I'm tired of having an in-box filled with worms. In the last 26 days, infected PCs have sent me 3,787 copies of MyDoom. I know I'm supposed to be an understanding, gentle kind of advice giver, but frankly, I'm sick of it. I'm sick of having my time wasted, and I'm sick of having to help people clean up messes because they can't control their own mice.

Why can't people take responsibility for protecting their own PCs? People never say, "I did something utterly moronic today and infected my own PC and 600 others." No, it's "I got a virus." As if it's not their fault. As if they caught a cold because they just happened to be in the room when someone who was sick walked by.

Well, it is their fault. You don't get MyDoom if you don't click on it. It's not even that clever of a hack, the kind where just staring at it funny infects your PC. It's not novel, either. When the ILoveYou worm came out, that was new. People got duped because they had never seen anything like it. But that was four years ago.

If you got MyDoom last month, you've got a problem, and it's not a software problem. It's a human problem. Here are some ideas for solving it:

Stop relying on virus scanners. When a worm like this breaks out, it can take hours for virus signatures to be updated and days for all the PCs in the world to know about it. A virus scanner is a great thing to have, but you can't blindly stumble through life clicking on anything you see just because you gave Symantec $20. If you have a heuristic virus scanner - they do exist - that can help, but it's still not a sure thing; it just increases the odds of success. You have to realize that even with protection, you're not totally protected.

Start relying on education. You, and all the users you support, should know better than to click on attachments, no matter who they're from, which launch programs or unzip themselves and self-execute. This is as basic as knowing your own e-mail address. When you put a company PC in someone's hands, they should be potty-trained to not mess all over your network. If you think training is expensive, consider the cost of not training.

Stop buying the monoculture. If everyone uses the same mail client and operating system, it's that much easier for malware to take down your network. I don't have any illusions that everyone in the world is suddenly going to stop using Windows, Office and Outlook, but I can tell you this: The only thing Macintosh users got from MyDoom was annoyed. There are Windows e-mail clients, such as Netscape and Eudora, that are less susceptible to the kind of prank that spreads MyDoom.

Whitepapers

• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports