Slashdot Mirror
Let Big Brother Hawk Anti-Virus Software
This requires a discussion of "positive externalities," which may seem pedantic to you if you remember the concept from econ class, in which case you can skim the next five paragraphs. When you buy anti-virus software, some of the benefits accrue to you — less risk of your data being lost to a virus, or of annoying spyware infecting your computer with pop-up ads — but some of the benefits also accrue to other people. Prior to anti-virus software being installed on your computer, your machine might have been infected and taken over by criminals who used it to send spam. Or it might have helped to propagate the virus to other people. (Note: I am using "virus" to incorporate related things like "worms" and not worrying about the distinction.) Or you might have thought there was a problem with your computer, not realizing the problem was caused by a virus, and wasted time calling the tech support line for your computer manufacturer or for some other product on your computer. (If the company charges for tech support, then you're paying the cost of your call rather than passing those costs on to others, but if the call is free, then the costs have to be passed on to the company and hence indirectly to their other customers.) When you install anti-virus software, the chances of all these things happening are reduced, and those are the benefits that accrue to others — positive externalities, in economics jargon.
The key assumption is that you can put a price on all of the positive externalities generated by a given person installing the anti-virus software. It's different for every person, but it always adds up to some value, something that is not microscopic, but also not fantastically larger than the purchase price of the anti-virus program. It's on the order of adding 1/100,000th of a penny's worth of value to the lives of 100 million other people, for a total positive externality of $10.
To see that this is a reasonable assumption, suppose that if I had a choice between living in a world where all 100 million other Internet users in the US had no anti-virus software installed (using round numbers to make things simpler), and living in a world where all of the other users in the US had anti-virus software installed, I would pay $10 more per year to live in the latter, counting only the benefits to me and not factoring in any altruistic desire to help protect fellow citizens. (I personally would pay a lot more than $10 because I use the Internet so much, but the average might be closer to $10. Also, what I'd really like is for more people in certain other countries to install anti-virus software — China comes to mind — but I'm leaving them out of this discussion because it would be harder for the US government to encourage that.) When everyone else in the US is using anti-virus software, the benefits are returned to me in various ways, such as it being easier for me to send and receive e-mail because there aren't so many botnet-infected machines sending spam. (This is independent of my decision as to whether to buy anti-virus software for myself or not.)
Now, once I've decided I'd pay $10 more to have all my fellow Americans install anti-virus software, I could draw a graph (while my friends are out snowboarding with their girlfriends) with "how many other US users have hypothetically installed anti-virus software" on the x-axis, and "how much would I pay to live in that world" on the y-axis. At the point on the graph where no other people have anti-virus software, I'm willing to pay $0 to live in that world. (Well, of course I'd pay a lot more than $0 to be alive in any world, but I'm comparing other worlds to that one, so I'm just using $0 as my baseline.) At the point on the x-axis where all 100 million other users have installed anti-virus software, I'm willing to pay $10 to live in that world instead. What does the graph look like in between those points? Well, I can assume it's upward-sloping — the more other people install anti-virus software, the better it is for me. I could also adopt the simplifying assumption that it's a straight line — so I would pay $3 to live in a world where 30 million other people have anti-virus software installed, $6 to live in a world where 60 million other people have it installed, etc. It's not really a straight line, because when the first 50 million Americans install anti-virus software, that still leaves 50 million others to get infected and do damage, but when the next 50 million install it, that has eliminated all the unguarded computers in the US, and made it a lot harder for viruses to spread, at least within our borders. In other words, the line representing the quality of life to me as a function of how many other people installed anti-virus software, would rise more slowly in the range 0-50 million than it would rise in the range 50-100 million. But as long as the curve doesn't make any sudden jumps — for example, I know that the 30-millionth person installing anti-virus software isn't suddenly going to make my quality of life go up by $1 — I know the curve generally has to rise smoothly. So for a really rough approximation I'll treat it as a straight line.
If the graph is a straight line with the value $0 when nobody else installs anti-virus software, and $10 when everybody else installs anti-virus software, then each additional user installing anti-virus software creates an additional benefit to me of 1/100,000th of a penny (so 1/100,000th of a penny, times 100 million, comes out to $10).
You may think it's ridiculous or meaningless to say that someone else installing anti-virus software can benefit me to the tune of 1/100,000th of a penny. I myself can't wrap my head around it. But I can use the necessary properties of the graph — that it starts at $0, ends at $10, must curve upward, and doesn't make any sudden jumps — to reason that it should be approximately true.
And then, if each other US Internet user derives an average of 1/100,000th of a penny's worth of benefit when you install anti-virus software, then the total benefit that you confer on other people by installing the software, comes out to 1/100,000th of a penny times 100 million, or $10. And that's not even counting all the spillover benefits to users in other countries each time an American installs anti-virus software, something that we could consider a kind of off-the-books foreign aid. (Even if we would really like for it to be reciprocated by all users in countries like China installing anti-virus software as well.)
This is actually not hard to reconcile with people's attitudes toward installing anti-virus software. It's recommended as something you should do not only for your own protection, but also as something you should do to be a "good Netizen" so as not to impose inconveniences on other people. If your installing anti-virus software only conferred about 1 penny's worth of total benefit on the rest of the world, nobody would bother exhorting you to do it as a kind of civic duty. On the other hand, if your installing anti-virus software conferred thousands of dollars' worth of good on the world (or, equivalently, not installing anti-virus software exposed the rest of the world to thousands of dollars' worth of risk or damage), then people would not only be exhorted to install it, it would probably be required by law, like functioning car brakes. The kind of pressure that we see today to install anti-virus software — gentle prodding but not outright compulsion — feels commensurate with a value between $1 and $100 of the benefits that a person confers on the rest of the world by installing it.
But this logic also means is that we are missing an opportunity to make everybody better off on average, by actually subsidizing the purchase of anti-virus software for some people who otherwise would not have bought it. Suppose each user confers $10 worth of positive externalities on other American Internet users when they install anti-virus software. Now first consider the case of an a program like Norton Anti-Virus which costs $40.
For anybody who personally values their own anti-virus protection at $40 or more, great — they'll buy the software, they get the value they want from it, and everybody else gets the positive externalities of that person's virus protection, for free. But consider the people who value the anti-virus software at somewhere between $35 and $40. With no government rebate, they won't buy the software.
But now suppose the government offers a $5 rebate (funded by a tax on all 100 million Internet users) to anyone who buys anti-virus software. Everybody who would have bought the software before, will obviously still buy it now that the government rebate has effectively lowered the price to $35, and now, all the people who value the software between $35 and $40 will buy it as well. For each person who purchases the software at the new price of $35, the following is true:
- The person who bought the anti-virus software is better off — they valued the software at at least $35, and they got it for $35. (Otherwise, they wouldn't have bought it.)
- The taxpayers who subsidized the purchase are better off. Each rebate cost the taxpayer one-hundred-millionth of $5. But when that user installed the anti-virus software, they conferred $10 worth of total benefit on all other Internet users in the US, so that benefits each Internet-using taxpayer one-hundred-millionth of $10. So they're ahead.
If this seems fanciful, we're still in the domain of standard economics textbook stuff. When positive externalities are involved, the free market by itself will usually not reach the optimal outcome; by adding in some government subsidies, you can achieve an outcome that leaves everyone better off than they were before (even after subtracting the cost of the taxes to fund the subsidies). Call them "subsidies even a libertarian could love." Steven Landsburg's books The Armchair Economist and More Sex Is Safer Sex, and Tim Harford's books The Undercover Economist and The Logic Of Life, explain the logic of externalities probably better than I can, and give other interesting examples. When I say "subsidies even a libertarian could love," consider that Landsburg once wrote that George W. Bush's tax plan was unfairly burdensome to the rich, because "it seems patently unfair to ask anyone to pay over 30 times as much as his neighbors." That's pretty, uh, libertarian. But even Landsburg has argued, in More Sex Is Safer Sex, that LoJack anti-car-theft devices should be heavily subsidized by the government, because they create positive externalities — when more people buy LoJacks, thieves are deterred from stealing everyone's cars, because there's no way to tell whether a particular car has a LoJack installed or not. To the extent that anti-virus software creates positive externalities, it should be subsidized as well.
A modified version of this logic applies even to free anti-virus programs like AVG Anti-Virus. AVG is only "free" if you don't count the costs of finding out about it in the first place, then downloading it, installing it, and leaving it running. All of these add up to costs that, for whatever reason, have led to many people choosing to run nothing at all, rather than to run AVG even though it's free. If the government ran a campaign announcing the rebates for purchasers of anti-virus software, they could also use the campaign to recommend certain free programs -- thus effectively offsetting the "costs" by providing a "subsidy" for those programs in the form of free advertising.
When I ran this past some people for comment, two respondents, Steven Landsburg and Esther Dyson, independently recommended versions of a popular alternative idea, which was to penalize people directly for spreading computer virus infections. Landsburg commented:
I certainly think there are huge externalities here, and they derive from the fact that idiots who don't know what they're doing insist on administering their own mail clients. I don't have a mail client on my machine precisely because I am one of those idiots and I don't want to be responsible for a virus grabbing my address book and running with it.
So I have long thought that mail clients should be taxed and/or (if it were technologically feasible) that individual users should be fined heavily if viruses spread from their machines (or send spam from their machines).
