The authors also cite critcs of the antivirus industry who allege the antivirus vendors "are making so much money from old-style detection systems, designed to screen for known viruses, that a transition to more intuitive technologies has been sluggish."
Steve Garfink, analyst and former CEO of InDefense, disagrees, "The failure of the vendors to solve this problem is not because they are in a conspiracy to fleece consumers by selling inadequate products - it sure looks that way sometimes, but that's not how competitive markets work." Garfink explains, "The reason they fail is because new capabilities introduced into software, the Internet, etc., appear far more rapidly than the ability of security vendors to keep up with the vulnerabilities they create (not intentionally, but as a side effect of their improved capability)."
Garfink believes this is a short-term problem and feels technology will eventually reach a point whereby the user is protected "without much if any action required on the end-user's part." However, even in instances where technology does exist and relies on only a minimum of input from the user, problems can - and do - still occur.
Indeed, one has only to look at the problems some users have in dealing with simple permission-based firewalls, such as the widely popular ZoneAlarm, which monitor applications' attempts to access the Internet. When a new application first attempts access, the user is presented with a simple alert asking them to allow or deny the access. The whole point of requesting permission is to block access by miscreant code. All too often, the user runs in promiscuous mode, saying ‘Yes to All’ and even choosing 'Remember this setting'. The result? Permanent access for every bit of malware that tries to phone home or send malicious bits from their system.
Further, one has only to look at the prevalency lists to understand that viruses continue circulating for months, even years, after protection became available. Why? Because some users aren’t using or aren't updating their antivirus protection, they aren't applying patches, using firewalls, or employing basic security measures.
The result is greatly increased numbers of infection and infections that go undetected for long periods of time. Some ISPs have begun putting sanctions on customers due to the risks and problems presented by some. The USA Today article notes that Charter Communications began restricting customers' ability to send POP3 email via port 25. Instead of holding the offending customers responsible, these ISPs are instead holding all their customers liable.
In short, not only are some users putting us at greater risk, these same users are forcing us towards a scaled-down, tightly controlled, and highly regulated Internet.
This is not to say there is no room for improvement in the tech industry, or that better technologies don't lie ahead. But no industry can overcome user error, short of pulling the plug altogether. Indeed, in the example provided on page one of this article, it was the cable company, Comcast, and not the user, Betty Carty, who put a stop to the steady stream of spam being sent from her machine. They barred her account until she cleaned up her system.
Three part series: Who's to blame | Steps to better security | The tech wedge
