Let Big Brother Hawk Anti-Virus Software

Frequent Slashdot contributor Bennett Haselton writes with his idea for mass adoption of anti-virus software: "If the US government did more to encourage people to keep their computers secure — by buying TV ads to publicize free private-sector anti-virus programs, or subsidizing the purchase of anti-virus software — we'd all be better off, on average. That's not just idealistic nanny-statism, but something you can argue mathematically, to the point where even some libertarians would agree." Read on for the rest of Bennett's thoughts.

This requires a discussion of "positive externalities," which may seem pedantic to you if you remember the concept from econ class, in which case you can skim the next five paragraphs. When you buy anti-virus software, some of the benefits accrue to you — less risk of your data being lost to a virus, or of annoying spyware infecting your computer with pop-up ads — but some of the benefits also accrue to other people. Prior to anti-virus software being installed on your computer, your machine might have been infected and taken over by criminals who used it to send spam. Or it might have helped to propagate the virus to other people. (Note: I am using "virus" to incorporate related things like "worms" and not worrying about the distinction.) Or you might have thought there was a problem with your computer, not realizing the problem was caused by a virus, and wasted time calling the tech support line for your computer manufacturer or for some other product on your computer. (If the company charges for tech support, then you're paying the cost of your call rather than passing those costs on to others, but if the call is free, then the costs have to be passed on to the company and hence indirectly to their other customers.) When you install anti-virus software, the chances of all these things happening are reduced, and those are the benefits that accrue to others — positive externalities, in economics jargon.

The key assumption is that you can put a price on all of the positive externalities generated by a given person installing the anti-virus software. It's different for every person, but it always adds up to some value, something that is not microscopic, but also not fantastically larger than the purchase price of the anti-virus program. It's on the order of adding 1/100,000th of a penny's worth of value to the lives of 100 million other people, for a total positive externality of $10.

To see that this is a reasonable assumption, suppose that if I had a choice between living in a world where all 100 million other Internet users in the US had no anti-virus software installed (using round numbers to make things simpler), and living in a world where all of the other users in the US had anti-virus software installed, I would pay $10 more per year to live in the latter, counting only the benefits to me and not factoring in any altruistic desire to help protect fellow citizens. (I personally would pay a lot more than $10 because I use the Internet so much, but the average might be closer to $10. Also, what I'd really like is for more people in certain other countries to install anti-virus software — China comes to mind — but I'm leaving them out of this discussion because it would be harder for the US government to encourage that.) When everyone else in the US is using anti-virus software, the benefits are returned to me in various ways, such as it being easier for me to send and receive e-mail because there aren't so many botnet-infected machines sending spam. (This is independent of my decision as to whether to buy anti-virus software for myself or not.)

Now, once I've decided I'd pay $10 more to have all my fellow Americans install anti-virus software, I could draw a graph (while my friends are out snowboarding with their girlfriends) with "how many other US users have hypothetically installed anti-virus software" on the x-axis, and "how much would I pay to live in that world" on the y-axis. At the point on the graph where no other people have anti-virus software, I'm willing to pay $0 to live in that world. (Well, of course I'd pay a lot more than $0 to be alive in any world, but I'm comparing other worlds to that one, so I'm just using $0 as my baseline.) At the point on the x-axis where all 100 million other users have installed anti-virus software, I'm willing to pay $10 to live in that world instead. What does the graph look like in between those points? Well, I can assume it's upward-sloping — the more other people install anti-virus software, the better it is for me. I could also adopt the simplifying assumption that it's a straight line — so I would pay $3 to live in a world where 30 million other people have anti-virus software installed, $6 to live in a world where 60 million other people have it installed, etc. It's not really a straight line, because when the first 50 million Americans install anti-virus software, that still leaves 50 million others to get infected and do damage, but when the next 50 million install it, that has eliminated all the unguarded computers in the US, and made it a lot harder for viruses to spread, at least within our borders. In other words, the line representing the quality of life to me as a function of how many other people installed anti-virus software, would rise more slowly in the range 0-50 million than it would rise in the range 50-100 million. But as long as the curve doesn't make any sudden jumps — for example, I know that the 30-millionth person installing anti-virus software isn't suddenly going to make my quality of life go up by $1 — I know the curve generally has to rise smoothly. So for a really rough approximation I'll treat it as a straight line.

If the graph is a straight line with the value $0 when nobody else installs anti-virus software, and $10 when everybody else installs anti-virus software, then each additional user installing anti-virus software creates an additional benefit to me of 1/100,000th of a penny (so 1/100,000th of a penny, times 100 million, comes out to $10).

You may think it's ridiculous or meaningless to say that someone else installing anti-virus software can benefit me to the tune of 1/100,000th of a penny. I myself can't wrap my head around it. But I can use the necessary properties of the graph — that it starts at $0, ends at $10, must curve upward, and doesn't make any sudden jumps — to reason that it should be approximately true.

And then, if each other US Internet user derives an average of 1/100,000th of a penny's worth of benefit when you install anti-virus software, then the total benefit that you confer on other people by installing the software, comes out to 1/100,000th of a penny times 100 million, or $10. And that's not even counting all the spillover benefits to users in other countries each time an American installs anti-virus software, something that we could consider a kind of off-the-books foreign aid. (Even if we would really like for it to be reciprocated by all users in countries like China installing anti-virus software as well.)

This is actually not hard to reconcile with people's attitudes toward installing anti-virus software. It's recommended as something you should do not only for your own protection, but also as something you should do to be a "good Netizen" so as not to impose inconveniences on other people. If your installing anti-virus software only conferred about 1 penny's worth of total benefit on the rest of the world, nobody would bother exhorting you to do it as a kind of civic duty. On the other hand, if your installing anti-virus software conferred thousands of dollars' worth of good on the world (or, equivalently, not installing anti-virus software exposed the rest of the world to thousands of dollars' worth of risk or damage), then people would not only be exhorted to install it, it would probably be required by law, like functioning car brakes. The kind of pressure that we see today to install anti-virus software — gentle prodding but not outright compulsion — feels commensurate with a value between $1 and $100 of the benefits that a person confers on the rest of the world by installing it.

But this logic also means is that we are missing an opportunity to make everybody better off on average, by actually subsidizing the purchase of anti-virus software for some people who otherwise would not have bought it. Suppose each user confers $10 worth of positive externalities on other American Internet users when they install anti-virus software. Now first consider the case of an a program like Norton Anti-Virus which costs $40.

For anybody who personally values their own anti-virus protection at $40 or more, great — they'll buy the software, they get the value they want from it, and everybody else gets the positive externalities of that person's virus protection, for free. But consider the people who value the anti-virus software at somewhere between $35 and $40. With no government rebate, they won't buy the software.

But now suppose the government offers a $5 rebate (funded by a tax on all 100 million Internet users) to anyone who buys anti-virus software. Everybody who would have bought the software before, will obviously still buy it now that the government rebate has effectively lowered the price to $35, and now, all the people who value the software between $35 and $40 will buy it as well. For each person who purchases the software at the new price of $35, the following is true:

• The person who bought the anti-virus software is better off — they valued the software at at least $35, and they got it for $35. (Otherwise, they wouldn't have bought it.)
• The taxpayers who subsidized the purchase are better off. Each rebate cost the taxpayer one-hundred-millionth of $5. But when that user installed the anti-virus software, they conferred $10 worth of total benefit on all other Internet users in the US, so that benefits each Internet-using taxpayer one-hundred-millionth of $10. So they're ahead.

If this seems fanciful, we're still in the domain of standard economics textbook stuff. When positive externalities are involved, the free market by itself will usually not reach the optimal outcome; by adding in some government subsidies, you can achieve an outcome that leaves everyone better off than they were before (even after subtracting the cost of the taxes to fund the subsidies). Call them "subsidies even a libertarian could love." Steven Landsburg's books The Armchair Economist and More Sex Is Safer Sex, and Tim Harford's books The Undercover Economist and The Logic Of Life, explain the logic of externalities probably better than I can, and give other interesting examples. When I say "subsidies even a libertarian could love," consider that Landsburg once wrote that George W. Bush's tax plan was unfairly burdensome to the rich, because "it seems patently unfair to ask anyone to pay over 30 times as much as his neighbors." That's pretty, uh, libertarian. But even Landsburg has argued, in More Sex Is Safer Sex, that LoJack anti-car-theft devices should be heavily subsidized by the government, because they create positive externalities — when more people buy LoJacks, thieves are deterred from stealing everyone's cars, because there's no way to tell whether a particular car has a LoJack installed or not. To the extent that anti-virus software creates positive externalities, it should be subsidized as well.

A modified version of this logic applies even to free anti-virus programs like AVG Anti-Virus. AVG is only "free" if you don't count the costs of finding out about it in the first place, then downloading it, installing it, and leaving it running. All of these add up to costs that, for whatever reason, have led to many people choosing to run nothing at all, rather than to run AVG even though it's free. If the government ran a campaign announcing the rebates for purchasers of anti-virus software, they could also use the campaign to recommend certain free programs -- thus effectively offsetting the "costs" by providing a "subsidy" for those programs in the form of free advertising.

When I ran this past some people for comment, two respondents, Steven Landsburg and Esther Dyson, independently recommended versions of a popular alternative idea, which was to penalize people directly for spreading computer virus infections. Landsburg commented:

I certainly think there are huge externalities here, and they derive from the fact that idiots who don't know what they're doing insist on administering their own mail clients. I don't have a mail client on my machine precisely because I am one of those idiots and I don't want to be responsible for a virus grabbing my address book and running with it.

So I have long thought that mail clients should be taxed and/or (if it were technologically feasible) that individual users should be fined heavily if viruses spread from their machines (or send spam from their machines).

Esther Dyson suggested something similar:

One method to consider is — rather than subsidy — requiring the ISPs to post a bond for their customers and assume responsibility for their actions. They can ask their customers in turn either to buy an antivirus package, to sell one that the ISP will offer for free, or to post a bond guaranteeing that they know what they're doing and will do no harm. The ISP is then liable for the misbehavior of its customers and may forfeit the bond if some specified level of disruption is caused by its customers.

In theory, this works better than my idea because it precisely targets the undesirable behavior: We don't really want to penalize people for not running anti-virus software, we want to penalize people for not running anti-virus software and imposing costs on others as a result. It's not possible for 100 million people to charge one person 1/100,000th of a penny each for the inconvenience and risk that person creates by not installing anti-virus software, but it might be possible for one recipient of the virus to seek to punish the person who gave it to them.

However, I think this scheme would have more practical problems:

1. You can only penalize the virus spreader if you know exactly who was responsible for passing it on to you. This works for old-school viruses that spread as e-mail attachments, but not for worms like Code Red that probe the network looking for other machines to infect — if you're infected as a result of a remote IP address probing your machine, it's unlikely that you would ever find out exactly when or how it happened, much less the owner of the IP address that infected you.
2. If you found out that a friend spread a computer virus to your machine, you'd probably be under a lot of pressure from your friend not to turn them in.
3. For people who did get taken to court for spreading viruses, there would be overhead costs associated with processing the case, over and above the actual fine that may be levied against the individual. (If the penalty happens outside the court system — for example by ISPs keeping the bond posted to them by a customer — at least some of those customers will probably feel wronged and sue the ISP, generating court costs either way.)
4. If someone accidentally spread a virus to a large number of other machines, that could make their total liability far greater than what they could actually pay.

The idea of fining or otherwise punishing people for accidentally spreading viruses is something I've thought about too, but usually in a moment of venting. As Steven Landsburg dryly says, "Your solution (subsidized antivirus software) might be more effective, but mine would be more satisfying (to me)." I think the option of punishing people for propagating viruses is something that should be explored in more detail, but I can't offhand think of any solutions that would avoid the problems listed above. The fact is that anybody with an Internet connection has the potential to do enormous damage if their machine gets infected, and in most cases it would be too hard to track the harm back too them, and too harsh to make them pay the real cost of the damage.

On the other hand, the option of a government publicity campaign to get people to install anti-virus software — at least the free ones, which should be a no-brainer — is something that seems like it should start bringing benefits right away. Government advertisements for free programs would require the least amount of paperwork to set up, because all the government would have to do would be to produce the TV ads and buy the airtime. (Other proposals, such as subsidies for non-free anti-virus software, or paying people outright to install anti-virus software, would require more overhead to implement. That doesn't mean they shouldn't be tried, but go for the low-hanging fruit first.) Now, what the ads should look like would be a question for advertising experts, but I would really hammer home the point: "Go to this government website and we have a list of recommended FREE anti-virus programs. These are not 'free trials' for something you have to pay for later. They are FREE. If you're not using anything at all, at least go get one of these." Along a list of the non-free programs for people who want even more protection, and links to third-party reviews of those.

More generally, I think that government-funded action to encourage better computer security is something that has not been given enough consideration. I think this is partly due to hostility to anything that smacks of government intervention (because of, among other things, numerous times the US government has attempted to censor the Internet), and partly because of an assumption that the free market will provide the best solution by itself. But if the government is actually on the right side of an issue — the side of promoting better computer security — then there's no reason to be petty and foul up their campaign just because we're still resentful that they once tried to make the Internet into a no-cussing zone. Hey, if the government thugs start to care more about computer viruses than about Internet porn, then they're learning! Give them a pat on the head and help them get the word out! And meanwhile, economic theory predicts that because of the externalities problem, the free market by itself won't lead to the optimal number of people using anti-virus software or keeping their computers secure. That's precisely the situation where a government-funded push toward more computer security can bring everyone more benefits than it costs. If you wear a Ron Paul t-shirt, but you found out about free anti-virus software software from a state-sponsored TV ad, nobody has to know.

What about the standard way ?

[godrik]

that is securing operating systems and educating users so that they don't install viruses ? This can also be push forward with tax dollars and would be more useful IMHO.

Re:What about the standard way ?

[Benanov]

Going to have to agree with that.

All this talk about positive externalities and encouraging large numbers of people to do something might be better served by the government requiring higher minimum security standards for operating systems and charge pigouvian taxes to software makers who don't meet those standards.

Sadly this only works in the ideal world.

Lobbyists would destroy it (to the point where Windows 95 would pass) and the only people who would be hurt would be Free Software authors and SMBs who don't have enough representation.

FWIW most ISPs offer "free" anti-virus; most of the time it's McAffee or Norton. That and really virus scanners are a bandaid to poor security.

They're effectively a blacklist (with some mostly ineffective greylist heuristics), and blacklists aren't really useful against continual new threats.

Re:What about the standard way ?

[postbigbang]

Although draconian, I say partition machines that are parts of botnets, those that distribute undeniable spam, and those that perform port probes. Yes, I know that spoofing makes that tougher, but it's a start so as to jolt people into taking responsibilities for their ownership in their own systems.

Route around the bastards, I say.

Re:What about the standard way ?

[cayenne8]

Just one problem with all these suggestions.

This is not something the Federal Govt. is mandated to do?!?!

Where in the constitution would be the mandate for the feds to promote something like this? I know people try to squeeze everyting into the 'general welfare' statement, but, c'mon, this is a 'reach' even for something like that.

Re:What about the standard way ?

[tepples]

They're effectively a blacklist (with some mostly ineffective greylist heuristics), and blacklists aren't really useful against continual new threats.

I can think of four ways to keep viruses and worms from spreading: operating system security, blacklists, greylists, and whitelists. Blacklists and greylists in mainstream antivirus software for Windows are less than perfect, as you point out. Whitelists implemented in non-free operating systems (such as Authenticode and game console lockouts) have tended to be unfriendly to microISVs and free software developers. This leaves OS security. OLPC's web site describes Bitfrost, an interesting security layer that provides finer-grained security than is seen on most Linux or Windows desktop installations without depending entirely on lists. For instance, an app's installer can request directory scanning privileges (P_DOCUMENT_RO) or network privileges (P_NET), not both.

Re:What about the standard way ?

[mc1138]

They'll just make a better idiot. I'm not saying anti-virus alone will do it, but I've found through practical experience that trying to educate users really only works with those are willing and able to learn. A vast majority of computer users are click happy and impatient willing to click anything and everything to get on with their day.

Re:What about the standard way ?

[Rogerborg]

Commerce Clause. Thanks for making the argument that more education is needed.

Re:What about the standard way ?

[fuzzyfuzzyfungus]

If I were pushing this plan, I wouldn't try "general welfare", I'd go for "security".

Just loop "blah, blah cyber-terror yada blorg emerging network-centric threatspace blah, yadda, rogue state espionage etc. soforth pedophile super hackers drone bloviate organized crime identity theft" until everybody's eyes glaze over. At that point, anybody who opposes the measure is a shifty-eyed pedo-terrorist who wants the chinese to hack the pentagon. Problem solved.

I'm not sold on the idea; but it would be an easy sell.

Re:What about the standard way ?

[EvilBudMan]

Really, McAfee AntiVirus Enterprise Edition with all the goodies (anti-spyware) will get some honest files while missing most spyware. For instance it doesn't seem to like port scanners which is good for clients I guess? Maybe?

That sounds like something else the government already has to spy on you. Windows. The automatic delete feature will be added for *.mp3's and things like that with a government endorsed or enforced antivirus choice.

Re:What about the standard way ?

[hedwards]

Right, which is why I suggested a license way back. People complained that I was being elitist, but come on. The only way that we're going to be able to cut down on the spamming, scamming and other cyber crimes is through making sure people are educated and towing the line.

It doesn't do me much good to behave responsibly when so many people are not doing so. Ultimately those people that have malware and virus infected computers cost me time and money.

Re:What about the standard way ?

[Hurricane78]

Educating users? What parallel reality are you from? ^^

It has never worked. So perhaps it would be time to learn that it never will. ^^

After years of designing the interface of an internally used program of a medium-sized company, I learned one thing for sure:
They will *not* ever learn to do it right, as long as they have a choice. So if you want users to use your software in the correct way, you have to make it the only way to use the program.
This does not mean that you can't offer a version for power-users who know and care about what they're doing.
But for most people, who just want to get the job done in the most effortless way (and rightfully so!), this is the only way to go.

I leave it as a homework to you, how to implement this in an OS. ^^

Re:What about the standard way ?

[Opportunist]

A good idea in theory, where it fails is that there has to be a good deterrent.

"So you educate me and secure my system? OK. Whatever. But I want to see the dancing pig and I want to get rid of the "security" because it bars me from using a crack for a game I don't want to buy. That this crack also infects my system, do I care? I don't do online banking on the game machine and that I'm a spam chucker... pffft, my pipe is fat enough that I don't have to worry, I can still play."

Here's what you basically get as a reply: People do not care. Even if they do know about the security risks. Why bother securing anything? Their point is, they don't get damaged, their bandwidth is not metered and they don't have any personal info on the PC (ok, they think they don't, and don't care about targeted ads), so they simply don't care.

That they are a nuisance to the general internet population and that they're adding to the security risks and problems, none of their concerns. It does not damage them personally, so ... pffffft!

Unless you're responsible for your machine's actions, you won't see a change in this behaviour. No matter how you educate people and no matter how you secure machines. You can only educate people that want to learn, and you can only secure machines to the point where their user breaks their own security for dancing pigs or cracks.

Re:What about the standard way ?

[Opportunist]

You are aware that the security scene reinvents itself every other month, yes? By the time you get anything resembling a guideline or even a code out that software makers would have to adhere, and giving them the months to actually get their code up to par, it's already long obsolete.

In an ideal world, we'd immediately know what security risks exist, we'd immediately be able to find a definition of a secure system, this would immediately be implemented and no further security risks would ever be discovered.

Unfortunately, NONE of those requirements are met by reality.

Re:What about the standard way ?

[Opportunist]

And what should that license look like?

He can turn it on without the machine exploding and he won't click on every hopping bunny that meets his eye. Ok. Great. Oh, he should also be able to secure his WiFi AP (whether he has one or not doesn't amtter, but he has to be able to do that). He has to make sure his Bluetooth device doesn't accept random crap to spew it to surrounding bystanders, he has to know, he has to do... and ultimately people will do what they always do when it comes to learning for degrees or licenses that doesn't interest them in the least: Learn it word by word by heart, do the test, forget it immediately after and shrug it off.

No. You know what's the way? If you contribute to the problem, you're held liable for it. Show us that you did everything that can be expected from a person who wants the right to participate in a global information exchange, or face a fine. I'd already be willing to say if you keep your OS and software updated, if you have antivirus installed, if you have a router in front of your machine that doesn't open its gates for every piece of junk, you're off the hook. If you're TOO STUPID to not be a threat to the internet, pay the stupid tax.

Re:What about the standard way ?

[godrik]

I completely agree with you. My point is that every protection software will get deactivated by user if they want to see the dancing pig. Thus I believe that anti-virus software are not a solution to the malware problem.

What you need is a robust system (I am speaking about OS level security not annoying anti virus) to prevent machine infection in the first place. A software should not be able to get system/root privilege from a user account (which clearly happen in windows, and is certainly possible in linux). Once this is true, the security policy becomes: 'nothing' for regular user that do not look for dancing pig and 'crash your user account each week' for user that do not care that much. If a malware can not cross the user boundary, you can just run as many crappy software as you want under a derivative account without any care.

Re:What about the standard way ?

[idontgno]

If I were pushing this plan, I wouldn't try "general welfare", I'd go for "security".

Again proving that the backdoor password to the Bill of Rights is "terrorism".

Oh, I'm not saying it won't work. Frankly, it probably would work. It certainly has a good track record.

I'm just saying it's not right. FWIW.

Re:What about the standard way ?

[Opportunist]

So, essentially, you say what we really need is TCP.

Because that's what you'll get. If you want to take the ability to circumvent security out of the user's hands, what you get is hardware and software that dictates to you what you may do with your machine.

Re:What about the standard way ?

[stim]

How do you know you don't have a virus is you don't have any software installed to detect it?

Re:What about the standard way ?

[godrik]

Well, I was thinking of a Unix like operating system that allows a user to do anything on HIS account but that never get to an other user account. The user can install anything, it does not have to run under an other privilege than the user privilege.

A process running in windows should not be able to get system privilege. In practice it can because there are bugs in the system or the user enters the administrator password. But no software should need Administrator privilege to run except hardware driver.

I do not see the link to TCP since it will not prevent software flaws...

Re:What about the standard way ?

[curtix7]

I agree. If any money is to be spent on the group people-that-double-click-trojan.exe it should be spent on helping them understand that computers aren't magical and that you don't need a degree in computer science to have a good idea of what's safe or not.

Re:What about the standard way ?

[naubol]

I wish I had mod points for this post. +2 insightful, +4 funny, -1 flamebait!

Re:What about the standard way ?

[Opportunist]

Doesn't solve a thing. How many users do you think would exist on the average user machine? Right. One. So whether you infect the machine or the user does not matter, as long as the machine is on, the user is logged on and any daemon running with his privileges will be running and doing what it pleases.

And it's not really hard to lure a clueless user into granting elevated privileges. Just promise him what he wants. From dancing pigs for the obvious morons to a "special" version of a cheating tool and things that make your system "go faster"...

Re:What about the standard way ?

[operagost]

Under your immensely broad determination, just about anything could be considered commerce. After all, we're talking about subsidizing anti-virus software. That's not regulation: that's socialization. Regulation would suggest having the government set standards for anti-virus software to protect consumers from fraud-- and even then, those regs would only apply across state lines.

Re:What about the standard way ?

[Chlorine+Trifluoride]

That's right. No matter how many warnings Windows 7 has, the end user will click right through the "This program is attempting to change Vcore and will destroy your computer" warnings. TC would work, but it's out of the question. The only real solution is ... none. As long as the end user has control of the computer, viruses and botnets are here to stay.

Re:What about the standard way ?

[davester666]

Given that the Federal Government is incapable of training their own employee's to NOT use (or even install) file sharing applications like LimeWire, I doubt their ability to train the general population on computer usage.

Re:What about the standard way ?

[Gerzel]

There is also the problem that lobbiests would not have to destroy it.

It is one thing to make a secure operating system but it is quite another thing to keep that os secure especially over hundreds of thousands of users.

In the end, practically, the security of an OS is only temporary until someone can figure out how to break it.

Also this is how government in many ways is supposed to work.

Take Healthcare and how a government improves its citizens health. Now many would argue that a government should have nothing to do with that and never does much for the average citizen but they would be wrong.

Most health improvements over the centuries have come from government activities. Sewers in large cities, food regulations, even direct medical research to a large extent.

Look at the rise of governments and see the rise of populations as well as the increase of average life span.