Esther Dyson suggested something similar:
One method to consider is — rather than subsidy — requiring the ISPs to post a bond for their customers and assume responsibility for their actions. They can ask their customers in turn either to buy an antivirus package, to sell one that the ISP will offer for free, or to post a bond guaranteeing that they know what they're doing and will do no harm. The ISP is then liable for the misbehavior of its customers and may forfeit the bond if some specified level of disruption is caused by its customers.
In theory, this works better than my idea because it precisely targets the undesirable behavior: We don't really want to penalize people for not running anti-virus software, we want to penalize people for not running anti-virus software and imposing costs on others as a result. It's not possible for 100 million people to charge one person 1/100,000th of a penny each for the inconvenience and risk that person creates by not installing anti-virus software, but it might be possible for one recipient of the virus to seek to punish the person who gave it to them.
However, I think this scheme would have more practical problems:
- You can only penalize the virus spreader if you know exactly who was responsible for passing it on to you. This works for old-school viruses that spread as e-mail attachments, but not for worms like Code Red that probe the network looking for other machines to infect — if you're infected as a result of a remote IP address probing your machine, it's unlikely that you would ever find out exactly when or how it happened, much less the owner of the IP address that infected you.
- If you found out that a friend spread a computer virus to your machine, you'd probably be under a lot of pressure from your friend not to turn them in.
- For people who did get taken to court for spreading viruses, there would be overhead costs associated with processing the case, over and above the actual fine that may be levied against the individual. (If the penalty happens outside the court system — for example by ISPs keeping the bond posted to them by a customer — at least some of those customers will probably feel wronged and sue the ISP, generating court costs either way.)
- If someone accidentally spread a virus to a large number of other machines, that could make their total liability far greater than what they could actually pay.
The idea of fining or otherwise punishing people for accidentally spreading viruses is something I've thought about too, but usually in a moment of venting. As Steven Landsburg dryly says, "Your solution (subsidized antivirus software) might be more effective, but mine would be more satisfying (to me)." I think the option of punishing people for propagating viruses is something that should be explored in more detail, but I can't offhand think of any solutions that would avoid the problems listed above. The fact is that anybody with an Internet connection has the potential to do enormous damage if their machine gets infected, and in most cases it would be too hard to track the harm back too them, and too harsh to make them pay the real cost of the damage.
On the other hand, the option of a government publicity campaign to get people to install anti-virus software — at least the free ones, which should be a no-brainer — is something that seems like it should start bringing benefits right away. Government advertisements for free programs would require the least amount of paperwork to set up, because all the government would have to do would be to produce the TV ads and buy the airtime. (Other proposals, such as subsidies for non-free anti-virus software, or paying people outright to install anti-virus software, would require more overhead to implement. That doesn't mean they shouldn't be tried, but go for the low-hanging fruit first.) Now, what the ads should look like would be a question for advertising experts, but I would really hammer home the point: "Go to this government website and we have a list of recommended FREE anti-virus programs. These are not 'free trials' for something you have to pay for later. They are FREE. If you're not using anything at all, at least go get one of these." Along a list of the non-free programs for people who want even more protection, and links to third-party reviews of those.
More generally, I think that government-funded action to encourage better computer security is something that has not been given enough consideration. I think this is partly due to hostility to anything that smacks of government intervention (because of, among other things, numerous times the US government has attempted to censor the Internet), and partly because of an assumption that the free market will provide the best solution by itself. But if the government is actually on the right side of an issue — the side of promoting better computer security — then there's no reason to be petty and foul up their campaign just because we're still resentful that they once tried to make the Internet into a no-cussing zone. Hey, if the government thugs start to care more about computer viruses than about Internet porn, then they're learning! Give them a pat on the head and help them get the word out! And meanwhile, economic theory predicts that because of the externalities problem, the free market by itself won't lead to the optimal number of people using anti-virus software or keeping their computers secure. That's precisely the situation where a government-funded push toward more computer security can bring everyone more benefits than it costs. If you wear a Ron Paul t-shirt, but you found out about free anti-virus software software from a state-sponsored TV ad, nobody has to know.
that is securing operating systems and educating users so that they don't install viruses ? This can also be push forward with tax dollars and would be more useful IMHO.
Frequent Slashdot contributor Bennett Haselton writes with his idea for mass adoption of anti-virus software:
Wow, somebody's buddy just got hooked up. Posting cretinous articles is one thing, posting a contributor's own cretinous musings is quite another.
Here's an idea -- Let's assume for a second that the majority of business and government uses a specific family of operating systems from $MONOLITHIC_CORPORATION. Since that corporation is pocketting billions upon billions of dollars, then why not have them subsidize the ads?
The burden should fall upon the corporations which support their operating systems which have been demonstrated to be gaping security holes which would make even the great Goatse prolapse with envy.
Simply ridiculous. Antivirus software is just ineffective.
"to the point where even some libertarians would agree."
Maybe he meant to write librarians, but no true libertarian thinks that the government should purchase ads for McAfee and Symantec.
If someone says he and his monkey have nothing to hide, they almost certainly do.
You can't pay me enough to infect my computer with the crappy anti-virus software out there. Until AV software does more good than harm, I'll just continue on spreading my germs.
I took the author's advice and skimmed, but does he seriously advocate penalizing people for using their computers without AV software? Can we penalize people for spreading the flu, because they didn't wash their hands? Is this some sort of perverted blaming of the victim, or did I skim too quickly?
Did I mention BORING!!!?
YMMV
but I'm leaving them out of this discussion because it would be harder for the US government to encourage that
Oh, so you really had no point at all. Thanks for sharing.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Someone link to that story that was on Slashdot several months ago about some industry big-wig going public with his opinion that anti-virus software is worthless and only slows down computers. (an opinion I share BTW)
because all this applies to humans as well :-)
Why not just hand out ubuntu cd's?
tl;dr
If the government imposed a flat tax, Mac and Linux users would end up taking up a disproportionate amount of the burden for the risks that they pose.
Let's just tax Windows.
Take a third of the proceeds to subsidize antivirus software and awareness ads and use the rest to pay people to switch to a better OS.
It could work!
Yes, because right now, after bailing out the financial system, and the auto industry, some industries, like the multi billion dollar security sector, are feeling left out. Where's our share of the grift?
"Inattention makes clowns of us all" -Bean
On the same line:
How about the .gov buying adds to stear people away from windows?
NO SIG
If the graph is a straight line with the value $0 when nobody else installs anti-virus software, and $10 when everybody else installs anti-virus software, then each additional user installing anti-virus software creates an additional benefit to me of 1/100,000th of a penny (so 1/100,000th of a penny, times 100 million, comes out to $10).
I have four living grandparents non of which own or use a computer much less the internet. While you may claim that it benefits them in some way, they don't give a damn. I think you have a good argument but why not tax internet connections from ISPs instead? You know, like there are home owner taxes there could be internet users taxes that tax specific people. Sure, now you're paying $12.50 instead of $10.00 but at least my retired grandfather isn't paying for your Slashdot habit.
I'm certain there are people my age who are working yet chose not to have internet and that is their right and I do not think they should be paying for our virus problems.
My work here is dung.
to put a computer on the internet. Without a license a computer is pretty dangerous to society.
I also think the OS makers should be forced to create sandbox technology around all user installed processes the prevent them from executing outside of well-defined profiles. The default profile should be similar the java sandbox in the web browser. No (or very limited) local file system access, no internet connection except to one domain. All activities should be logged (every file accessed, every network connection made, every registry key accessed, etc).
I have been tagging this guy's stories "ohnoitsbennett" for a long time. Finally it shows up!
Can we get Jon Katz back?
As we saw recently, tons of media coverage about the swine flu caused a dramatic change in people's behavior and basically destroyed the Mexican tourist market ... even though it didn't seem much worse that the "average" flu ...
Hulk SMASH Celiac Disease
the fact that people dont use antivirus software. the problem is windows is an OS that tends to get brutalized every week or two by a new virus, and the manufacturer does not appear to care.
a better idea would be to make an incentive for OS vendors to build a better product.
Good people go to bed earlier.
I agree with the comment about positive externalities, which is a factor not always well understood by the libertarian-leaning computer community, but the problem is that I can't see a good argument that the government would do this well.
Frankly, working for the government, I would say that the government's understanding of computer security is negligible. Their advertisements would consist of warnings telling you to use non-rememberable twelve- or more character passwords with upper lower number and symbols, and to change all your passwords every ten days to a different non-rememberable twelve- etc password, and then warn you to never go to any website that isn't on the official government approved list, because you might get phished.
An alternate suggestion would be, go after the spammers and the malware distributors. Malware is getting distributed because people are making money off of it. Follow the money, and shut it down, and malware will go back to being a hobby of a small community of nerds.
http://www.geoffreylandis.com
The other day, I heard a discussion on BBC Radio 4 in which an expert basically suggested that the threat from viruses, worms, etc., was not so severe. He stated that it would be impossible to kill the Internet in the UK, because doing this would require cables to be cut.
It seems to me that he was ignoring many treats, such as corrupting the routes published by key routers and the fact that many threats don't involve a complete meltdown of the Internet. Lesser threats were mentioned earlier in the discussion, but the later statements would make people think that the threats form viruses, etc. was overblown -- especially since the later person commented that the former who mentioned these personal threats worked in the industry and hence had a reason to exaggerate them.
Many people would come away from that discussion thinking that there was nothing to worry about and that they probably don't need anti-virus software.
