with most of this is that we as competent computer users like to assume that users will learn or that they want to. The real truth of the matter is that users want to jump on the web and surf, get e-mail, open attachments, and play java pop-up window games, and install all the "helpful" search bars that screw everything up so that they don't have to slide the mouse another 3 inches to click on search. It's like a kid in a candy store for the first time. We assume far to much uncommon technical sense and self restraint. After being in the field almost 20 years, users no longer surprise me, they are actually very predictable (unfortunately). They want simple, compatible, and all the complex functions simplified down to a point and click function (weather it's a good idea to do so or not), and they want that without having to read the manual. For the most part they want to know as much about their PC as a rich girl wants to know about changing the oil in her car. Due to that this problem won't go away it's self propagating. Buying a Mac, switching to Linux... all that is good for us who don't care if we're compatible, or if we have money to burn on software that costs twice as much due to being only a small fraction of the market. Again that's not normal though and requires someone to support it that knows more then point click and drag. We're as much disconnected from the reality there as they are. Personally I'm not sure how to fix it till users that have computers are forced to become competent with their equipment. All I can say there is good luck we all know how well forced learning works. Till then just look at the dead PCs as ones we don't have to worry about infecting other PCs... PC Darwin awards. :)

Posted by: buzzkill | August 16, 2005 2:24 PM | Report abuse

Some people have said it already, but I'll say it again. Instead of spending $300 patching Windows, spend $500 and get a Mac Mini.

I have to use a PC occasionally at work and I'm always amused at the litany of things that have to be installed to make things "safe." Right now, my ThinkPad is running four commercial programs to protect me from the evil Internet:

PointSec (Hard Drive Encryption)
Checkpoint Client (IP VPN)
CyberArmor Personal Firewall
Symantec Antivirus

FOUR NON-MS PROGRAMS just to attach the machine safely to the Internet. That's not stupid?

The issue is not that virus writers aren't writing for OS X and Linux, it's just that a properly maintained OS X or Linux system are generally more oriented toward security. A Redhat linux box probes your service needs during installation and creates pinhole, as well as warns you when you choose something insecure (like installing a telnet server, rather than an ssh one--I don't even see an ssh client in Windows, but I do see a nice and dandy telnet client and server buried in there). OS X ships with its IP ports closed by default... you have to actively make yourself open to attack. Turn on the firewall and good luck. Compare that with all the RPC exploits we've seen over the years.

If you want an example of how Microsoft leaves you vunerable, just look at ActiveX. And now it's so entrenched as a technology that it's nearly impossible to destroy the security risk and still participate on the open Internet. Thank God for the security vendors who protect Windows machines, but it doesn't stop me from laughing when I think that I could put all those Earthlink employees responsible for anti-spam, anti-phishing, anti-virus and anti-malware into unemployement by making a simple platform change.

Posted by: Timothy | August 16, 2005 6:39 PM | Report abuse

One thing should be noted here... yet again. Mac's don't have viruses yet because virus writers don't consider 8% of the market worthy of their effort. Now if users keep buying Mac (which I think they're great systems and have one myself) they will eventually hit a higher percentage... and thus become worthy targets of the same things PC users have been subject to for years.

Take just a second and think about it from a medical prospective. PCs have had viruses for years, they have a pretty valid immune system to and users that are used to having to deal with that. That's not to say that they don't still get viruses, just like healthy people with a good immune system still can get sick. The Mac systems (as much as I do like them) have had little to no need for any kind of immune system yet. Their users haven't had to be on their toes and keep up with updates either. When they do reach a point that they become the target of hackers / virus writers it's going to be a mess. Those skills and software are not something that a user base develops over night either, and the skills of the bad guys in this area are already nearly perfected on the PC market. So getting a Mac is NOT the beat all end all fix... it's just simply a small neutral section of the market for the time due to their small numbers.

After all if you're a hacker why take over 8% of the computer web when you can write a bug for 90%+ of it. It's all about the numbers. ;)

Posted by: buzzkill | August 17, 2005 3:00 PM | Report abuse

I have a different angle on the Mac thing. I realize that it's only 8% of the market, but wouldn't you get mad props from the hacker community if you were the guy who finally made one that cracked OS X? Half of these viruses (or, at least the original exploits) are about prestige, not commercial gain. That, like in the Internet industry, comes later. ;)

But I'm sorry... immune system? If anything, my Windows PC is constantly taking a drug cocktail to stay alive and, like most incurable and experimental diseases, we don't have insurance to cover it. I think people would rather be naive than computer patching experts.


Posted by: Timothy | August 17, 2005 4:36 PM | Report abuse

I'll second that there is no such thing as an immune system. :) I only meant that Windows has more experience with dealing with a problem that's been on going much longer then with most other OS. That's all that that was meant by that.

There's already a version of OSX for the Intel chip unofficially released from what I've read... so that's been done already. I know what you mean by the props, but there's not much props to be gained from making something that the rest of your peers wouldn't find useful (again remember the 8% isn't enough to be worried about). ;) It's also not going to be any different for viruses then the original OSX due to it being incompatible with normal windows based software... it's still a Mac after all only running on a different hardware base.

Anyway just more food for thought.

Posted by: Buzzkill | August 18, 2005 11:57 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company