Chap bought a car on Saturday. Never having driven before, he wasn't sure what the steering wheel was for, so he wrenched it off and threw it away. Eventually he figured out how to get the thing going, and accelerated straight into a wall. Now he is going to sue the manufacturer for selling him a defective product.

This story is not true, of course. We don't let people drive cars unless they learn how, and pass a test. We have regulations to keep defective cars off the roads. But millions of people buy PCs they don't know how to run, mess them up, and then blame everybody but themselves.

When computers were standalone machines, this was not a problem. Now that so many people have high-speed internet connections, it is. PCs and servers are being hacked to relay spam, circulate viruses, mount denial of service attacks, and perform other antisocial actions. My mailbox is overflowing with the evidence.

Nor are companies wholly free of blame. Suppliers have deskilled networking to the point where almost any small company can afford to put a cheap, insecure server on the net. And they do.

Can we afford to let this state of affairs continue? Should users be required to present a European Computer Driving Licence before they are allowed to buy a PC? And should we make the installation of critical security patches obligatory?

Well, it is not going to happen. The PC market is open. Many users can build their own machines and install whichever operating system they like. Even if rules could be enforced in Europe or the US, there is no chance of that happening globally.

However, things can be improved: if Microsoft does a much better job of locking down its systems, and if companies put some effort into user training.

There is no doubt that Microsoft has to shoulder a lot of the blame for the current situation. It has generally taken the line that "all things are possible" instead of "all things are forbidden".

The operating system should, for example, encrypt address books, block access to email attachments and close all ports by default. Rather than trying to limit what is bundled with Windows, the US justice department and European Union should be insisting on built-in firewalls, anti-virus software and Trojan checking.

Bugs can, and do, happen to everyone, but that's no excuse for shipping systems that are insecure by design and/or default.

Companies also need to invest in user training, including security awareness. After 20 years of microcomputers in British schools, this should not be necessary. However, half an hour in any office will show that, in most cases, it is.

A lot of expensive mistakes are the result of dumping people in front of PCs and terminals and giving them no clue how to use them safely and efficiently. Most people can't program a video recorder or use half the functions of their mobile phones, so you should expect them to need some help with computers.