The real "Libtards" are the Libertarians!
I'm not spending my taxes on free advertising for McAffee.
This is my sig.
One problem with trying to penalize people who spread viruses (at least on a tort theory) is the problem of causation, since you have to be both the cause-in-fact and the proximate cause to be liable for a tort. Here's an example of what that means and why it could be difficult to blame any single person for the spreading a virus, except maybe for the person who unleashed it in the first place:
Say there's a worm like Conficker that is very prolific and is being spread by many different means over the open Internet and where there are many exposed hosts. Say that for whatever reason I get infected, but that I happen to have detailed logs of the network traffic I received that shows that one A. Dumas who lives in Blackacre owned the IP address that I got my infection from. Say that further, this isn't some fluffy case where Dumas can claim it wasn't his computer or that he wasn't using it, instead Dumas was indeed sloppy and got himself infected with Conficker negligently. The problem is that while Dumas is the direct cause of me getting Conficker, he is likely going to be able to claim that he was not necessarily a but-for cause, meaning if he didn't infect me, somebody else would have. To make matters worse, with a worm like Conficker it would be likely that the "somebody else" would infect me in a very short period of time, possibly only minutes or seconds, after Dumas did it.
So the end result could go two ways depending upon how a court would look at causation. Some courts might let Dumas off from liability since you really couldn't prove he was the but-for cause, but instead only one random cause amongst millions of possibilities. Other courts would say that yes, Dumas is the cause, but that the damages would be whatever the cost to me is of having Conficker... for 5 minutes or however long I would reasonably had an uninfected computer but for Dumas's infecting me. That would likely lower the damage amounts greatly, and make suing somebody else pretty unattractive.
Of course, Tort law isn't the only way to handle this. The government could always come out an slap fines on people and the only thing they need to prove is that you were spreading the virus. I'm pretty pro-security, but I frankly think that would be a very bad idea that would lead to losses in freedoms much greater than anything people on Slashdot would imagine. If you are paranoid that some international phone calls were being intercepted before, imagine what it would be like when it is necessary to monitor everybody's network traffic to prove who had a virus and when they had it. Further, imagine all the insane regulations that would follow. For those of you naively thinking that this would somehow lead to Windows being banned from the Internet, think again. Given how the government works it would likely lead to any OS except for Windows and OS X being banned from use entirely. The reason would be that only Apple & Microsoft could effectively afford to pay the massive "licensing fees" and hire armies of lawyers to cut through the red-tape needed to get government approval to connect to the Internet.... not a pretty scenario at all.
AntiFA: An abbreviation for Anti First Amendment.
Why don't the anti-virus companies just use some of their revenue to advertise or to provide private subsidies to home users (or schools etc)? Same effect on AV adoption as the government subsidies, without the need for taxation or the need for the government to subsidize any paticular product (and all the corruption and bribes - sorry lobbying and 'campaign contributions' that go with government pork).
Its "hock," not "hawk."
jackass.
Good people go to bed earlier.
If the government sponsored public service announcements advising antivirus protection, every attempt would be made by malware distributors to make their malware look even more like antivirus software than before and would likely be made to resemble norton/symantec or mcafee software products.
Interestingly enough, some people here are already preaching "abstinence" by suggesting people learn what not to do with their computers and where not to go on the internet.
There will always be amazingly stupid people using computers and getting on the internet just as there are amazingly stupid people driving motorized vehicles on the freeways. Cars are safer to operate and require less knowledge. The problem is that there is a "software product" business alive out there that depends on people wanting to install every bit of software they can find.
While most people are generally against the idea of a "limited Windows" I am rather for it. It would be precisely those sorts of controls that would prevent people from installing and running too much software. There will always be the "greasers" who will want to use other operating systems or otherwise use windows without limits and that's fine -- I am not afraid for the educated and knowledgeable users out there. What I am afraid for are those who don't know they need limits. Those are the same people who buy viagra online among other things.
Microsoft should give Windows away for FREE but make it limited and very locked down. People would then need to pay for the right to run without limits.
Let's say we have every single consumer operating system pass rigourous security tests before it is sold to the public. Will that decrease the number of infections or will the malware industry simply take longer to compromise the more secure systems? There is a concept about locks that no lock is fool proof, the better locks merely increase the time to compromise it.
I am deeply against penalizing the average citizen for having their computer run government approved security software. Most people barely understand their computer. The security within the operating system could lead an average user to believe that their system is secure. It's not someone having a gun stolen from their unlocked house and being sued by the victim shot by it. It's someone breaking into your house and using a blowtorch to get into your gun cabinet and then using that gun to shoot people.
Since when a computer without AV software is somehow 'insecure'?
Is author so thoroughly conditioned that he can't even imagine that it's perfectly possible to use Windows without getting viruses?
I'm all for educating users about the harm they are causing by using insecure operating systems and engaging in dangerous behavior.
However:
subsidizing the purchase of anti-virus software
Don't dip your damned hand into my pocket and hand money to McAfee before we first educate these people. Then start holding them accountable for the damage they cause. Then, and only then, as a last resort if nothing else works, can we talk about holding their hands because there is no other way out.
I support methadone clinics, but first I support putting junkies who steal in jail. Same thing here. People are wantonly engaged in destructive behavior and you propose that we first harvest the positive externality, before addressing the negative externality of their destructive behavior. I am a strong believer in externalities and the balancing thereof. But let's start with the negative side, with holding the junkies accountable for their behavior.
Stop-Prism.org: Opt Out of Surveillance
The cost of executing court cases against 80% of internet users would be pretty high.
In any case, this is somewhere governments just don't need to go. Do we penalize people who brought Swine Flu back from Mexico? Do we penalize people who pass other contagious diseases? "Clearly" they just needed better hygiene. The problem is people administering their own hygiene when they are not professionals. See where I'm going with this? Society has to be based on the assumption that not everyone is an expert in any given field. Further, the blame for viruses should lie squarely with virus writers, not with their victims for God's sake!
Thanks for an excellent and thought-provoking article.
Note: For this reply, imagine for a second a faulty animatronic display at the local museum, where the voice emanating from the tinny speakers has grown faulty over countless years of mindlessly repeating the same tired, tired mantra...
[unintelligible warble]n't want the GOVERNMENT telling me what to do! I am not a number! I am a free man! Governm... governm... governm... [clicking sound]ight to not ru[click] my right to not do a thing abou about about my computer's security my right my right my right my right [click] and if anyone else gets hurt it's their fault because they it's my right my right my right my right my [unintelligible warble to cutoff]
Is Slashdot's "Many More" feature annoying anyone else? I want to see all the stories that make it to the front page, not a select few.
Where do I turn it off?
State subsidies for antivirus programs are going to have all sorts of unforeseen and undesirable consequences. Beyond the whole spending money they don't have thing, virii are predominantly a Windows problem.
By making anti-virus software a matter of public policy, the government will be encouraging people to use Windows ahead of alternatives, whose achilles heels are not being masked by government action. PSAs about the efficacy of free anti-virus programs is also going to further the illusion that Windows is (or at least can be made) a safe experience.
The only safe Windows experience is abstinence, and we don't need DC telling our kids otherwise.
OK, here's a comparison to chew on:
You are getting overweight, feeling wheezy, have bad breath and sometimes feel like your heart is beating irregularly. Feeling uncomfortable with these facts and symptoms you consult a doctor. After a short conversation you tell the doctor that you eat out at McDonalds every day.
Now the roads diverge:
scenario A)
The doctor tells you that you should take a diet pill every day, should use mint drops to cover your bad breath, should come back once per month to have your heart checked and get someone to assist you when you feel wheezy.
scenario B)
The doctor tells you that eating at McDonalds every day does tend to do these things to people. A burger every now and then does not do harm but if you only eat burgers you tend to develop these problems. He tells you about alternatives to McDonalds where more healthy food is served, advises you to cook a meal for yourself once per week, to get some exercise and to quit frequenting McDonalds.
Which doctor would you rather have?
And if your answer is 'A', then would you want the government to sponsor diet pills and mint drops as well?
If there is a cure for the disease then why only treat the symptoms?
--frank[at]unternet.org
Where in the constitution would be the mandate for the feds to promote something like this? I know people try to squeeze everyting into the 'general welfare' statement
From the Constitution:
The Congress shall have power to lay and collect taxes, duties, imposts and excises, to pay the debts and provide for the common defense and general welfare of the United States
Other countries have used military botnets. Therefore, a campaign against botnets might even count as "defense", in addition to the "welfare" and "commerce" arguments that others have made.
I also think the OS makers should be forced to create sandbox technology around all user installed processes the prevent them from executing outside of well-defined profiles.
Users do not install viruses. Viruses install themselves trough gaping security holes / backdoors. There is no reason for an OS to allow an application to download and activate *any* application without user approval.
All activities should be logged (every file accessed, every network connection made, every registry key accessed, etc).
Sorry, that is unacceptable. Logging is not needed, is waste of storage space and intrusion of privacy.
Although I'm no fan of AV s/w - I completely agree. At what point does a T-1 connected grandma become an officially recognized threat to national security? The U.S. at least, seems about one attack shy (using history as a guide) of such a designation...
If the governments would refuse to buy insecure software then the software makers would have a big reason to make their systems secure.
The government needs to lead not push the people.
The government requirements would create a secure purchase option which people could select.
no true libertarian thinks that the government should purchase ads for McAfee and Symantec.
