Hit them where it hurts?
I've come to the conclusion that internet users who aren't IT enthusiasts or professionals are driven primarily by two incentives:
1. Getting things done as quickly and with as little excess mental effort as possible, and
2. Getting things done cheaply or, better still, free.
Of course these are the incentive combinations that result in people plugging their new broadband modem straight into a USB port before heading to www.dodgypr0nsite.com with an unpatched OS and an unsecure browser, or installing a badly configured Limewire to quickly get their fix of MP3s "because that's what everyone else I know uses."
Yes, they'll get their "free" music and copious GB of whacking material and think they're being so clever, but it's the likes of you and I -- the sort of people who read these pages -- who end up picking up the pieces when our friends computers start groaning under the weight of months' worth of malware.
Tackling the problem of user insecurity boils down to manipulating these two incentives.
The first one -- convenience -- is a really difficult nut to crack. I'm sure we've all had similar experiences trying to explain to our friends and colleagues why it's important to keep the OS up to date, to secure our browsers, to backup our data, to modify our online behaviour to limit the risks. The problem with this strategy is that the upside carries with it a cost, the cost in time and effort to learn, introduce and maintain these policies. You or I would see this as worthwhile, but most non-IT folk don't. And the flip-side -- the inevitable box-o'-malware that results from not doing it -- isn't nearly so much of a disincentive to these same users because we are the ones who sort their systems out when they go tits up. All they lose is a day or two's access while their geek friend disinfects their system, then off they go again.
The second incentive -- monetary cost -- is arguably easier to manipulate but because it effectively involves telling our friends and family to go fuck themselves it's unlikely to have much take-up. Because we, as friendly neighbourhood 'computer whizzes', are part of the problem here. When it all goes wrong we fix it, and more often than not for free. OK, so your friend might cough up for a couple of pints the next time you're down at the local. Or a member of your family might get you a gift as a thank you for sorting things out. But these aren't perceived as a cost per se; it may even be that they're seen as a sort of sweetener, a means of assuaging guilt while keeping you ready for the next time their computer throws a wobbler. In most cases any payment certainly won't be as great as that charged by The Tech Guys, and arguably the standard of work will be better since you're more likely to take care over not erasing your friends' data or settings.
So here's the solution. The next time someone comes to you with a PC problem take a quick look and, if the problem is obviously self-inflicted, tell your friend to take a hike and point them in the direction of the nearest PC World or local repair shop. When they return £100 out of pocket, with a fully working PC but without a shred of the data that was once on it, explain that this is how the real world works and that you'll help train them in all the methods that will prevent it happening again. It's cruel, but perhaps with five years of work erased and a gaping hole in their wallet, they'll be more likely to listen the advice they ignored for so long.