Government isn't just for police and military in most cases(in fact being just for those two causes is a major symptom of despotism).

Re:What about the standard way ?

[earlymon]

Not only is the government not mandated to do it, but there are some most excellent laws that prevent the government from competing with private industry. Not only does this lead to gov't subcontractors but actually requires it some places.

Otherwise, I'd guarantee that the DOE and Air Force would have come out with their own PC operating system already.

Re:What about the standard way ?

[cayenne8]

"Commerce Clause [wikipedia.org]. Thanks for making the argument that more education is needed."

Damn, isn't it about time SOMEONE challenged the broad scope that has been given to the commerce clause. It has allowed the Feds to go WAY outside of what they're supposed to be doing!!

No, I wouldn't personally consider the commerce clause to be applicable to mandating anti-virus software for citizens. Then again, I'd not have thought that a farmer raising his own wheat for his own consumption, would somehow affect interstate commerce.

:(

Re:What about the standard way ?

[cayenne8]

"Again proving that the backdoor password to the Bill of Rights is "terrorism".

Don't forget the other 'key'....child porn.

Re:What about the standard way ?

[cayenne8]

"The only way that we're going to be able to cut down on the spamming, scamming and other cyber crimes is through making sure people are educated and towing the line."

Thing is, spamming and scamming pretty much only affects the stupid and gullible...it really doesn't affect me, I'm smart enough not to open and click everything, nor do I involve myself in stupid get rich schemes.

Why should I even care if this is going on? If someone is an idiot...well, isn't that their right?

Re:What about the standard way ?

[sjames]

Providing common defense and protection of interstate commerce?

Re:What about the standard way ?

[Wapiti-eater]

Nothing personal stim - but just asking this question shows an abysmal lack of understanding.(Maybe I missed the attendant sarcasm?)

AV software is a panacea, a vaporous comfort blanket that serves to only make the sellers money. Read the earlier comments to gain some insight into why this is so.

Then, find a local PC geek - someone who works this arena for a living, not your cousin's gamer kid - ask them to explain to you how many systems they've seen with current, up to date and active AV software from reputable vendors that have been borked beyond use by ignorant user actions.

Folks that think they're 'clean' just because their AV software dejur says they're clean are a mal-code authors wet dream.

Re:What about the standard way ?

[corbettw]

Under your immensely broad determination, just about anything could be considered commerce.

The Supreme Court has ruled that a farmer who eats his own wheat is engaging in interstate commerce (Wickard v. Filburn). So yeah, anti-virus software could easily fall into that chasm of a loop hole, too.

You don't have to agree with something on principle to recognize the truth of it.

Re:What about the standard way ?

[fuzzyfuzzyfungus]

Don't forget the wonderfully Orwellian parallel construction of "criminal's rights" vs. "victim's rights". That one is great in domestic contexts.

Gallows humor aside, I completely agree. I'll spare everybody the "lose both, deserve neither" line; but it is true. I was just noting that, in an instance like this, the strategy that would be used wouldn't be economic(where state activity is vulnerable to charges of "socialism") but "security" related, where, it seems, you can do whatever you want as long as you call the other guy a traitor before he calls you one. The fact that it works makes me throw up in my mouth a little; but it does.

Re:What about the standard way ?

[SCHecklerX]

What the OP said. Viruses are a user behavior issue, and hence not solved with technology. I fact, AV makes the problem worse. "I have AV. I can run whatever I want and not worry about it". Then there are the problems that type of software itself causes: poor system performance, increased cpu usage (AV is against the green movement! :-) ), greater potential for data corruption, hung processes, etc.

Re:What about the standard way ?

[stewbacca]

The Federal Govt. isn't mandated to provide safe highways either, but they sure do go out of their way to withhold funding from States who don't impose speed limits.

Re:What about the standard way ?

[dave562]

I am intrigued by your ideas and would like to subscribe to your newsletter.

Re:What about the standard way ?

[SanityInAnarchy]

And antivirus is not sufficient to protect "click-happy" users from themselves.

Look, there have been tons of ads about drugs and smoking, and plenty of morons still do those in large quantities. But it's still justified to try, because that's really the only thing that will work. Outlawing them really doesn't do a thing.

To abuse an analogy, suggesting antivirus is a bit like suggesting that everyone equip their mouths with a special "health detector", which beeps loudly and induces vomiting whenever it sees anything it thinks is a drug or a cigarette -- which also isn't able to detect meth, yet is able to detect pharmaceuticals, and must therefore be disabled frequently.

Educating people not to smoke may not be effective, but it's a hell of a lot more effective than telling them to cripple themselves that way in an effort to protect them from not smoking, which is ridiculously easy for them to do on their own.

Re:What about the standard way ?

[SanityInAnarchy]

he has to know, he has to do...

Much like a driver's license.

ultimately people will do what they always do when it comes to learning for degrees or licenses that doesn't interest them in the least: Learn it word by word by heart, do the test, forget it immediately after and shrug it off.

While people often do this with a driver's license, there's at least the chance (combined with state-sponsored driver's education) to get it right.

No. You know what's the way? If you contribute to the problem, you're held liable for it.

Much like a driver's license. Not just a fine, though, but the very real chance to lose your license.

Re:What about the standard way ?

[SanityInAnarchy]

It has never worked.

It has never really been tried.

They will *not* ever learn to do it right, as long as they have a choice. So if you want users to use your software in the correct way, you have to make it the only way to use the program.

That is impossible.

The only thing that would really work is making users liable for the damage they cause by doing things the wrong way.

Re:What about the standard way ?

[DavidShor]

Sorry, I don't see why what the founding fathers thought the fed's "should" be doing 300 years ago should outrank what the majority of citizens TODAY want the federal government to do.

I understand the argument of constitutionalism for certain things, like freedom of speech or protection of minorities, on the argument that the majority might get temporarily inflamed and do something terrible.

But persistent majorities for the last century have voted on a large and expansive government. It seems wrong to advocate their disenfranchisement.

Re:What about the standard way ?

[DavidShor]

Eh, I find this kind of argument odd and a little disingenuous. Chances are, you don't actually care whether or not this proposed program would be constitutional, you just think it shouldn't be done.

After all, wouldn't "The program proposed would be beneficial for our country, is a wise use of federal funds, and would command broad public support. But we shouldn't do it because some long dead people from the 18th century think otherwise" be a little strange?

Re:What about the standard way ?

[jemenake]

Where in the constitution would be the mandate for the feds to promote something like this?

There's not necessarily a mandate, but there's an opportunity for common good.

I look at it this way. If there were a human disease which was causing as much lost productivity and recovery costs as many computer viruses, the CDC and FEMA would be on red-alert. If vandals (like, the E.L.F., say) were sabotaging so much business infrastructure as to approach the losses due to computer viruses, then the FBI would have it as one of their top priorities.

In other words, the gov't doesn't react with this kind of ambivalence when real-dollar and productivity losses of this scale happen via other means. So, why shouldn't they treat it as an important "public health" issue when it's the health of their PC's and data that are involved?

Now, what I'd like to see is for the gov't to actually start providing an anti-virus product themselves... for free. It would have to be open-source, to ensure they weren't using it to snoop on citizens. But, at the mere cost of $10 million or so, the gov't could probably provide rock-solid anti-virus products, with daily signature updates and all. At a cost of about 3 cents per citizen.

Re:What about the standard way ?

[DavidShor]

Why?

If you catch some weird disease, the CDC has the right to quarantine your ass. The government forces people to get vaccinations as well.

So why are economically damaging computer viruses spreading through the internet less deserving of government action than real viruses spreading through social networks?

I can see a lot of arguments for the reverse, namely that a single computer can infect far more machines than a single person can infect other people...

Re:What about the standard way ?

[Bill+Dog]

But persistent majorities for the last century have voted on a large and expansive government. It seems wrong to advocate their disenfranchisement.

Completely true (to my dismay), and completely true.

But it also seems wrong to corrupt the system. That is, if we the people want the federal govt. to have expanded powers, we should amend the Constitution to permit the new things or kinds of things that we want.

The problem with stuffing everything under a "commerce" clause or other obviously bullshit backdoor is that it's an ongoing joke and makes a mockery of our system. And by approving of an environment where the rules and due process are routinely skirted, that's exactly what we encourage in our elected (and unelected) officials.

Re:What about the standard way ?

[mattack2]

The government forces people to get vaccinations as well.

Do they? I thought that the various requirements always had a "religious reasons" escape clause where people could get away without the vaccinations. (Mostly I'm thinking of schools.)

So, I'd call it "the government strongly suggests" that people get vaccinations, but religious and/or vaccination paranoid people (re:autism) will get away without them.

Re:What about the standard way ?

[cayenne8]

"But persistent majorities for the last century have voted on a large and expansive government. "

Well, I'd say some politicians have been voting for it...gives them more power and more jobs, but, really, I don't think the majority of American citizens have been voting for it. The politicians just don't represent what the people want for the past decades IMHO. They're owned by the corporations and special interests, but, the will of the people I believe, has long been derided and ignored. Hell, most of the public knows it...and is now apathetic....hence the low voter turnouts time after time after time...

Re:What about the standard way ?

[cayenne8]

"But we shouldn't do it because some long dead people from the 18th century think otherwise" be a little strange?"

Those long dead people set up one of the best forms of govt. ever, IMHO...and it set the scene for us to grow and become this wonderfully diverse country. They also had the foresite to put in clauses and ways for things to change as needed. It isn't easy to do constitutional amendments, that is on purpose, as that things like that must be carefully considered...and passed by a big majority to make sure most of the people in the country agree and want it. It was set up to make sure that you as a citizen in the US are instilled with rights inheritly, you are born with them, and they are not granted to you by the government. There is a way to do it....and if we don't do it, and don't observe the rules, then those things YOU think are important are at risk too someday, when they should not be. They wanted to get rid of alcohol, they passed an amendment. The were tired of prohibition, they passed an amendment to repeal it. That is what is supposed to happen. But, somehow...they've bastardized it, and now...you get things happening too quickly...the Patriot Act, banning marijuana use by adults (and lots of other adult behavior)...etc.

Were they perfect? No. But they sure did get a LOT right...we got to the point we are now, largely due to those laws and tenets they set down centuries ago. You and everyone in the US should be very cognizant of that, and in doing so, be respectful that we really should take the steps proscribed to make changes that are needed as the years go by. But, quick change...is never a good thing. One side effect is, it may not in fact often, be what the majority of people want.

One thing we lost, was that most power was to reside in the state you live in. Different regions have different needs and political views. The nice thing aobut letting the states decide most issues, is that they are more in touch with your views locally, answerable to you more as a voter. You the citizen in this manner...have more power. That is and should be important.

The further away we get from this....well, you see it today. Do you REALLY feel the federal government is answerable to you and the needs of your community?

I don't.

Hmmph.

Frequent Slashdot contributor Bennett Haselton writes with his idea for mass adoption of anti-virus software:

Wow, somebody's buddy just got hooked up. Posting cretinous articles is one thing, posting a contributor's own cretinous musings is quite another.

Here's an idea -- Let's assume for a second that the majority of business and government uses a specific family of operating systems from $MONOLITHIC_CORPORATION. Since that corporation is pocketting billions upon billions of dollars, then why not have them subsidize the ads?

The burden should fall upon the corporations which support their operating systems which have been demonstrated to be gaping security holes which would make even the great Goatse prolapse with envy.

Re:Hmmph.

[hedwards]

Hey don't badmouth Cretin, he was probably my favorite character on Red Dwarf.

Re:Hmmph.

[pohl]

But the quote from Esther Dyson said the ISP is responsible, not the monolithic corporation who made the operating system.

And we all know the conventional wisdom that the structure of software doesn't have anything to do with security...it's all about popularity: any operating system would would be equally vulnerable if its market share were to grow to be as large as the one that currently dominates.

And you also forgot that the assumption that we all use the monolithic corporation's system is supposed to be a tacit assumption...which is to say, don't speak about it. Ssssh! It's a fight-club kinda thing.

Re:Hmmph.

[plague3106]

So it should be Hondas fault if I don't maintain my car and that leads to an accident? Windows is secure, the viruses being spread are doing so though user action.

Re:Hmmph.

[Gordonjcp]

So it should be Hondas fault if I don't maintain my car and that leads to an accident?

It would be, if the accident was caused by a design flaw that requireed unusual constant maintenance. If your Honda needed to have the rear wheel bearings adjusted every thousand miles, and you didn't do it and caused an accident, there would be a pretty good case to take Honda to court - "Why the hell do the bearings need adjusted all the time? No-one else has that!"

Both Linux and Mac OSX are getting to be somewhat mainstream now (when my deeply non-technical mother could identify an Ubuntu boot screen on one of the office computers in CSI, I figured it was making an impression) and one thing that people like about both of them is the fact that you never need to use antivirus software, and updates are pretty painless. There's an argument to be made that an operating system that needs constant updating, extreme care in use and expensive third-party software to keep it from turning into a spam cannon is fundamentally defective, just as a car sold with inadequately-secured wheel bearings would be.

Re:Hmmph.

[causality]

And we all know the conventional wisdom that the structure of software doesn't have anything to do with security...it's all about popularity: any operating system would would be equally vulnerable if its market share were to grow to be as large as the one that currently dominates.

The only thing we know for certain about that "conventional wisdom" is that it's never really been put to the test. The only sure way to test it would be for Windows to become extremely unpopular and for it to be replaced with another operating system. Then and only then is this "wisdom" something more than "speculation that sounds good while ignoring some realities." I don't deny that the most popular/prevalent operating system would be the most targeted. What I deny is that "most targeted" is automatically guaranteed to be the same thing as "most often successfully compromised."

What realities are being ignored? The fact that all security systems are not equally effective. In common usage on Windows, you primarily have after-the-fact damage control measures such as antivirus and antispyware. Damage control is not the same thing as security. Real security is about prevention. There exist operating systems today which generally do not need any sort of antivirus or other signature-based scanners. They heavily use permissions, privilege separation, least-privilege, capabilities and some less-common measures like compiling code in such a way that it is much more difficult to successfully exploit buffer overflows and other flaws.

I honestly think it's a bit absurd to suggest that these would have no greater success than the prevailing measures in common usage on Windows. Certainly this conclusion does not come from actually studying computer security and deciding for yourself, by means of evidence, which methods are more difficult to exploit. I can only speculate as to where it comes from. It really seems like a cop-out designed to silence debate by introducing speculative elements into what was originally a factual discussion. I'm not suggesting that you are deliberately doing this, only that what you are repeating is not at all an original thought (in fact, it almost always comes up in these discussions) and may have had such an intent behind its actual origin.

Re:Hmmph.

[lgw]

The only OS security model which is bette than Windows in any meaningful, practical way is SE Linux. Eveyone else uses user-based access, which is no defense at all against a user who doesn't care about security. Any modern consumer OS (by which I mean: you don't have to recompile the kernel to add a new driver) will make it trivial for malware to install itself if the user can be convinced to enter the root password - and that's just not a very high bar.

The SE Linux model does a little better: by restricting access based on process profiles, and not based on users. The only real advantage there is that the user is conditioned to only needing the root password when installing software, so at least the bar is raised a notch as you have to trick the user into *knowingly* installing software. Not much better.

Combine that model, however, with a trusted host for software downloads (as any good package management system should have), and you raise the bar yet again. That would mostly limit malware to users who torrent cracked sofware or otherwise deliberately go outside the normal path for software installation. That would be a significant reduction in targets, but perhaps not enough to really matter (does reducing the number of infected systems by 90% really help much?).

Re:Hmmph.

[pohl]

It really seems like a cop-out designed to silence debate by introducing speculative elements into what was originally a factual discussion.

I couldn't agree more. I think this was a cleverly-engineered meme to do exactly what you suggest: silence debate with assertions that are, for practical purposes, not easily testable.

I'm not suggesting that you are deliberately doing this, only that what you are repeating is not at all an original thought (in fact, it almost always comes up in these discussions) and may have had such an intent behind its actual origin.

:-) My whole post was tongue-in-cheek. It was hard to write it that way, because I get peevish about that meme, too.

Re:Hmmph.

[Ifni]

Everybody is responsible.

1. No OS is secure, though some are inherently moreso than others, hence the OS makers are responsible
2. Any idiot user can, by ignorance and bad practice, reduce the most secure OS to a virus ridden hell-box if given sufficient time, so the users are responsible
3. The ISPs own the bandwidth and many of the resources used to spread viruses, and hence are responsible
4. The criminals that research, design, build, and deploy the viruses are most directly responsible

Additionally, anyone who, by inaction, allows the problem to grow is also arguably responsible. However, this is only part of the point. Good security is layered. You can't just fine the OS makers and call it a day as that won't solve the problem completely (inasmuch as it can be completely resolved) because like I said in point one, no OS is 100% secure, so eventually it will be exploited to spread a virus. Likewise, education isn't the only solution as even the best of us make mistakes, and even ignoring that any system is only so strong as its weakest link, so any given level of education merely raises the bar for the criminals. ISPs walk a fine line between monitoring the health of their networks and infringing on their user's privacy and/or freedoms, so there are limits to how far they should go. And punishing the perpetrators has been the preferred method since the dawn of mankind and you can see how well that's worked so far - it's effective, but it is imperfect on its own.

So, since funding to thoroughly and directly address all of the above is unlikely to be available, which give us the biggest bang for our buck? Which should we do first? And considering that this problem is one among many, how much money should we throw at it? I don't have the answers or the research to determine the answers, but I would guess that a campaign to at least provide visibility to the issue would likely be one of the cheapest and most effective, and using it to point people towards low cost or even free tools that already exist and that can dramatically reduce the scale of the problem makes sense.

But how extreme do we take this? Do we require a computing license, similar to a driver's license that all computer users must obtain before being allowed to sit behind the keyboard? Do we require all computer sellers or ISPs to include an information packet with this information, and maybe offer free or reduced cost classes to interested customers? Do we make those classes mandatory? Or do we just run some ads on TV during prime-time referring people to a web site? Again, this is open to significantly more debate, but the last item seems like a good start.

As I wrap this up, it occurs to me that this is less a response to the parent post and more a (indirect) response to a sister post from causality (among other similar posts) and the article in general. As such, please be gentle with the offtopic and/or troll/flamebait mods. The point that I'm arguing is the finger pointing going on here is fruitless and largely a waste of effort since we all share blame to some degree, and as such any solution needs to acknowledge that in order to be comprehensive.

Re:Hmmph.

[plague3106]

It would be, if the accident was caused by a design flaw that requireed unusual constant maintenance.

First, unusual constant maintence does not indicate a flaw in the design; that's just how the design works out. Second, as long as the manual says "this is the maintence schedule you must follow," how often it occurs becomes irrelevent. The owner knows the car will take a lot of maintence, it says so right in the manual. Finally, saying that Windows requires "unusual constant maintence" is just plain stupid. It doesn't. A user running a virus is no different than someone putting diseal in their unleaded gas only car.

If your Honda needed to have the rear wheel bearings adjusted every thousand miles, and you didn't do it and caused an accident, there would be a pretty good case to take Honda to court - "Why the hell do the bearings need adjusted all the time? No-one else has that!"

No, that would not get anywhere in court. The manual indicates the maintience schedule, and there's no law saying manufactors have to build cars with certain schedules. Throwing out whatever you consider to be "too frequent," I'm sure we already have cases of people that were in accidents because they failed to properly maintain their car... yet no one is suing the manufacturer, they are correctly blaming the driver for failing to maintain their car. It's the owners responsiblity, not the manufacturer's.

Both Linux and Mac OSX are getting to be somewhat mainstream now

Mac yes, Linux no.

when my deeply non-technical mother could identify an Ubuntu boot screen on one of the office computers in CSI, I figured it was making an impression

She likely knows because I'm sure you're constantly going on about it, and like all mom's, she takes some interest in your interests.

and one thing that people like about both of them is the fact that you never need to use antivirus software, and updates are pretty painless.

Updates on Windows are painless. We have an update server, and most updates are auto-approved. We've never had a problem, nor do most.

Linux doesn't have many viruses because nobody is using Linux. Same as Mac although that is changing.

http://www.msnbc.msn.com/id/12537279/

There's an argument to be made that an operating system that needs constant updating, extreme care in use and expensive third-party software to keep it from turning into a spam cannon is fundamentally defective, just as a car sold with inadequately-secured wheel bearings would be.

Ya, that's why Linux doesn't have updates all the time, and 10.0 was the last version of OSX released. The fact is that if Joe sixpack starts using linux, linux will get more viruses. And if Linux never gets a mail client that can easily open a movie attachment, Joe sixpack won't even move to Linux, because they see it as too hard.

Nope

[Anita+Coney]

"to the point where even some libertarians would agree."

Maybe he meant to write librarians, but no true libertarian thinks that the government should purchase ads for McAfee and Symantec.

Re:Nope

[hansamurai]

The only software I want to subsidize is for my in-laws, so I don't have to fix their computer anymore.

And actually I did just that last October by installing Ubuntu 8.04, haven't had a call since.

Re:Nope

[gfxguy]

I'm a libertarian and I agree that government spending millions of our tax dollars on ads would save some users from their own stupidity.

That doesn't mean I think they should do it, it just means I agree that the government spending millions of our money to promote something will, ultimately, to some extent, promote it.

But you're right, no "real" libertarian would suggest this is what the government should do.

Re:Nope

[Anita+Coney]

"And actually I did just that last October by installing Ubuntu 8.04, haven't had a call since."

God, I nearly did the same thing to my in-laws. It's like their PC is a spyware/malware/virus magnet.

Re:Nope

[Benanov]

Most libertarians try to shield themselves from the negative influence of the outside world (as it applies to their freedoms).

After all a secure computer system is pretty much a prerequisite for high levels of privacy.

Re:Nope

[darkmeridian]

That's not true. Libertarians believe that government should not interfere absent a market failure, or defined instances where the free market will not work properly. Libertarians would support the SEC, to some extent, to cure the problem of asymmetric information. The SEC regulation regime is basically founded on truthful and standardized disclosure of material facts.

Libertarians would regulate pollution because there are negative externalities. A business can spend $10,000 to install pollution control systems, or dump toxins into a creek for free, causing $10,000,000 in damages to the surrounding area that no one would know about until it was too late. Without government regulation, businesses would pollute because they don't have to pay for the suffering of others from their pollution. Consumers are on the Internet without knowing how to secure their systems. It's causing everyone else to get spammed and DDOS'd but the nitwits don't care because their computers still work. It's time for the government to walk in and take some sort of action to reallocate the responsibility onto those parties best situated to prevent costs.

Re:Nope

[jockeys]

agreed. let's look at this realistically: it would wind up being nothing more than state-sponsorship of a few select producers of AV. it stands to reason that the bigger the lobby group, the more attention that corporation would receive.

do we really want our tax dollars buying ads for McAfee and Symantec?

Re:Nope

[plague3106]

Perhaps that's because they found they can no longer easily use their computer? :-)

Re:Nope

[Jahf]

"no true libertarian thinks that the government should purchase ads for McAfee and Symantec"

And no true computer professional thinks that educating people on why viruses/trojans/spyware/botnets are a danger to them is purchasing an ad for McAfee and Symantec.

There are plenty of ways that education could be spread that would be completely product agnostic while reminding people that that Vista machine they just picked up is a gaping sack of attackable holes.

As a lib I say it is far better that the govt do something like this than to either create software that they mandate computers be sold with or even to mandate any software or standards on the OSes in general. Which is the -other- direction this thought could be taken to. Far better to push revenue to existing private businesses than to control the products of other businesses.

Any -good- lib recognizes the need to compromise.

Re:Nope

[Jane+Q.+Public]

Excuse me? Can you explain this a bit? In my experience, Libertarians have their eyes open a lot wider then Reps and Dems.

Re:Nope

[Gutboy]

Libertarians would not regulate pollution, they'd make the business that polluted pay for the damage they cause. With freedom comes responsibility. You can do what you like, but if it affects others, you have to pay for it.

Re:Nope

[tthomas48]

Right, because libertarianism is a religion that revolves around the believer being the center of the universe. The collective good is only useful to him if by collective you mean a collection of that single believer and no one else. So why would a libertarian who knows enough to want ads about virus software want to pay for ads to notify himself of the need to use virus software?

Now if you said that the libertarian could make lots of money off of making these ads to sell to people who don't use anti-virus software, you'd probably have something. As long as you weren't planning on displaying those ads on billboards above public roads, over federally subsidized cable or phone lines, the federally monitored air waves, or in a publication delivered by the postal service.