What do true libertarians think about state sponsorship of defense? Could software that implements a malware blacklist be considered arms to defend yourself against foreign military botnets?
One big problem with this proposal is profiteering. Any time government offers to inject some money into the private sector, powerful commercial interests will line up to feed at the public trough. We saw it in the Iraq war, with Halliburton. We're seeing it with banks that are gaming the federal bailout system, maneuvering so that they can be subsidized without accountability. And it's always the most politically well connected private interests that are able to play this game successfully, e.g., it sure didn't hurt that Halliburton was in bed with Dick Cheney. So if this proposal were enacted, I predict that Symantec, for instance, would make out like bandits, while zero money would flow to ClamAV
Another problem is that this kind of thing takes on its own momentum, and tends to continue indefinitely long after its justification is gone. We've seen this with farm subsidies, which were meant as an emergency measure to try to help family farms survive the Great Depression. Now it's just a subsidy to agribusiness. As far as antivirus software, IMO it's already long outlived its usefulness; it's become a kind of snake oil, a kind of difficult-to-remove malware in and of itself, used by people would would rather pay $40 for a bandaid rather than taking proper security precautions.
And yet another problem is that this kind of thing subsidizes dumb behavior. In the case of antivirus software, it subsidizes MS's poor design of its operating system, which makes it more vulnerable to viruses than MacOS or Linux. It also subsidizes dumb behavior by users who click on executable email attachments from strangers.
As far as the economic justification, I don't buy it for a second. Since I don't run Windows, I don't suffer a lot of direct negative economic effects from viruses. The effects I do suffer are small and indirect. Mostly I get a negative effect because I get spam from botnets. However, I don't believe for one second that increasing adoption of antivirus software by some percentage will have any significant effect on the amount of spam I get from botnets.
Find free books.
First off, pretty much every average users PC has cmoe with AV software for years. IT ahsn't helped.
Guess what? it will never help. Even the bast AV software is weak sauce.
No, people need a hardware solution built into there net card. One the checks for unwanted behavior..perferable with jumper setting. Yeah, you read that right, jumper settings. Make them have to do something besides clicks a few lying links or buttons to turn off the physical security.
That's how to lock down bots.
You can also have it do the virus and trojan scan on the way in.
The only thing the government would help on in this issue is education.
I have never had a virus on a computer I have owned that I didn't write.*
Why? wise use of hardware and computer sense.
I ahve a wife and two young kids.
They are all educated on what not to do.
I don't think this is the problem people scream about.
*I did security work
The Kruger Dunning explains most post on
while i do agree with the early posters suggesting making OSs to be secure and impervious to viruses and other misc. malware and trojans, but knowing the governments track record of poking their nose in to places it does not belong = invasion of privacy when its not warranted i would prefer to use an OS that is not vulnerable to the virus du jour.
Politics is Treachery, Religion is Brainwashing
Why not just hand out ubuntu cd's?
For one thing, the veterans' hospitals keep medical records using the VA's Computerized Patient Record System that runs on Vista.
I am so tired of people doing whatever they can to justify the newest benefit to themselves or others they feel need help.
Two issues.
IT IS NOT YOUR MONEY.
Where in the hell is it in the Constitution that this is a function of government.
That is the problem with people today. Anyone can find a justification for their piece of someone else's pie. Get it ? Your demanding that other people's money be spent on a problem you perceive.
And people wonder how we end up with trillion dollar deficits. Not only is the public full of ignorant greedy people so is the government
* Winners compare their achievements to their goals, losers compare theirs to that of others.
While I don't disagree with the value of spreading anti-virus software; I would be concerned that if the government thought it needed, say $5 per user, it would actually need $10-$15 to cover the overhead, then seeing this as a chance to raise more taxes, would add another $30.
MS was found guilty of abusing their monopoly in the OS market because they 'integrated' IE the system.
Yet for years we have had to deal with the consequence of that because of any value was done because of it.
Telling people that they need to go spend more money on software seems to really be missing the point.
Really, I know what I'm doing...Ohhhh, look at the shiny buttons!
Many ISP's also provide cable. They could easily advertise free anti-virus in order to provide benefits to their own users. Actually, many already do this. A number of ISP's provide free anti-virus upon signing up
And thank you for proving exactly why I wouldn't support such an initiative.
It would give the government the go-ahead to truly regulate the internet for our own good. It would be for the children, against the terrorists, and ... progressive.
You would be giving the government the authority to limit your speech in the guise of protection. Very likely worthless protection with a whole helping of surveillance and record keeping.
Then, when you step out of line, your license is not renewed. Or, more likely, since you run Linux, a dangerously mutable untrustworthy operating system, you wouldn't be granted a license at all.
No thanks, I don't need or want a license to exercise my rights.
Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
I converted my parents to Ubuntu. Dad loves it. :)
My brother and in-laws remain untouched, although I do have a "refuge" box stashed at the in-laws for when I didn't bring a laptop and need an available machine.
it won't happen to them.
And others frankly just don't know.
that's why none of this happens. Also, anti-virus programs expire. people also don't know about the free ones.
So put it this way.
It's survival of the Fittest... even for computer owners.
"Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind." -Dr. Seuss
You don't subsidize ads for anti-virus software.
You subsidize computer repair services. Services that are provided locally, by local techs who pay local taxes and provide local jobs.
And we should start breaking some windows like the Chinese are doing. During the next census simply inventory the household computers and declare them obsolete. Require that each household be forced upgrade 75% of their machines within 60 days.
Users do not install viruses. Viruses install themselves trough gaping security holes / backdoors.
During the Trojan War, the people of Troy were said to have installed dancing horses, which came pre-infected with the special forces of Greece. Nowadays, users install dancing bunnies, which come pre-infected with viruses and worms and other sorts of malware.
tl; dr
I was quoted out of context in my autobiography...
Oookkkaaayyy... where can I get software that can protect me from an overbearing and overreaching government?
(I love this nation, but will never, ever, put my faith and/or trust in any government.)
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
Believe it or not, I applaud the efforts of FOSS programmers. If I wasn't dependent on several Windows-only software apps to get my work done, I'd be running Linux right now. The problem is simply that I've got clients who aren't going to wait for me to figure out how to get Adobe Premiere/Encore/Lightroom/Mixmeister/ACID/Sound Forge/Mediashout/AutCAD to run properly in WINE. It's not that I'm a huge fan of Windows, but I am dependent on Windows-only apps to make my living. I'll admit that Linux has definite advantages, but if I spend more time getting the apps to work that make me money, then how much superior is it for me? Not everyone uses solely Office and Internet Explorer on their Windows machines. I can't possibly be alone.
I browse the web with Firefox, NoScript, and Flashblock. I run Avast on a regular basis. I have UAC enabled on Windows 7. I have properly locked down my router. My software comes from store shelves and vendor websites, not Pirate Bay. I don't run Limewire, period. Personally, I consider that to be a fairly responsible setup for a Windows user. Am I in the minority of Windows users? sure. Should I be required to pay a tax solely because the OS I use to make my living is abused by others?
"These are not 'free trials' for something you have to pay for later. They are FREE. If you're not using anything at all, at least go get one of these." Along a list of the non-free programs for people who want even more protection, and links to third-party reviews of those. "
Really? why would you assume non-free means more protection? I mean, the way you put it the 'FREE' AV tools would just be ads and extremely limited to make people pay for the 'government approved' upgrade.
The Kruger Dunning explains most post on
That's a great idea. Similar to that, the govt should also:
The danger is, some nanny-staters will agree with some of the "ideas" above.
If you don't feel the benefits of the internet, along with all the nasty things that come along with it (like people being stupid), build your own network, then get the major website hosts to also connect to your private network.
An ordinary user using a Mac is arguably operating a less virus prone system than one on windows with anti-virus. Why doesn't the government just give everyone a $50 tax deduction for getting a Mac? Then again, how many people really nickel and dime every last little thing they do each day? Perhaps we could also give people $100 for not eating meat on Fridays. Does an average taxpayer really know what anti-virus is and how to make good use of it, or will they get the crappiest "anti-virus" any spammer is selling, and grab a government handout? Does this not sound wasteful to you? Who determines what is "Quality" anti-virus - the good guys or the bad guys?
Fining individual users for unintentionally spreading viruses might arguably be negligence, but considering the vastness of the problem I can't say justice would be served by attempting to punish the uneducated mob as you could only make examples of individuals. Even if you were effective, you would simply make people stop using computers. You could fine the software developers for negligence in making something vulnerable, but once again all you could do is make examples of people, while if you were actually effective you would destroy the software development industry, as no one would be willing to make software.
If the authorities aren't clever enough or capable of finding and punishing the criminals, then you can't just magically pass some law that will make all the criminals dissipate. Even if you were to get every last user on anti-virus chances are the viruses would just adapt to dealing with those programs. Pragmatically, I think the only things that will work would be to reward those who successfully find and punish the criminals, and perhaps argue the benefits of being moral over creating bot nets and screwing people over like AIG.
Then again, as a Ron Paul supporter, I see the light of your ideas, and think you might like the ideas of Johnathan Swift with his treatise, "A Modest Proposal".
Without a license a Windows computer is pretty dangerous to society.
