"As for differentiating viruses and worms - I'm very well aware of the difference."
I didn't mean to imply that you didn't know the difference, just that it was hard to tell from that clip whether you were talking about "viruses" or "worms" ... so it was an easy mistake for Scoble to make.
Yep, "anti-virus" programs remove worms as well. The term "virus" has gone through somewhat of a loosening in that respect, since people aren't aware of the technical details and think infection=virus.
Even thought they are both removed by anti-virus software, effective defense against infection from viruses and worms differs ... like how a firewall won't protect you against email viruses. A misunderstanding like that could give people that don't know the
technical details of viruses/worms a false sense of security.
"We're talking, by the way, of a pre-Windows XP Service Pack 2 world (when it comes to getting infected by turning on a new machine). XPSP2's firewall will protect you from the virus threats we discuss."
Strictly speaking, the topic of this video is worms and not viruses:
A firewall will protect you from being attacked and infected by a worm. Viruses usually spread from files, require user intervention to execute them (or Outlook to automatically open emails/attachments for you like it used to), and cannot be stopped by firewalls.
Worms spread autonomously over a network, are self-replicating and do not require user intervention. Firewalls can stop worms from spreading by blocking traffic on vulnerable ports.
Do they also have a zero-knowledge persona? Like a person who has never worked with a computer before?
For those people they should have some cool training stuff like: How to work with the mouse (single/double click) and keyboard. Introduction to security, enabling firewall. How to install and uninstall software.
All basic stuff.
Introduction to security, eh. It's interesting that you mention that one. What if they don't care to learn about it? They should have an "ornery" persona that doesn't want to be bothered learning anything technical. Or even a person that is *unable* learn
technical things. Is that person still protected by a firewall by default even though he doesn't know it? Does that person have reasonable protection against viruses? Trojans? Spyware? Does that person get security updates? A lot of these problems seem
to have been tackled by XP SP2.
You will be happy to know that the Software Engineering program at the University of Ottawa has a required security course for all fourth year students. It was quite comprehensive, covering threat modelling, encryption, digital signatures. I very much
enjoyed going to the class and the content was very interesting. I agree that generally developers are either ignorant or don't care enough about security issues though.
University of Ottawa Software Engineering class of '04