It makes no sense. Stop trying to use logic to appeal to libertarians. If they understood logic they wouldn't be libertarians.

Re:Nope

[Opportunist]

And if they did I'd question the sanity of a government. Shouldn't they at least buy ads for working or at least useful security?

Re:Nope

[Opportunist]

Well, maybe they just didn't figure out yet how to use that VoIP you also installed instead of their old fashion phone?

Re:Nope

[number11]

Libertarians would not regulate pollution, they'd make the business that polluted pay for the damage they cause. With freedom comes responsibility. You can do what you like, but if it affects others, you have to pay for it.

Then we'd have more superfund sites created by corporations that hid the pollution until they cashed out and dissolved, leaving the Libertarians holding the now-stinking empty bag. Maybe it would work if we abolished "corporations" and made the owners of the business personally responsible.

Unfortunately, most Libertarians are all for personal responsibility, but don't see the disjoint with the concept of corporations (which are a legal device to prevent personal responsibility).

Re:Nope

[nine-times]

As someone with some libertarian leanings, I definitely don't agree with the idea of the government subsidizing antivirus software. Make all the arguments you want, but I'd sooner be convinced that the government should provide health care.

Why? Because at least there's a genuine need for health care. I have never, not in my entire life, been infected with a virus myself. I run Windows machines, Linux machines, OSX machines. I've seen plenty of infections on Windows, but most of them, the overwhelming majority, started from someone running something they shouldn't have. Most of the rest could have been fixed with a good firewall.

So if the government is going to subsidize something in order to improve security, I'd much rather they subsidize computer education. You can't get an antivirus that will protect you from every stupid user action, but maybe if you educate the users, they'll commit fewer stupid actions.

If you subsidize the antivirus vendors, you're really only subsidizing the patching of security holes that arguably shouldn't exist in the first place. You'll also effectively be removing the economic incentive to remove those holes or to make software better, more secure, and more immune. You'll be saying, "Don't fix these problems, or else the government will give you less money."

And that's the biggest problem with government subsidies. It's not the cost itself, it's that they often provide an incentive to not-fix problems.

Re:Nope

[triso]

do we really want our tax dollars buying ads for McAfee and Symantec?

No! They should buy ads for the free AV products out there. McAfee and Symantec can pay for their own ads.

Re:Nope

You must not talk with many libertarians. Most libertarians are absolutely against the idea of corporations.

Re:Nope

[BunnyClaws]

It is amazing how well that works. I switched my in-laws to linux several years ago and haven't had to work on their system since. When they had Windows, I had to reload it every 3 months.

Re:Nope

[BunnyClaws]

I always thought that libertarians viewed corporations as a legal fiction that has been created by the state.

Re:Nope

[operagost]

Right, because libertarianism is a religion that revolves around the believer being the center of the universe.

Libertarianism has nothing to do with selfishness, but responsibility.

As long as you weren't planning on displaying those ads on billboards above public roads

The land owner has the right to place billboards, not the state.

over federally subsidized cable or phone lines

A libertarian doesn't believe these should be subsidized.

the federally monitored air waves

A libertarian disagrees with FCC censorship and regulation, beyond regulation necessary for technical issues.

or in a publication delivered by the postal service.

A libertarian frowns upon corporations owned by the government. Fortunately, other parcel delivery services are allowed but socialists require that the USPS be the only one allowed to deliver letters. Do you even know what a libertarian is?

Re:Nope

[tthomas48]

Yes I do. I was explaining how they cannot be rationalized with:

"Libertarianism has nothing to do with selfishness, but responsibility."
Responsibility to yourself and no one else. Which I would call selfishness If a libertarian was responsible for their fellow man, they might do something like create the Social Security administration so they wouldn't go hungry and homeless in their old age. A libertarian would counter that that person who goes hungry or homeless in their own age should have been more responsible. So either they are selfish or heartless. From what I can tell there is no libertarian solution to homelessness other than people taking responsibility for themselves.

"The land owner has the right to place billboards, not the state."
That's true. I guess your cows could enjoy them without the state to build roads. No one would pay to advertise on that road that you and your libertarian friend Bob contracted to have built between your two properties.

"A libertarian doesn't believe these should be subsidized."
Right. Under a libertarian system we would have many companies competing for the same densely developed customers. There would be no mass internet, cable, or phone system. Again, advertising wouldn't be profitable or really work under this system since there would be very few customers. On the upside the need for anti-virus wouldn't be as urgent since your "internet" would only connect to other people who were on your commercially developed and highly regulated (privately) communications system that didn't interconnect with any other commercially developed and highly regulated (privately) communications systems.

"A libertarian frowns upon corporations owned by the government. Fortunately, other parcel delivery services are allowed but socialists require that the USPS be the only one allowed to deliver letters."
Actually our "socialist" government allows Fedex and UPS to deliver letters, and shockingly the DO! They just don't really want to deliver to everyone's house on a daily basis as it's not cost effective. So in your libertarian world you would have no mail because that road you and your libertarian friend Bob built to go between your two properties wouldn't be connected to any other roads and thus the private mail carrier couldn't get to you. The private mail carrier might deliver packages by helicopter, but advertisers wouldn't be willing to send out a helicopter to get you a message about anti-virus software.

My point was that in a libertarian world advertising wouldn't work, because in a libertarian world there is no good way to do anything in mass because there is no common infrastructure. Advertising would be prohibitively expensive as you made contracts with each individual person you wanted to communicate with to somehow advertise to them. Many libertarians would like this world. My point was that no libertarian would agree to the plan in question, since there would be no way to do such things in a libertarian "state".

Re:Nope

[mattwarden]

Indeed. His great economic analysis is something that could just as easily be presented to a private organization. While the FDIC is a government entity, it is funded by the banks, who are the true beneficiaries of the program. There's no reason something similar couldn't work here. Put another way, aside from easy of collection, there is no need for this to be funded by taxes.

Re:Nope

[Americano]

Responsibility to yourself and no one else. Which I would call selfishness.

You are wrong. Libertarians believe that people should be responsible for their own actions - meaning, if you hurt somebody else, you take responsibility for that, and to the extent possible, you fix the damage you've caused. You are most certainly responsible to others - the "ideal" of libertarianism is that responsible people make responsible choices and don't hurt one another. No sane person would claim that people don't occasionally make bad & mistaken choices, and no sane libertarian would claim that anybody should be immune from responsibility for those bad / mistaken choices.

A libertarian would counter that that person who goes hungry or homeless in their own age should have been more responsible.

Wrong again. Libertarianism and private charity are not an either-or proposition. Libertarianism posits that it is not the government's responsibility to force charitable giving to people who have been irresponsible. Libertarians would never claim that voluntary charity from one person to another (or one person to a private charity) is somehow intolerable. You should really understand libertarian values before you start criticizing them.

My point was that in a libertarian world advertising wouldn't work, because in a libertarian world there is no good way to do anything in mass because there is no common infrastructure.

False dichotomy. Open Source developers are not mandated to adhere to open standards by any government regulation or standard. They do so because there is a benefit to everybody to follow certain standards for formatting and interchange. You are claiming that without the government to mandate standards for a common infrastructure, people would not be able to do so, and there are plenty of real-world examples to show that people understand the value of common standards without being forced to adhere to them by a government agency.

For someone who has so much to say about libertarianism, you don't seem to understand it very well.

Re:Nope

[garett_spencley]

It all comes down to property rights.

Without going into a very detailed philophical rationalization (I can if you want me to, but for brevity I'll skip it), when it comes to government the only thing that Libertarians concern themselves with is "what is the role of government?" Assuming they are not anarchist (many Libertarians are, one of the more famous being the late Murray Rothbard), the answer is "to protect property rights. No less, no more." If you protect property rights you protect human rights, because all human rights are property rights.

How does that translate to pollution ? A Libertarian does not believe that there can be such a thing as "public property". Note: not that there SHOULDN'T be such a thing, but that there CAN'T be. The oversimplified rationalization is that no two people can occupy the same physical space at the same time. Just like no two people can eat the same apple unless they divide it and then they're not eating the same thing, they're eating two separate things that have something in common.

If you protect property rights then pollution becomes a non-issue. If you own property then you can treat it however you want. But if you pollute the property of another then the other person has been wronged and can act accordingly.

Pollution / "the environment" is one of those subjects that Libertarians love to use in order to point out the ineffectiveness of the state. During the industrial revolution this issue came up and many judges decided not to enforce property rights in order to "promote economic growth". To a Libertarian that is a clear boundary violation of the state. It is the legalized infringement of the rights of others.

Re:Nope

[garett_spencley]

Why should they buy ads for anyone ?

When government exceeds it's role of protecting and enforcing rights then it has to take from one group and give to the other. If government were to purchase advertising for free software then a few things would happen:

1) All of a sudden every single citizen would be forced to use their productive efforts to promote a product (free or not) whether they like it or not.

2) The for-profit companies, as well as every single applicable free software group that the government chose NOT to use tax-payer money to promote, would be also be placed at an unfair disadvantage.

If free software programmers, companies, whomever want to "compete" with for-profit software then that's fine. They are perfectly within their rights to do so. USING THEIR OWN RESOURCES. But no one can have a right to the productive efforts of others. No one can have a claim to the productive efforts of another unless the debtor entered into a contract voluntarily. Using government guns to expropriate from producers to play favourites with one group at the expense of all others is extremely immoral.

Re:Nope

[number11]

Most libertarians are absolutely against the idea of corporations.

Yeah, you'd think they'd be.

But not the ones I know. They're against government bailouts, of course. They're willing to see corporations go bankrupt. But against the idea? Nah. Just to check, I went to the Libertarian Party website and looked around. Nope, I don't see a word against the idea of corporations. In fact, their platform says "We defend the right of individuals to form corporations", though they don't mention the fact that the only value of a corporation is by virtue of the special rights that the government has bestowed upon it.

That sort of thing is why I don't take libertarians very seriously.

Re:Nope

[garett_spencley]

"Any -good- lib recognizes the need to compromise."

By "lib" do you mean Libertarian or Liberal ?

Either way I strongly disagree.

Let me quote Ayn Rand:

A compromise is an adjustment of conflicting claims by mutual concessions. This means that both parties to a compromise have some valid claim and some value to offer each other. And this means that both parties agree upon some fundamental principle which serves as a base for their deal. ...

There can be no compromise between a property owner and a burglar; offering the burglar a single teaspoon of one's silverware would not be a compromise, but a total surrender - the recognition of his right to one's property. What value of concession did the burglar offer in return ? And once the principle of unilateral concessions is accepted as the base of a relationship by both parties, it is only a matter of time before the burglar would seize the rest ...

There can be no compromise between freedom and government controls; to accept "just a few controls" is to surrender the principle of inalienable individual rights and to substitute for it the principle of government's unlimited, arbitrary power, thus delivering oneself into gradual enslavement. ...

Today, however, when people speak of "compromise," what they mean is not a legitimate mutual concession or a trade, but precisely the betrayal of one's principles - the unilateral surrender to any groundless, irrational claim. The root of that doctrine is ethical subjectivism, which holds that a desire or whim is an irreducible moral primary, that every man is entitled to any desire he might feel like asserting, that all desires have equal moral validity, and that the only way men can get along together is by giving in to anything and "compromising" with anyone. It is not hard to see who would profit and who would lose by such a doctrine. ...

A "compromise" does not consist of doing something one dislikes, but of doing something one knows to be evil.

- Ayn Rand "Does Life Require Compromise?" (1962) (also in her collection of essays "The Virtue of Selfishness").

Assuming that a Libertarian is not an anarchist (many are, one of the more prominent being the late Murray Rothbard) then one must ask "What is the role of government?" Any "good" Libertarian would answer "to protect individual rights". Stealing from the productive public in order to fund "education" is a blatant violation of such limitation.

Many Libertarians (who in my opinion are not "good" libertarians) take a purely utilitarian view. While Milton Friedman may not have been a "Libertarian" he justified compulsory education on the grounds that "society as a whole benefits if everyone is educated". The moral issue with such a premise is that it assumes that people are tools to be used in the attainment of the ends of others. Using such an immoral platform would allow us to make arguments like, for example: "99% of the public despises redheads. While it would be wrong to murder all redheads, the benefits to society as a whole would be clear. And it's only 1% of the population. The ends justify the means." Any "good" (and by "good" I mean moral) libertarian would find that to be deplorable.

Re:Nope

[tthomas48]

I understand libertarianism. I'm just not glossing over all the things that make it impossible.

"No sane person would claim that people don't occasionally make bad & mistaken choices, and no sane libertarian would claim that anybody should be immune from responsibility for those bad / mistaken choices."

Right. But what happens when 60% of your society makes a bad choice? Or someone makes a bad choice and the stock market crashes and you can't extract those billions of lost dollars back out of the people responsible?

"False dichotomy. Open Source developers are not mandated to adhere to open standards by any government regulation or standard."

Open Source developers rely upon the infrastructure created by the U.S. government - the Internet. I'm not discounting the fact that some people would cooperate and get things done. I'm just saying getting those things done would be very hard without a lot of cooperation. You would probably see people creating these loose knit organizarion to get things done. We'd see a working group for implementing roads. And a working group for implementing electrical infrastructure. Kind of like city government. Then those working groups would start cooperating with geographically related, but distant working groups. Kind of like the state governments. Pretty soon you're right back where we are now.

And I have no clue why you'd want to invoke the W3C or other such organizations as somehow being more efficient than our governments now.

Re:Nope

[Americano]

I understand libertarianism.

Your commentary on libertarianism so far seems to be at odds with this claim.

I'm just not glossing over all the things that make it impossible.

No, you're glossing over all of your assumptions about human nature that make it impossible to conceive of any alternative to a nanny state picking up after people.

Right. But what happens when 60% of your society makes a bad choice?

Apparently in your view of the world you punish the 40% of people who made good choices and force them to fix the sins of the 60%? I would suggest that if 60% of society makes a bad choice, they be allowed to make that mistake & bear the consequences of it. If there are private citizens in the 40% who made the right choice who wish to help soften the blow for that majority, they're welcome to.

Or someone makes a bad choice and the stock market crashes and you can't extract those billions of lost dollars back out of the people responsible?

Enforcement of information symmetry (in the form of regulations & penalties for nondisclosure) is something which government would have a legitimate role in enforcing, to prevent fraud, even in a libertarian world. If you choose to participate in the stock market and speculate (gamble), then you should be free to take that risk, and responsible for your own losses. If your loss is due to being defrauded by someone, then you would have legal recourse, and the regulatory system clearly needs to be reviewed if massive fraud is possible within a regulatory framework. If your loss is due to your own negligence or lack of due diligence, then you shouldn't have taken the gamble, and it's not the responsibility of other more responsible people to make up for your losses.

Open Source developers rely upon the infrastructure created by the U.S. government - the Internet.

Prove that the only way the internet could have been created is through ARPA funding. I don't dispute that they are building on the infrastructure that was primarily funded by the government. I do dispute that it's impossible for the internet to have been created *without* government involvement.

I'm just saying getting those things done would be very hard without a lot of cooperation.

I disagree, and I think the open source developers are a prime real-life example of how people don't need to be compelled to cooperate by government mandate.

We'd see a working group for implementing roads. And a working group for implementing electrical infrastructure. Kind of like city government. Then those working groups would start cooperating with geographically related, but distant working groups. Kind of like the state governments. Pretty soon you're right back where we are now.

Right, this is exactly my point - people would come together to solve their common problems without the government compelling them to sit down & cooperate. The government is not needed to force people to work together. And incidentally, a loose-knit association of private citizens coming together to decide on a common way of doing things is not "right back where we are now," no matter how geographically-distributed you wish to make the individuals.

And I have no clue why you'd want to invoke the W3C or other such organizations as somehow being more efficient than our governments now.

I don't think I claimed they were necessarily more efficient, I claimed that these sorts of organizations are examples of groups of people working together on common formats, interchange, and standards without having to be forced by the government to do so. That was in response to your claim that no government involvement would lead to Balkanization of everything because we'd have no government-mandated common infrastructure.

Re:Nope

[Guido+del+Confuso]

You're probably referring to U.S. v. Lopez (1995). But as recently as 2005, the Supreme Court held that somebody growing marijuana in his own garden for his own personal use for medicinal purposes was engaged in interstate commerce (Gonzales v. Raich).

The Commerce Clause has more or less become a catchall, and whether it applies to a particular case or not sadly depends on the whims of the court. It's not even necessarily determinable by the political beliefs of the judges/justices deciding the case (Raich was a 6-3 split with three of the conservative justices finding against the above interpretation of the Clause). There is likely no part of the Constitution, with the possible exception of the Second Amendment, that has given rise to more widely varied interpretations. And there is certainly no part of the Constitution that has been more frequently relied upon to expand the powers of Congress well outside the bounds of its constitutional mandate--which is fairly limited in scope, if you strictly interpret the actual text of the document.

Re:Nope

[garett_spencley]

I've read through the discussion in it's entirety and I'm dissatisfied with the responses you were given.

"Right, because libertarianism is a religion that revolves around the believer being the center of the universe."

Libertarians are individualists. Individualists are selfish. That cannot be contested. What can, and should be contested is whether or not that is a "bad thing".

Individualism is derived from the axiom "existence exists". From that two corollary axioms are implied. First that something exists which we perceive and secondly that, since we perceive it, consciousness exists (existence without consciousness is a contradiction in terms).

Thus we are all conscious beings. The axiom that thus follows is that it is impossible for one conscious being to possess another. (I can try to influence your decisions through persuasion, coercion or by manipulating your surroundings but ultimately you are a volitional being. Thus I cannot "own" you).

Not only are we conscious beings, but we exist in time and spice. Existence without the element of time and space is inconceivable. A conscious being is the sole occupant of his body. As such he owns his body as well as his mind.

The individual is given the "gift of life", but is not given the means to sustain it. Reason is our basic tool for survival. The question "to be or not to be" becomes "to think or not to think".

Through the process of reason we proceed to manipulate our environment to promote favourable conditions for our survival. We construct tools and "goods" that make our conditions more favourable. Thus individual "ownership" of property is a condition for the individual's survival. If an individual could not appropriate materials and manipulate resources the individual would not be able to employ reason and would not be able to obtain the means to sustain his life.

What is morality ? It is a code of conduct which guides the individual to "proper behaviour". What is "proper behaviour?" That which sustains life. The individualist's standard of morality is life itself.

This is what we are talking about when we discuss "inalienable rights". Rights are all of the actions required to sustain life. The ability to reason, to appropriate land and materials necessary to manipulate our environment in ways that support life. Thus all rights are "property rights". Rights allow humans to be humans.

All that which supports life is "good" and all that which hinders life is "evil".

Collectivists believe in some higher mystical power or purpose that is greater than the individual. This could be "getting into heaven", "the environment", "the state" or "the good of society" etc. As such every individual becomes a tool to be employed as a means to the ends of others. A collectivist believes that he has a claim to every other person. People only exist to serve others.

This is the "moral" doctrine of altruism. The opposite of selfishness. Altruism demands sacrifice. Sacrifice of all of your wants and desires. Sacrifice of your own happiness for the sake of others. The result of such a doctrine is guilt and resentment. Collectivists resent those who have more than others. The wrong becomes the right. Those who employ reason to produce material goods are attacked for being selfish. Those who sacrifice are rewarded. This creates the very class conflicts that collectivists are always accusing individualists of creating! The entire notion of a "class" is a collectivist construct. Any measure of what constitutes "upper", "middle" and "lower" class must necessarily be arbitrary.

Collectivists must appeal to the emotions rather than reason. They use argument from intimidation rather than elucidating an argument. Case in point:

"Stop trying to use logic to appeal to libertarians. If they understood logic they wouldn't be libertarians."

"So either they are selfish or heartless."

Neither of th

Re:Nope

[tthomas48]

Yes. Again, I'm aware of libertarian arguments. You're taking my lack of belief as misunderstanding. See you believe that if I just understand what you're saying this ultimate power of "REASON" will make me believe as you do. But I do understand what you're saying. I just think it doesn't work very well in the real world, which is why you see very few instances of your REASON dictating events in the real world. Side note: don't you wonder why, if your "REASON" is what drives all decisions on earth, that the world seems so illogical to you?

Yes, I make lots of appeals to emotion. Because emotion drives human beings much more than logic. I suppose it might be wonderful if that wasn't true, but it is. Have you noticed a single Slashdot story where the comments used reason and everyone ended up happy and in agreement?

I won't even go into your other arguments, because they're quite silly. You merely re-enforce the fact that you have already worked out all the answers with your "REASON", but haven't bothered to observe the real world enough to know if the definitions you are using are true.

This is hilarious:

"The quantity of genuinely mentally ill people who lack any means to take care of themselves is so infinitesimal that voluntary charitable organizations are perfectly capable of caring for them."

I can't even believe you would say something so ridiculous.

What no one has explained to me about a libertarian society is how it wouldn't be either:

a) a society that devolves into some sort of Mad Max tribal world; every one/tribe for themselves
b) exactly the same society we have now after we rebuild all the same government entities we have minus the title government.

What does this society look like that has no laws, except those that are required to make business work, enforced by something that isn't a government, with collective infrastructure built by private industry and interacting in an efficient way with volunteer standards bodies (that are not a government)? And with everyone doing what they want, except where it would impact others, and with some sort of small (private?) policing tribunal thingy that mediates disputes, but is not government?

I understand everything you're saying. I understand that you believe we all could be supermen able to discard emotion and somehow find a way to always act in our own interest without hurting anyone else. I just think that idea is ridiculous. Anyone who's every been a lowly HOA board member knows that this isn't possible.

And you didn't address the most powerful reason why collectivism appeared. It's because we have collective resources. We all share water, earth, and air. At some point we have to have a governing body to allocate those resources or we end up with 'a)' above.

Re:Nope

[garett_spencley]

I love how you continue to harp on individualism without refuting a single charge I laid against collectivism. Oh, except for:

"Yes, I make lots of appeals to emotion. Because emotion drives human beings much more than logic."

Common sense would lead one to believe that if everyone were constantly resorting to emotion and working on pure whim then, and only then, would the world fall apart.

"I can't even believe you would say something so ridiculous."

There's argument from intimidation again.

What does this society look like that has no laws, except those that are required to make business work, enforced by something that isn't a government, with collective infrastructure built by private industry and interacting in an efficient way with volunteer standards bodies (that are not a government)?"

Listen to how you word yourself ... "except those that are required to make business work". That's an emotional charge playing to the class division perpetuated by a collectivist belief structure. Libertarians do not want a government that will enforce "business rights". Those libertarians who feel that a government is necessary believe that it's role must be limited to protecting property rights. And as I explained, all human rights are property rights. You can not have "human rights" without property rights.

Take freedom of the press for example. You cannot have freedom of the press when the government owns every printing press and paper mill etc. You cannot have freedom of assembly when you need to get government's permission to assemble anywhere.

But then ... you can't reason with someone who insists on abandoning reason. So I don't know why I'm bothering.

Re:Nope

[cayenne8]

"Any argument using the CC as its justification has to have a much more narrow focus now, or SCOTUS will throw it out. I can only hope that one day they'll make a similar ruling on the "general welfare" clause."

If that were the case...well, I'd hope that many current 'laws' would be overturned or rolled back. I'm not holding my breath, but, I can always wish.

Re:Nope

[tthomas48]

And you keep attacking the structure of my arguments rather than their content, so I would say it's not so much that you have good ideas, but that you enjoy reasoning why my arguments are bad, rather than if the ideas actually are.

You have not explained how you cannot have human rights without property rights. That's an interesting claim. And you still haven't explained how the property rights in a libertarian society are resolved with common property such as air and water.

Re:Nope

[garett_spencley]

You: "You have not explained how you cannot have human rights without property rights. "

Me: "Take freedom of the press for example. You cannot have freedom of the press when the government owns every printing press and paper mill etc. You cannot have freedom of assembly when you need to get government's permission to assemble anywhere."

Also see my original post when I go over the underlying philosophy (conscious beings exist in time and space. Humans survive by manipulating their surroundings to produce favourable living conditions etc.).

And you still haven't explained how the property rights in a libertarian society are resolved with common property such as air and water.

I have explained everything. You've either just superficially scanned what I wrote, or you don't understand like you claim to.