FTFY
God is imaginary
Comment removed based on user account deletion
There's not a single anti-virus software out there that's worth the trouble to pirate, let alone pay for. The virus database is always one step behind virus makers. The heuristic virus detection is awful and is much more likely to mark legitimate software as a virus than the virus itself. And if you do happen to get infected with a virus and it actually gets detected there's no way the anti-virus is going to clean it out completely.
/facepalm
So far you could say the same things for anti-spyware software. But wait, there's more. Unique to antivirus software is the virus-like quality of the software itself. Have you ever tried to uninstall one of these things? Working at a university PC support center I used to see this a LOT. You're never going to get every last bit of the antivirus software off a computer. And then what happens when you want to install a new antivirus? Or when a user wants to be 'extra safe' and installs two antivirus programs simultaneously?
I say no thanks to that. Get a router with a firewall and sit behind it. Make sure everyone on your network is smart about suspicious links, scripts, email, IMs, etc. Common sense is free and works much better than anti-* software. When all else fails, reformat & reinstall.
mmmm...forbidden donut
Microsoft can't solve PEBCAK without taking control over the computer completely out of the user's hands.
Are you willing to give them that level control?
We already did. It was called Xbox. All code must be digitally signed by Microsoft.
But seriously, it's possible to improve the granularity of operating system security without resorting to application whitelisting like that seen on video game consoles. The Bitfrost model looks interesting.
I'm sorry if you tire of doing your laundry, straightening your sheets and feeding your dog, but the FEDERAL GOVERNMENT WAS NOT DESIGNED TO DO THESE THINGS!
Anything it does, it does with incompetence, other than the military, the mail and those powers originally involved in the Constitution.
Remember laughing at the $600 toilet seat? Those people also brought you the $8 asprin and the constantly-climing college tuition.
WAKE UP, PEOPLE, THE FED *IS* THE PROBLEM!
Is anybody else wondering who this mysterious Big Brother Hawk is?
Let's say we have every single consumer operating system pass rigourous security tests before it is sold to the public.
How would Ubuntu, Fedora, Mandriva, or FreeBSD pass such a test?
As long as the software was created by non-government controlled businesses (ie the companies that do AV now would be just fine), the government didn't have a say in the actual code, and the products aren't subsidized ... I don't see most libertarians having a problem with it in general.
The place "we" (as a left lib) would have problems would be:
1) if the software gave the govt a spy into our PCs, which if the govt was to author their own software would be pretty much impossible to disprove (open source AV would be interesting)
2) if the govt was trying to give our money (directly via taxes) to the companies that build the software, propping some up over others
If the govt were to start preaching the values of safe computing and explaining why AV/etc software is important? Go for it. Government providing unbiased education (and I don't anyone from any political party who says unprotected PCs getting viruses are a =good= thing) is an accepted function of the government, yes, even by us Libs.
PS. In case it isn't obvious, I found the way the quote mentioned Libs to be stereotypeful and poor.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
How did this retarded article get FP'd?
You thought you could break the laws of physics without paying the PRICE?
Or we could pour some chlorine in the gene pool. If you don't find it worthwhile to take the time to keep your software uptodate and keep your machine virus free then viruses are the result. It's high time we stop allowing bad genes to breed.
So, a few suggestions:
1. Setup a charge where commercial OSes - OSX, Windows etc., are fined for every bug found. Further incremental fines for every month they delay fixing it.
2. Get over the idea of installing everything. Seriously. Grandma does not want to be an admin. Why not start to have our OSes as live disks, where only a config is installed on the computer, and the files that are important to the user (e.g. family photos). Distribute updated live disk CD/DVD images periodically to users.
3. How about once in a while working on the OS so that it uses less system resource, is more stable, and more secure?
The answer is educating people. We should have classes. Perhaps in school?
I have been using Windows for 10 years and Linux for 8 years. I have never used anti-virus software. I have never had a virus. I stick my boxes behind firewalls, and apply security patches, and I do not do anything stupid.
If you do not have a firewall, do not apply security patches, and do stupid things, no anti-virus software is going to protect you.
Go green: turn off your refrigerator.
If you live in a world where everyone else has antivirus software, you're going to see a lot of viruses which evade antivirus software.
Which is what we already see - the viruses don't magically go away when you install McAffee's trash on your system, they simply kill McAffee through zero day or through the users not knowing better than to say no and continue on their merry way with the AV "solution" blissfully unaware.
The article pointed out the problem, and then ignored it. All of the computers are not in the US. The percentage of computers in the US is decreasing. If every computer in the US was virus-free, it would not fix the problems.
Go green: turn off your refrigerator.
"...to the point where even some libertarians would agree." Sure, the libertarian may agree that the points are valid, but would never ever agree that conflated government intervention is an answer at all.
So, "nope." Libertarians are actually enraged someone would spend so much time to encourage a nanny-state, especially since much of the recent news has been of nanny-state oppresion from the Obama administration. I can't even imagine how you could have thought a Libertarian would agree with your points (beyond validity of argument) beyond simply wishful thinking.
general welfare (obvious), commerce regulation, and defense (indirect security benefit to gov't systems, and some protection against foreign-enemy systems) are all plausible Constitutional explanations, though I don't like overblown invocations of the Defense Clause
Well, *I* am so tired of people using strict Constitutional interpretation as an excuse for not doing something that they don't feel like supporting, and I worry that their interpretation being selective...
The OP definitely has a point about positive externalities being created by more people having security software; proper subsidization is *exactly* the way to clear that up
IMHO, externalities are the main problem with a pure laissez-faire market structure
in practicality, the idea is limited (in large part due to PEBKAC issues and imperfections in AV software), but the idea seems quite plausible both on practical grounds and on legal grounds
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
A simpler method would be to fine or eliminate internet access to those who cause damage to others - including those whose computers are part of botnets. Users have a responsibility not to let their machines be used to harm others and to keep them secure.
To pawn something is to HOCK it. HAWK is a bird of prey.
Funded by who now?! Here's a better idea; fund it from a tax placed on all users/organizations that send out more than 1000 emails per hour (or some reasonable amount that allows for legitimate mailers). You not only reduce the amount of spammers and malware senders - a major source of virii in the first place - and the rest of us legitimate users who either purchase and use protection or opt for a more secure OS aren't penalized.
With an estimated 96% of all mail in the pipe classified as spam, taking steps to prevent abuse will lead to lower levels of virii at the same time, not to mention the bandwidth returned to legitimate use. Otherwise the suggestions amount to little more than asking the taxpayers paying for my condoms so I can be safe and not spread disease to the rest of the citizens. Hey, if I want to "play craps with my dick" (as Eddie Murphy put it) I'm a big boy and should be responsible enough to protect myself.
By this externalities logic, why aren't the taxes collected on my cigarettes offered BACK to me in the form of nicotine patches or smoking cessation medication subsidies? After all, encourage me not to smoke and make it easy and less costly for those of us who don't have health insurance, and no one has to suffer my second hand smoke effects or health costs. No, instead they are used to fund pet projects and pork, which is exactly what this would become.
I've been on the internet since the mid 90s, and never ever detected a virus on my machine, other than in un-opened email. Email used to be a big source of viruses, but these days ISPs use scanners just as up to date as anything I could buy. A little common sense is all it takes to be virus free. This libertarian would not support your plan - I see little advantage to having everybody install anti-virus software.
Wait, of all the modern OSes out there, tell me again, which have a virus problem?
By the way, why do we care about a random Slashdotter's idiotic musings, but more importantly, what do you have to do to get some shit like that on the front page?
You just got troll'd!
Honestly desktop security is all done wrong even in linux.
I'm an ubuntu user, I know the software I run is secure because I install from the repository.
Then I downloaded a python game, knowing it could do ANYTHING to get access to root or simply mess up my home dir, I created another user without privileges just to run this game.
Maybe I should have used chroot, maybe I could have used apparmor. I took the fastest route.
I think OSes should jail third party programs by default, not just "suspicious" ones. The large majority of software doesn't need to modify anything beyond their configuration files. Document handlers could be required to use the OS file save/open dialog to read or write to the file system.
Why isn't it done this way? Historical reasons I suppose. Software from the OS vendor is fine as it is (if you didn't thrust the vendor you couldn't use the OS at all) I'm talking about randomly downloaded programs.
But... the future refused to change.
This all seems to assume that having anti-virus software is better than not. A point not yet settled, in my opinion.
I've personally seen an instance where the virus scanner was doing more harm than good. It brought the productivity of about six software developers sharing a remote terminal server to a near halt for weeks because it was so busy running "in the background". I've literally seen viruses less destructive than that. And to think it was something my company paid for. It's was paying for something that did nothing but cost us more money.
It also seems to assume that you're running an operating system which needs a virus scanner. Mac OS and Linux often do not.
Question everything
How did this retarded article get FP'd?
Mod parent up. Dumb idea.
Incidentally, spam is way up in the last three weeks. Looking at a filter that sees mail from about ten E-mail addresses, spam volume had been from 40 to 70 messages/day for most of April. Around April 22, the spam level started to climb steadily, and now it's in the 180-200 messages/range. Is there a new botnet active?
If we want to approach this by regulation, it would help to make operating system companies financially liable for the damage caused to third parties by botnets able to attack their systems. Windows would become much more secure in a hurry. Remember, Windows is insecure mostly because Microsoft by default has a general policy of running anything that looks executable from any external source, from web browsers to USB ports to CDs and DVDs. Windows also lets installed software do just about anything. With liability for the manufacturer, systems would ship with most of that turned off.
