Why Doesn’t my Computer Work?
And the Real Blame for Spyware goes to...
©Jerry Stern 2004, All Rights Reserved. As seen in ASPects, September 2004
I just cleaned up another computer for a new client. It had 256 viruses,
mostly Sasser worms, around 800 spyware files and settings, and worst, it had 32 programs auto-loading from all
the different magic start locations in the start menu, in the registry, and in a few
other spots that I won’t mention, because I won’t help the malware authors hide
their toys. In short, it was an expensive doorstop. And it had a twin brother, too–a
notebook. Fewer viruses, more spyware, same functionality–none.
The computers had been running reasonably well since they bought them nearly two years ago, but the customer
decided to get residential DSL from the local phone company, and had taken the self-install kit, including both the DSL
modem and a wireless router/hub/switch/gadget, and had decided to set the router up later. She then followed the instructions
for setting up DSL, never saw a warning about worms and firewalls, and got connected, and then immediately got
shut down again by a worm that wasn’t stopped by the firewall, because her router wasn’t plugged in, and because the antivirus wasn’t up-to-date, and because
the Windows XP software firewall was off by default, and because her Windows
patches weren’t in place.
This is typical of intelligent professionals
who haven’t gotten the word about patches and worms; they make the assumption that a new product will work out of the box, and keep working until
they drop it on the floor, or until they ask it to do something new and unexpected,
like run on high-octane gas. If it was any other kind of appliance, they would have
been totally correct–the toaster doesn’t explode when you put in a new kind of
bread. “But honey, this toaster doesn’t do semolina rolls. It only does muffins and
whole wheat!” Kaboom!
So, who’s to blame here? I wrote the bill to the owner of the computers, for
cleanup work and two new antivirus programs that won’t expire on a schedule. Let’s see now:
The local phone company provided a router/firewall, so they must be doing their jobs, I suppose, although they didn’t explain that connecting to their service
without it was unsafe at any speed, or that the email service they provide was loaded
with viruses, because they don’t filter worms and they don’t virus-check email.
The computers came from an appliance superstore, who didn’t explain
patches or antivirus or worms or spyware. They said, “Take it home, plug it in, turn
it on, do stuff.” Or was that what they said about the electric skillet? Not their
fault, I suppose.
The systems were built by one of the top three makers of boxed systems, and
they set everything up on the computer in advance, including desktop setup icons
for six internet dialup companies, a long distance over-the-web service, and a
music service. Oh, and a link to online live tech support was in the start menu,
too, under start, program files, the manufacturer’s name, system, diagnostics,
service, online help. Which, of course,
requires the computer owner to already
be online and able to use chat software. In
my experience, if the computer owner can
do that, their only question is likely to be
how to burn a music CD.
Windows patches, of course, were up-to-date as of four months before the
day the computer was sold, and automatic downloading of patches was turned off.
No software firewall was running, the antivirus was ready to install for a free 90-day trial, but not actually running, but
the important stuff was all there: in the autoplays, there were four programs for
phoning home for software updates to the music software, update checker for camera
software for a camera that wasn’t included with the computer, update checker for CD-burning software and for
a DVD-player, and a nifty little program that shares your photographs to a web
site, also for that camera you didn’t buy, and for a very low annual fee. And the
way a buyer finds out they have all these goodies in memory, running all the time,
is by carefully exploring their startup menu and desktop icons and reading the
small print on the license agreements to see just what they’ve already got working
for them in the background. So it’s their fault that the computer is a doorstop,
right? Well, ask them. Should be interesting.
Well, how about Microsoft? Well, in all fairness to them, they have gotten
better at choosing default settings for safety, and they are a major target, but
they did write an operating system that grew larger far, far faster than their own
ability to keep up with the long history of hacker/cracker/script-kiddy/spambot
attackers. Is it their fault? Well, read their license agreement some time. You know,
that’s the statement you clicked ‘Agree’ to as you started up your computer for the
first time. As crafted by their crack legal team, they are clearly responsible if the
CD-ROM that holds their product is unreadable.
OK, so it’s all the fault of the computer owners that they didn’t know what they weren’t warned about. They were,
however, recently warned, in writing, not to use their steam iron in the bathtub, not
to use the electric screwdriver as a hammer, not to remove the tag from the mattress,
and not to use the dry-cleaner’s plastic wrap as a crib liner. Go figure.
Someday, a computer will be a black box appliance. In science, a black box is
a gadget that you use without knowing what’s going on inside all of the internal
twinkly bits. You put in something; something else comes out. You put in
electricity; you get heat. You put in batter; you get waffles. You don’t have to
understand that the heat and the cooking are caused by electrical resistance from
passing electrons through a carefully-sized conductor of electricity, or how the
stick-proof coating works. You just make breakfast. Plug it in; it works.
I want my computer to do that.
So do my new clients; the cleanup
cost $420, plus tax.
Jerry Stern is the editor of ASPects–the monthly newsletter of the Association of Software Professionals, and is the author of Graphcat and FileTiger, runs Science Translations, and is online at www.pc410.com