Two people cannot occupy the same physical space at the same time. It is an impossibility. Two people cannot consume the same food or the same cup of water at the same time. Sure, we could split an apple in two but we wouldn't be consuming the same thing. We would each eat something completely different. Both things would simply share a common origin.

Thus there can be no such thing as "common property". It's a contradiction in terms. Ownership means the ability to dispose of an object as you see fit. How can a million people each have the ability to dispose of a common object as they see fit ?

When government owns property it doesn't change this law of nature. Government property doesn't belong to you or me it belongs to the government. Government even admits it when they say "property of the government" as opposed to "property of the people".

So with so-called "common property" everyone needs permission to use it at any given time. This necessitates the creation of an arbitrary individual or organization that receives requests for use of the "communal resource" and makes it's decisions accordingly. While we tend to look at parks and roads and such that are usually available to anyone and say "well that's not so bad", we see the presence of the arbitrary decision maker in the instances of park curfews and traffic laws etc. We also witness atrocities like industries being able to dump their waste in public property. The massive collection of garbage in the oceans being one huge example. That could not occur in a system where all property is privately owned.

This usually conjures up a nightmare scenario for people who haven't thought through the implications. "You mean we'd have to PAY for WATER!?!?!" ... well, we pay for it now. And it comes with fluoride whether we want it or not. It's also important to note that water is so abundant that we really only pay for treatment and distribution. Not the resource itself. Water is an example of a resource that no one would sell as a commodity. They'd just charge for distribution or access. And there would be so many competitors, since it is so abundant that it'd be dirt cheap. That's another example of such a resource. Dirt. It's so abundant that we say "dirt cheap" to mean something that costs very little.

When you say air we have to speak of 'physical space' which also implies land and any resources being produced on that land (either by nature or through the owner's efforts). Air itself has such unique properties, it is absolutely everywhere. That unless we harness it with some medium it is really difficult to point at it and say "I own this air". But we can say something to the effect that "I own the air in my lungs at this particular moment". Or "I own the air that's in this balloon since I own the balloon" etc.

Point being that SOMEONE has to control a resource once it's been appropriated. Either the government or a private individual or organization. Libertarians argue two things. 1) Private ownership is the only way that human rights can exist. 2) Private individuals and organization

Re:Nope

[tthomas48]

Ah Ok, I understand now. I didn't really understand how far you would take the idea of privatization. It's an interesting idea.

So where does a person who owns no private property fit into the equation? If a small minority buy up the majority of land and water rights (as would surely happen) what do the people who own no property have in the way of rights? Or do they have no rights because they own no property?

Since a property owner would (I assume) be able to decide how their property gets used under this system (as long as it doesn't impede the property of others), what would keep property owners from becoming slave owners. Or is that fine (I guess it is an efficient use of resources)?

Re:Nope

[garett_spencley]

"If a small minority buy up the majority of land and water rights (as would surely happen)"

Why do you think that's likely to happen ? It doesn't happen now. There's no legal reason that someone with a lot of money couldn't buy an entire city if every land owner within the city were willing to sell.

It's precisely the selfishness that collectivists and altruists teach as evil that makes things work. You said;

"what do the people who own no property have in the way of rights? Or do they have no rights because they own no property? ...

what would keep property owners from becoming slave owners. Or is that fine (I guess it is an efficient use of resources)?"

First of all, obviously slavery does not fit into a libertarian philosophy. Slavery is one individual's ownership of another. Philosophically that's impossible, morally it's repugnant and legally it's undesirable.

Secondly, rights are the ability to act as a human being. To appropriate resources and use them to produce goods and services that promote favourable living conditions. Legal rights imply the protection from coercion. The recognition that you own your own body and that you possess the legal right to acquire property.

A right can never include a right to the productive efforts of others. If people had such a right then there would be no such thing as freedom. Everyone would be slaves to everyone else. That's the road we're headed down right now. When socialists talk of "the right to a job" etc.

There can be no hypothetical individual with no property or no rights. First of all, you own yourself. It's only if you think that you are totally worthless as a human being that you could not acquire any further material property, and that would be by choice. Such people have my pity but they are deluded. Everyone is capable of doing something and thus has something to exchange with others for the furthering of personal interests. And anyone who is totally naked and without any property what-so-ever can always fall on the charity of others to help them figure out how to help themselves.

Forced labour has never been an efficient use of a resource. It is precisely voluntary labour coupled with open market competition that leads to efficiency, and the key here is selfishness.

Ultimately I cannot force you to work for me even if I have a gun pointed at your head. You may choose the work over death, but the choice is still yours. You could also choose to take a chance and fight me. Maybe you'll win, maybe I'll win. But since I cannot possess your conscious mind I am reduced to attempting to influence your decisions.

So instead I could propose cooperation. We'd both win. You work, I give you something in return and bingo! Just like that you own property. So the concept of someone without any property what-so-ever is pretty hard to fathom. Even homeless people own *some* property. In a system of voluntary cooperation it becomes impossible to "not be able to own anything".

To go back to your "evil monopoly" question. There would be no profit to be had in buying up a bunch of land and trying to force people to work for the right to live on it. They could easily refuse. They could revolt. Even if they were to submit the labour would be inefficient. And who would buy from me ? The costs of production (hiring people to control the slaves, slow inefficient labour, and a lack of competition) would tend to drive up the prices. It would be way more profitable for me to compete by hiring people who actually want to work for me in order to further their own selfish motivations.

At every point in history where slavery existed it was because of government institutions. In Feudal Europe only lords and vassals with special social status could own land. During the Roman Republic and Empire citizens could not be slaves, and slaves were non-citizens. They were recognized as slaves by the government who refused to recognize the

Re:Nope

[tthomas48]

Ok, so if everything works properly I have enormity of choice. I can chose my police protection, fire protection, defense provider, electrical provider, gas provider, phone provider, school system provider, etc. I get really sick of paying 1300 bills every month, so in steps some sort of group. Let's call them a government. In exchange for $x/month they'll handle all payments for a set number of providers, including some overhead. They'll do some conflict resolution between providers, etc. Granted you could opt out, which is something you could not technically do now, but would the providers want you? Why would they want to deal with individual payees, wouldn't they want to deal with a large group?

Ultimately it sounds like you'd prefer the system we have now with more than one government in competition. But would you be happy if their ultimately emerged a monopoly government that no other startup government could compete with due to market friction? Because ultimately once you get past a certain point it would be hard to compete. I mean, sure I could go with the Finland brand's more nanny state government, but would I be willing to get rid of the United States brand's awesome military provider? 'Cause you know the US brand would have that military provider locked up tight with an exclusive contract. If everyone in the world truly wants to be an American couldn't this potentially lead to even less choice as everyone locks into the dominant provider?

Re:Nope

[garett_spencley]

"I get really sick of paying 1300 bills every month, so in steps some sort of group. Let's call them a government. In exchange for $x/month they'll handle all payments for a set number of providers, including some overhead."

That wouldn't be a government. That would be a bank.

Also, if you consider the amount of services that you actually get from the government, you wouldn't end up with anywhere near so many bills as you imagine. .

For example: you would only pay a fire department when they put out a fire for you. Utilities are paid monthly even with government. Court fees are paid on a per-case basis. School tuition for private schools are paid per-semester.

That only leaves police protection. I'll ignore national defense for the moment because I don't have time to go into that discussion right now.

"Ultimately it sounds like you'd prefer the system we have now with more than one government in competition."

That would start to be an anarcho-capitalist society. Some libertarians lean that way. Murray Rothbard was a very well-known libertarian economist, philosopher and historian who was an anarcho-capitalist.

I should point out that he didn't believe that the "competing governments" concept could work. He wanted complete independence and competition among courts, police departments etc. The whole shabang. The reason I'm not quite convinced, personally, that such a society could work is because the question "could the 'libertarian' code of law be preserved under such a society?" has not been satisfactorily answered for me.

However, after reading some of his work I'm less convinced that it couldn't work than I was before. Ancient Celtic Ireland, for example, apparently existed for 1,000 years under such a system. And was a very "libertarian-like" society.

The rest of the libertarians are of the "old school liberals". Who believe that a single government is necessary to preserve the rule of law. In such a society the only role of government is to protect the rights of individuals. This limits government to the judiciary, law enforcement and national defense. There would be no "public property" (there would have to be a small amount of government-owned property). There would be no taxes. Government would be funded through voluntary contributions. If the voluntary contributions do not produce enough to support the government then it must shrink in size or dissolve. That would be a good thing because if people are not voluntarily supporting their government financially then that's a pretty good indication that the public doesn't feel that all of the government's services are necessary.

There are some problems that need to be addressed in such a system. Obviously the USA Republic has failed miserably. The politicians are completely disregarding the constitution currently, and have been since as early as 1913, but arguably earlier as well. When the constitution becomes "just a piece of paper" the government ceases to be a protector of individual rights and becomes a criminal gang.

There are various solutions that could work to address these issues. Ultimately no one has all of the answers. I just know that philosophically as well as historically government needs to be heavily restricted in order to be a force for good. Assuming that it can be a force for good at all and never turn into a force for evil. Everything that makes life comfortable today, that we take for granted, from the clothes that we wear to the computers that we're using to have this discussion were created by enterprising individuals working to improve their own conditions by creating something that would be valuable in an exchange with others. Government must necessarily exist as a prohibitory force. It's simply an organization that we've granted a monopoly on the use of coercion. Anarchists believe that government must always degenerate into evil. Classic Liberals believe that government is a necessary evil and *can* be contained, they just have yet to figure out exactly what the best way to go about it is.

Re:Nope

[tthomas48]

"That wouldn't be a government. That would be a bank."
I said let's call it a government. If you want to call it a bank, call it a bank. If you think about our federal government the majority of the representatives are under the AR/AP branch - the legislative. We feel the need to have one guy in charge of the executive, and just a few in charge of the law, but we need hundreds to lead the billing system.

"Obviously the USA Republic has failed miserably. "
Those kind of statements are where people start calling libertarians crazy. Obviously? Obviously to whom? Carping about our representatives or president is not in any way the same thing as believing our country has failed.

"For example: you would only pay a fire department when they put out a fire for you. Utilities are paid monthly even with government. Court fees are paid on a per-case basis. School tuition for private schools are paid per-semester."

Fire is insurance based. It would probably move over to that. The bill collecting aspects of an on demand payment fire department doesn't make the economics look very good. Sort of the same problem as on demand policing. "Just had your wallet stolen? I'll look for the guy who stole it - for a price." The accountants wouldn't like your business model.

Schools would eventually move back to where we are. Sending kids to private schools funded only by parents would be far too expensive (see our still heavily subsidized private colleges). Businesses wouldn't have an educated enough work force. So you probably see some sort of collective partnership pop up, or you'd see a system where rather than pay for school as you're in it, you contributed a smaller dollar amount each month for your entire life.

I guess what I'm saying is that most of what the US federal government does is what the people want it to do. Ultimately humans collectivize those essential things that cost too much per user. And the US has been a leader in doing that in decently cost effective ways that mostly stay out of the way of private industry. Are there inefficiencies? Sure. But look at the kind of inefficiencies you'd have in a libertarian society with everyone paying per use.

Re:Nope

[garett_spencley]

"Those kind of statements are where people start calling libertarians crazy. Obviously? Obviously to whom? Carping about our representatives or president is not in any way the same thing as believing our country has failed."

Obvious to anyone who cares about individual liberty and peace. When the government treats the constitution like a piece of paper it obviously doesn't regard the reason it was created in the first place as it's "raison d'etre" anymore.

Under the constitution congress needs to formally declare war in order to mobilize armed forces and maintain a presence on foreign soil. Congress hasn't declared war since World War II and the US has troops stationed in over 130 countries world wide.

There is no authority under the constitution for an income tax, or a central bank. The entire concept of a fiat (paper) currency is unconstitutional.

There's no authority under the constitution to run public schools or force kids to attend them.

When government loots from one group in order to give favours to another the spirit of "life, liberty and happiness" no longer exists.

So I stand by what I said. It's pretty obvious that if the founding fathers were alive today they wouldn't look at the current empire as being representative of their vision.

"Fire is insurance based. It would probably move over to that. The bill collecting aspects of an on demand payment fire department doesn't make the economics look very good. Sort of the same problem as on demand policing. "Just had your wallet stolen? I'll look for the guy who stole it - for a price." The accountants wouldn't like your business model."

I completely agree. I was in a rush to post last night and I regretted not bringing that up. People have insurance for fire and theft etc. today. So there's no reason that insurance companies wouldn't increase their premiums to cover payment to fire and police etc.

"Schools would eventually move back to where we are. Sending kids to private schools funded only by parents would be far too expensive (see our still heavily subsidized private colleges). Businesses wouldn't have an educated enough work force. So you probably see some sort of collective partnership pop up, or you'd see a system where rather than pay for school as you're in it, you contributed a smaller dollar amount each month for your entire life."

Murray Rothbard has written a lot about the history of public education in the USA and Europe. Do you know which groups were the strongest proponents of public compulsory education ? Labour unions. As time progressed the age requirements for compulsory attendance kept increasing. Unions have lobbied for this because they don't want a surge of young, healthy, ambitious and broke adolescents entering the labour market and competing for their jobs.

When government gets it's hands in education a few very scary things start to happen:

1) It creates monopolies. Those "expensive subsidized" universities that you speak of have an advantage over any new schools that want to enter the market and compete. Education is one of the most regulated industries in the US. It's very hard to open a new school. So while those universities are subsidized it has the opposite of it's intended effect (like almost all regulations). Rather than make education cheaper it makes it more expensive. To open a private school that teaches children is no small, or inexpensive feat. Teachers need government-approved credentials. The schools need special licenses etc. All of this gives the government control over who is allowed to teach and what they are allowed to teach. It also gives a competitive advantage to the existing schools and it drives up the price of private education.

2) Government money always comes with strings attached. Imagine a school that wanted to open up and teach Satan-worshiping. Do you think it would stand a chance to get government funding ? That le

aren't you advocating nationalized health care ?

[Guillaume+Laurent]

because all this applies to humans as well :-)

Anti-Virus Software

Why not just hand out ubuntu cd's?

Why not just a Windows tax?

[Telephone+Sanitizer]

If the government imposed a flat tax, Mac and Linux users would end up taking up a disproportionate amount of the burden for the risks that they pose.

Let's just tax Windows.

Take a third of the proceeds to subsidize antivirus software and awareness ads and use the rest to pay people to switch to a better OS.

It could work!

Re:Why not just a Windows tax?

[$RANDOMLUSER]

Indeed. Or to take TFA's argument one step further, perhaps the gubment should give Microsoft money so they could make an operating system that was secure.

Re:Why not just a Windows tax?

[ausekilis]

Except that Linux and Mac users aren't immune to viruses, they just aren't the big target. In fact, if you are working in a secure environment, *every machine* must have antivirus software installed, if it's available for the OS. To say that they would take a disproportionate amount of the (financial) burden is false. As those OS's gain more market share, or gain position in large targets (corporate servers), they too will become larger targets.

Norton AV for Mac
They do have SAV for Linux, just hidden behind obscure web design... so here's a Helpdesk page instead.
McAfee offers Linux/Solaris as well as Windows too.

Re:Why not just a Windows tax?

[Facetious]

If you are interested in AV for Linux, I have a bridge I'd like to sell you. I grow weary of the myth that Windows has viruses only because it dominates the market. Unix-like operating systems are simply built better. You have to work really hard to get those OSes to be insecure. Please research the matter, then come back and post your apology.

Re:Why not just a Windows tax?

[ekimd]

You want to tax Americans to fund Microsoft's incompetence?

Re:Why not just a Windows tax?

[uncledrax]

I'm absolutely interested in AV for Linux!
(Mostly because I op public facing mail-servers, so we scan in/out bound mail)

I agree that Unix-like OSes are better built, mostly due to the inherent separation of the user space; but if we had a wide-spread adoption of Ubuntu desktops, you don't think a % of users would just always run in root-space? Or some app developer would make some "neato-desktop-shareware-gizmo" that runs as root, but then the app gets hijacked.. all because the end-user wanted to have a virtual dancer on their wallpaper?

Re:Why not just a Windows tax?

[tb3]

I've been researching Mac anti-virus software out of morbid curiosity lately, and I've discovered one thing: it's impossible to find the contents of the signature files they use. If you (or anyone else) can point me to a list of the known Mac viruses they scan for, I'd appreciate it. The closest I've found is one vendor who bundles their Mac and Windows sigs together in one big file, and then claims they protect the Mac from "30,000 viruses".

Until I can see some concrete evidence, I remain convinced that these applications are just digital snake oil, they consume memory and CPU cycles while doing nothing.

Re:Why not just a Windows tax?

[Facetious]

I know what you mean about the irresponsible user, and certainly that will happen. But consider the scenario you describe. There is no "root" user to log in as such on Ubuntu. Certainly some clowns will write apps to exploit users' stupidity, but Ubuntu (among others) are so much a part of the F/OSS community that said clowns should be kept in check pretty well. I'm not saying exploits won't happen, but I do believe that they will be far less of a problem than Windows users are used to.

Re:Why not just a Windows tax?

[Sir_Lewk]

If you just need something to scan for windows boxes, look into ClamAV.

However antivirus for linux is worthless for anything but scanning for windows viruses and always will be.

Shilling?

[Syncdata]

Yes, because right now, after bailing out the financial system, and the auto industry, some industries, like the multi billion dollar security sector, are feeling left out. Where's our share of the grift?

Here is another thought...

[alexborges]

On the same line:

How about the .gov buying adds to stear people away from windows?

Re:Here is another thought...

[alexborges]

Did you have to ask?

No, it isnt. And I'd wager a whole LOT of people here at slashdot are also non-native english speakers or writers.

Are you a grammar teacher?

Re:Here is another thought...

[MyLongNickName]

It is why I asked instead of flamed :)

Re:Here is another thought...

[alexborges]

In any case, Id like you to post any correction (aside from the obvious adds vs. ads): I like to write as well as I possibly can.

You Seem to Forget a Generation

[eldavojohn]

If the graph is a straight line with the value $0 when nobody else installs anti-virus software, and $10 when everybody else installs anti-virus software, then each additional user installing anti-virus software creates an additional benefit to me of 1/100,000th of a penny (so 1/100,000th of a penny, times 100 million, comes out to $10).

I have four living grandparents non of which own or use a computer much less the internet. While you may claim that it benefits them in some way, they don't give a damn. I think you have a good argument but why not tax internet connections from ISPs instead? You know, like there are home owner taxes there could be internet users taxes that tax specific people. Sure, now you're paying $12.50 instead of $10.00 but at least my retired grandfather isn't paying for your Slashdot habit.

I'm certain there are people my age who are working yet chose not to have internet and that is their right and I do not think they should be paying for our virus problems.

Re:You Seem to Forget a Generation

You seem to forget that they interact with computers indirectly -- when they buy from a store with a card or use the bank to cash a check the information goes through computers. When they pay their electric bill or call your cell phone, computers.

Unless they live off the land with an aquifer, no electricity and are ignored by the tax man because they've spurned Social Security your grandparents interact with computers even if they don't know they do.

Re:You Seem to Forget a Generation

[Sophacles]

Your grandparents' info hangs out on computers. SSN, CC, etc all live in some computer system somewhere. Further that info is accessible by other, virus prone computers. These computers are in the hands of bankers and merchants and whatnot, not your grandparents. So whether or not grandma does online bill-pay, she still benefits from a higher level of computer security.

Conversely since they won't be paying the tax, I demand that their info is put on less secure systems since: 1. security is not cheap, and 2. I will not shoulder the cost of freeloading old people.

Re:You Seem to Forget a Generation

[jeffmeden]

Sure, now you're paying $12.50 instead of $10.00 but at least my retired grandfather isn't paying for your Slashdot habit.

Say, that gives me an idea. Since as we all know (we being slashdot users) that those of us on Slashdot are the most informed of all internet-goers on the planet... Why not just mandate Slashdot readership for all internet users? Hell, maybe even subsidize subscriptions. If more people read Slashdot and knew the things WE know... Well, no problem can hide from one hundred million pairs of eyes.

Re:You Seem to Forget a Generation

[Knightmare+1]

The store would already be paying the tax for their Internet connection, and pass it to its customers through increased costs. His grandparents would already pay for it indirectly, so no need to tax them an additional 10$.

Re:You Seem to Forget a Generation

[InverseParadox]

I have four living grandparents non of which own or use a computer much less the internet. While you may claim that it benefits them in some way, they don't give a damn.

And they wouldn't be taxed, because they don't use a computer.

From TFA:

suppose that if I had a choice between living in a world where all 100 million other Internet users in the US had no anti-virus software installed (using round numbers to make things simpler)

The 100 million being discussed is only people who are Internet users, not "the entire population of the USA" (I think that's closer to 300 million by now, actually). Since your grandparents don't use the Internet, they wouldn't be included in that count, and so wouldn't be obligated to pay the tax.

(Two weeks late! Whee! At least I'm not jumping into that 'definition of libertarianism' thread...)

Re:This is ridiculous

[tomhudson]

It's worse -it's a disguised bail-out of Microsoft and anti-virus vendors.

It would help keep the idea alive that it's okay to sell virus-prone software. Why not use the same money to push for more development and higher adoption of linux or bsd?

Or create 2 internets - one for windows users, and one for people with a clue.

Just have the media sensationalize it ...

[xmas2003]

As we saw recently, tons of media coverage about the swine flu caused a dramatic change in people's behavior and basically destroyed the Mexican tourist market ... even though it didn't seem much worse that the "average" flu ...

Re:Just have the media sensationalize it ...

[geekoid]

Correction:

Even though on hind sight it doesn't seem to be worse then the standard flu.

Wheh something that new and virulent comes up, you must put caution first. While it don't happen often, occasional something appears that's very deadly. You do not want to wait until 1000 people get it before beginning to prepare. The risk is too high.
Of course, there was some over reaction. Here in Oregon a child 'probably' has it and the closed the school district for 2 days and the school for a week.
I wonder how much of it was safety and how much of it was an excuse for cost savings?

Remember, the Spanish Flu started off as a mild flu, then after summer it killed 28% of people infected.

Re:Just have the media sensationalize it ...

[Opportunist]

Why would the media do it? The only reason why swine flu can be such a hype is simply that people can relate to it. We all know how "easy" it is to get a flu. Everyone's had one by now, I guess. You simply catch it. Now there's a flu that kills. Teh horrorz! Sky falling!

Computer viruses? Yeah, I heard about it but I never had one, I don't care...

Re:Just have the media sensationalize it ...

[tunapez]

Who are you kidding???? This was the nastiest endemic epidemic pandemic we've had since the last strain(chicken? dog? pony?) of flu killed 40,000 + in the US alone!!! 8% of all deaths were due to the plague that jumped to virtually every continent in less than 3 months!!!! It was sheer chaos, young & old were not spared, they were dropping like flies!!!!

Heck, that was back in 2007... go waaaay back to the 2004 or 2000 when the mortalities really spiked to over 60,000!

RUN FOR THE HILLS!!!!!!!!!!!

Re:Just have the media sensationalize it ...

[Sir_Lewk]

When the media sensationalizes computer viruses and worms they don't hype the preventative measures you can take. Instead they tell you that mad haxx0r computer wizards from the internet are going to take over your computer, turn it into a bomb, and kill numerous small children with it, and that there is nothing you can possibly do to prevent this other than remove your computer's CPU or destroy it's brain.

You'll get no useful hype out of the media when it comes to technology issues.

the problem is not

[nimbius]

the fact that people dont use antivirus software. the problem is windows is an OS that tends to get brutalized every week or two by a new virus, and the manufacturer does not appear to care.

a better idea would be to make an incentive for OS vendors to build a better product.

Re:the problem is not

[Microlith]

Microsoft can't solve PEBCAK without taking control over the computer completely out of the user's hands.

Are you willing to give them that level control?

Re:the problem is not

[dufachi]

Fine the OS vendor for every virus that infects its OS.

M$ would be the most secure OS on the planet in a matter of weeks. I seriously think they do not fix the issues to support the Anti-Virus/Anti-Malware aftermarket; which they are now members of (OneCare).

Re:the problem is not

[Blakey+Rat]

Windows is pretty damned secured at this point. Well, Vista and Windows 7 are. The problem is:

1) Most Windows install are running software that isn't, for example, Adobe Reader or Sun Java. The only virus I've gotten in the last ten years of using Windows was the Vundo virus, on my work computer, through Sun Java. Make sure you're holding the right company to task: I'm certain that at this point there are far more security holes in popular third-party applications from companies like Adobe than in Windows itself.

