http://www.silicon.com/software/security/0,39024655,39118228,00.htm
The puzzling thing about this is the basic assumption (by the author of the article) that computers are fragile and infection-prone and that users who don't know how to protect them are somehow part of the problem. At the moment I'm on a moderate rampage against anti-virus companies, for four reasons: 1. "free" anti-virus software that comes with new computers these days is usually time-locked such that after N days of service, the user has to pay. 2. anti-virus software makes booting, rebooting, logging in, logging out, and sometimes just general operations, amazingly much slower. 3. since they're pattern matchers, it's almost always nec'y to update the virus definitions AFTER a new virus is in the field, to get any "protection." 4. the mail-server versions of these packages inevitably send e-mail to the supposed sender, even though they know this address is inevitably forged. In this past year's tour of my friends and family, I've taken to removing their antivirus software at the same time I remove their spyware, and I've taken to installing Mozilla (with its IMAP client) as a way to keep the machine from having any dependency on anti-virus software. IT managers are encouraged to consider a similar move next time they're asked to approve the renewal costs of a campus-wide anti-virus license. There is nothing wrong with a user who thinks they should not have to know how to protect their computer from virus infections. If we (the community who provides them service and software) can't make it safe-by-default, then the problem rests with us, not with the end users. -- Paul Vixie