Who's to blame for Computer Viruses?

By Alistair Dabbs
July 25, 2007

Blame for the recent proliferation of Windows viruses has been attributed to the indiscipline of computer users, but high-profile voices are at last speaking up in our defence.

Pilot error is an easy accusation to make, but how is it determined? Even when a black box recorder is retrieved after an aircraft accident, it's not as if the pilot has given himself away by saying 'Whoops!' just before the bang. So a group of independent experts try to investigate all the possibilities one by one before attributing blame, and this blame might be directed at anyone -- pilot, airline, air traffic control and so on.

Turning to less fatal issues, computer virus attacks are always due to pilot error. No-one else. You're the idiot, say the experts, and that's official.

Regular readers of this column will be familiar with my view that the only truly idiotic thing a computer user ever does on a regular basis is pay money to experts. So it's with a furrowed brow that I heard one of George Bush's advisors agreeing with me last week. 'It cannot be beyond our ability to [...] write and distribute software with much higher standards of care and much reduced rate of errors and much reduced set of vulnerabilities,' said retired lieutenant-general John Gordon at the RSA Security conference in San Francisco.

That's easy to say but hard to implement. After all, this is a country whose experts can put an RC buggy on Mars but is unable to cobble together a working hole-puncher for presidential election polling slips. IT experts are aghast at such ignorance. Doesn't this bloke know that computer users are the problem, not the systems? Oh if only we could just ignore the users and just keep their money... oh hang on, we do that already.

Indeed, one of the counter arguments from the IT industry was that fixing software security holes is too expensive to be worthwhile. Yet third party security specialists make a fair living out of doing just that. Now I've never really understood why small companies make money out of doing something that big, well-resourced companies supposedly can't afford to do. For example, PalmOne (or whatever it wants to be called this week) says it no longer intends writing Mac OS X-compatible synch software for its palmtops because doing so is too expensive. Yet a whole army of teeny little companies, some of whom I suspect are little more than part-time hobbyist shareware authors, seem to have managed the task just fine.

The difference, if you haven't already spotted it, is that the small company charges for its software, while the behemoth is expected to issue updates and patches for free. The behemoth has already taken your money, though, and just wishes you would go away or at least keep quiet when its software stops working properly. So I was very surprised to read Nick Scales of mail security service provider Avecho also agreeing with me. All the industry harping on about new viruses getting past anti-virus software, he says, as well as the subsequent blaming of the end user, is reminiscent of the train companies complaining about the wrong kind of snow.

He even dares to suggest that anti-virus developers adore viruses because each major scare boosts their profile, although this triggers a trail of thought whose logical conclusion is probably best to leave alone in the interests of legal decorum. File the story under P for Paranoia, along with the one about Microsoft supposedly helping fund SCO's Linux law suits. Only idiots would believe that.

About the author: Alistair is a UK-based journalist with articles posted in several high-profile IT publications.