2) Windows users have been actively discouraged by many technical communities (especially you, Slashdot) from upgrading their XP machines to more secure OSes. Vista might have backwards-compatibility issues with older software, but it's a hell of a lot more secure than XP is a lot of ways-- IE runs in a sandbox, sensible default permissions. IMO, the technical community should always encourage less-technical users to upgrade to more secure products. (That includes service packs, and upgrading IE versions. Even if you hate IE, newer versions of it are much better than older-- tell your friends and relatives to upgrade IE *then* download Firefox.)

3) Many Windows users are perfectly willing to give spyware/viruses permissions to run. No matter how many protections are in Windows (and other OSes), eventually you're going to have to give users the ability to install new software-- when push comes to shove, sooner or later, Windows is going to show "Allow or Cancel" and the user's going to hit "Allow." And remember the virus a few years ago that required users to download a .zip file from their email, type in a password to extract it, then run the resulting .exe file?

Number 3 there is going to be a tough nut to crack-- if you can secure a computer used by this type of user, you deserve a Nobel.

Re:the problem is not

[godrik]

Well, I have already read several comment that tends to say the problems comes from windows. I am not sure windows is the (only) problem. Don't get me wrong I'm am a faithful user of linux, but I believe the problem is mainly user related. And I do not believe linux would do much better than windows if targetted by malware writer:

1/ Users are going to install the crap that they believe is nice such as "emoticon packs" or "the new application to know who banned you from MSN".

2/ Linux users tend to believe their operating system is virus free. The last pwn2own showed that firefox is still not bug-free and those bug can imply arbitrary code execution. If firefox does not run in a sand box (or similar protection), the problem will remain. Linux noob will tend to install package from source or do stupid things they read online. This will install virus as well.

You could say that some virus would be installed but will not reach root privilege. You do not need to have root privilege to be pain in the ass. you can compromise all openoffice document using script (as in MS Excel), you can access password in firefox (even if it is protected by a master password, at some point the user will use them). Well, all your user data are compromized.

However, gaining root privilege is usually easy: First, most people only have one account on the machine which use su, sudo or gksudo to perform administration under their X server. If you have a malware running while you use those, you're screwed. If you use a separate account to perform those task, transfering data between users can become a problem. Even if you do not transfer data, the operating system is not bug-free. Most of the time, several services run under root, there are a couple a suid binary in the system. Or there can still be kernel issues.

I am not sure that Linux is currently much more secure than windows. I believe it is more secure, but in only a marginal way. Notice that I did not said anything about Mac OS X, since I do not know it well. But I am sure the same question arise.

Re:the problem is not

[geekoid]

By not allowing people who sell computers to also sell or recommend an OS.

That would give an opportunity to the market.

Re:the problem is not

[jvd]

I think it's a bit irrational to only blame the OS vendors.

Although I, of course agree that software companies should build secure software from the get-go you also have to understand that much of the blame also goes to the user. They shouldn't be opening (or clicking for that matter) ANYTHING and EVERYTHING that passes through their mailbox or instant messenger.

And I believe that to prevent bad or unideal user actions a good AntiVirus/AntiSpyware suite comes handy. Aside from instructing users on good practices.

So, in short, I believe that the government sponsoring healthy and good practices in their computing experiences is a very, very good idea.

Re:the problem is not

[IndustrialComplex]

The only virus I've gotten in the last ten years of using Windows was the Vundo virus, on my work computer, through Sun Java. Make sure you're holding the right company to task: I'm certain that at this point there are far more security holes in popular third-party applications from companies like Adobe than in Windows itself.

Damn I hate that one. I want to clear it off, but I can't because the wife needs a windows machine to access her online courses. I don't dare risk clearing off Windows during finals week, but I've got the Ubuntu CDs burned and waiting...

I knew a guy who wrote a virus/worm back in college and it spread pretty far, but it never got my ire up like these botnetters. Had the guy I knew made something so criminal as these, I probably would have thumped him pretty hard. But his intention wasn't damage or greed, just curiosity, and it cleared out of him pretty quick after I talked to him a bit.

Re:the problem is not

[Deathlizard]

the fact that people dont use antivirus software. the problem is windows is an OS that tends to get brutalized every week or two by a new virus, and the manufacturer does not appear to care.

You can run the best and most secure OS in the world, and you can patch holes everyday, but in the end you can't patch stupid.

If a person that is not computer savvy is browsing along, and runs into a popup that says "OMG JOO GOT PWNED WIT TEH VIRUZZZ CLICK HERE NOW!!!!!!!!!!!" He's going to click here, download ICLEANTEHVIRUZHONEST.EXE and BAM! VIRUS Infection.

Giving him a different Browser just gives him a different procedure to run ICLEANTEHVIRUZHONEST.EXE

Giving him a Different OS just gives him a different executable file, such as ICLEANTEHVIRUZHONEST.APP or ICLEANTEHVIRUZHONEST.RPM

Telling him to ignore these popups either results in him ignoring a real virus scanner's warning of "ICLEANTEHVIRUZHONEST.EXE is a virus, disinfect or Ignore?" or everything he heard went in one ear and out the other, and runs ICLEANTEHVIRUZHONEST.EXE anyway.

Don't believe that viruses use this method? Go look up Antivirus 360, or Internet Antivirus Pro, or whatever "rogue antivirus of the day" you can find. That's exactly how they infect. It uses Web ads to initiate the dropper site. Is it browser Agnostic, would be trivial to make it OS agnostic, And uses web page popups and standard non-exploiting Javascript to socially engineer you into believing that your system is infected.

As for Virus scanning, it should be integrated in Windows. Unfortunatly, you'll never see it because MS doesn't want another antitrust trial on their hands.

Re:the problem is not

[Opportunist]

Very true. I had a revelation recently through my (very non-techy) dad: People cannot (or do not) discriminate between browser popups and system popups.

He opened a page and it said something about him having to update something important (yes, guess what...), and to CLICK HERE to do just that. Now, my dad is neither a dancing pig fan nor someone who lets down his guard easily (if you think I'm paranoid, you haven't met him yet), but it was pure luck that I was in the room and could leap at him before he could click.

Reason: He saw a window that prompted him to update something and he is used to this by now, because Windows, or some program running in it, does the same from time to time.

Non-tech people don't see the difference between browser content and a system popup. The first thing to teach people is that anything, literally ANYTHING, they read in a browser window is to be treated as hostile and generally something you simply DO NOT trust inherently.

Teach people the difference between browser popups and system popups first of all.

Re:the problem is not

[rantingkitten]

Many Windows users are perfectly willing to give spyware/viruses permissions to run. No matter how many protections are in Windows (and other OSes), eventually you're going to have to give users the ability to install new software

I think part of the issue is that Windows' model of software installation means that downloading and running random, untrusted executables from god-knows-where is simply The Way Things Are Done. There are no vetted-and-verified repositories of software -- you're expected to just download random garbage and run it.

Besides the malware that much of it comes with, it also conditions users to not think about what they're doing, because downloading and running random stuff is completely normal to them.

Yes, and quis custodiet, anyway?

[Geoffrey.landis]

I agree with the comment about positive externalities, which is a factor not always well understood by the libertarian-leaning computer community, but the problem is that I can't see a good argument that the government would do this well.

Frankly, working for the government, I would say that the government's understanding of computer security is negligible. Their advertisements would consist of warnings telling you to use non-rememberable twelve- or more character passwords with upper lower number and symbols, and to change all your passwords every ten days to a different non-rememberable twelve- etc password, and then warn you to never go to any website that isn't on the official government approved list, because you might get phished.

An alternate suggestion would be, go after the spammers and the malware distributors. Malware is getting distributed because people are making money off of it. Follow the money, and shut it down, and malware will go back to being a hobby of a small community of nerds.

Re:Yes, and quis custodiet, anyway?

[cbiltcliffe]

An alternate suggestion would be, go after the spammers and the malware distributors. Malware is getting distributed because people are making money off of it. Follow the money, and shut it down, and malware will go back to being a hobby of a small community of nerds.

But if they did that, then the powers that be wouldn't have an excuse for regulating and censoring the Internet.

Reporters minimise threat

[whoever57]

The other day, I heard a discussion on BBC Radio 4 in which an expert basically suggested that the threat from viruses, worms, etc., was not so severe. He stated that it would be impossible to kill the Internet in the UK, because doing this would require cables to be cut.

It seems to me that he was ignoring many treats, such as corrupting the routes published by key routers and the fact that many threats don't involve a complete meltdown of the Internet. Lesser threats were mentioned earlier in the discussion, but the later statements would make people think that the threats form viruses, etc. was overblown -- especially since the later person commented that the former who mentioned these personal threats worked in the industry and hence had a reason to exaggerate them.

Many people would come away from that discussion thinking that there was nothing to worry about and that they probably don't need anti-virus software.

Re:Reporters minimise threat

[geekoid]

It is overblown.
Both it's severity, and it's 'damages'

Re:Reporters minimise threat

[Opportunist]

Overblown and undercared.

You can't get sensible information on the topic. Like on most. The media try to hype everything like it's doom's day. It's not. There is no doomsday virus out there. Conficker, while having the potential to be a really expensive crapfest for companies, can easily be dealt with. And while it is spreading like the plague it is, so far it hasn't the critical mass yet. It's still growing, though, so we might maybe finally get to see what a global internet blackout would be like.

So far, though, damages are rather local. A few companies lost a few 10k bucks, but we're far from global meltdown.

Re:Reporters minimise threat

[whoever57]

So far, though, damages are rather local. A few companies lost a few 10k bucks, but we're far from global meltdown.

But that's part of my point -- it doesn't take a global meltdown for viruses, etc. to cause a lot of damage. Also, since most malware is written to exploit PCs and the data they contain, a global meltdown is unlikely because it is not in the economic interests of the people who release malware.

F---- THAT!

[tjstork]

I'm not spending my taxes on free advertising for McAffee.

Re:F---- THAT!

[PrescriptionWarning]

Ditto to that. Shouldn't they instead tax the unsafe operating systems (mostly, if not only Windows) that are sold for money and require people to then pay more money for antivirus? Taxing the usage of internet for providing antivirus seems lame when you have an operating system that has little need of it right now, such as Linux and OSX (mostly). Plus it certainly disregards the growing number of free antivirus programs that can be used by consumers.

Re:F---- THAT!

[jvd]

Seems like you're taking (greatly) out of context the idea.

I don't think any money should go to advertise software companies, rather than to promote good computing practices. If you think it's a waste of money, you should think a bit more about the amount of money that flows through the Internet.

As our lives become more and more connected, I see this as a requirement. More and more people everyday start making money transfers, purchases, and basically any transaction that they would otherwise do physically over the Internet, yet, they do it so carelessly without even knowing the risks and consequences of their careless actions.

It wouldn't hurt to just let them know and inform them. After all people even pay taxes over the Internet, I think this should concern the government a bit too, wouldn't you agree?

Re:F---- THAT!

[jvd]

We could argue about how secure is Linux or any other operating system in the hands of a security unaware individual. But that's not the point, because last I heard more than 80% of the world computers run on Windows and their operators are not experts or have any sense of security.

Usually Linux users are more technical people (even home users) and usually posses knowledge and common sense regarding security. I don't think they would be the scope of this idea, rather the other 99 percent of the users that don't have a clue.

Re:F---- THAT!

[maxume]

Yes, exactly. Someone else is.

Re:F---- THAT!

[tjstork]

Seems like you're taking (greatly) out of context the idea.

Not at all. The idea promotes the anti-virus software as a solution to malware. That is far from the only solution. By promoting a particular solution to a problem, you subsidize the industry that caters to that solution. Get it? So its free advertising for the A/V people.

Re:F---- THAT!

[jvd]

Yes at all. It's pretty much the same effort US government is doing in making sure everyone completes the transition to digital TV.

They're not promoting X brand of digital TV converters or XY cable TV company or XYZ satellite TV company. It's the same thing really, and you're taking it out of context.

I agree that promoting ONLY the use of an anti-malware software as a solution to security problems is not the way to go. However, promoting the best practices of computer security (which includes having an up-to-date AntiVirus) would be a good way to start.

Causation & Fines

[CajunArson]

One problem with trying to penalize people who spread viruses (at least on a tort theory) is the problem of causation, since you have to be both the cause-in-fact and the proximate cause to be liable for a tort. Here's an example of what that means and why it could be difficult to blame any single person for the spreading a virus, except maybe for the person who unleashed it in the first place:
      Say there's a worm like Conficker that is very prolific and is being spread by many different means over the open Internet and where there are many exposed hosts. Say that for whatever reason I get infected, but that I happen to have detailed logs of the network traffic I received that shows that one A. Dumas who lives in Blackacre owned the IP address that I got my infection from. Say that further, this isn't some fluffy case where Dumas can claim it wasn't his computer or that he wasn't using it, instead Dumas was indeed sloppy and got himself infected with Conficker negligently. The problem is that while Dumas is the direct cause of me getting Conficker, he is likely going to be able to claim that he was not necessarily a but-for cause, meaning if he didn't infect me, somebody else would have. To make matters worse, with a worm like Conficker it would be likely that the "somebody else" would infect me in a very short period of time, possibly only minutes or seconds, after Dumas did it.
      So the end result could go two ways depending upon how a court would look at causation. Some courts might let Dumas off from liability since you really couldn't prove he was the but-for cause, but instead only one random cause amongst millions of possibilities. Other courts would say that yes, Dumas is the cause, but that the damages would be whatever the cost to me is of having Conficker... for 5 minutes or however long I would reasonably had an uninfected computer but for Dumas's infecting me. That would likely lower the damage amounts greatly, and make suing somebody else pretty unattractive.

    Of course, Tort law isn't the only way to handle this. The government could always come out an slap fines on people and the only thing they need to prove is that you were spreading the virus. I'm pretty pro-security, but I frankly think that would be a very bad idea that would lead to losses in freedoms much greater than anything people on Slashdot would imagine. If you are paranoid that some international phone calls were being intercepted before, imagine what it would be like when it is necessary to monitor everybody's network traffic to prove who had a virus and when they had it. Further, imagine all the insane regulations that would follow. For those of you naively thinking that this would somehow lead to Windows being banned from the Internet, think again. Given how the government works it would likely lead to any OS except for Windows and OS X being banned from use entirely. The reason would be that only Apple & Microsoft could effectively afford to pay the massive "licensing fees" and hire armies of lawyers to cut through the red-tape needed to get government approval to connect to the Internet.... not a pretty scenario at all.

Libertarians don't support taxes.

[Nitage]

Why don't the anti-virus companies just use some of their revenue to advertise or to provide private subsidies to home users (or schools etc)? Same effect on AV adoption as the government subsidies, without the need for taxation or the need for the government to subsidize any paticular product (and all the corruption and bribes - sorry lobbying and 'campaign contributions' that go with government pork).

Yet another door for malware

[erroneus]

If the government sponsored public service announcements advising antivirus protection, every attempt would be made by malware distributors to make their malware look even more like antivirus software than before and would likely be made to resemble norton/symantec or mcafee software products.

Interestingly enough, some people here are already preaching "abstinence" by suggesting people learn what not to do with their computers and where not to go on the internet.

There will always be amazingly stupid people using computers and getting on the internet just as there are amazingly stupid people driving motorized vehicles on the freeways. Cars are safer to operate and require less knowledge. The problem is that there is a "software product" business alive out there that depends on people wanting to install every bit of software they can find.

While most people are generally against the idea of a "limited Windows" I am rather for it. It would be precisely those sorts of controls that would prevent people from installing and running too much software. There will always be the "greasers" who will want to use other operating systems or otherwise use windows without limits and that's fine -- I am not afraid for the educated and knowledgeable users out there. What I am afraid for are those who don't know they need limits. Those are the same people who buy viagra online among other things.

Microsoft should give Windows away for FREE but make it limited and very locked down. People would then need to pay for the right to run without limits.

Will regulation fix the issue?

[Glass+Goldfish]

Let's say we have every single consumer operating system pass rigourous security tests before it is sold to the public. Will that decrease the number of infections or will the malware industry simply take longer to compromise the more secure systems? There is a concept about locks that no lock is fool proof, the better locks merely increase the time to compromise it.

I am deeply against penalizing the average citizen for having their computer run government approved security software. Most people barely understand their computer. The security within the operating system could lead an average user to believe that their system is secure. It's not someone having a gun stolen from their unlocked house and being sued by the victim shot by it. It's someone breaking into your house and using a blowtorch to get into your gun cabinet and then using that gun to shoot people.

WTF?

[Cyberax]

Since when a computer without AV software is somehow 'insecure'?

Is author so thoroughly conditioned that he can't even imagine that it's perfectly possible to use Windows without getting viruses?

Re:WTF?

[TheRaven64]

It does seem strange. I used AV software on Windows for several years and never saw it catch a single virus. From this I conclude one of the following must be true:

• My system had viruses, but AV software failed to catch them and is therefore useless.
• My system was never exposed to viruses, and AV software is therefore superfluous.

On the other hand, I installed Windows XP on a machine on campus a few years ago, and it got a virus within a few minutes of first boot, while Windows Update was running.

Re:WTF?

[Opportunist]

Sure, no problem. Just don't connect it to the internet and never connect anything that could contain or transmit any kind of data. :)

No, seriously now. While you're right, I don't think Joe Averageuser out there can make the same "informed decisions" you make.

Negative Externality First

[Bob9113]

I'm all for educating users about the harm they are causing by using insecure operating systems and engaging in dangerous behavior.

However:
subsidizing the purchase of anti-virus software

Don't dip your damned hand into my pocket and hand money to McAfee before we first educate these people. Then start holding them accountable for the damage they cause. Then, and only then, as a last resort if nothing else works, can we talk about holding their hands because there is no other way out.

I support methadone clinics, but first I support putting junkies who steal in jail. Same thing here. People are wantonly engaged in destructive behavior and you propose that we first harvest the positive externality, before addressing the negative externality of their destructive behavior. I am a strong believer in externalities and the balancing thereof. But let's start with the negative side, with holding the junkies accountable for their behavior.

Re:Negative Externality First

[geekoid]

Also, it's the woman's fault she got raped, she wore a short dress!

Stop blaming the victim.

I went to the extreme to make a point.

However, yes you are correct, don't subsidize the purchase of anti-virus.

Education about how to behave would be good as well as education on the Virus Risk between Windows, Apple and Linux would be nice as well.

Re:Negative Externality First

[Bob9113]

Also, it's the woman's fault she got raped, she wore a short dress!

Stop blaming the victim.

I went to the extreme to make a point.

I'm curious, and may sound like a terrible person for even asking the question, but I feel I must: How far does this hypothesis go?

I believe that your polemic is a product of the general (and I believe accurate) belief that most rapes happen in non-hostile situations, where the woman had no significant reason to be on guard. But I think the above polemic has a dangerous side effect.

I live in an extremely rough neighborhood. By the crime maps, I live on the second most dangerous block in San Francisco. Far from the worst in the world, or even in the states, but very rough. Sometimes, late in the evening, I will go out for a soda at the corner store. The corner store where there was a shooting a few weeks back, and right near where the crack dealers ply their trade (my guess is that the two are related).

When I do that, I dress for the occasion. I don't wear my office clothes, and I have my head on a swivel watching for threats.

Hypothetical case one: Suppose I park my car at that corner, leave the windows open, leave the keys in the ignition and the engine running. Then I head up to my apartment, make a sandwich, watch some TV, then head back down to get my car. Do I bear any responsibility for the fact that it is gone when I get there? Should the government buy me a new car because I am the victim?

Hypothetical case two: Suppose I dress up in an nice suit, go to the corner store, and flash a wad of bills when I pay for my soda. Do I bear no part of the responsibility for my mugging? The mugger should go to jail, for sure, and better policing would be nice, but isn't there some degree of due diligence on my part that is reasonable to expect?

Hypothetical case three: Suppose a woman dresses up in an expensive, revealing outfit, and walks up and down sixth street, late in the evening, back and forth past those dangerous fellows near the corner store. In part because she likes the attention she was getting from their hoots and hollers, in part because she doesn't realize just how dangerous they are.

If anyone does anything to her, the person who does it is clearly the aggressor, in the wrong, and should go to jail.

But does she bear any responsibility?

Is it the case that a person can never bear any portion of the responsibility when a crime is committed against them, or is there some level of due diligence that is reasonable to expect in some situations?

Re:Negative Externality First

[Opportunist]

The hole in your argument is that said woman does not go around and starts to rape random people because she got raped. But that's exactly what happens in the case of a malware infection: You're being turned from a victim into an accomplice.

If an infection could only affect the infected, he'd be a victim and should be treated as such. An infection turns him into an attacker instead, though. And in this case, the interests of the many outweigh the interests of him.

!= Libertarianism

[jasonditz]

State subsidies for antivirus programs are going to have all sorts of unforeseen and undesirable consequences. Beyond the whole spending money they don't have thing, virii are predominantly a Windows problem.

By making anti-virus software a matter of public policy, the government will be encouraging people to use Windows ahead of alternatives, whose achilles heels are not being masked by government action. PSAs about the efficacy of free anti-virus programs is also going to further the illusion that Windows is (or at least can be made) a safe experience.

The only safe Windows experience is abstinence, and we don't need DC telling our kids otherwise.

Anti-virus, anti-malware, anti-...

[knarf]

OK, here's a comparison to chew on:

You are getting overweight, feeling wheezy, have bad breath and sometimes feel like your heart is beating irregularly. Feeling uncomfortable with these facts and symptoms you consult a doctor. After a short conversation you tell the doctor that you eat out at McDonalds every day.

Now the roads diverge:

scenario A)

The doctor tells you that you should take a diet pill every day, should use mint drops to cover your bad breath, should come back once per month to have your heart checked and get someone to assist you when you feel wheezy.

scenario B)

The doctor tells you that eating at McDonalds every day does tend to do these things to people. A burger every now and then does not do harm but if you only eat burgers you tend to develop these problems. He tells you about alternatives to McDonalds where more healthy food is served, advises you to cook a meal for yourself once per week, to get some exercise and to quit frequenting McDonalds.

Which doctor would you rather have?

And if your answer is 'A', then would you want the government to sponsor diet pills and mint drops as well?

If there is a cure for the disease then why only treat the symptoms?

Re:Anti-virus, anti-malware, anti-...

[PoliticalGamer]

The difference between this and anti-virus software is that not owning anti-virus software hurts other people, being fat and unhealthy does not (or at least not as directly). I would not want the government to sponsor diet pills for this reason; it only helps fat people who are taking the pill. However, anti-virus software helps everyone.

Re:Anti-virus, anti-malware, anti-...

[knarf]

OK, how about this then:

Your neighbourhood is being plagued by gangsters. They demand 'protection money' from business owners, otherwise bad things will happen to their livelihood. Cars go up in smoke, windows break, inventory gets damaged, stuff gets stolen. There are two politicians who claim to have a good solution:

Politician A proposes to set up a fund to pay off the gangsters. They will stop destroying stuff, society as a whole progresses, everyone is happy.

Politician B proposes to hunt down the gangsters.

It is clearly important to get those gangsters off the streets. Both solutions would achieve this goal. Which politician would you vote for?

Re:Anti-virus, anti-malware, anti-...

[plague3106]

The problem is that most people only want to hear A. Everyone knows being fat causes health problems... yet I don't see a whole lot of people changing their ways, do you?

Re:Anti-virus, anti-malware, anti-...

[meyekul]

If there is a cure for the disease then why only treat the symptoms?

Amen to that. If someone can be sued for downloading an mp3, and if the whole Pirate Bay trial can happen, why can't it be universally illegal to damage someone's computer intentionally? It's a real, tangible thing and has real costs associated with fixing, so how is it any different than someone running by and chucking a brick through my window? (with an herbal viagra ad, and contact information taped on it!)

I used to get a lot of fax spam and I would often call the companies sending out the notices to complain. I'd tell them that what they are doing is illegal, and that I was going to report them to the FCC if it didn't stop. Know what? They laugh at you, because 90% of them are outside of the US and could care less what our laws are. It would be the same thing if malware was deemed illegal, so there needs to be some system in place for international cyber crime. What happens if someone outside the US hacks a bank and steals a few million dollars? Where is the line drawn to determine when an offense is punishable internationally?

Re:Anti-virus, anti-malware, anti-...

