I'm fascinated by this discussion, as it has impacted me seriously and, as a result, a lively discussion is going on in my household. Here's an email I sent to Rob Pegoraro at the Washington Post and J.D. Biersdorfer at the NY Times to get their take on it (if they feature my letter in their columns). I'd also appreciate anyone else's (Note: I never open attachments unless I'm expecting them, and my Gmail account has been pretty much spam-free):
I have a new (April 2005) custom-built computer with XP Scene edition, which is run on a home network linked to a satellite modem. I'm a big believer in downloading Windows updates and always did it on previous computers. I'm also a confirmed fan of firewalls and have always had one since getting broadband in 2000. However, since owning this computer, I've been hit by so much spyware (despite several updated and regularly run spyware programs -- Spy Sweeper and Spybot, as well as Norton AV 2005), it had to be ghosted back to its original configuration last month. (I added Ewido after the ghosting.) My husband and his computer-whiz friend, who built the computer and our network, blame Windows updates for my spyware problems -- they fervently believe the Microsoft website is a magnet for hackers, and also think that Microsoft purposely includes spyware and viruses in their products (they're full-fledged conspiracy theorists). However, I'm really concerned about security issues -- even though I don't use IE or Outlook (I prefer Firefox and Opera browsers, use Gmail for email and Thunderbird for RSS feeds and newsgroups), several recent articles have pointed out that XP has several glaring problems that require patches, and I'm worried about what might happen. But my DH and his friend don't update Windows and have never had problems, while I've been a regular updater who's been besieged with trouble. Since the ghosting, I haven't updated Windows.
They also think running a firewall is ridiculous, and point out that our server, which is an old computer, serves as our firewall, so no additional software on either computer is necessary. Hubby points out that he has no firewall and hasn't been hit by anything, but mine, which had Omniquad, was assaulted (more conspiracy theorism). When we set up the network, I originally subscribed to their prescription, but was hit by so much junk that my computer was virtually disabled, so I installed a firewall (in addition to the spyware protection I already had). However, it obviously didn't provide much help. I've been running it without a firewall since the ghosting and haven't had any problems, and our friend, who runs a multi-computer network in his home, has never used a firewall and says he's had no problems.
FYI: when I download any type of file, it goes straight to a designated folder, where I scan it with Ewido and NAV before opening or installing it. DH, on the other hand, scatters his all over his computer and never scans them, trusting his AV and spyware programs to automatically protect him.
Overall, I'm baffled by the situation -- I'm the one acting like a responsible computer owner, but am getting hit with all the problems. I'd appreciate your thoughts on these two issues and any suggestions you might have.