Home computing terrors - who's to blame?

I have to say its over a decade since we first had to deal with viruses on Windows systems (back then they used to be floppy disk borne). In fact its so long ago now that I've quite frankly forgotten when it was, someone can surely go dig up a history of PC viruses but I really can't be bothered.

So why, after all these years are we still living with viruses as a daily threat, one that's probably ten if not a hundred times worse than it used to be. Ad to that spam and now spyware and you have a recipe for rendering a useful tool useless. Indeed in the last few months I've done some fixing of computer systems in my spare time and have attended several desperately sick PCs that the owner was ready to send back to the retailer that purchased them from. What a waste.

Yes there are many 3rd party products available that purport to protect us from such terrors but those give us a false sense of security. Spam still slips through, viruses still get a day or two head start on the anti-virus people in which time they can take down and captivate hundreds of thousands of machines, and spyware is seldom if ever caught before it installs itself and digs its claws deeply into Windows.

While I recommend several tools (such as Spyboot Search & Destroy, and Webroots Spy Sweeper) for spyware detection they all leave a lot to be desired in terms of spyware removal. Try explaining to the average consumer home PC user the mysteries of booting in "Safe" mode and then killing off the 'explorer' process and running their anti-spyware tool of choice, just see how far you get before you give up. Better yet trying explaining the mysteries of setting system restore points, registry backup and editing... then really give up.

Now I wont even begin to blame Microsoft for the spam phenomenom, but one could paint them in a bad light for their refusal to license their anti-spam SenderID technology in form acceptable to the IETF such that it could be used world-wide without fear of royalties or proprietary intervention by Microsoft. However most of the issues with our open and loosely authenticated email system date back to the liberal heyday of the Internet before it got commercialized.

However their culpability in the virus and spyware arena is much more significant. They have, time after time, branded and rebranded Windows as safe and impervious to attacks. The have added all kinds of security features the purport to give users a warm and fuzzy and yet still we have slave armies of compromized machines all over the Internet and other machines rendered useless by spyware in a huge number of homes.

I know the guys up in Redmond must surely be trying to do something about these problems - the fear of them is a definitely worry for most users, even expert ones now. Plus the additional expense and time spent battling with them also makes a computer a significantly less useful one. But they are surely dragging their feet and taking a monumentaly hands-off attitude to the problem. Lets face it, it took about ten years from wide availability of Internet access (say 1994 when web browsing came along) to the first effective and by default enabled firewall in a Windows OS for consumers (XP SP2). Arguably viruses have been a significnat threat for much longer, and yet still there is no anti-virus technology included with Windows - it should be a core and tightly integrated component and above all free and not an add-on.

Ditto for spyware, which is arguably just a virus that uses free software and the user as the vector instead of covert self propogation means (like email). While Microsoft has choosen to do nothing about spyware until very recently, it seems outrageous thaat the likes of Symantec and McAfee have not included anti-spyware technology in their anti-virus behemoths. Yes, the latest Norton AV can detect (some) spyware but low and behold can do nothing to remove it and it certainly can't prevent its installation in the first place.

I know that Microsoft sees its Longhorn release of Windows as being the ultimate solution for all these problems. Apparently the DRM/copyright protection technology built in from the hardware level will be leveraged to protect the operating system and approved applications. However a fully featured Longhorn is still a long way off - quite possibly 2006 or 2007 before we see it widely available. A less fully featured version may come along before then (formerly nicknamed "Shorthorn") but whether that includes all the features that could help keep viruses and the like of systems that's anyones guess.

Why not, I ask, set up some independent software inspection authority that can verify and digitally sign software installs just like Microsoft does for drivers? If it can be done cheaply enough this could become a very useful weapon against unauthorized software. Sure the problem of installation of unsigned software will still be there, just as it is with drivers, however Windows could then include features to deny certain rights to unsigned software. It could also segregate untrusted software so it can be controlled and managed independently of trusted software. Indeed Windows could disable all unsigned code and effects of registry changes made by them at the drop of a hat - if nothing else that would make removal of such code much much easier - without resorting to booting in safe mode. I think that by default user accounts should just run in such a environment all the time so its impossible to execute bogus code.

In my opinion it's always been a big problem that by default Windows (especially Windows Home Edition) gives the home user an administrator privilege and does not force them to think about the consequences of software installation by requiring a switch to administrator mode. With more restricted use of adminsitrator privileges and closer monitoring of software installation it should be a synch for Windows Help to guide a user through software uninstallation and system restore to recover from bloated spyware ridden computer syndrome.

So I have to say, I am frankly shocked that Microsoft could even be considering charging for anti-spyware technologies. Like the inclusion of a firewall I would say they are essential and regardless of fears of anti-trust suits from McAfee and Symantec Microsoft should go ahead and wage a war against home computing terrors on all fronts ASAP. If it doesnt it will risk every home user either ditching home computers completely and using only fixed function TiVo, gaming and multimedia machines, and switching to any alternative non-Microsoft technology that is perceived as safer and less vulnerable to such problems such as Apple, Linux, Firefox, Thunderbird, Java and OpenOffice. That this is already happening is clear, just how far it will go remains to be seen.