I must confess that sometimes I get depressed when the entire security profession seems to focus on a single problem. In this case, I will define the single problem as "undesired propagation," e.g. worms, viruses, and spam. This concern is a function of the difference between ‘low impact, high volume’ vs. ‘high impact, low volume’ perceptions of risk.
Let’s just all go out and get janitor badges that say "Nuisance Police".
Well, some say folks focus on viruses and worms, becuase most of the surveys show that they cause the maximum $$$ damage…
Anton – yes, I suspect they have a history of most damage, but that damage is spread across many different pocketbooks (worldwide), so it can be a bit deceiving. Think of the ‘damage’ done by Code Red – ultimately a worldwide rash that only required a reboot to resolve (I am simplifying a bit). Not that the surveys really matter since we can’t/don’t normalize the responses.