Story 1 – after the TJ Maxx data breach, I have told everyone I know not to use a credit card in their store – pay cash. Last week, my wife was out with her parents at one of their stores. Right as they go into line, my mom in law proclaimed, “Oh, we can’t use CC here. Only cash!” So they tallied the cost of everything and made sure they had enough cash to pay for everything.

Story 2 – my next door neighbors put a computer out next to the side of the house. We know each other and say Hi, but we didn’t really hang out at the time. I secretly took the computer knowing the hard drive was probably in it. Took all the data off it and put it onto a DVD (LOTS of stuff on the drive). I then put the computer back, knocked on the door and handed them the hard drive and the DVD. They were shocked! The daughter was REALLY happy to get her stuff back as she thought she lost it all with the computer crashing. A couple of months later she brought over her laptop and had me fix everything. They now know never to leave a computer out like that

Story 3 – actually, this one is on my blog – “Not All AntiVirus Programs Are Created Equal” so I won’t type it all here.

Overall, anyone that has me fix their computer, in the past I would give them a list of general guidelines of what to do and what not to do. My blog kind of derived from this as well. A reference point these kind of people can go to after having their computer problems fixed by me.

Again, all I want them to realize is – be aware of what they are doing. If they don’t know, ask me and I will help to change their habits and way of thinking about computers and information security.

Your last paragraph sums up my similar thoughts and feeling about the state of personal use of computers and the Internet. I agree that the situation is not hopeless. It is a matter of changing thoughts and habits. Although not easy, it can be done and with more people like you out there, slowly we all become better at recognizing the threats out there.

I am looking forward to more of your posts!

The answers to such questions would almost certainly include OS vendors, application vendors, system configurators (e.g., HP, Dell), and end-users (naive and misguided as they sometimes may be). One possibility would be to simply outsource this mess, down at the individual level. Many large organizations already outsource their IT and/or security operations to companies like CSC, Perot systems, HP, BT (Counterpane), etc. In theory, a company (like Symantec) could offer such a service to end users. The problem is that it would almost certainly be uneconomic (i.e., too expensive for most users). What user, having spent $750 – $1000 for a PC system would want to spend a hundred dollars or more (per year, my estimate)to some third-party to have it monitored? And what’s the liability model? If a system is damaged, how much risk is the outsource company exposed to? $500? $5000? It’s a complex problem.

I wish I had a better answer, because ultimately, users have the most skin in the game. They are using complex, *configurable* systems that can, under some circumstances, be turned against them and others, perhaps through no fault of their own.

Eventually more robust systems will be developed, just like safer cars and airplanes were. It’s just going to take time, and in the meantime, users are at risk.

You’re right AVG just upgraded. I’ve been getting a notification for the last month that the service was being disables. I guess it was a sales pitch.

Thanks and have a great day,

But for most PC-based home computers, users need to enable or adjust the firewall, install/update anti-virus software, do something about spyware, adware and Spam, plus manually or automatically backup all their critical files. No wonder cloud computing and web-based OSes are starting to catch on: Keep the home system dirt simple, and outsource everything else, including security

I’m not saying that this is the direction home computing will go, at least not in any hurry. But until/unless it does, I don’t see any way for Joe Average to handle all the security details on his own. Perhaps the best we can hope for is that he gets more cautious about social engineering, and learns not to trust every popup that appears.

One of the bottom lines is this: Any system that allows end users to install and/or reconfigure software using system/administrative privilege(s) can be turned against that user. And should that happen, it may well take some technical expertise to repair it.