“Nice PC… shame if anything were to happen to it.”

Posted on by

Nice analogy on a Guardian Technology page in an article by Andrew Brown last Thursday. The topic was anti-virus firms holding the public to ransom with Mafia style tactics.

The warnings that bubble up almost daily from your system tray could all be reduced to one marketing message: “Nice computer you’ve got here. It would be a shame if anything were to happen to it”

However, I don’t completely agree. It’s not as if the big three firms to which he refers are threatening to spread malware if you don’t instal them. Anti-virus firms may rely for sales on the fact that the Internet is seething with malware. It’s certainly true that it’s in their interest to talk up threats and keep everyone in a state of fear. All the same, they don’t distribute malware and I don’t believe they can get much advantage from nagging us into constantly updating.

Andrew Brown is basically saying that av software isn’t necessary because you can keep out intruders with a firewall. I’m not convinced that just having a firewall is always the answer.

He’s saying “Don’t use Internet Explorer” or “Outlook Express,” only use free or legit software, don’t go to shady sites. It’s all good advice but it’s not infallible.

Above all, he’s an industry professional, obviously well-regarded enough to be a Guardian columnist. He knows what he’s doing. I don’t suppose any kids or less-expert friends and relatives ever use his computer. Most (non-Albanian) people have less idea of what’s going on in their PCs than they have of Albanian grammar. Andrew Brown might be able to tell whether an obscure system process needs to connect to location xx.xx.xx.xx but the rest of us don’t. And we certainly couldn’t tell if a worm had spoofed a legitimate process. (I suspect he might have trouble doing that.) We don’t know if registry entries are genuine, given the zillions of redundant just-in-case entries that come with Windows. Most of us don’t even know how to open the Windows registry and would finish off our PCs permenently if we tried to edit it.

Even with Linux, in its new user friendly versions, even an expert user has to take most of its actions on trust. And Firefox is no longer hole-free is it? (In fact, unlike IE, Firefox will handily store your passwords in a human readable format.) Are malware distributors never going to abuse people’s trust by adding code to open-source freeware? Almost any piece of software has weaknesses and the world seems full of evil geniuses who can find them a lot faster than they can be detected.

I prefer to have a stab at eliminating malware myself and at detecting it by looking at the packets my PC sends, just as a half-interesting challenge and because I hate to feel powerless in relation to using my PC. I’m not much better at it than the average toddler is at ballet dancing. When malware defeats me, I’m more than glad there are products that can do better than I can at stopping it.

Good article, very nice metaphor. Can’t agree 100% though.

Tags: , , , .