* Owen DeLong: > Wrong... Most of them are subject to the problems they have because > of their contractual relationship with Micr0$0ft. Specifically, > they made the unfortunate mistake of purchasing software from > Micr0$0ft, agreeing to the Micr0$0ft End User License Agreement > (contractual relationship) and then running the Micr0$0ft software, > which lead directly to their system getting owned (or pwn3d if you > prefer) due to the enormous number of design flaws, well known > exploits, and other deficiencies in the code purchased from > Micr0$0ft.
In most parts of the world, the Microsoft EULA is not enforceable. Most users don't buy their software from Microsoft, either. It's preinstalled on their PC, and Microsoft disclaims any support. > In what way, exactly, is this in any part the ISPs fault? Why > should their ISP bear the brunt of the costs for Micr0$0ft's poorly > written code? Most ISPs recommend using Microsoft software or provide software for the Microsoft platform, and require to turn on JavaScript, which makes browsers much more vulnerable. (Obviously, this doesn't matter in practice, but still.) They don't exist in a vacuum. But the whole thing underlines a very difficult problem compromised end users face: they haven't got anyone to turn to. Someone quoted rates for some services, and these aren't acceptable (you can almost get a newer, faster PC for that price). Part of the problem is piracy, which makes it difficult to reinstall everything from scratch. Another one is the lack of an audit trail which would tell *why* the customer got infected, so that you could get some learning effect.