In his recent article, Cormac Herley of Microsoft Research suggests that many of the things that users are asked to do in the name of computer security are not a rational use of their time, which is why many users do not follow most computer security guidelines. Although the advice is sound, following it takes too much time for the likelihood of avoiding being harmed. Most security compromises are from users installing malware and falling prey to social engineering. Herley doesn't say what we should be doing to protect ourselves. He encourages computer security professionals to simplify what users are asked to do through more research into which security measures are most likely to help us avoid actual, rather than maximum potential, harm, and to target that advice at those most likely to be harmed.