This isn't that radical; automobile companies are routinely held liable for damage caused by design or manufacturing flaws. The radical thing is that software companies have managed to escape product liability.
First off, this seems pretty clearly within the scope of the interstate commerce power (in Art. I, Sec. 8).
Second, the Constitution isn't Holy Writ. That something isn't consistent with the Constitution isn't, in and of itself, an argument that it should not be done (its an argument that the government should not do it unless the Constitution is changed, but that's a very different thing: the first step for arguing that the Constitution should be changed to is to establish that there is something should be done which the current Constitution does not allow.)
Robert Hansen (RSnake) recently wrote a thought invoking post about the diminishing return of a security product as it's volume of use increases. I suggest the read. http://ha.ckers.org/blog/20090424/silver-bullet-metric/
-BrianWGray
The real problem is we buy, on the free market, insecure products. The real solution is to not buy insecure software. This is nearly impossible, but if we had heterogeneous environment, we could switch to OSX or Linux without any hassle. The problem is people don't want to pay the "Mac premium" so why do you think they'd pay $10 to have a safe computer?
The battle lines are fought in compilers. No one should be using null-terminated, bounds-unchecked strings. We need intelligent string and array classes. We have them We need to use them more.
We then need signed binaries - every DLL and EXE needs to be signed.
The only remaining problem after you've removed errant programming is the trojan aspect, and this should be enforced at the OS level as well as the browser level. You should not be able to connect to an IP address containing trojans and download binary files.
Those few steps - all in the hands of your OS vendor - are the steps they need to do. They will do them if you're willing to pay for them. But as we've seen our OS gets zip-opening capability before it gets a virus scan.
This whole secondary market of virus products should not exist. The secondary market is a band aid because the issues aren't being addressed. One could wounder they are being created just so there is a secondary industry. This allows the primary vendor to reduce price and have the virus scan vendor be an optional expense. One which doesn't factor in at the register, but does factor into the TCO.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
Buy a Mac or run Linux.
Kudos to the author for a fascinating post, but there are several problems with the model. For one, I don't know how appropriate it is to center this around the idea of positive externalities. I think a better image would be the "tragedy of the commons". Home users benefit less in a monetary sense than, say, a financial services firm or the IRS from buying and using antivirus software. Also, you list tech support as a cost, which it is, but it's also a market unto itself. Consider this: virii create a demand for technical support. If you were to reduce the amount of infections, you reduce the demand for support. If you reduce the demand for support, you reduce the demand for employees. (I'm using demand as shorthand for "quantity demanded" here.)
Finally, from a libertarian perspective (at least a market libertarian), I would argue that if there was a real perceived need for antivirus software to the extent that it was viewed as absolutely necessary, you'd see it without needing the government's help. As it stands, most people don't especially care if they have a virus on their computer, and those that do are willing to spend the money to protect themselves. Notice that ISPs do nothing to promote antivirus use because it doesn't affect their bottom lines. Most people don't get infected with virii that significantly impact their lives, so they don't see a need to invest in AV software. Kinda like oral herpes, when you think about it.
Finally finally, from a small-government libertarian perspective, you'd have to create a government agency, let's call it the Department of Information Technology and Security, or DITS. It might start out as a working group, but it'll end up either as part of DHS or as it's own cabinet level agency. Then that will spend a few years doing research. Then it'll issue some RFP's, which means you'll need to hire on a slew of contract administrators. And now you're talking about some money changing hands with the private contractors, so you've got to give the thing it's own IG office. At the end of the day, you've just added a whole new agency that will never go away and will only expand, which will cost more money.
If that sounds far fetched, keep in mind that the Department of Homeland Security was invented essentially to fill a void that could've been filled by a secure BBS.
This unbiased moderation brought to you by the Porcine Aviation Group!
The entire antivirus industry exists because Microsoft can't effectively design and implement a security model.
You've already paid $x for the operating system (whether retail box, MS tax, or service contract), you should expect that product to be secure. But it isn't. A simpler, more direct, and more effective approach would be to penalize the OS makers for producing insecure products.
As an analogy, automakers could never get away with putting a lock on only one door.
Why do software makers accrue so many apologists?
Some A/V companies make their A/V software (like AVG) available for free already. Should I pay the government for a copy?
Many ISPs (AOL, ATT and others) already provide A/V software for free. They determined that if they buy an Anti Virus (A/V) program for you and that stops you from getting infected then they save more than the cost of the A/V. Want a free one? Switch ISPs.
You want the government to MANDATE every computer has A/V? How about my servers that do not connect to the Internet? How about my Linux desktop? Should I be forced by the government to waste resources running A/V programs on an OS that for one reason or another does not need it?
Should I be required to run one on my set top box? How about my Tivo? My car? My phone? Next year, my refrigerator?
What will the government decide I need? The Lobbyist from one or more of the A/V companies will make sure that the specs are drawn in such a way that you can only use THEIR A/V solution. Who will lobby for OSS solutions like ClamAV?
If the government has already found the holy grail of A/V software what incentive so I have of advancing the art by creating a better one? Remember Ada?. It was to replace ALL programming languages used for government contracts.
If I do create a better A/V software, who would buy it? The government has already found the best ones and mandates you buy it or they supply it for free. Will your machine be slowed if it is running the one required by law AND my new improved one?
All in all, when the government solves computer related problems (and many others) like this, they do either too little too late or to much too late (see CAN-SPAM Act of 2003)
Many compromised computers have been compromised because they are running bootleg copies of Microsoft software and MS will not allow them to be updated. Should MS be forced to allow illegal copies to be upgraded?
Keep the government out of my bedroom and off my computer!
Instead of government taxing big tobacco, banning or disencourage its use, will promote and encourage its use, claiming that most have filters, and we have cheaper clinics that treats smoking related diseases,
Someone lost the clue where the problem is, and what are the best steps to solve it. Is like asking government to just give aspirines to stop the swine flu.
Get your anti-virus software here and here ..
It is your own responsibility to buy anti-virus software. For libertarians, that is the bottom line. While I challenge the assertion that this math equation proves everyone would be better off with government mandated virus software, in the end it is irrelevant. Government should protect our rights, not guarantee collective outcomes.
Daniel Gardner
www.wizkidsound.com
detect government-backed keyloggers?
More government subsidies!!
I wish Bennett would realize that he's not really the great writer he thinks he is and just shut up already.
The problem is that a significant number of users have poor security practices that allow their computers to become infected with a virus that in turn spreads to other computers and generally has a negative impact on everyone else. To resolve this problem I propose a new open source project, called "Anti-Virus Virus". This virus would contain a strong anti-virus/malware program that would protect the user's computer on their (and our) behalf.
Problem solved. Those with good security practices would not get the "virus" (unless they wanted it). Individuals with poor practices, well they were screwed anyway, so we might as well help them out. It is the perfect solution because it targets the computers most in need of this software, using the same method of distribution that the criminals use.
Because I make a great living removing VIRI from people who have fully up to date copies of AVG or Avast or some other crap software. Norton and McAfee are not any better btw.
Because government mandated IT policy will cause an efficient and complete solution to Aunt Janey installing Bonzai Buddy.
Please, tell me how I can waste as much money as possible on this project.
I agree about the benefits, and the hidden costs due to externalities. I'm afraid there are some flaws in the plan:
1. Even a patched antivirus is not full protection - oddly enough the virus writers also have copies of recent antivirus software and if their virus is spotted they tweak it until it goes undetected.
2. Patching is not full protection - Ever heard of zero day exploits and social engineering?
3. The historical codebase of Windows applications can significantly affect how tightly you can lock down permissions whilst keeping functionality. Of course, locking down an operating system not only requires skill and effort but can have an adverse effect in itself.
4. Some attacks arrive via trusted routes (e.g. media or websites from well respected companies).
5. Is it fair to throw money at people who deliberately use insecure operating systems. A flat fee could allow securer operating systems a financial benefit for the work they do protecting their users.
I agree more with Landsburg and Esther Dyson, but perhaps you should pre-emptively pay for your system to be cleaned (or de-virused) up as part of the cost of connecting to the Internet. In the event that you are infected you have a visit from a support engineer to fix the issue and you then put down another deposit against next time before being allowed to reconnect.
-- Don't believe everything you read, hear or think
They should just go all the way and make a government approved Linux distribution.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Except that Linux and Mac users aren't immune to viruses, they just aren't the big target. {...} As those OS's {...} gain position in large targets (corporate servers), they too will become larger targets.
Given the huge proportion of *servers* already running some flavour of Unix or another, POSIX-compatible environment *are indeed* a pretty juicy target for evil-doers since a long time.
Even more so because they are *servers* (thus run mostly unattended, are connected to the interweb with a "phat pipe", and might contain a lot more interesting private data).
And indeed there are efforts to attack machines running Linux and other unices. Lots of efforts.
The only problem is that the standard way unix-like OSes are organised makes them much more difficult to attack. /.)
- For one nobody runs everything as root, unlike Windows where 99.99% of the machines only have 1 single "administrator" account.
- Files aren't executable by default, but require further step to be validated as such (except for the recent exploit of shortcut formats featured on
- The unix-like world is much more diverse than the Windows world. People are complaining of the byzantine complexity of Vista flavours. But technically, under the hood they are the same beast, with a different set of limitations put on by the marketing department. The same exploit would work against any of them. Whereas, in the OSS world only, you have countless different distributions of Linux (*several* of which are widespread) and multiple versions in the *BSD family. Next to that you have also big variations in the commercial unices. You can't just have "one kernel exploit to rule them all".
