By Alex Salkever Hey, college students, it's time for a pop quiz: If an attachment arrives in your inbox with a suffix of .exe, do you (A) click on it? (B) click on it only if it promises you free stuff? or (C) always click on it if it appears to be from your best friend?
Not enough of America's best and brightest know that the answer is none of the above. As waves of students arrive on campuses across the country, university network administrators have found that significant numbers of computers owned by America's young scholars are riddled with nasty worms and viruses.
FIGHTING BACK. Joe and Jane College may be able to wax about Nietzsche and Voltaire or define a Golgi apparatus, but far too many of them can't distinguish antivirus software from KaZaA. And not enough of them understand that computer-security software is part of the price of entrance to the broadband Internet. Some campuses report that up to 25% of students' PCs on their networks are infected with malicious code.
Worse, a significant percentage of students hasn't installed antivirus software, even after the latest attacks of SoBig and the Blaster worm. So network administrators have resorted to extreme defense tactics. At Georgia State University, students recently were required to wait in long lines while tech-support staffers scanned their machines. At Temple University, network administrators insisted that students install antivirus software before they be allowed on the campus broadband grid. And at Indiana University, network-security administrators required students to submit their computers to an online scan before they could log on.
For the life of me, I don't understand why so many college kids are flunking basic computer security. After all, they've grown up with computers and are far more likely than the general population to surf the Internet and understand information technology. They intuitively understand e-mail.
NOT ROCKET SCIENCE. Two common excuses are offered for the failing grade. One is that computer security remains too difficult and complex, even for America's sharpest young minds. The other is that most people, regardless of their age and intelligence, don't consider computer security a real concern, even if they understand information technology.
Hogwash to the contention that computer security is too difficult. I've personally installed antivirus software on more than a dozen computers. This isn't rocket science. For the most part, you put the CD in the machine, click buttons, and install the security software as you would any other. Then, you can walk through a series of easy interfaces that allow you to set your system to scan the entire hard drive as often as you like -- automatically.
Several prominent antivirus companies offer diagnostic tools that can be downloaded for free and will scan computers for vulnerabilities. To run these scans you have to click two or three times, at most. They're painless to use. They're harmless. And they're easy to find.
BASIC TRAINING. Even some more sophisticated desktop firewalls are becoming easy to install (Norton Internet Security from Symantec (SYMC), for example). Sure, some users will have problems with compatibility. But people have the same issues with almost every other piece of mass-market software. My wife runs ZoneAlarmPro, a fairly sophisticated firewall, on her computer. She's no security guru. She had never even heard of a firewall before we were married. But she picked it up quickly. Now she understands: Never leave your machine running if you're plugged into a broadband connection and you don't have a firewall and antivirus software installed.
At college, the ability to make this simple leap of logic should be regarded as Computer 101 -- a basic approach to security that can save the hassle of pulling all-nighters talking with the tech administrators in an attempt to fix crashed networks.
O.K., so I'm picking a little bit on college students. There's plenty of blame to go around. Companies that make bug-ridden software deserve lots of it -- yes, that means Microsoft (MSFT). And security software outfits could help more with the education process. When my wife's firewall asks her if it's O.K. for filemask45.dll to access the Internet, she has no idea if that's a valid part of Windows or a Trojan on her desktop. Nor do I, for that matter. A better tutorial explanation of what filemask45.dll is would be immensely helpful.
NO EXCUSES. At the root of all this is the more serious issue: the common misconception that running a computer should require no more knowledge than turning on the TV. Wrong. Yes, some rough edges still must be ironed out in computer security. But students, listen to those university system administrators. You have no excuse for failing to heed the seriousness of what they say.
I know I sound like your father. But let me use a car analogy to emphasize my point. If the engine of your car seizes on the freeway because you haven't bothered to check the oil in seven years and people are subsequently injured in a crash, you can bet that someone is going to blame you for not understanding the basics of driving and caring for a car.
Like a car, a computer requires constant care and a general knowledge of its workings to run properly. Plug that PC into a broadband connection, and you assume certain responsibilities. So when college network administrators make you wait in line to check your hard drive for worms and stop you from accessing the Web via the campus network until you've cleaned your computer of viruses, be patient. Friends don't send friends .exe files. Salkever is Technology editor for BusinessWeek Online and covers computer security issues weekly in his Security Net column