Originally posted here by Amanda
....
I would set some of the blame on the admin for not haveing any AV/FW/brains/ however most of the blame should go to the kiddie for useing the box to launch attacks in the first place. But im not going to sit back and say things like you should have been prepared for just about anything out there but you weren't so you deserved what you get.
Unfortunately most of the systems we see DDOS and other zombie processes coming from are home users that don't know the first thing about security (and are usually too afraid of the computer to care). Personally I think the blame lands on these groups in order of magnitude.
1. The broadband ISP (a lot of times these idiots not only don't tell their customers about security programs, they actively discourage the use of firewalls on home machines.)
2. The hardware vendor for not bundling AV and personal firewall programs in the system
3. The script Kiddies
4. The user especially after they drop 100+ on a virus repair and still refuse to secure their system.