- And in addition to that, most of the users happen to be a lot more technically educated (although *that* is something that can get diluted once Linux gets popular).
Thus to be able to gain access to juicy bits requires much more complicated and contrived means, in a territory which offers a lot less exploitable bits.
A widespread virus outbreak on windows is something really simple and sometime entirely automatic, like Code Red.
Pwning a unix machine often requires a multi-staged approach and is most of the time something done by hand, trying to adapt the steps to the peculiar combination of factors found on the target.
In fact, if you are working in a secure environment, *every machine* must have antivirus software installed, if it's available for the OS.
Well, someone has still to be able to detect and notify which of the other bozos has an infected machine.
Most of the servers at your ISP will probably run Linux or some other unix-like OS. Nonetheless these machine will have at least one antivirus software (and sometimes several) in order to be able to stop infected e-mails, or be able to detect if you start to send contamined mails.
Norton AV for Mac. {...} McAfee offers Linux/Solaris as well as Windows too.
Well, if you want to give example of AV running on Linux, then you should have kept with the opensource spirit and also cited ClamAV which is quite widespread on email servers, has a very fast response time in case of new threat (and also a couple of handy plug-ins for desktop use).
And is entirely free and open-source.
In addition to detecting viruses (mostly other OS'), a proper shielding of an unix box should also comprise good root-kit detection softwares, such as rkhunter and chkrootkit.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Very fine logic if the world doesn't change.
There are reasons we don't have "rulebooks for life". The world is too complex, things change.
Every 'the gov should do this' proposal starts out like this: obviously correct on its face. Every such proposal fails for some combination of reasons having to do with gov agencies having no incentive to solve the problem they were set up to solve (it would abolish their job if they succeeded), take-over of the agency by the regulatees, and the world changing so the problem and possible solutions are very different.
But the agency lives on, the rules and taxes degrade our lives forever.
OTOH, with Echelon and sisters, perhaps such efforts are gilding the lily.
tOM
Epitaph: At last! Root access!
I am going to make the same comment that got me modded down to one post last time. WINDOWS ANTI VIRUS SHOULD BE BUNDLED WITH THE OPERATING SYSTEM FREE OF COST.
"I guess I'm gonna fade into Bolivian."
I have to chime in too.
Make Microsoft fix their damn products.
You must not use the American education or health care system. When the government subsidizes it, the prices go up because there's more money to be had--fostering a dependence on government aid screwing the middle class.
Commerce Clause. Thanks for making the argument that more education is needed.
Thankfully, the SCOTUS came to their senses a few years ago and declared that the CC is NOT a blanket justification for universal Federal authority over everything. Congress had used it to justify totalitarian powers up till that point. Any argument using the CC as its justification has to have a much more narrow focus now, or SCOTUS will throw it out. I can only hope that one day they'll make a similar ruling on the "general welfare" clause.
Life is hard, and the world is cruel
I suppose that is possible. I had interpreted it as, "They hide from the realities of their surroundings."
Any pre-assembled computer must come with an install CD for several different free antivirus and other antimalware programs. 700mb is enough room for lots of competition, the total cost is less than a dollar per computer (so incremental cost on the order of a .1% tax on computers), doesn't force anyone to install anything, but ensures they have the option from the moment they get the computer.
Potential problems include craptastic software being on the CD. But given 10 (preselected) options, people will probably just ask their geek friends or ask google, which should point them in the right direction.
While the argument made here is good from a narrow economic view, do we really want the government to get involved with our personal computers?
Once we start down that road, where does it lead? In the end I think that opening the door for more government controls is far worse than receiving some spam emails or getting a computer virus.
If we're already accepting that the user is merely a conduit for input from a piece of furniture, then I guess it is acceptable to put that level of control in Microsoft's hands.
Can you be Even More Awesome?!
...is worth a pound of cure, as the saying goes. Most of the demand for antivirus software is in compensating for the afterthought-hacked-on security model of Windows. For a tiny fraction of the cost of treating this problem, the US government is sponsoring work on SELinux and OpenBSD to create more robust security models that thwart novel attacks with negligible maintenance and overhead compared to constantly scanning a system for known malware using an always-out-of-date database.
The glaring hole in this economic argument is that subsidizing antivirus software would decrease the incentive for Microsoft to make its OS more secure in order to maintain a competitive TCO with other operating systems, and decrease the incentive for people to migrate to more secure operating system.
There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
Yeah, don't mention it...
There should be mandatory computer safety training, at some level: municipal/government in the form of standardized aptitude testing, or probably even better, required credit(s) in post secondary education.
body massage!
This is mass vaccination program. Proved effective for diseases, should be efficient as well for numerical diseases, at the difference that mutation can be much faster and radical for handcrafted numerical ones.
Make Microsoft criminally responsible for defects in Windows.
you had me at #!
1) Open Source. Its our money, the software should belong to us.
2) The government has computers and a need for software and support of that software. Its already a big target for attacks, their experiences could benefit all of us.
No need to impose or advertise it; vendors would bundle it and/or customize it.
PS: A representative democracy can do anything it wants within the bounds of its Constitution even being able to change that Constitution itself.
Democracy Now! - uncensored, anti-establishment news
One thing that may or may not have been pointed out: if the anti-virus apps are subsidized there will be that much less amount of market forces i.e. motivation to improve and and invest in R and D. Furthermore if only two or three apps are subsidized those will likely be more common and the bad guys can find and exploit the weaknesses in those two or three anti-virus apps. We'll be right back where we started.
I'd also like to point out the patch for the conficker virus was released a month before the virus appeared. Only unpatched machines even can be infected. If everybody kept up to date with their windows patches a lot of viruses would be rendered ineffective before they got started (and with no anti-virus).
"UNIX is very simple, it just needs a genius to understand its simplicity." -Dennis Ritchie
Government needs to step in and spend loads of tax dollars giving us an AV scanner that also checks to makes sure our MP3 and movies are licensed and paid for, this scanner also needs to allow RIAA to scan it whenever it likes to insure copyright laws are followed. /sarcasm
That way private enterprise couldn't step in and create a "PROTECT Net Service" with free AV that doesn't allow you on the network unless your protected and backend support like ironport. With trained security staff to monitor and respond to attacks and notify you when your infected. Because the extra 3-5$ a month for this service would be far more expensive then the 3-6 month visits a user makes to the geeksquad when there computer grinds to a halt.
For all the people that claim AV software is useless please show me this magical land where all the threats are 0 Day and all users are knowledgeable enough to configure their router and only browse uninfected web sights. Its not perfect but it does improve security. A lock in the door allows a thief to break a window - Doesn't mean you should leave your door open.
The idea that antivirus software is anything more than a cheap scam is rather amusing. When will the oh-so-terrible malware threats go away? Maybe when people gain enough intelligence to realize that using something without understanding it is dangerous.
Implement the "Trusted" Computing platform. Then make downloading the latest govt AV mandatory.
And it makes no difference whether you have mandatory TC or not. AV requires such deep access to any system that any such "official" AV would be like having TC anyway. Because who knows what the AV will be doing to your system.
Personally I'll pass.
I think this is a great idea. We should make PSAs to educate our youth with. After all, we OWE it to future generations to ensure they have plenty of filler material to MST before the main feature begins. Who knows, maybe they'll have perfected Host Segments by then.
UTF-8: There and Back Again
The cost of anti-virus software is not the problem - there's plenty of free anti-virus alternatives in the market already, some of them much better IMNSHO than the paid-for offerings. If cost was the problem, everyone would be using free anti-virus software. And yet, there are still computers with no anti-virus software on them.
I think that many (corporate, in particular) anti-virus solutions are overly greedy on their CPU and memory usage. People notice this on their machines at work, or hear about it from friends and think, "my home computer's slow enough already, I'm not putting that crap onto it."
Content Control/Filtering solutions are also a desirable piece of software to have on home PC's. And yet when the Australian Government tried to give away NetNanny to anyone who wanted it, not a single person took them up on their offer. Not one. I don't know whether that says anything about NetNanny, or whether it shows that people don't trust "free" things from the government, but it must mean something.
Uninstall the Redmond virus using live distro Ubuntu CD...
~ In Trust, We Trust ~
The submitter needs a better understanding of economics. He considers only the first-order effects, a classic blunder which is thoroughly discussed in Henry Hazlitt's classic book Economics in One Lesson, a rigorous treatment in layman's language which I recommend to everyone. (Google turns up a free ebook version that seems to be complete.) I'll give two reasons why this reasoning is bad:
But now suppose the government offers a $5 rebate (funded by a tax on all 100 million Internet users) to anyone who buys anti-virus software. Everybody who would have bought the software before, will obviously still buy it now that the government rebate has effectively lowered the price to $35, and now, all the people who value the software between $35 and $40 will buy it as well. For each person who purchases the software at the new price of $35, the following is true:
* The person who bought the anti-virus software is better off -- they valued the software at at least $35, and they got it for $35. (Otherwise, they wouldn't have bought it.)
* The taxpayers who subsidized the purchase are better off. Each rebate cost the taxpayer one-hundred-millionth of $5. But when that user installed the anti-virus software, they conferred $10 worth of total benefit on all other Internet users in the US, so that benefits each Internet-using taxpayer one-hundred-millionth of $10. So they're ahead.