[PoliticalGamer]

better, but how do you suppose we hunt down viruses? Or are you suggesting that we punish windows users?

Re:Anti-virus, anti-malware, anti-...

[knarf]

Not 'hunt down viruses'. Get rid of the susceptibility to viruses. Use something which does not attract viruses in the quantity and quality that the current monocrop does. Diversify, spread, cross-pollinate. Stop shooting that old horse full of drugs to keep it from being lame. Bring it to the knackerman and get yourself a new ride.

In other words, ditch the windows monoculture and install something else. There is plenty of choice after all, and almost all of it is cheaper than staying on the Microsoft bandwagon. Now is a good time to do this as Microsoft wants you to move to Vista or (when available) its twin Windows 7. Why be a tool when you can hold the hammer instead? Why follow the flock when the pasture on the other side is greener and the flock is heading off the cliff?

Enough with the metaphors, I guess you get it now...

Re:Anti-virus, anti-malware, anti-...

[Ifni]

Isn't proposition A how we got cops/government in the first place?

Re:Anti-virus, anti-malware, anti-...

[PoliticalGamer]

As much as I agree with this, I don't think the government should be intervening in the OS market. Also, the "monoculture" you speak of is inevitable; the computer illiterate will always stick with whatever their computer comes with out of the box, which is usually Windows.

De-Fense! (clap clap)

[tepples]

Where in the constitution would be the mandate for the feds to promote something like this? I know people try to squeeze everyting into the 'general welfare' statement

From the Constitution:

The Congress shall have power to lay and collect taxes, duties, imposts and excises, to pay the debts and provide for the common defense and general welfare of the United States

Other countries have used military botnets. Therefore, a campaign against botnets might even count as "defense", in addition to the "welfare" and "commerce" arguments that others have made.

Re:De-Fense! (clap clap)

[slinches]

Where in the constitution would be the mandate for the feds to promote something like this? I know people try to squeeze everyting into the 'general welfare' statement

From the Constitution:

The Congress shall have power to lay and collect taxes, duties, imposts and excises, to pay the debts and provide for the common defense and general welfare of the United States

Other countries have used military botnets. Therefore, a campaign against botnets might even count as "defense", in addition to the "welfare" and "commerce" arguments that others have made.

The quote you pulled from section 8 of the constitution does not include the full context. The 'defense' and 'general welfare' statements are part of the preface to the list of powers granted to congress. Some interpret this not merely as an explanatory preface, but as part of the listed powers even though this interpretation directly conflicts with the intent of the constitution: to limit the power of the federal government in favor of state/local government and private citizen's rights.

Section. 8.
The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;
        To borrow Money on the credit of the United States;
        To regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribes;
        To establish an uniform Rule of Naturalization, and uniform Laws on the subject of Bankruptcies throughout the United States;
        To coin Money, regulate the Value thereof, and of foreign Coin, and fix the Standard of Weights and Measures;
        To provide for the Punishment of counterfeiting the Securities and current Coin of the United States;
        To establish Post Offices and post Roads;
        To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;
        To constitute Tribunals inferior to the supreme Court;
        To define and punish Piracies and Felonies committed on the high Seas, and Offenses against the Law of Nations;
        To declare War, grant Letters of Marque and Reprisal, and make Rules concerning Captures on Land and Water;
        To raise and support Armies, but no Appropriation of Money to that Use shall be for a longer Term than two Years;
        To provide and maintain a Navy;
        To make Rules for the Government and Regulation of the land and naval Forces;
        To provide for calling forth the Militia to execute the Laws of the Union, suppress Insurrections and repel Invasions;
        To provide for organizing, arming, and disciplining, the Militia, and for governing such Part of them as may be employed in the Service of the United States, reserving to the States respectively, the Appointment of the Officers, and the Authority of training the Militia according to the discipline prescribed by Congress;
        To exercise exclusive Legislation in all Cases whatsoever, over such District (not exceeding ten Miles square) as may, by Cession of particular States, and the Acceptance of Congress, become the Seat of the Government of the United States, and to exercise like Authority over an Places purchased by the Consent of the Legislature of the State in which the Same shall be, for the Erection of Forts, Magazines, Arsenals, dockYards and other needful Buildings;--And
        To make all Laws which shall be necessary and proper for carrying into Execution the foregoing Powers, and all other Powers vested by
this Constitution in the Government of the United States or in any Department or Officer thereof.

Re:De-Fense! (clap clap)

[Loki_1929]

Other countries have used military botnets. Therefore, a campaign against botnets might even count as "defense", in addition to the "welfare" and "commerce" arguments that others have made.

Other countries have used military aircraft. Therefore, a campaign against military aircraft might even count as "defense".

So the Federal government can mandate that everyone purchase anti-aircraft artillery.

Re:De-Fense! (clap clap)

"general welfare of the United States"

Not your welfare. That's up to the States and you.

And they aren't going to quarter troops in my computer. You can find that somewhere in the constitution too.

Re:De-Fense! (clap clap)

[DavidShor]

Yes, I'm sure they very well could. Such legislation would be retarded, but it would be constitutional...(Seriously, how is that any different than how we're required to buy cars with catalytic converters?)

After all, congress has the power to mandate that people *die* for national security(See the draft). You seriously think that your freedom to use your computer without anti-virus software would be upheld?

Re:De-Fense! (clap clap)

[Ifni]

Is this what is called a strawman? The GPP was making the point that a campaign against botnets was a prudent measure, not necessarily the purchasing of AV software. Much like the campaigns against the Germans in the Second World War, people weren't tasked to buy weapons, they were tasked to buy bonds, conserve critical resources, etc. A campaign in this context isn't necessarily "buy the most expensive defense" - it is a call to action, either by educating the public on proper precautions for reducing/eliminating the problem or asking them to take reasonable steps (including purchasing resources) to more aggressively attack the issue. Like getting a flu shot or buying a gas mask or one of any number of less-extreme-than-buying-artillery solutions such campaigns have employed in the past. He might like the idea of everyone buying AV software, or he might like the other proposals which included awareness campaigns, levying fines against those who cause harm through inaction, or mandating minimum security levels in OSes. The latter two are less like campaigns and more like simple legislation, but the point is that AV software is obviously more practical and affordable a solution to a problem than everyone owning an anti-aircraft gun. Recommending everybody buy a $40 item and recommending that everybody buy a $50,000+ item are widely separated on the "appropriate response" spectrum, and I think you are well aware of that.

The more appropriate (and currently enacted response) to the fact that other countries use military aircraft is to tax our citizens in order to fund our own military force and equip them so that they can deal with the airborne threat. When planes first started becoming widely used for military purposes, I can imagine that those awesome 50's "duck and cover" films addressed how to react when the enemy planes came by for a visit. They didn't encourage everyone to buy their own warplane or an AA gun, they said "get to safety and let your properly equipped and trained military force deal with the issue". So, sure, to fight botnets, we could fund a cyber-defense force (and as we have seen, this is apparently in the works, but just like in WWII, you folks at home can help by eating SPAM, buying war bonds, and using alternatives to the metal needed to build tanks and ammo for our fighting men overseas, or in this case, you can buy AV software, use a secure OS, and practice safe computing.

In short, in order to be effective, the response to a problem must also be practical. Having your average citizen buy and use AV software is, having them buy and use explosive ordinance isn't.

Re:De-Fense! (clap clap)

[Ifni]

I need to amend my argument to specify that in all but the first paragraph, when I say AV software I meant to refer to general tools that promote security, including (but not limited to) malware detectors/removers (rootkits, adware, viruses, etc., all count as malware, contrary to what most AV makers would like you to think) and lockdown tools.

Re:De-Fense! (clap clap)

[mjwx]

The Congress shall have power to lay and collect taxes, duties, imposts and excises, to pay the debts and provide for the common defense and general welfare of the United States

Other countries have used military botnets. Therefore, a campaign against botnets might even count as "defense", in addition to the "welfare" and "commerce" arguments that others have made.

I call the 3rd, wouldn't imposing a botnet onto a home computer by force (edict or whatever, against their will) for military purposes be the electronic equivalent of quartering soldiers in a persons home?

National Security Threat

[longrangebunnykiller]

More generally, I think that government-funded action to encourage better computer security is something that has not been given enough consideration.

Although I'm no fan of AV s/w - I completely agree. At what point does a T-1 connected grandma become an officially recognized threat to national security? The U.S. at least, seems about one attack shy (using history as a guide) of such a designation...

Government purchase options

[RichMan]

If the governments would refuse to buy insecure software then the software makers would have a big reason to make their systems secure.

The government needs to lead not push the people.

The government requirements would create a secure purchase option which people could select.

Re:Government purchase options

[Opportunist]

But that would mean they need a new creed, 'cause "do as I say, don't do as I do" wouldn't work anymore...

Right to keep and bear AVG

[tepples]

no true libertarian thinks that the government should purchase ads for McAfee and Symantec.

What do true libertarians think about state sponsorship of defense? Could software that implements a malware blacklist be considered arms to defend yourself against foreign military botnets?

Re:Right to keep and bear AVG

The government should be responsible for protecting infrastructure, not home or work computers. Libertarians wouldn't argue that the government should buy homeowners guns to protect themselves at home, just that they should allow homeowners to buy their own guns if they choose to do so.

Re:Right to keep and bear AVG

[Jane+Q.+Public]

Why was this AC comment modded down? It was factual and perfectly reasonable.

Re:Right to keep and bear AVG

[tepples]

The government should be responsible for protecting infrastructure, not home or work computers.

Then who protects the infrastructure from home or work computers that have been turned into zombies?

Re:Right to keep and bear AVG

[causality]

Why was this AC comment modded down? It was factual and perfectly reasonable.

Because it mentioned those evil terrible things called "guns" and some moderator had a knee-jerk reaction to that. In other words, their emotional reaction to a mention of a weapon is more important to them than the fact that it was only illustrative and was used to make a greater point that was relevant to the discussion. Yes, that really is where we're at concerning the overall quality of moderation. Just be glad that this one was corrected back to a score of 0.

Re:Right to keep and bear AVG

[Jane+Q.+Public]

Oh, I am not surprised... just curious why. I have been the victim of irresponsible modding, often enough. Like "Troll" because somebody didn't get the joke...

Re:This is ridiculous

[montyzooooma]

Or create 2 internets - one for windows users, and one for people with a clue.

That second internet isn't going to be very big.

profiteering

[bcrowell]

One big problem with this proposal is profiteering. Any time government offers to inject some money into the private sector, powerful commercial interests will line up to feed at the public trough. We saw it in the Iraq war, with Halliburton. We're seeing it with banks that are gaming the federal bailout system, maneuvering so that they can be subsidized without accountability. And it's always the most politically well connected private interests that are able to play this game successfully, e.g., it sure didn't hurt that Halliburton was in bed with Dick Cheney. So if this proposal were enacted, I predict that Symantec, for instance, would make out like bandits, while zero money would flow to ClamAV

Another problem is that this kind of thing takes on its own momentum, and tends to continue indefinitely long after its justification is gone. We've seen this with farm subsidies, which were meant as an emergency measure to try to help family farms survive the Great Depression. Now it's just a subsidy to agribusiness. As far as antivirus software, IMO it's already long outlived its usefulness; it's become a kind of snake oil, a kind of difficult-to-remove malware in and of itself, used by people would would rather pay $40 for a bandaid rather than taking proper security precautions.

And yet another problem is that this kind of thing subsidizes dumb behavior. In the case of antivirus software, it subsidizes MS's poor design of its operating system, which makes it more vulnerable to viruses than MacOS or Linux. It also subsidizes dumb behavior by users who click on executable email attachments from strangers.

As far as the economic justification, I don't buy it for a second. Since I don't run Windows, I don't suffer a lot of direct negative economic effects from viruses. The effects I do suffer are small and indirect. Mostly I get a negative effect because I get spam from botnets. However, I don't believe for one second that increasing adoption of antivirus software by some percentage will have any significant effect on the amount of spam I get from botnets.

What an idiot

[geekoid]

First off, pretty much every average users PC has cmoe with AV software for years. IT ahsn't helped.

Guess what? it will never help. Even the bast AV software is weak sauce.

No, people need a hardware solution built into there net card. One the checks for unwanted behavior..perferable with jumper setting. Yeah, you read that right, jumper settings. Make them have to do something besides clicks a few lying links or buttons to turn off the physical security.

That's how to lock down bots.

You can also have it do the virus and trojan scan on the way in.

The only thing the government would help on in this issue is education.

I have never had a virus on a computer I have owned that I didn't write.*

Why? wise use of hardware and computer sense.
I ahve a wife and two young kids.
They are all educated on what not to do.

I don't think this is the problem people scream about.

*I did security work

Re:What an idiot

[maxume]

My running theory is that Bennett is a comedian.

Re:What an idiot

[Kaboom13]

So you want a network card that is essentially a mini computer within the computer, with it's own OS, processor, etc (which is what it would take to accomplish what you described). There are already firewall devices that attempt to do this for corporate networks, they don't work particularly well in reality. What happens when these devices become standardized and become the target of viruses themselves? Now you have a compromised device you can use to monitor and send network traffic with 0 indication on the pc itself. There is no magic ticket to computer security, and NOTHING will stop stupid users from willingly infecting themselves, short of replacing their computers with an etch-a-sketch.

Re:What an idiot

[Anne+Thwacks]

people need a hardware solution

People need Cisco to put antivirus stuff in their routers. By law if necessary Yeas, all those viruses went through Cisco routers. If Cisco routers stopped them, the viruses would be gone in a day. However, Cisco saales of routers would fall drastically, since 90% of the traffic they carry is viruses and spam.

Who is for a class action by the virus-infected against Cisco for delivering the viruses?

The only real solution for viruses (and spam) involve the use of rocket propelled grenades - (if you think RPG is something to do with games, you are part of the problem :-)

would you trust them?

[FudRucker]

while i do agree with the early posters suggesting making OSs to be secure and impervious to viruses and other misc. malware and trojans, but knowing the governments track record of poking their nose in to places it does not belong = invasion of privacy when its not warranted i would prefer to use an OS that is not vulnerable to the virus du jour.

Dept. of Veterans Affairs uses VistA

[tepples]

Why not just hand out ubuntu cd's?

For one thing, the veterans' hospitals keep medical records using the VA's Computerized Patient Record System that runs on Vista.

Re:Dept. of Veterans Affairs uses VistA

[irtza]

Well, I am assuming this was a joke, but for those who do not get it - This is a EMR software package that is platform independent (unless you consider it a package) and has been ported to Linux as it states further down in the same article linked to by parent. If I had mod points, I would have just modded parent funny and let non-medical people figure it out. Instead I have done what any worthy /.er would do - kill the joke.

Where in the hell is this a function of government

[Shivetya]

I am so tired of people doing whatever they can to justify the newest benefit to themselves or others they feel need help.

Two issues.

IT IS NOT YOUR MONEY.

Where in the hell is it in the Constitution that this is a function of government.

That is the problem with people today. Anyone can find a justification for their piece of someone else's pie. Get it ? Your demanding that other people's money be spent on a problem you perceive.

And people wonder how we end up with trillion dollar deficits. Not only is the public full of ignorant greedy people so is the government

Gah...

[yoshi_mon]

MS was found guilty of abusing their monopoly in the OS market because they 'integrated' IE the system.

Yet for years we have had to deal with the consequence of that because of any value was done because of it.

Telling people that they need to go spend more money on software seems to really be missing the point.

Let ISP's do it

[PoliticalGamer]

Many ISP's also provide cable. They could easily advertise free anti-virus in order to provide benefits to their own users. Actually, many already do this. A number of ISP's provide free anti-virus upon signing up

No thanks for an Internet License

[IndustrialComplex]

And thank you for proving exactly why I wouldn't support such an initiative.

It would give the government the go-ahead to truly regulate the internet for our own good. It would be for the children, against the terrorists, and ... progressive.

You would be giving the government the authority to limit your speech in the guise of protection. Very likely worthless protection with a whole helping of surveillance and record keeping.

Then, when you step out of line, your license is not renewed. Or, more likely, since you run Linux, a dangerously mutable untrustworthy operating system, you wouldn't be granted a license at all.

No thanks, I don't need or want a license to exercise my rights.

Almost

[Benanov]

I converted my parents to Ubuntu. Dad loves it. :)

My brother and in-laws remain untouched, although I do have a "refuge" box stashed at the in-laws for when I didn't bring a laptop and need an available machine.

Re:This is ridiculous

[Nutria]

That second internet isn't going to be very big.

Good. It will be be a return to the days before the Eternal September, and before Usenet was nothing but spam and viruses.

Re:Can't Pay Me

[geekoid]

AVG is pretty good. Small foot print and it doesn't spread crap all over your computer.

I have read F-Secure is also pretty good.

Dancing bunnies

[tepples]

Users do not install viruses. Viruses install themselves trough gaping security holes / backdoors.

During the Trojan War, the people of Troy were said to have installed dancing horses, which came pre-infected with the special forces of Greece. Nowadays, users install dancing bunnies, which come pre-infected with viruses and worms and other sorts of malware.

Re:Dancing bunnies

[causality]

Users do not install viruses. Viruses install themselves trough gaping security holes / backdoors.

During the Trojan War, the people of Troy were said to have installed dancing horses, which came pre-infected with the special forces of Greece. Nowadays, users install dancing bunnies, which come pre-infected with viruses and worms and other sorts of malware.

The lesson? Old tricks work because people don't learn.

Re:Dancing bunnies

[tepples]

TweakUI seems to be able to prevent user form installing unwanted software ( any software )

But what can help a home user distinguish wanted software (e.g. Firefox or OpenOffice.org) from unwanted software (e.g. keylogger), other than a blacklist or a whitelist?

Yawn

[AdamWeeden]

tl; dr

Alternative Protection?

[blcamp]

Oookkkaaayyy... where can I get software that can protect me from an overbearing and overreaching government?

(I love this nation, but will never, ever, put my faith and/or trust in any government.)

Define "Better OS"

[Voyager529]

Believe it or not, I applaud the efforts of FOSS programmers. If I wasn't dependent on several Windows-only software apps to get my work done, I'd be running Linux right now. The problem is simply that I've got clients who aren't going to wait for me to figure out how to get Adobe Premiere/Encore/Lightroom/Mixmeister/ACID/Sound Forge/Mediashout/AutCAD to run properly in WINE. It's not that I'm a huge fan of Windows, but I am dependent on Windows-only apps to make my living. I'll admit that Linux has definite advantages, but if I spend more time getting the apps to work that make me money, then how much superior is it for me? Not everyone uses solely Office and Internet Explorer on their Windows machines. I can't possibly be alone.

I browse the web with Firefox, NoScript, and Flashblock. I run Avast on a regular basis. I have UAC enabled on Windows 7. I have properly locked down my router. My software comes from store shelves and vendor websites, not Pirate Bay. I don't run Limewire, period. Personally, I consider that to be a fairly responsible setup for a Windows user. Am I in the minority of Windows users? sure. Should I be required to pay a tax solely because the OS I use to make my living is abused by others?

More proof he is an idiot

[geekoid]

"These are not 'free trials' for something you have to pay for later. They are FREE. If you're not using anything at all, at least go get one of these." Along a list of the non-free programs for people who want even more protection, and links to third-party reviews of those. "

Really? why would you assume non-free means more protection? I mean, the way you put it the 'FREE' AV tools would just be ads and extremely limited to make people pay for the 'government approved' upgrade.

Re:Where in the hell is this a function of governm

[homer_s]

When I see arguments like this (govt. should do X - look at how society will benefit from that), I usually say:

That's a great idea. Similar to that, the govt should also:

• Regulate dating and marriage - this will lead to a lower divorce rate and improve society
• Regulate when and how many children a couple can have - imagine the benefits to soceity
• etc

The danger is, some nanny-staters will agree with some of the "ideas" above.

Shenanigans

[smartr]

If you don't feel the benefits of the internet, along with all the nasty things that come along with it (like people being stupid), build your own network, then get the major website hosts to also connect to your private network.

An ordinary user using a Mac is arguably operating a less virus prone system than one on windows with anti-virus. Why doesn't the government just give everyone a $50 tax deduction for getting a Mac? Then again, how many people really nickel and dime every last little thing they do each day? Perhaps we could also give people $100 for not eating meat on Fridays. Does an average taxpayer really know what anti-virus is and how to make good use of it, or will they get the crappiest "anti-virus" any spammer is selling, and grab a government handout? Does this not sound wasteful to you? Who determines what is "Quality" anti-virus - the good guys or the bad guys?

Fining individual users for unintentionally spreading viruses might arguably be negligence, but considering the vastness of the problem I can't say justice would be served by attempting to punish the uneducated mob as you could only make examples of individuals. Even if you were effective, you would simply make people stop using computers. You could fine the software developers for negligence in making something vulnerable, but once again all you could do is make examples of people, while if you were actually effective you would destroy the software development industry, as no one would be willing to make software.

If the authorities aren't clever enough or capable of finding and punishing the criminals, then you can't just magically pass some law that will make all the criminals dissipate. Even if you were to get every last user on anti-virus chances are the viruses would just adapt to dealing with those programs. Pragmatically, I think the only things that will work would be to reward those who successfully find and punish the criminals, and perhaps argue the benefits of being moral over creating bot nets and screwing people over like AIG.

Then again, as a Ron Paul supporter, I see the light of your ideas, and think you might like the ideas of Johnathan Swift with his treatise, "A Modest Proposal".

Re:people should have to buy a anti-virus license

[SiChemist]

Without a license a Windows computer is pretty dangerous to society.

FTFY

Comment removed

[account_deleted]

Comment removed based on user account deletion

antivirus software == crap

[castironpigeon]

There's not a single anti-virus software out there that's worth the trouble to pirate, let alone pay for. The virus database is always one step behind virus makers. The heuristic virus detection is awful and is much more likely to mark legitimate software as a virus than the virus itself. And if you do happen to get infected with a virus and it actually gets detected there's no way the anti-virus is going to clean it out completely.

So far you could say the same things for anti-spyware software. But wait, there's more. Unique to antivirus software is the virus-like quality of the software itself. Have you ever tried to uninstall one of these things? Working at a university PC support center I used to see this a LOT. You're never going to get every last bit of the antivirus software off a computer. And then what happens when you want to install a new antivirus? Or when a user wants to be 'extra safe' and installs two antivirus programs simultaneously? /facepalm

I say no thanks to that. Get a router with a firewall and sit behind it. Make sure everyone on your network is smart about suspicious links, scripts, email, IMs, etc. Common sense is free and works much better than anti-* software. When all else fails, reformat & reinstall.

Re:antivirus software == crap

[josath]

Yeah, no kidding...I have had linux on my home desktop for about 6 years, and I got hacked once about 5 years ago (before I really knew what I was doing, I was running an old version of Samba on a port open to the world). Since then I've had no problems. Then I got a new PC, it came with Vista, I decided to give it a go for a while, catch up on some of the latest games, and use my old linux desktop as a home server. Within about a week I got a nasty spyware infection, it would redirect 1 in 3 google searches to a random site instead of the actual result I clicked on. The whole rootkit deal, invisible files, deleting them in safe mode and they magically respawn on rebooting. I probably spent about 20-30 hours trying to get it cleaned out, mostly because I didn't want to have to reformat (looking back, reformatting and reinstalling all my apps would have been quicker). I finally was able to do it, a combination of 3 or 4 different (highly-praised, not one of those anti-spyware-thats-really-spyware apps) running off a windows live CD (which I had to build myself, that took some work as well) finally got it cleaned out. Half the tools I tried couldn't detect the infection, and most of the others could detect it, but not completely remove it...they'd remove some bits, but it would come back after a reboot.

Re:antivirus software == crap

[Antony-Kyre]

I think there should be some common sense provisions.
1. Don't run things that you cannot trust.
2. Don't do sensitive things on public computers.
3. Know which processes should be running on your computer, in order to detect which ones are suspicious.
4. Keep a back-up of your computer incase something does go wrong.
5. Consider having a clean computer for things dealing with truly sensitive things, like bank accounts, etc. If your gaming or web surfing computer gets infected, well, your other one is safe, right?

And of course, anti-virus, anti-spyware, firewall, all that stuff can help to a degree. But yes, the problem is cleaning those programs up. But couldn't someone stick with the same install for a decade or two before having to start fresh?

Xbox

[tepples]

Microsoft can't solve PEBCAK without taking control over the computer completely out of the user's hands.

Are you willing to give them that level control?

