A government committee in the United Kingdom have  been debating whether to force providers (such as Microsoft) to include content filters in their software (that they already do to some degree is not something you'd expect a government body to understand).

http://www.theregister.co.uk/2008/02/27/culture_committee/

It seems that Microsoft have made the argument that adding filters would 'send Britain back to the dark ages'. Leaving aside the hyperbole (the early 1990's - before the advent of the commercially ubiquitous internet  - was hardly the dark ages in the UK!), this article is interesting to me for reasons not directly related to the article.

While the committee isn't really addressing the malware question, rather, one of violent content in video games and so on, it does raise an interesting question.  One of the arguments against automatic filtering is that it seems many people don't actually want things to be filtered - personally, I want to be able to access whatever (legal) things I like on the internet, and as an adult, I basically feel it's ok to do so.

However, that's a political question, but the really interesting thing is that in some research that ESET conducted (a Harris Poll a couple of years ago), we found that a huge percentage of people don't update their anti-virus software, because, ostensibly it's a difficult process, and a few other reasons, for instance people just don't necessarily realise that the software needs updating - the trial version they bought with their machine perhaps will just go out of date, and they ignore the warnings.

Underneath that though, there may be a feeling of wanting to be one of the ones who 'got hit' by the big scary virus. This is certainly a phenomenon encountered by beleaguered support personnel in businesses throughout the world who get calls from users who 'just wanted to see what happens'. It seems that people, at times, deliberately disable their defenses, even though they know there will be consequences. Humans seem to like 'horror stories' and the media glamourizes the humble virus in such a way that it makes it appealing to people. There's a sort of mystique to the whole 'malware' thing, and some strange cachet to having been affected by a virus. In popular opinion, malware is given mythical properties, to the extent that almost anything that goes wrong with a computer system must somehow be the result of 'a virus'. A case in point, I recently spent a couple of hours on the 'phone with a relative who was having trouble reaching some websites, and who insisted it was malware (despite nothing showing up during scans with an updated version of ESET Smart Security). In the end, it turned out he had some static DNS entries pointing to servers that were no longer working correctly (his ISP had been purchased by another), nothing to do with malware at all, this same relative has a 'friend' who has previously rebuilt my relative's computer several times, ostensibly because it was 'infected' with malware. Who knows if it was really the case - personally, I doubt it. Not to say that malware isn't a threat, of course it is, but with sensible internet usage practices, and maintaining good, updated defenses, one can be reasonably safe.

This may all just be a result of human nature, we don't like restrictions placed on us (because, rightly or wrongly we think we can handle the consequences of our actions), we don't necessarily calculate risk very well (we are afraid to fly, but will drive at high speed on a crowded highway) and we like to be able to recount horror stories (oh, I once got my leg bitten by a virus, and had to have it amputated...). With malware though, there is a very real risk of not only infection if we disable defenses, but of a compromise to our personal identity, funds and security. Far from being the hobbyist activity of tradition, virus writers no longer want to 'melt your screen', in fact, they would rather be totally unobtrusive, because that increases the chances of the malware surviving on an affected system long enough to be useful. If your system can be added to a botnet, it becomes something of value to the attacker, and it's not in hir interest to let you know about it. This can lead to loss of your funds, credit card fraud, impact on your credit rating, loss of crucial data and so on. Not only that, but you could find yourself being a part of the problem, with your machine attached to a botnet spewing out spam and malware updates to infect thousands of others. Is it really worth the risk to turn off your filter just because you want to see what happens?

Andrew Lee
Chief Research Officer