Surfing the web on a virus-ridden PC is as nasty as getting on a train and sneezing into the face of each and every commuter. And it’s time we put a stop to it, says silicon.com editor Steve Ranger.

There’s a criminal in your back bedroom, or perhaps in the study. Or maybe even one sitting on your lap, right now. And what’s worse, you let them in yourself.

It might sound like the premise for a low-rent slasher flick, but actually it’s a reality of internet security in the UK. According to research out this week, more than one million households’ PCs are in the thrall of criminals, co-opted into botnets which spew spam or take part in other online crimes.

It’s a depressing statistic: chances are, of course, the owners of these million-plus subverted PCs are cheerfully unaware of their device’s second life. But we have now reached the point at which our attitudes towards internet security must change.

The time has come to ignore the howls of protest, the cries of ‘I didn’t know!’ and ‘It wasn’t me!’, and to decide that if a PC is infected with viruses or has become part of a botnet, it should no longer be allowed access to the internet.

Consumers need to take responsibility for their security online, and those that fail to do so, for whatever reason, must accept there are consequences.

ISPs can easily spot if a device is part of a botnet, or is riddled with viruses. They already have the ability to warn the user, or even to quarantine the PC for the good of everyone else. And in some countries, such as Finland, they already do.

UK ISPs should take similar action. Taking these rogue PCs off the net will save the rest of us time, money and hassle. It sends the message that accessing the web is a privilege to be earned and not a right to be unthinkinhgly abused.

To say that the average consumer isn’t sophisticated enough to know how to secure their PC is condescending nonsense: if someone has the ability to fire up a browser, they have the ability to secure their computer.

Really, it’s not that hard. In fact, it’s easy – and costs nothing to boot, thanks to the free firewalls and antivirus software available.

If you don’t secure your PC you are deliberately putting yourself and others at risk. Connecting a virus-ridden PC to the internet is the equivalent of getting on a train and sneezing into the face of each and every commuter, on the grounds that you are too careless to use a handkerchief.

Right now, too many consumers do not take security seriously because they myopically fail to understand the consequences of their inaction.

One of the wonderful things about the web is that it is not – like TV – about sitting back and consuming content. It’s about leaning forward and creating as well, from Wikipedia to silly cat pictures. But right now the contribution being made by a million PCs in the UK is to spread viruses and spam, and that’s not acceptable any more.

As the web becomes increasingly important we have make abundantly clear to its users what is acceptable and what is not.

Giving web users a warning (or two) to fix their security before booting them off the web seems like a good way of tackling the problem and I’d wager the spam and botnet problem would disappear overnight if such measures were put in place. Sure, there will be a bit of short term pain (and plenty of work for the PC repair brigade), but the longer term goal is important – not just in reducing spam or viruses, but creating more responsible, more aware digital citizens, whether they like it or not.

Steve Ranger is the editor of silicon.com and has been writing about the impact of technology on people, culture and business for over a decade. You can find him tweeting @steveranger.