We already did. It was called Xbox. All code must be digitally signed by Microsoft.

But seriously, it's possible to improve the granularity of operating system security without resorting to application whitelisting like that seen on video game consoles. The Bitfrost model looks interesting.

Re:This is ridiculous

[AnalPerfume]

Government paid adverts for free software to keep users PCs secure huh? Sounds like they're gonna be advertising Linux / BSD.....wait, hang on, is that a Microsoft sales drone I see behind the curtain? I guess not then.

Re:typo

[SiChemist]

Hawk:

hawk
Function: transitive verb
Etymology: back-formation from hawker
Date: 1713

: to offer for sale by calling out in the street ; broadly : sell

It would penalize free software

[tepples]

Let's say we have every single consumer operating system pass rigourous security tests before it is sold to the public.

How would Ubuntu, Fedora, Mandriva, or FreeBSD pass such a test?

Re:It would penalize free software

[Glass+Goldfish]

How would Ubuntu, Fedora, Mandriva, or FreeBSD pass such a test?

I'm not really recommending it, in fact I doubt regulation would accomplish what the government wants. It would be very difficult to enforce for users who could download a copy of FreeBSD from overseas. It would come to play when someone bought a computer. It would certainly penalize free versions of Linux in the same manner that you can't make your own free drugs and hand them out without FDA approval. A company would have to take a free version of Linux, pass it through the tests and sell it for a profit.

Libertarian says "sure".

[Jahf]

As long as the software was created by non-government controlled businesses (ie the companies that do AV now would be just fine), the government didn't have a say in the actual code, and the products aren't subsidized ... I don't see most libertarians having a problem with it in general.

The place "we" (as a left lib) would have problems would be:

1) if the software gave the govt a spy into our PCs, which if the govt was to author their own software would be pretty much impossible to disprove (open source AV would be interesting)

2) if the govt was trying to give our money (directly via taxes) to the companies that build the software, propping some up over others

If the govt were to start preaching the values of safe computing and explaining why AV/etc software is important? Go for it. Government providing unbiased education (and I don't anyone from any political party who says unprotected PCs getting viruses are a =good= thing) is an accepted function of the government, yes, even by us Libs.

PS. In case it isn't obvious, I found the way the quote mentioned Libs to be stereotypeful and poor.

Re:Can't Pay Me

[Bob+Ince]

The entire article is predicated on the idea that anti-virus software is effective at stopping malware.

But today, that simply isn't true. With the proliferation of web exploits and constantly-updated payloads, the traditional signature-based methods of detecting malware are almost totally useless. OK, they still pick up the odd old-school mail worm or whatever, but no-one's going to get infected by those these days; it's all about the web exploits.

(Even against the pen-drive infectors, which should be slower to mutate and easier to track, they're doing pathetically badly at the moment.)

Heuristics-based detections can pick up a few more trojans, but at the expense of user-befuddling and potentially dangerous false positives. Behaviour blocking is the only approach likely to be effective, but today's implementations are shonky and unreliable. This sort of stuff - full per-program-permissions - really needs to be provided at an OS level, not as a wobbly vendor layer on top.

Encouraging people to spend money on ineffective, performance-butchering anti-virus software is what we're doing too much of already, not something we need to be asking the Government to do more of. All it does is give users a false sense of security.

A more salient question is...

[jambox]

How did this retarded article get FP'd?

Or.....

[MasseKid]

Or we could pour some chlorine in the gene pool. If you don't find it worthwhile to take the time to keep your software uptodate and keep your machine virus free then viruses are the result. It's high time we stop allowing bad genes to breed.

Anti-Virus is not the answer.

[characterZer0]

The answer is educating people. We should have classes. Perhaps in school?

I have been using Windows for 10 years and Linux for 8 years. I have never used anti-virus software. I have never had a virus. I stick my boxes behind firewalls, and apply security patches, and I do not do anything stupid.

If you do not have a firewall, do not apply security patches, and do stupid things, no anti-virus software is going to protect you.

Re:Anti-Virus is not the answer.

[Anne+Thwacks]

The answer is educating people. We should have classes. Perhaps in school?

If you had a life, you would know that 90% of users are thicker than a ton of bricks, and educating them is difficult.

Hell even if you watched daytime TV, you would know edukatin' users is a lot more difficult than paying Mafia hit men to get the virus writers. Now that would be a good use of tax dollars!

Re:Anti-Virus is not the answer.

[characterZer0]

That I do not hang out with people who are thicker than a ton of bricks or that I do not ascertain that the people I hang out with are thicker than a ton of bricks means that I do not have a life?

this entire article is full of fail

[Tiber]

If you live in a world where everyone else has antivirus software, you're going to see a lot of viruses which evade antivirus software.

Which is what we already see - the viruses don't magically go away when you install McAffee's trash on your system, they simply kill McAffee through zero day or through the users not knowing better than to say no and continue on their merry way with the AV "solution" blissfully unaware.

The US is a drop in the bucket.

[characterZer0]

The article pointed out the problem, and then ignored it. All of the computers are not in the US. The percentage of computers in the US is decreasing. If every computer in the US was virus-free, it would not fix the problems.

This has been discussed...

[KingAlanI]

general welfare (obvious), commerce regulation, and defense (indirect security benefit to gov't systems, and some protection against foreign-enemy systems) are all plausible Constitutional explanations, though I don't like overblown invocations of the Defense Clause

Well, *I* am so tired of people using strict Constitutional interpretation as an excuse for not doing something that they don't feel like supporting, and I worry that their interpretation being selective...

The OP definitely has a point about positive externalities being created by more people having security software; proper subsidization is *exactly* the way to clear that up
IMHO, externalities are the main problem with a pure laissez-faire market structure

in practicality, the idea is limited (in large part due to PEBKAC issues and imperfections in AV software), but the idea seems quite plausible both on practical grounds and on legal grounds

Re:Can't Pay Me

[b0bby]

I have encountered a couple of instances where a computer I had installed AVG on for a friend would lock up due to an update. There's always a risk with any of these types of programs that the cost (in terms of reduced performance, lock ups, etc) will exceed the perceived benefit. I don't run antivirus programs on my home machines, and haven't since at least 2000. I periodically (6mo-year) run one of the online scans. Even if the government gave me Norton or McAfee "free", I wouldn't run them. The money would be much better spent coming up with secure guidelines for users, and implementing ways for ISPs to notify their customers of suspicious activity coming from their machines.

Another method of education

[vijayiyer]

A simpler method would be to fine or eliminate internet access to those who cause damage to others - including those whose computers are part of botnets. Users have a responsibility not to let their machines be used to harm others and to keep them secure.

Excuse me?!?!

[kaizendojo]

But now suppose the government offers a $5 rebate (funded by a tax on all 100 million Internet users) to anyone who buys anti-virus software.

Funded by who now?! Here's a better idea; fund it from a tax placed on all users/organizations that send out more than 1000 emails per hour (or some reasonable amount that allows for legitimate mailers). You not only reduce the amount of spammers and malware senders - a major source of virii in the first place - and the rest of us legitimate users who either purchase and use protection or opt for a more secure OS aren't penalized.


With an estimated 96% of all mail in the pipe classified as spam, taking steps to prevent abuse will lead to lower levels of virii at the same time, not to mention the bandwidth returned to legitimate use. Otherwise the suggestions amount to little more than asking the taxpayers paying for my condoms so I can be safe and not spread disease to the rest of the citizens. Hey, if I want to "play craps with my dick" (as Eddie Murphy put it) I'm a big boy and should be responsible enough to protect myself.

By this externalities logic, why aren't the taxes collected on my cigarettes offered BACK to me in the form of nicotine patches or smoking cessation medication subsidies? After all, encourage me not to smoke and make it easy and less costly for those of us who don't have health insurance, and no one has to suffer my second hand smoke effects or health costs. No, instead they are used to fund pet projects and pork, which is exactly what this would become.

Re:This is ridiculous

[tomhudson]

No, advertising is not bailing out. Giving massive, long-term, unqualified, low-interest loans is a bail-out. Troll.

How is spending public money reinforcing the idea that a worm-infested operating system is acceptable NOT a bail-out? AND a cop-out?

It would be using public funds to help perpetuate validity in the publics' perception of the Microsoft monopoly. It would also validate the idea that anti-virus software is worth the extra cpu cycles, rather than switching to a platform that isn't as vulnerable, doesn't need to run AV software, and is therefore more energy-efficient.

Vista is NOT green technology. Adding an anti-virus on top just makes it worse.

I wouldn't pay $10

[xeos]

I've been on the internet since the mid 90s, and never ever detected a virus on my machine, other than in un-opened email. Email used to be a big source of viruses, but these days ISPs use scanners just as up to date as anything I could buy. A little common sense is all it takes to be virus free. This libertarian would not support your plan - I see little advantage to having everybody install anti-virus software.

Re:This is ridiculous

[tomhudson]

That's exactly the problem ... it just makes it seem that the way things are is actually acceptable. Let the people who are foolish enough to run Windows pay. It's their problem, not mine.

Since Vista is a cpu and energy hog, and anti-virus software just adds to the burden, we could do a lot more for reducing our carbon footprint if the government would instead put the money into pushing alternatives that potentially benefit everyone. Or let the market sort it out for a change. Microsoft just laid off another 3,000, and is now having to GIVE Windows 7 away for a year, just to keep the flow of users to their crack pipe flowing.

The Windows problem

[4D6963]

Wait, of all the modern OSes out there, tell me again, which have a virus problem?

By the way, why do we care about a random Slashdotter's idiotic musings, but more importantly, what do you have to do to get some shit like that on the front page?

Re:The Windows problem

[godrik]

Wait, of all the modern OSes out there, tell me again, which have a virus problem?

I guess all of them is the answer. Do not get me wrong, I am a linux faithful user and I am sure that when linux will become mainstream it will be heavily infected by viruses.

pwn2own showed us how easily an attacker can gain control over a web browser (firefox and safari on both mac os x and linux). Once you have that, the door to viruses is opened. I do not even talk about "run this cool software that add more smileys"

Re:The Windows problem

[4D6963]

I don't really believe the whole "Mac OS would get a virus problem if it had a bigger market share". I think considered it's current marketshare there are more than enough incentives to create malware for it. Like I said, the only OS that gets a virus problem (an actual problem, not just a few sparse experiments) is Windows. No matter what you could speculate, it's currently a Windows only problem.

Re:The Windows problem

[dzfoo]

I see you played the old "market share" argument, so I'll retort with the equally old "apache" counter-arguement:

      If your argument is correct, and the only reason why non-Windows operating systems do not have a high availability of viruses or security vulnerabilities is because they have a smaller market share than Windows; then how do you account for the Apache web server being the most popular web server in the Internet and having less security vulnerabilities or instances of mass exploits than Microsoft's own IIS?

Sometimes, for various reasons, an inferior alternative just happens to achieve more popularity than its alternatives, regardless of its perceived or inherent shortcomings. Sometimes the reverse is true. The world is an imperfect and unpredictable place.

        -dZ.

Re:The Windows problem

[godrik]

Well, there is a bunch of flaw in apache/php that are regularly patched which are mainly configuration problems. I acknowledge there seem to be less flaws in apache than in IIS.

Re:The Windows problem

[dzfoo]

The argument was that the most popular OS is the one who is exploited the most, and that the reason is its popularity, ipso facto.

Your response, though perhaps accurate, does not invalidate my counter-argument.

        -dZ.

Re:The Windows problem

[godrik]

well, my argument was not that the most popular is the most exploited. More that "something that is almost not used is likely not to be exploited".

The market share IIS/apache is nothing like the market share windows/linux.

I agree popularity does not explain everything.

The OS is the problem

[Requiem18th]

Honestly desktop security is all done wrong even in linux.

  I'm an ubuntu user, I know the software I run is secure because I install from the repository.

  Then I downloaded a python game, knowing it could do ANYTHING to get access to root or simply mess up my home dir, I created another user without privileges just to run this game.

  Maybe I should have used chroot, maybe I could have used apparmor. I took the fastest route.

  I think OSes should jail third party programs by default, not just "suspicious" ones. The large majority of software doesn't need to modify anything beyond their configuration files. Document handlers could be required to use the OS file save/open dialog to read or write to the file system.

  Why isn't it done this way? Historical reasons I suppose. Software from the OS vendor is fine as it is (if you didn't thrust the vendor you couldn't use the OS at all) I'm talking about randomly downloaded programs.

Re:The OS is the problem

[godrik]

I agree with you in general. But I believe "I'm an ubuntu user, I know the software I run is secure because I install from the repository." is wrong. It came from the repository so you came suppose the goal of the software is not to deploy malware. However, they are still not bug-free. I know it was not your point, but linux users tend to believe that repository software are secure and they are not.

Re:The OS is the problem

[Requiem18th]

Point taken. Even if it comes from the repositories there is no reason for a music player to edit files in my gnome applications menu or read from my firefox profile.

Re:Can't Pay Me

[Opportunist]

I don't mind people who do not install AV kits. Just as much as I don't mind people who do their own electric wiring or plumbing. I do mind though if I get shocked or flooded if they fuck up.

And the same applies to computers and malware. Use AV or don't. Your decision. But I would certainly want to be able to hold you liable for the damage your machine does to mine if your negligance (or hybris) leads to you becoming a spam bot or worse.

The problem I have with the "blame the victim" defense is that you are more often than not not really a victim of an infection that happens to yourself, at least with today's malware. Unless you happen to trip on a password stealer, all the malware does is to connect to a herder server, collect and distribute updates or information, spew out spam or participate in a DDoS attack. All with an impact on a modern system so low that the average user just doesn't care. Yes, it slows him down by about .5%, but that's like a frame less in WoW. Yes, it eats a few 100kbit of his bandwidth, but he has 4mbit, he doesn't care...

The problem is that the victim is turned into an accomplice. And here's where that "blame the victim" defense doesn't work anymore in my books.

Bullshit

[Thaelon]

This all seems to assume that having anti-virus software is better than not. A point not yet settled, in my opinion.

I've personally seen an instance where the virus scanner was doing more harm than good. It brought the productivity of about six software developers sharing a remote terminal server to a near halt for weeks because it was so busy running "in the background". I've literally seen viruses less destructive than that. And to think it was something my company paid for. It's was paying for something that did nothing but cost us more money.

It also seems to assume that you're running an operating system which needs a virus scanner. Mac OS and Linux often do not.

Re:Can't Pay Me

[Opportunist]

According to a (not so terribly old) VirusBulletin comparison, Avira seems to be the company du jour.

Mod parent up.

[Animats]

How did this retarded article get FP'd?

Mod parent up. Dumb idea.

Incidentally, spam is way up in the last three weeks. Looking at a filter that sees mail from about ten E-mail addresses, spam volume had been from 40 to 70 messages/day for most of April. Around April 22, the spam level started to climb steadily, and now it's in the 180-200 messages/range. Is there a new botnet active?

If we want to approach this by regulation, it would help to make operating system companies financially liable for the damage caused to third parties by botnets able to attack their systems. Windows would become much more secure in a hurry. Remember, Windows is insecure mostly because Microsoft by default has a general policy of running anything that looks executable from any external source, from web browsers to USB ports to CDs and DVDs. Windows also lets installed software do just about anything. With liability for the manufacturer, systems would ship with most of that turned off.

This isn't that radical; automobile companies are routinely held liable for damage caused by design or manufacturing flaws. The radical thing is that software companies have managed to escape product liability.

Re:Can't Pay Me

[c]

> The entire article is predicated on the idea that anti-virus software
> is effective at stopping malware.

Well, that and the idea that this government-approved-and-supported anti-virus software is going to remain just anti-virus software rather than morph into a complex anti-virus-spam-terra-pedo-mob-commie-liberal-vegan-tax-dodger package.

c.

Re:Where in the hell is this a function of governm

[DragonWriter]

Where in the hell is it in the Constitution that this is a function of government.

First off, this seems pretty clearly within the scope of the interstate commerce power (in Art. I, Sec. 8).

Second, the Constitution isn't Holy Writ. That something isn't consistent with the Constitution isn't, in and of itself, an argument that it should not be done (its an argument that the government should not do it unless the Constitution is changed, but that's a very different thing: the first step for arguing that the Constitution should be changed to is to establish that there is something should be done which the current Constitution does not allow.)

Re:Can't Pay Me

[MobyDisk]

Agreed.

Right now, my virus program is using 116MB of RAM. For that 116MB + whatever CPU time it uses, I've never seen it find a virus. Actually - I've never ever seen any virus program on anyone's computer ever find a virus. So I would argue that installing antivirus software would actually have a negative externality, because it would slow computers down without providing any benefit.

silver bullet metric

[brianwgray]

Robert Hansen (RSnake) recently wrote a thought invoking post about the diminishing return of a security product as it's volume of use increases. I suggest the read. http://ha.ckers.org/blog/20090424/silver-bullet-metric/

Libertairan thinking: Government is not the answer

[scorp1us]

The real problem is we buy, on the free market, insecure products. The real solution is to not buy insecure software. This is nearly impossible, but if we had heterogeneous environment, we could switch to OSX or Linux without any hassle. The problem is people don't want to pay the "Mac premium" so why do you think they'd pay $10 to have a safe computer?

The battle lines are fought in compilers. No one should be using null-terminated, bounds-unchecked strings. We need intelligent string and array classes. We have them We need to use them more.

We then need signed binaries - every DLL and EXE needs to be signed.

The only remaining problem after you've removed errant programming is the trojan aspect, and this should be enforced at the OS level as well as the browser level. You should not be able to connect to an IP address containing trojans and download binary files.

Those few steps - all in the hands of your OS vendor - are the steps they need to do. They will do them if you're willing to pay for them. But as we've seen our OS gets zip-opening capability before it gets a virus scan.

This whole secondary market of virus products should not exist. The secondary market is a band aid because the issues aren't being addressed. One could wounder they are being created just so there is a secondary industry. This allows the primary vendor to reduce price and have the virus scan vendor be an optional expense. One which doesn't factor in at the register, but does factor into the TCO.

Save your time & money

[wzinc]

Buy a Mac or run Linux.

Interesting. I totally disagree, but interesting.

[Loosifur]

Kudos to the author for a fascinating post, but there are several problems with the model. For one, I don't know how appropriate it is to center this around the idea of positive externalities. I think a better image would be the "tragedy of the commons". Home users benefit less in a monetary sense than, say, a financial services firm or the IRS from buying and using antivirus software. Also, you list tech support as a cost, which it is, but it's also a market unto itself. Consider this: virii create a demand for technical support. If you were to reduce the amount of infections, you reduce the demand for support. If you reduce the demand for support, you reduce the demand for employees. (I'm using demand as shorthand for "quantity demanded" here.)

Finally, from a libertarian perspective (at least a market libertarian), I would argue that if there was a real perceived need for antivirus software to the extent that it was viewed as absolutely necessary, you'd see it without needing the government's help. As it stands, most people don't especially care if they have a virus on their computer, and those that do are willing to spend the money to protect themselves. Notice that ISPs do nothing to promote antivirus use because it doesn't affect their bottom lines. Most people don't get infected with virii that significantly impact their lives, so they don't see a need to invest in AV software. Kinda like oral herpes, when you think about it.

Finally finally, from a small-government libertarian perspective, you'd have to create a government agency, let's call it the Department of Information Technology and Security, or DITS. It might start out as a working group, but it'll end up either as part of DHS or as it's own cabinet level agency. Then that will spend a few years doing research. Then it'll issue some RFP's, which means you'll need to hire on a slew of contract administrators. And now you're talking about some money changing hands with the private contractors, so you've got to give the thing it's own IG office. At the end of the day, you've just added a whole new agency that will never go away and will only expand, which will cost more money.

If that sounds far fetched, keep in mind that the Department of Homeland Security was invented essentially to fill a void that could've been filled by a secure BBS.

What a load of crap

[Dracos]

The entire antivirus industry exists because Microsoft can't effectively design and implement a security model.

You've already paid $x for the operating system (whether retail box, MS tax, or service contract), you should expect that product to be secure. But it isn't. A simpler, more direct, and more effective approach would be to penalize the OS makers for producing insecure products.

As an analogy, automakers could never get away with putting a lock on only one door.

Why do software makers accrue so many apologists?

Re:Can't Pay Me

[Blain]

When I bought the Windows laptop I'm using to post this a year ago, I decided it was time to be "responsible," and just add a basic set of security programs to protect me from baddies out there that were going to get my computer, the way everybody said I should. They said that it was irresponsible to run a computer without it.

So I did. After about 11 months, my firewall was fighting with FF badly enough that I had to replace it, and my new firewall fought with the cheap little Risk game I was trying to install, but, other than that, it's been at the annoyance level. After twenty years of using computers and telecommunicating to BBSs and the internet (where I've been for more than fifteen years), I still have yet to have a piece of actual malware run on any of my computers. I have had anti-malware programs produce false-positives, or freak out about email-viruses in my email archives that my email settings would never allow to run, but that's it. So, now that I'm running my security setup, it just sits there, scanning stuff, sucking up cycles, and being annoying, but that's all it does. My regular habits are exceptionally safe.

I'm reminded of a Smothers Brothers special back in the 90s where Dick accused Tom of being irresponsible, and Tom said "I'm not irresponsible, I'm wearing a condom right now!" My computer is standing around, wearing its condom, and then not engaging in at-risk behavior (beyond the obvious of running Windows).

So to those who want to tell me I was irresponsible for not running anti-virus software, my response is to point out that the proof of the pudding is in the eating, and that I ran sufficiently safe on my own without this software.

Re:Can't Pay Me

[stewbacca]

I'm doing my part--I don't use Windows. That's more helpful than all the AV software in the world, from what I hear.

This is totally a case of blaming the victims, because you should be going after the idiots who push this stuff on us, not those of us who unknowingly pass it along. It's not against the law to be stupid, uninformed and ignorant when it comes to operating a personal computer.

ISPs already pay for it!

[EDinNY]

There are many reasons I don't want the government setting standards for protection on my computer. Among them are that since government computers are more likely to be compromised than computers owned by others, why would I take their recommendations? Why expect the government to offer a solution when free solutions are already available through A/V companies and many ISPs? Why would I want a standard government mandated solution when it might not be what I need? Why doesn't Microsoft allow free software updates which would make many more computers not get viruses?

Some A/V companies make their A/V software (like AVG) available for free already. Should I pay the government for a copy?

Many ISPs (AOL, ATT and others) already provide A/V software for free. They determined that if they buy an Anti Virus (A/V) program for you and that stops you from getting infected then they save more than the cost of the A/V. Want a free one? Switch ISPs.

You want the government to MANDATE every computer has A/V? How about my servers that do not connect to the Internet? How about my Linux desktop? Should I be forced by the government to waste resources running A/V programs on an OS that for one reason or another does not need it?

Should I be required to run one on my set top box? How about my Tivo? My car? My phone? Next year, my refrigerator?

What will the government decide I need? The Lobbyist from one or more of the A/V companies will make sure that the specs are drawn in such a way that you can only use THEIR A/V solution. Who will lobby for OSS solutions like ClamAV?

If the government has already found the holy grail of A/V software what incentive so I have of advancing the art by creating a better one? Remember Ada?. It was to replace ALL programming languages used for government contracts.

If I do create a better A/V software, who would buy it? The government has already found the best ones and mandates you buy it or they supply it for free. Will your machine be slowed if it is running the one required by law AND my new improved one?

All in all, when the government solves computer related problems (and many others) like this, they do either too little too late or to much too late (see CAN-SPAM Act of 2003)

Many compromised computers have been compromised because they are running bootleg copies of Microsoft software and MS will not allow them to be updated. Should MS be forced to allow illegal copies to be upgraded?

Keep the government out of my bedroom and off my computer!

Lets smoke

[gmuslera]

Instead of government taxing big tobacco, banning or disencourage its use, will promote and encourage its use, claiming that most have filters, and we have cheaper clinics that treats smoking related diseases,

Someone lost the clue where the problem is, and what are the best steps to solve it. Is like asking government to just give aspirines to stop the swine flu.

Re:Can't Pay Me

[Opportunist]

It's not against the law to be stupid, uninformed and ignorant when it comes to operating a personal computer.

I didn't say the law is perfect, here's a pretty good example what needs to be changed.

