Are you responsible for the actions...

[M_Six]

...of your PC?

This has been a major topic of meetings on our campus lately. How much responsibility for PC security does the user bear? We've blocked thousands of PCs on our campus that have been infected or hacked in recent months. Many of these PCs were left unpatched and without virus protection, despite the fact that automatic patch updating and free AV programs are available to any university member.

This article from The Boston Globe illustrates the extent of the problem. Millions of unprotected PCs are out there on broadband just waiting to be (mis)used. IMO, leaving an unprotected PC running on broadband is no different than leaving your keys in your car in the driveway and not caring if someone "borrows" it to rob a bank. True, you're not committing the crime and are in fact a victim yourself, but you're still a passive accomplice.

Some folks believe a PC should be fully "hardened" when you buy it. Others, like me, think that ISPs should be issuing modems or routers with fully closed firewalls when they install broadband. At least that would give the average, non-techie user some decent protection.

What's your opinion?

BTW, the poll will allow multiple answers.

Well a lot of people have to realize not everyone is in to computers like we are. They don’t sit here and read about the newest holes in some os or what virus is out there. They just want to use it for internet, chat, listening to music.

Why not hold the person responsible for who took advantage of the hole or the flaw? (Of course this is easier said than done if a person knows what he is doing)

As for bring out computers that are "hardened" this get complicated. The more advance you make it the more complicated it is for some people. Look at that new technology they will be coming out soon that will have digital rights and rid of viruses and holes. I think its called palomino. (Someone correct me)

Network admins have to realize that they will be dealing with a lot of people who don’t know anything about computers. It’s a fact of life. To hold them responsible, and when you say why they will look at you’re with a blank face and wondering what the heck you’re talking about.

Perhaps in a school hold meetings people can attend saying if you don’t attend we will cut off your internet if we think/know your computer has been compromised? See if you can get a subscription for Norton to give to kids? Where do you start and when does it end?

In the end, how do you hold someone responsible for what they dont know/understand?

[M_Six]

I agree you can't expect the average user to understand all aspects of security, but I believe there should be a certain level of responsibility on the part of the user. I don't expect a hunter to fully understand the physics of his weapon and ammunition, but I do expect him to understand that his bullet will travel thousands of feet and therefore he must be careful about where he shoots. I also expect him to understand that his weapons need to be secured when not in use.

It doesn't take a great deal of technical knowledge to learn to secure a PC. And the Internet is no longer just a fad or gimmick. When it's got a problem, companies lose millions. If the phone system had the same security issues, there would be an outrage. There would be measures taken to prevent the disruption. I still feel people don't see the Internet as an essential tool.

As I stated before, I'd like to see ISPs set up firewalls for their users and I'd like to see Microsoft and other OS vendors incorporate AV into their software. MS has just about everything else built into Windows, why not AV software?

would be interesting to see MS put in an AV. i personally wouldnt want it. but i could see them charging a fee after a years use. I rather trust norton or trendmicro for my virus issues. and im sure the very first virus out for it would be to disable ms anti virus

[Chuckiechan]

Your point is well taken, but until there is a sheriff in town to control spam and viruses, it is up to the owner of the machine.

If Microsoft has AV software, they would be attracting virus writers, just for the challenge! MS just has too much baggage! If they had anti-spam ware, they would be selling access to the spammers!

My perfectly good E mail account at netscape has been ruined since I bought some insurance on line and used my e mail address. My fault for being stupid. It was preventable, just like VD...

[sixf00t4]

same thing going on at Pitt right now. We hold the student responsible...but not accountable. when students came into campus ports were shut off, and we released a patch cd with the blaster and welchia fixes and patches, once the student installed them, they called the helpdesk, helpdesk verifies proper installation(add/remove programs) gets their info and mac address and such, and add them to the "ok" list. their port is then turned back on. random scans are also done on the network for changes of a computer on an enabled port and for certain activity. the university also gives out norton 2003 for free for all students.