That is the problem expectation right there. Everyone thinks that they should be able to do what they want to do on their device. That way of thinking is an anchronism - way out of touch with the current realities of digital security. Wrong. Because what you do on your device clearly affects others. That whole userland way of thinking needs to be stopped. If you infect my system and cause damages, guess what ? I'm going to sue you. And I will win. If you are an employee, not only will I fire you, I will also sue you and win. You will pay for the damages. So it is in your best interests to have a device that prevents you from shooting yourself in the foot and then infecting others.
I hear what you are saying, but I wouldn't assume that you will win that court case you are speaking of. As an employer you will be questioned on whether you provided proper training and education, along with proper security measures. All the employee has to argue is that you didn't provide them with such info and quite frankly the case may not necessarily go the way you think it will go. Similarly you would have to prove intent that someone purposefully and knowingly did this to harm you, which would be very, VERY difficult to prove. You can't just use the argument that they should know better and quite frankly you would have to provide evidence that you did provide proper training, just saying yes I did won't be enough.
I get what you are saying about locking things down so these things don't happen, but at the end of the day, computers need to be used, software needs to be used. Whether it's at home, or an enterprise, stuff needs to get done. You can have a million security measures in place, but if they become so infuriating that they get in the way of simple things, then yes whats the point of using a computer? It's this approach that gets people to turn off their real-time protection, disable UAC, etc...There isn't some licencing exam people have to go through to own and use a computer like they would driving a car, so education on safe computing habits is paramount. Thing is, this part is often forgotten in all of this. I see it all the time, people say, well I put x product on my family/friends computers to keep them safe because they do x,y and z. That's great and all, but did you do any education on how to stay safe online (ie: don't open emails/attachments from those you don't know, or are expecting, don't click on ads and random links, etc...)? Usually the answer is no. So they have a better security suite, but they haven't changed their habits whats so ever, so at some point, no matter how good this program is, they will get infected, as we all know, no product is perfect.
As I've said I see where your coming from, but unfortunately the world isn't as black and white as you make it out to be. It would be very nice that everyone could be on the same page and infections are minimal, but unfortunately this is not how computers and networks have been setup/designed. Right or wrong, does there need to be a better approach, yes, but unfortunately this world that you speak of doesn't exist and I don't think it ever will.
There is difference between being infected by a machine targeted by an attacker and a machine infected by negligence like disabling AV to install cracks .
The first case, I will be more merciful. The second, the dude must be sued and accountable for all the damages I got.
Good point, but again it would be a hard case to win. As I've said above, the employer would have to shoulder some of the blame for not educating their employees and setting up proper security measures. As a business, employees shouldn't have access to change any settings, or disable any protection measures. If they do, then it's the employers fault for not setting things up properly. Again, proving intent to harm you would be difficult to prove. Saying that they should know better won't be a good argument, as the consequences aren't as dire (ie: death) and necessarily as well understood and unsafe driving is known for.