1) The $5 coupons that are given to people who would have purchased the software anyway doesn't benefit the taxpayers at all. Say the subsidy spurs 50% higher antivirus sales over the next year, which I think would be a pretty incredible success. In that case, taxpayers are paying $15 for each "new" antivirus user. For every three subsidies granted, two of them would have purchased the software anyway. Thus for every 3 subsidies ($15), taxpayers have a net benefit of only $10. It's a losing deal unless you make VERY generous assumptions about the increased adoption rate due to the subsidy (I think mine was pretty darn generous), or the value of the positive externality (for which $10 seems reasonable to me, but is still pretty subjective and unproven), or both.
Note that, if $35 antivirus sold 50% more than $40 antivirus, someone probably would have already done it and made a bunch of money... which leads me to my next point:
2) You assume that prices would stay at $40. That would almost certainly be inefficient, irrational behavior by the antivirus company/ies. This is Hazlitt's One Lesson: you can't just look at one facet of your policy and assume everything else stays the same. Basic economic theory suggests that antivirus software would rise in price by somewhere between $0 and $5, and probably closer to $5 if the amount of the subsidy is a small fraction of the original purchase price and if prices are not being driven down by efficient competition (which seems unlikely, since there is free antivirus software available but companies can still sell theirs for $40).
Let's use an example: 50 million people would pay $40 for the software, and 5 million would pay $35 but not $40. (Also, of the 50 million who would pay $40, only 40 million would pay $45.)
Anti-virus companies have determined that the optimal balance of revenue per sale and number of sales occurs when they have a price of $40. The extra 5 million people are not worth lowering the price, because they'd make less on each of the 50 million that would have bought it anyway. $35 * 55m $45 * 40m, so neither raising nor lowering the price will raise revenue.
Now consider the $5 coupon. The companies will make the same pricing calculation, whether explicitly or implicitly. They will determine that the new optimal price is now higher than $40, because consumers will still make their purchasing decisions based on how much they actually have to pay out of pocket. Now they can charge $45 and still get 50 million sales, not 40 milli
Everyone here keeps saying anti-virus is worthless, not even worth pirating. And yet, whenever I visit a school to perform IT support, the Sophos logs don't lie. I'm always seeing computers where students have tried using infected USB drives with autorun trojans, and of course the anti-virus stops them. That at the very least shows its worth (not Sophos, anti-virus in general, I'm not shrilling a particular company now). So what's the alternative? Educate the users and hope they won't bring infected drives to school? They either won't listen or won't understand the concepts. It's easier just to block known attack vectors via anti-virus.
Having said that, one of the school's my employer supports was recently infected with Conficker, with half the desktop machines infected. It was wiped out in the end, but it wasn't fun. No, we won't install Linux because then we wouldn't be able to run Windows Movie Maker, IE or the various education apps that simply don't exist for any other platform. That and the that no-one cares about Linux, at least in Australian IT.
Commerce Clause. Thanks for making the argument that more education is needed.
Thankfully, the SCOTUS came to their senses a few years ago and declared that the CC is NOT a blanket justification for universal Federal authority over everything. Congress had used it to justify totalitarian powers up till that point. Any argument using the CC as its justification has to have a much more narrow focus now, or SCOTUS will throw it out. I can only hope that one day they'll make a similar ruling on the "general welfare" clause.
Is that so? In the last major case on the Commerce Clause, Gonzales v. Raich, 545 U.S. 1 (2005), the Supreme Court actually upheld, under the Commerce Clause, the application of the Controlled Substances Act to the growing of marijuana for medical purposes, even though this was a "non-economic" activity. So I wouldn't read the obituary of the Commerce Clause just yet -- it still has plenty of life in it.
As for the current proposal to subsidize and/or educate the public in the use of anti-virus software, I think it's fairly trivial to demonstrate that computer viruses are both a) interstate by nature, and b) have a substantial economic effect. Thus it easily falls within the enumerated Commerce Clause power (if not other enumerated powers) of the U.S. Government to subsidize or educate software that prevents it
They're not promoting X brand of digital TV converters or XY cable TV company or XYZ satellite TV company. It's the same thing really, and you're taking it out of context.
That's not a good example. The reason the government is pushing the digital tv upgrade is because it ruled that such upgrades must be so. You know, it mandated that, because it asserts it has a right to rule the airwaves.
This is my sig.
1) No, this doesn't make an argument a true libertarian would agree with. There's plenty of things where some specific argument could be made "collect taxes and let the gov't do it, it's better for everyone", but that way lies a massive pork-filled government.
2) More specifically, I don't want a tax collected on my internet service to fund buying virus scanners for windows users. You'll find once you get away from windows, there's not this huge virus threat, and no it's not because of market share. You'll find the occasional worm that relies on you getting a file, manually marking it executable, and running it... and stuff that spreads via insecure ssh or apache configs (i.e. won't apply to a desktop.) I can get free software to scan for the few threats there are.
"To see that this is a reasonable assumption, suppose that if I had a choice between living in a world where all 100 million other Internet users in the US had no anti-virus software installed (using round numbers to make things simpler), and living in a world where all of the other users in the US had anti-virus software installed, I would pay $10 more per year to live in the latter, counting only the benefits to me and not factoring in any altruistic desire to help protect fellow citizens."
It's great that the author would be willing, but I am NOT willing to give my money simply because someone is too stupid to download a free AV program to check their Pr0n downloads.
Just because the author thinks it's a good idea does not give the author any legal or moral authority to commit MY assets.
No libertarian that's actually a libertarian would agree with this nonsense.
"that is securing operating systems and educating users so that they don't install viruses ? This can also be push forward with tax dollars and would be more useful IMHO." - by godrik (1287354) on Wednesday May 06, @10:25AM (#27845351)
Agreed... per this:
----
HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it 'fun-to-do', via CIS Tool Guidance (& beyond):
http://www.tcmagazine.com/forums/index.php?s=62794411b0bfb0002528d287f570a935&showtopic=2662
----
It's what you're suggesting, & it works.
APK
wouldn't imposing a botnet onto a home computer by force (edict or whatever, against their will) for military purposes be the electronic equivalent of quartering soldiers in a persons home?
I said "a campaign against botnets", not "a botnet" itself. I must not have made it clear that I meant botnets controlled by foreign states, not a botnet controlled by the US Armed Forces (for which you'd be justified in pleading the Third). I was thinking more along the lines of a 21st century counterpart of "duck and cover": Ad Council PSAs directing citizens to a comparison of how well the various operating systems and anti-malware packages detect threats being tracked by US-CERT and by other agencies. So unless you claim that the anti-malware packages themselves form a botnet, I don't see how the Third Amendment would apply.
We don't need another PSA for a problem after the fact.
We need cheap affordable firewall appliances in front of the boxes facing the web.
Think about it, we just did this (similarly) with the DTV / ATSC roll out.
And before someone say's there already are available, I would have to point out no they are not available like the ATSC tuners. And I don't see the US Government funding say IPCop and corporate media running ad's on getting your firewall up.
Schools don't teach the kids either. Sure they teach them how to open a word doc, but they don't explain network security. It's a real skill set that kids graduating high school should have. They should know iptables, or pf. They should know what an ISA network card is vs a PCI card.
Yeah yeah yeah I can find a network appliance
http://www.nextag.com/firewall-appliance/search-html
But I can't find one for $50 that the government pays me back $40 with a coupon.
If big brother should be hawking something, it should be hardware firewalls not anti-virus software.
A virus doesn't get on your computer by itself. It has to be run somehow. You have to run it. The skill set to track down a virus and remove it without any anti-virus software should be taught as well. At best anti-virus software is a tool to help you find something bad. Look at the windows log files. What good is it? Sure isn't like /var/log/messages where you can actually find something bad going on. I doubt most users ever look at windows logs in their entire life. On the other hand linux users learn early on to read the logs.
We need to keep the bad packets out in the first place in my opinion. Every anti-virus software I have ever used (some better than others) gives false positives, and also sucks up productivity resources. We need to get work done not deal with a warning / pop-up every time we restart some program. Also, I have written bad programs going completely undetected by anti-virus.
will it run Linux?
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
Anti-virus software is not a solution; it's a symptom.
The solution to spam is changing the way emails are handled.
If you want to talk of positive externalities, just consider the global benefits in terms of productivity if everyone dropped Vista/XP for Linux. The government should offer to pay $100 to each household that switches to using Linux. Not that there is any conceivable way of determining such a thing or enforcing it.
But these ideals of mine won't come true. In the mean time, if the anti-virus thing comes up I'll vote for it.
Like ad campaigns teaching people to wash their hands after going to the toilet?
Affects 100% of the population, and the benefits don't require explaining what '+ve externalities' means.
Camera pans over a cubicle farm of unsecured PCs all showing screen "LOLZ, you've been PWNED", finally focusing on a nerdy looking guy with a tear dripping down one cheek.
Voice-over:
"Keep the internet beautiful...Keep your PC secure."
...for government intrusion, censorship, and propaganda, they rip down the house. Not to worry, though: PNAC loves you.
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
...and ultimately unenforceable. That's why congress will love the idea! An easier way to achieve the same results is to force ISPs to mandate the use of Linux or BSD to access the network. Problem solved. Microsoft could get a six month grace period to come up with an inherently safe OS.