Users - the real problem

Recently (read: for the last ten years) Microsoft has been continuously blamed for all the computer security woes of the world. Their OS is ridiculed as full of holes while Internet Explorer is lambasted for its amazing ability to toss control of a hapless user's computer to the winds.

There are some very basic reasons for the insecurity of MS Windows.

• the Windows system was designed before networks were very important for most users
• security wasn't the focus of design - usability was
• users were expected to be intelligent

While the first two have been mostly corrected (both by redesign and patching on of various security products), the third is nearly impossible to patch. People do stupid things - and always will. Malware has two vectors of attack - exploiting security holes or exploiting the user. A large portion of malware now exploits the user rather than the technology - this is why security patches are not enough anymore.

On platforms where security patches and a firewall aren't enough (e.g. Windows), antivirus and antispyware are needed to stop the user from doing stupid things.

Stop being stupid. You know who you are.