Care to explain why the law should protect the stupid (infected) instead of the innocent (who managed to take care of their security)?

mass adoption of anti-virus software

[viralMeme]

If the US government did more to encourage people to keep their computers secure -- by .. subsidizing the purchase of anti-virus software

Get your anti-virus software here and here ..

ugh

[binford2k]

I wish Bennett would realize that he's not really the great writer he thinks he is and just shut up already.

Re:Can't Pay Me

[stewbacca]

Care to explain why the law should protect the stupid

Because in free societies, it isn't illegal to not understand technology.

GO ahead and plug the free AV software

[madcat2c]

Because I make a great living removing VIRI from people who have fully up to date copies of AVG or Avast or some other crap software. Norton and McAfee are not any better btw.

Sure

[nko321]

Because government mandated IT policy will cause an efficient and complete solution to Aunt Janey installing Bonzai Buddy.

Please, tell me how I can waste as much money as possible on this project.

Interesting but flawed article.

[Grimwiz]

I agree about the benefits, and the hidden costs due to externalities. I'm afraid there are some flaws in the plan:

1. Even a patched antivirus is not full protection - oddly enough the virus writers also have copies of recent antivirus software and if their virus is spotted they tweak it until it goes undetected.

2. Patching is not full protection - Ever heard of zero day exploits and social engineering?

3. The historical codebase of Windows applications can significantly affect how tightly you can lock down permissions whilst keeping functionality. Of course, locking down an operating system not only requires skill and effort but can have an adverse effect in itself.

4. Some attacks arrive via trusted routes (e.g. media or websites from well respected companies).

5. Is it fair to throw money at people who deliberately use insecure operating systems. A flat fee could allow securer operating systems a financial benefit for the work they do protecting their users.

I agree more with Landsburg and Esther Dyson, but perhaps you should pre-emptively pay for your system to be cleaned (or de-virused) up as part of the cost of connecting to the Internet. In the event that you are infected you have a visit from a support engineer to fix the issue and you then put down another deposit against next time before being allowed to reconnect.

NSA already distributes Linux improvements

[flyingfsck]

They should just go all the way and make a government approved Linux distribution.

Opensource and antiviruses

[DrYak]

Except that Linux and Mac users aren't immune to viruses, they just aren't the big target. {...} As those OS's {...} gain position in large targets (corporate servers), they too will become larger targets.

Given the huge proportion of *servers* already running some flavour of Unix or another, POSIX-compatible environment *are indeed* a pretty juicy target for evil-doers since a long time.
Even more so because they are *servers* (thus run mostly unattended, are connected to the interweb with a "phat pipe", and might contain a lot more interesting private data).

And indeed there are efforts to attack machines running Linux and other unices. Lots of efforts.

The only problem is that the standard way unix-like OSes are organised makes them much more difficult to attack.
- For one nobody runs everything as root, unlike Windows where 99.99% of the machines only have 1 single "administrator" account.
- Files aren't executable by default, but require further step to be validated as such (except for the recent exploit of shortcut formats featured on /.)
- The unix-like world is much more diverse than the Windows world. People are complaining of the byzantine complexity of Vista flavours. But technically, under the hood they are the same beast, with a different set of limitations put on by the marketing department. The same exploit would work against any of them. Whereas, in the OSS world only, you have countless different distributions of Linux (*several* of which are widespread) and multiple versions in the *BSD family. Next to that you have also big variations in the commercial unices. You can't just have "one kernel exploit to rule them all".
- And in addition to that, most of the users happen to be a lot more technically educated (although *that* is something that can get diluted once Linux gets popular).

Thus to be able to gain access to juicy bits requires much more complicated and contrived means, in a territory which offers a lot less exploitable bits.

A widespread virus outbreak on windows is something really simple and sometime entirely automatic, like Code Red.
Pwning a unix machine often requires a multi-staged approach and is most of the time something done by hand, trying to adapt the steps to the peculiar combination of factors found on the target.

In fact, if you are working in a secure environment, *every machine* must have antivirus software installed, if it's available for the OS.

Well, someone has still to be able to detect and notify which of the other bozos has an infected machine.

Most of the servers at your ISP will probably run Linux or some other unix-like OS. Nonetheless these machine will have at least one antivirus software (and sometimes several) in order to be able to stop infected e-mails, or be able to detect if you start to send contamined mails.

Norton AV for Mac. {...} McAfee offers Linux/Solaris as well as Windows too.

Well, if you want to give example of AV running on Linux, then you should have kept with the opensource spirit and also cited ClamAV which is quite widespread on email servers, has a very fast response time in case of new threat (and also a couple of handy plug-ins for desktop use).
And is entirely free and open-source.

In addition to detecting viruses (mostly other OS'), a proper shielding of an unix box should also comprise good root-kit detection softwares, such as rkhunter and chkrootkit.

Re:This is ridiculous

[Dadoo]

Or create 2 internets - one for windows users, and one for people with a clue.

Actually, I think the best idea is to start fining people, when their computers are found in a botnet. Start the fine small, say $10, then double it for every subsequent occurrence until it gets to $160, or even $320. Once it starts hitting them in their pocketbook, people will either start learning what it takes to secure Windows, or they'll switch to something more secure. Either way, it's a win for Internet security.

Anti-Malware is a super place for a back door.....

[a-zA-Z0-9$_.+!*'(),x]

How do you know Big Brother isn't already subsidizing anti-malware programs, which are a great place for a back door for Big Brother. Perhaps scan for VIP keywords, use some voice/face recognition with the microphone and camera, send off some UDP packets (or hide amid SSL traffic) to Big Brother's computers with interesting news....

OTOH, with Echelon and sisters, perhaps such efforts are gilding the lily.

tOM

Re:hock vs. hawk

[cybernanga]

HAWK
verb [ trans. ]
carry around and offer (goods) for sale, typically advertising them by shouting : street traders were hawking costume jewelry.

ORIGIN late 15th cent.: back-formation from hawker 1 .

HOCK
verb [ trans. ]
informal term for pawn
PHRASES
in hock having been pawned. in debt : East European states in hock to Western bankers.
ORIGIN mid 19th cent. (in the phrase in hock): from Dutch hok 'hutch, prison, debt.'

Re:Can't Pay Me

[Opportunist]

Really? Cool, I always wanted to operate a tank. Lemme just grab one and hit town!

Re:Can't Pay Me

[aardvarkjoe]

Because in free societies, it isn't illegal to not understand technology.

It may, however, be a legal requirement to have the necessary understanding to avoid harming other people with technology before being allowed to use it.

Re:Can't Pay Me

[stewbacca]

It may, however, be a legal requirement to have the necessary understanding to avoid harming other people with technology before being allowed to use it.

But it isn't, nor should it be. You'd never get such a law to pass.

Nope

[DesScorp]

Commerce Clause. Thanks for making the argument that more education is needed.

Thankfully, the SCOTUS came to their senses a few years ago and declared that the CC is NOT a blanket justification for universal Federal authority over everything. Congress had used it to justify totalitarian powers up till that point. Any argument using the CC as its justification has to have a much more narrow focus now, or SCOTUS will throw it out. I can only hope that one day they'll make a similar ruling on the "general welfare" clause.

To AC

[Jane+Q.+Public]

I suppose that is possible. I had interpreted it as, "They hide from the realities of their surroundings."

More government controls??

[mdvolm]

While the argument made here is good from a narrow economic view, do we really want the government to get involved with our personal computers?

Once we start down that road, where does it lead? In the end I think that opening the door for more government controls is far worse than receiving some spam emails or getting a computer virus.

Might want to draw that control diagram...

[zippthorne]

If we're already accepting that the user is merely a conduit for input from a piece of furniture, then I guess it is acceptable to put that level of control in Microsoft's hands.

An ounce of prevention...

[Chris+Snook]

...is worth a pound of cure, as the saying goes. Most of the demand for antivirus software is in compensating for the afterthought-hacked-on security model of Windows. For a tiny fraction of the cost of treating this problem, the US government is sponsoring work on SELinux and OpenBSD to create more robust security models that thwart novel attacks with negligible maintenance and overhead compared to constantly scanning a system for known malware using an always-out-of-date database.

The glaring hole in this economic argument is that subsidizing antivirus software would decrease the incentive for Microsoft to make its OS more secure in order to maintain a competitive TCO with other operating systems, and decrease the incentive for people to migrate to more secure operating system.

If you need a license to drive a car...

[gravyface]

There should be mandatory computer safety training, at some level: municipal/government in the form of standardized aptitude testing, or probably even better, required credit(s) in post secondary education.

Re:Can't Pay Me

[causality]

Care to explain why the law should protect the stupid

Because in free societies, it isn't illegal to not understand technology.

How about this: make it legal to not understand technology. Make it illegal to not understand technology and still insist on using it anyway on a global network where your negligence can harm others. There is an element of choice to that second scenario that is not present in the first.

Re:Can't Pay Me

[causality]

So I did. After about 11 months, my firewall was fighting with FF badly enough that I had to replace it, and my new firewall fought with the cheap little Risk game I was trying to install, but, other than that, it's been at the annoyance level.

That's the classic hallmark sign of a wrong solution. To the problem of Windows insecurity, that is. It's sort of like a scientist who keeps getting surprised at each new discovery and never thinks that maybe there's something wrong with his theory when it has zero ability to make successful predictions. There's something drastically and fundamentally wrong with the design of Windows if you have to put up with all of that BS just to achieve an acceptable level of security. The only thing I don't fully understand is why so many people with no financial ties to Microsoft don't want to admit this.

There is a better way to promote this

[bussdriver]

1) Open Source. Its our money, the software should belong to us.

2) The government has computers and a need for software and support of that software. Its already a big target for attacks, their experiences could benefit all of us.

No need to impose or advertise it; vendors would bundle it and/or customize it.

PS: A representative democracy can do anything it wants within the bounds of its Constitution even being able to change that Constitution itself.

Market forces

[keith_nt4]

One thing that may or may not have been pointed out: if the anti-virus apps are subsidized there will be that much less amount of market forces i.e. motivation to improve and and invest in R and D. Furthermore if only two or three apps are subsidized those will likely be more common and the bad guys can find and exploit the weaknesses in those two or three anti-virus apps. We'll be right back where we started.

I'd also like to point out the patch for the conficker virus was released a month before the virus appeared. Only unpatched machines even can be infected. If everybody kept up to date with their windows patches a lot of viruses would be rendered ineffective before they got started (and with no anti-virus).

Government needs to step in and realy screw it up

[Brainman+Khan]

Government needs to step in and spend loads of tax dollars giving us an AV scanner that also checks to makes sure our MP3 and movies are licensed and paid for, this scanner also needs to allow RIAA to scan it whenever it likes to insure copyright laws are followed. /sarcasm

That way private enterprise couldn't step in and create a "PROTECT Net Service" with free AV that doesn't allow you on the network unless your protected and backend support like ironport. With trained security staff to monitor and respond to attacks and notify you when your infected. Because the extra 3-5$ a month for this service would be far more expensive then the 3-6 month visits a user makes to the geeksquad when there computer grinds to a halt.

For all the people that claim AV software is useless please show me this magical land where all the threats are 0 Day and all users are knowledgeable enough to configure their router and only browse uninfected web sights. Its not perfect but it does improve security. A lock in the door allows a thief to break a window - Doesn't mean you should leave your door open.

Good idea for PSA

[halcyon1234]

I think this is a great idea. We should make PSAs to educate our youth with. After all, we OWE it to future generations to ensure they have plenty of filler material to MST before the main feature begins. Who knows, maybe they'll have perfected Host Segments by then.

Re:Can't Pay Me

[Blain]

To be fair, none of the security products I use is an MS product. The security features added to Vista (yeah, I know, they weren't all about security) I just found annoying as well, so I looked for other solutions.

Cost of anti-virus software is not the problem

[scdeimos]

The cost of anti-virus software is not the problem - there's plenty of free anti-virus alternatives in the market already, some of them much better IMNSHO than the paid-for offerings. If cost was the problem, everyone would be using free anti-virus software. And yet, there are still computers with no anti-virus software on them.

I think that many (corporate, in particular) anti-virus solutions are overly greedy on their CPU and memory usage. People notice this on their machines at work, or hear about it from friends and think, "my home computer's slow enough already, I'm not putting that crap onto it."

Content Control/Filtering solutions are also a desirable piece of software to have on home PC's. And yet when the Australian Government tried to give away NetNanny to anyone who wanted it, not a single person took them up on their offer. Not one. I don't know whether that says anything about NetNanny, or whether it shows that people don't trust "free" things from the government, but it must mean something.

Re:Can't Pay Me

[EXMSFT]

Couldn't agree more.

My perferred antivirus solution...

[Seismologist]

Uninstall the Redmond virus using live distro Ubuntu CD...

Economics in One Lesson

[NereusRen]

The submitter needs a better understanding of economics. He considers only the first-order effects, a classic blunder which is thoroughly discussed in Henry Hazlitt's classic book Economics in One Lesson, a rigorous treatment in layman's language which I recommend to everyone. (Google turns up a free ebook version that seems to be complete.) I'll give two reasons why this reasoning is bad:

But now suppose the government offers a $5 rebate (funded by a tax on all 100 million Internet users) to anyone who buys anti-virus software. Everybody who would have bought the software before, will obviously still buy it now that the government rebate has effectively lowered the price to $35, and now, all the people who value the software between $35 and $40 will buy it as well. For each person who purchases the software at the new price of $35, the following is true:

* The person who bought the anti-virus software is better off -- they valued the software at at least $35, and they got it for $35. (Otherwise, they wouldn't have bought it.)
* The taxpayers who subsidized the purchase are better off. Each rebate cost the taxpayer one-hundred-millionth of $5. But when that user installed the anti-virus software, they conferred $10 worth of total benefit on all other Internet users in the US, so that benefits each Internet-using taxpayer one-hundred-millionth of $10. So they're ahead.

1) The $5 coupons that are given to people who would have purchased the software anyway doesn't benefit the taxpayers at all. Say the subsidy spurs 50% higher antivirus sales over the next year, which I think would be a pretty incredible success. In that case, taxpayers are paying $15 for each "new" antivirus user. For every three subsidies granted, two of them would have purchased the software anyway. Thus for every 3 subsidies ($15), taxpayers have a net benefit of only $10. It's a losing deal unless you make VERY generous assumptions about the increased adoption rate due to the subsidy (I think mine was pretty darn generous), or the value of the positive externality (for which $10 seems reasonable to me, but is still pretty subjective and unproven), or both.

Note that, if $35 antivirus sold 50% more than $40 antivirus, someone probably would have already done it and made a bunch of money... which leads me to my next point:

2) You assume that prices would stay at $40. That would almost certainly be inefficient, irrational behavior by the antivirus company/ies. This is Hazlitt's One Lesson: you can't just look at one facet of your policy and assume everything else stays the same. Basic economic theory suggests that antivirus software would rise in price by somewhere between $0 and $5, and probably closer to $5 if the amount of the subsidy is a small fraction of the original purchase price and if prices are not being driven down by efficient competition (which seems unlikely, since there is free antivirus software available but companies can still sell theirs for $40).

Let's use an example: 50 million people would pay $40 for the software, and 5 million would pay $35 but not $40. (Also, of the 50 million who would pay $40, only 40 million would pay $45.)

Anti-virus companies have determined that the optimal balance of revenue per sale and number of sales occurs when they have a price of $40. The extra 5 million people are not worth lowering the price, because they'd make less on each of the 50 million that would have bought it anyway. $35 * 55m $45 * 40m, so neither raising nor lowering the price will raise revenue.

Now consider the $5 coupon. The companies will make the same pricing calculation, whether explicitly or implicitly. They will determine that the new optimal price is now higher than $40, because consumers will still make their purchasing decisions based on how much they actually have to pay out of pocket. Now they can charge $45 and still get 50 million sales, not 40 milli

Slashdotters are weird

[GF678]

Everyone here keeps saying anti-virus is worthless, not even worth pirating. And yet, whenever I visit a school to perform IT support, the Sophos logs don't lie. I'm always seeing computers where students have tried using infected USB drives with autorun trojans, and of course the anti-virus stops them. That at the very least shows its worth (not Sophos, anti-virus in general, I'm not shrilling a particular company now). So what's the alternative? Educate the users and hope they won't bring infected drives to school? They either won't listen or won't understand the concepts. It's easier just to block known attack vectors via anti-virus.

Having said that, one of the school's my employer supports was recently infected with Conficker, with half the desktop machines infected. It was wiped out in the end, but it wasn't fun. No, we won't install Linux because then we wouldn't be able to run Windows Movie Maker, IE or the various education apps that simply don't exist for any other platform. That and the that no-one cares about Linux, at least in Australian IT.

Re:Slashdotters are weird

[sowth]

You wouldn't need anti-virus to stop an autorun trojan from running if the crappy OS didn't automatically run code off of every piece of media which touches it. This is the problem with MS products. They don't think about security except as an afterthought.

I don't think anti-virus software is necessarily useless, but it should be the third or forth line of defense, just like firewalls. However, with how much malware is out there, anti-virus detection is becoming more and more unrealistic. Even with the constant advances in processing speed and storage, how long can we really keep up with a massive database which catalogs every piece of malware which ever existed?

I See Your Nope, and Raise You an Uh-uh

[Wowlapalooza]

Commerce Clause. Thanks for making the argument that more education is needed.

Thankfully, the SCOTUS came to their senses a few years ago and declared that the CC is NOT a blanket justification for universal Federal authority over everything. Congress had used it to justify totalitarian powers up till that point. Any argument using the CC as its justification has to have a much more narrow focus now, or SCOTUS will throw it out. I can only hope that one day they'll make a similar ruling on the "general welfare" clause.

Is that so? In the last major case on the Commerce Clause, Gonzales v. Raich, 545 U.S. 1 (2005), the Supreme Court actually upheld, under the Commerce Clause, the application of the Controlled Substances Act to the growing of marijuana for medical purposes, even though this was a "non-economic" activity. So I wouldn't read the obituary of the Commerce Clause just yet -- it still has plenty of life in it.

As for the current proposal to subsidize and/or educate the public in the use of anti-virus software, I think it's fairly trivial to demonstrate that computer viruses are both a) interstate by nature, and b) have a substantial economic effect. Thus it easily falls within the enumerated Commerce Clause power (if not other enumerated powers) of the U.S. Government to subsidize or educate software that prevents it

Re:I See Your Nope, and Raise You an Uh-uh

[Wowlapalooza]

... that should read "subsidize or educate people in the use of software that prevents it"

Definitely not

[tjstork]

They're not promoting X brand of digital TV converters or XY cable TV company or XYZ satellite TV company. It's the same thing really, and you're taking it out of context.

That's not a good example. The reason the government is pushing the digital tv upgrade is because it ruled that such upgrades must be so. You know, it mandated that, because it asserts it has a right to rule the airwaves.

Re:Can't Pay Me

[causality]

To be fair, none of the security products I use is an MS product. The security features added to Vista (yeah, I know, they weren't all about security) I just found annoying as well, so I looked for other solutions.

I wasn't talking about the companies that produce those security products. I was talking about why they even have a market at all. They exist only to make up for shortcomings in Windows. There is something fundamentally wrong with Windows that it has such shortcomings. I mean no disrespect but I don't see what fairness regarding brand names has to do with it.

Re:Can't Pay Me

[Blain]

Just making it clear is all. I agree with the security problems inherent in Windows that make these things necessary -- I always found ClamAV for linux a little weird, frankly.

I'm not running Windows because I like it (although Vista hasn't really annoyed me as much as it seems to have annoyed everybody else -- I also found ME no more annoying than others, so I'm a definite outlier). I'm running it to run software that doesn't run right under wine, and because I haven't yet got Kubuntu running on the laptop.

I was thinking PSAs

[tepples]

wouldn't imposing a botnet onto a home computer by force (edict or whatever, against their will) for military purposes be the electronic equivalent of quartering soldiers in a persons home?

I said "a campaign against botnets", not "a botnet" itself. I must not have made it clear that I meant botnets controlled by foreign states, not a botnet controlled by the US Armed Forces (for which you'd be justified in pleading the Third). I was thinking more along the lines of a 21st century counterpart of "duck and cover": Ad Council PSAs directing citizens to a comparison of how well the various operating systems and anti-malware packages detect threats being tracked by US-CERT and by other agencies. So unless you claim that the anti-malware packages themselves form a botnet, I don't see how the Third Amendment would apply.

We don't need more PSA's for anti-virus...

[myspace-cn]

We don't need another PSA for a problem after the fact.

We need cheap affordable firewall appliances in front of the boxes facing the web.

Think about it, we just did this (similarly) with the DTV / ATSC roll out.

And before someone say's there already are available, I would have to point out no they are not available like the ATSC tuners. And I don't see the US Government funding say IPCop and corporate media running ad's on getting your firewall up.

Schools don't teach the kids either. Sure they teach them how to open a word doc, but they don't explain network security. It's a real skill set that kids graduating high school should have. They should know iptables, or pf. They should know what an ISA network card is vs a PCI card.

Yeah yeah yeah I can find a network appliance
http://www.nextag.com/firewall-appliance/search-html

But I can't find one for $50 that the government pays me back $40 with a coupon.

If big brother should be hawking something, it should be hardware firewalls not anti-virus software.

A virus doesn't get on your computer by itself. It has to be run somehow. You have to run it. The skill set to track down a virus and remove it without any anti-virus software should be taught as well. At best anti-virus software is a tool to help you find something bad. Look at the windows log files. What good is it? Sure isn't like /var/log/messages where you can actually find something bad going on. I doubt most users ever look at windows logs in their entire life. On the other hand linux users learn early on to read the logs.

We need to keep the bad packets out in the first place in my opinion. Every anti-virus software I have ever used (some better than others) gives false positives, and also sucks up productivity resources. We need to get work done not deal with a warning / pop-up every time we restart some program. Also, I have written bad programs going completely undetected by anti-virus.

Re:We don't need more PSA's for anti-virus...

[myspace-cn]

Also, Government should lock their own boxes down before they go telling us how.

Also none of those $10 firewall appliances can be tweaked like IPCop / pf can.

yes but...

[BroadbandBradley]

will it run Linux?

Re:Windows Anti Virus Should be FREE

[daveime]

But they can't do that ... that would be anti-competitive !

Damned if they do, damned if they don't.

Having said that, the fact that most infections are due to Windows poor design, the antivirus writers have made an absolute fortune off Microsofts's IP (Insecure Programming).

Re:Can't Pay Me

[Opportunist]

How the heck did they get driving licenses implemented? Or requiring a license to operate heavy machinery?

Re:Can't Pay Me

[stewbacca]

If you'd like to posit that connecting your computer to the Internet is just as dangerous as driving a car or operating a crane, then I'd posit you are a paranoid.

Hmmm...I see some don't just open a door....

[ibsteve2u]

...for government intrusion, censorship, and propaganda, they rip down the house. Not to worry, though: PNAC loves you.

Too complicated with too many holes...

[fschmeisser]

...and ultimately unenforceable. That's why congress will love the idea! An easier way to achieve the same results is to force ISPs to mandate the use of Linux or BSD to access the network. Problem solved. Microsoft could get a six month grace period to come up with an inherently safe OS.

Re:Can't Pay Me

[causality]

Just making it clear is all. I agree with the security problems inherent in Windows that make these things necessary -- I always found ClamAV for linux a little weird, frankly.

I'm not running Windows because I like it (although Vista hasn't really annoyed me as much as it seems to have annoyed everybody else -- I also found ME no more annoying than others, so I'm a definite outlier). I'm running it to run software that doesn't run right under wine, and because I haven't yet got Kubuntu running on the laptop.

Reading that gave me an "outlier" sort of idea, too. It occurred to me that if the US DOJ really wanted to do something about the anticompetitive practices for which they conviced Microsoft, they should have forced Win32 to be an open standard, complete with a free, unrestricted reference implementation in source code. I suppose this idea never came up because a) it's a government agency and they tend not to go for simple solutions that make a lot of sense and b) they seemed to consider only the anticompetitive practices that related to Web browsers.

To me, "anticompetitive" is about the will to unfairly take advantage and has little to do with the specific methods by which this is done (those can be summed up as "any we think we can get away with") so I think worrying too much about specifics would be a whack-a-mole game. To me, the Win32 standard would be that one simple solution to this problem. It follows the logic of the frankly rather childish and selfish people who just want to take advantage, in the sense of "you abused this toy so now we're going to take it away from you." For that reason, I don't believe that my solution would be going too far. I thought of that because there are a lot of folks who say the same thing you just mentioned, that they need to use Windows software that just won't run correctly under WINE.