[joe_the_user]

The average user is worried about their laptop. The idea of their laptop being hacked is worrisome because they keep personal information on it and it's a somewhat personal possession. So anti-virus get some play.

The average user doesn't care about their VCR. The average user won't set the time on their VCR much less set a password. In fact, I don't care about my VCR or my light bulbs or whatever dumb thing someone decides should have the capacity to be on the Internet (except I care enough not to knowing buy such things but in the future may unknowingly buy the stuff). If someone manufactures Trojans to put in people's homes and it causes other people problems, it shouldn't be my problem.

[MereKatMoves]

Average users have a VCR? How would it work if they don't set the time on it?

You bought (whatever) it (is) - so that becomes your problem. The average user falls for the marketing of "your app controls your fried chicken" bullshit and buys the IoT chicken frier. So you won't buy that frier. Good for you

[vkou]

>Average users have a VCR? How would it work if they don't set the time on it?

Just fine, actually.

https://en.wikipedia.org/wiki/Blinking_twelve_problem

[dublinben]

The manufacturers of these devices are selling faulty products. If their products are dangerously insecure, they should face repercussions.

[zzleeper]

The manufacturer might be in another country or bankrupt. You should go after the user and then he might go after the manufacturer or his insurance if he wants.

But on more realistic terms, my hope is that if this gets really bad, then a consortium of huge internet firms can start blacklisting bad IPs. If John-Random-Guy can't connect to google/facebook/akamai/etc then for sure he'll at least unplug the device