Antivirus Programs

Posted by on

Every so often, some company will say something about a virus or antivirus program (such as this), and the comments on it (if allowed) will be filled with an OS flame war.

I’ve used PC-based computers since 1989 or thereabouts. In that time, I’ve been attacked by two viruses — one in 1997, a DOS boot-sector virus on a 3.5″ floppy disk that was used by a computer-clueless friend of mine, and one in 2000 because of my own stupidity in clicking on a spam attachment that (in retrospect) was obviously bogus. The first was immediately caught by my antivirus software; the second failed to infect me only due to the serendipitous fact that it was designed solely for Win9x and I’d recently switched to Windows 2000 (it just made the system unbootable).

The facts are:

  • Windows is by far the most vulnerable to viruses, worms, and Trojan horse programs, due to a number of factors. Among those: it’s popularity (malware writers can hit a lot more people with a Windows virus than with one written for any other OS), it’s promiscuous habit of running anything it sees (auto-run CDs, auto-install programs via the browser, etcetera), Microsoft’s historic laissez-faire attitude toward security (drive-by downloads and macro viruses, anyone?), and the fact that it’s the default OS so it has a much higher percentage of clueless users than any other.
    • <li>MacOS, Linux, and other operating systems are <em>not</em> immune to such malware, despite what many smug users claim. However, because UNIX was originally written for shared-access mainframes rather than single-user PCs, it and all of the OSes derived from it (such as Linux and MacOSX) have a lot of security features designed to protect the system from poor judgment or poor knowledge on the part of it's users. Your system can be infected by a Windows virus by just looking at the wrong HTTP page or file, but you have to actually do a little work to allow such programs to run on these OSes, and you have to do even more to give them access to anything outside of your own personal data (i.e. the OS itself, or data belonging to other users).</li>
<li>Social engineering tricks are OS-agnostic. If you're clueless, they work regardless of what OS you're running.</li>

    User education is always a good thing, but user education along with a non-Windows operating system and regular patching makes for a much more secure system.