[One] of the biggest problems securing the PC happens to be its most important component: the one sitting between the chair and keyboard.
Only 64 percent of those surveyed by McAfee and the NCSA reported having their firewalls turned on, and only 27 percent use software designed to stop phishing attempts.
Most important, the study suggests that consumers are generally less safe than they believe, which leads to lackadaisical approaches to maintaining their security software. ^
Those of us who make a living contracting have known this for some time. However, I wanted to correct the negative tone that seems to come through that sentence. I don’t blame users. I believe computers should just work or get as close to it as possible. As a result, I have a simple approach to security: run a clean browser, turn off unneeded services, force users to have non-administrative accounts, and clean up file systems so that changes are evident. I insist on firewalls, but see no point in anti-virus software except as used to check downloads.
The user is defined by wanting to make the computer do something. The user has better things to do. It is not (necessarily) because they are stupid or lazy. My fellows geeks and I forget this at our peril.