A decent article of antiviral security is here : http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1247943,00.html
“They do work. I downloaded kaspersky internet security and ran it. It found a lot of crap on my computer.”
So the intrusion detection finally waved the red flag? Great. Congratulations.
Now, let me guess, what do you do? Let this snake oil software remove all the stuff it found, and continue running the already compromised machine?
Ignorance is bliss. shrug - Still, just having this warm fuzzy feeling inside your belly now does not change the fact that your machine is owned by someone else already.
“Simply put, there needs to be several different releases of the said malware, one for each of the major denominations of Linux distributions.”
That’s actually nonsense. Kernel calls haven’t changed so much since 1.x. libc might be considered a problem, but I actually have written programs which need no libc to run.
Fact is, that we ship binaries running on all distributions tested so far (debian, knoppix, red hat, slax, suse, ubuntu, …). If we can, virus writers can, too.
Only one person seems to have mentioned vaccinations. Which is kind of what antiviral software is like. They don’t guarantee every individual is safe from the disease, but rather, than the one disease can’t damage the whole of society. If antiviral software wasn’t around, then all those ancient viruses it can detect might still be floating around. But with near 100% “inoculation”, the “disease” is gone.
So the stuff is useful, but not at the extreme level to which it has been taken.
Additionally, the key security insight which both Windows and Unix developers need, is that their software should be developed with no more expectation of security privileges than is actually necessary to accomplish the task.
Windows developers (and users) are still used to doing everything as admin. Whereas every introductory text on Unix administration says “don’t do any more as root than is necessary.” That little line in the books is what gives Unix the advantage. Even if the end users don’t take it to heart, the Unix software engineers do, and that goes a long ways.
(Unix also has available to it “chroot”. No idea if that is available in Windows, but it would eliminate many, if not most of the “rm -rf $HOME” concerns being mentioned. Right as soon as the Unix software engineers readjusted their thinking to expect chroot jails for their software.)
Although I agree with your point(s), running as a “normal user” under Vista is really unbearable if you do anything more than listen to some music or tap in some documents. All sorts of software will not work anymore (to name one, HDD Thermometer, which I downloaded after this post: http://www.codinghorror.com/blog/archives/000748.html). Even running as administrator doesn’t cure everything. For example, there is no way I can download a file over direct connect using DC++ when I am not an administrator.
Now this can be Vista’s fault, or the fault of other software vendors, but in the end, I’m semi-forced to be an administrator…
Still, not being an idiot and not running IE and/or MSN does help a lot…
For years, I ran my XP system without virus software. Then somebody claimed it was irresponsible for me to do that, and I was probably infected with all kinds of public nuisances. I doubted it, but I installed one of the well-known anti-malware packages just to make this somebody shut up. It found nothing. I left it installed, and in the years since installing it, it has found nothing. Noting nothing nothing. These people who are inadvertently helping run the spam botnets… Who are they and what are they doing to “join”? It’s not as if I’m extra-careful, though I do view all filename extensions and I am suspicious of email enclosures. Does that make me super-anti-malware-expert-man? I am starting to think malware is about as real a threat as WMD in Iraq. Maybe it’s something you notice if you’re responsible for maintaining a thousand computers operated by complete idiots, but that’s not me (the responsible one or the idiots).
I believe the OS should simulate the Admin account for non Admin users. This will make the viruses believe they’ve infected the system… Also, the OS should kill programs that try to infect OS system files or that tries to write to user files that were created with other programs, unless the program uses a system dialog to open the file.
This way, the user can work without having to logon as an Admin and user files are protected adequately.
Of course, when a user wants to install a program for a group, he should have the privileges of that group.
Just some ideas, probably not too original (but Vista could have used some clarity of ideas in the conception of the OS).
I am with you. Only idiots get viruses.
All OS’s have vulnerabilities. And many of those vulnerabilities allow code to execute with elevated privileges, so running as non-admin will not save you if you come across one of these little nasties in the wild that was written to take advantage of that.
And yes, this is even true if you are running Linux or Mac. There are exploits that can do this on those OS’s too.
Telling people to ditch their antivirus and to instead run as non-admin, is a very irresponsible thing to do.
I hope nobody takes you seriously and actually does it.
What they should be doing is using a non-admin account AND running their antivirus as admin.
Running Windows as non-admin is tantamount to not being able to use your PC. To say that *nix and OS X do that so it’s recommended for Windows is not exactly the same thing. The *nix and OS X implementations are much much better than Windows. So, in summation, it’s almost a lost cause running Windows as a non-admin user.
Vinzent Hoefler: spot on the sugar, baby!
Okay, so there might not be a homogeneous attack vector for all ux systems… so what, you do what’s being done for windows systems already, you compile a big frigging package of them and try them in turn.
Sure, still won’t be as effective as windows exploits are now, but if linux suddenly boomed to the same marketshare and the same kind of users as windows, well… game over.
“http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true”
I guess you never install any software because you assume everyone is a bad guy? A malware can be implanted in an innocent software which you accept to install. Running as an admin will not help you then.
sorry jeff i will not completely agree with you. Yes we have to constantly update the blacklists, but they work quite well. I have adblock in my firefox and it saves me from much of the ads and flash movies that i dont want to view. on the virus front again you are very right, it is a very big design flaw in windows, the running system as administrator by default. not just the os we take this mentality to other things also. i have seen very senior colleagues using “sa” to interact with SQL Server from application although application is doing all the database work using a bunch of stored procedures. they face problems when ever they have to work with oracle, because they take everything for granted like sa on sql server. the most significant factor in reducing virus attacks is disciplining yourself while surfing and not visiting dangerous site, not downloading untrusted content and not plugging your portable drives into others systems without a thought and vice versa.
Linux is great at the moment because only geeks are using it. Switch all average Joes to Linux, and we’ll see how malware creators try to break linux. 
To Vinzent Hoefler : What makes you think my machine is owned by someone else? So you expect me to format my machine and reinstall everything everytime I find something?
I don’t have the tech-how to know if my machine is infected so I let a good software do the job for me. I suppose if this software was part of the OS, it’s ok but if it’s a third party tool, god forbid?
How do you know if your machine is not infected in any way? You cross your fingers?
“To Vinzent Hoefler : What makes you think my machine is owned by someone else? So you expect me to format my machine and reinstall everything everytime I find something?”
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true
Try “Law #1”.
One of the benefits of running AV with a subscription, is getting an update as soon as there is a break out.
By working together, most of us get “vaccinated” before the threat spreads…
I don’t remember seeing any posts about major virus spreads in the past 3 years, since Norton AV initiated the subscription model.
I can’t help but say the magical words for all private computer users;
Offline backup storage.
Backup is taken every month, before you backup you do not download or change things on the computer for a few days in order to give any possible threats time to play out. Check the system thoroughly with updated ‘blacklists’ which means you are likely to remove anything harmful since the ‘defenders’ will have had time to create new definitions. Now backup data.
If you are really paranoid, keep a second set and overlap month by month. That way you will always have at worst a two month old backup.
BTW; I liked the original post. Thanks for some fine viewpoints.
When I saw the hatred of the blacklist, I recalled a security article I read long ago.
http://www.ranum.com/security/computer_security/editorials/dumb/
The part that directly relates being the “Enumerating Badness” section.
This is an interesting alternative for stopping viruses, including ones that are so new nobody has yet heard of them.
http://www.download.com/SafeSpace/3000-2239_4-10772191.html?tag=lst-1
-Scott