Though, in all fairness, the “Run as…” feature doesn’t successfully install Windows Updates. You have to be logged in as administrator to install those.

I was at a University with a broadband internet connection; very coomon. It was accessed through an intranet, on ethernet. Very common. No login required, just physical location.

I was comming back for summer school and didn’t have AV setup on my computer. I plugged it in, booted up, and went to run Windows Update, as I couldn’t do it from home (dial up was too painful). After about five minutes I started to get Windows Messenger pop ups. So I disable the Windows mesesenger service, which should have been done before, but had never bothered me. Then I start to get pop ups for singles in my area. Then natural male enhancement. I think you can see where this is going. All I have done is plugged in and gone to Windows Update, I haven’t gone and gotten warez, I haven’t gone and looked at pr0n, I haven’t installed anything untrustworthy, and I’m getting odd behavior.

I figure it’s a virus, download my school’s AV, and it finds me infested. It immediately quarenteens about 20 files, removes five viruses and there are two suspect files it can’t clean. Sadly, one of them is a Windows file.

A few hours of googling, downloading, installing specific virus removal tools and patching later, my system was fine again. But Windows 2000 default security was insufficient to protect me; worms already present on the network slipped in and infected me without failure on my part (other than not having AV).

I also use AVG on Windows. And it has a Linux version too, which I think is cool, though frankly pointless.

As for Malware, the best thing to do is simply not to go to untrusted sites. In fact, I’ve been running Spybot, Search and Destory, which locks your registry. Well, I got tricked into allowing malware to enter the registry. It was only as good as I was at detecting it. So while I think these have their use in cleaning a system once someone has been uncareful, they don’t do as much as they claim to protect you. However, I find it disturbing that any program that wants can modify my registry by default anwyay, so I still keep SS&D installed to lock it down, just as a personal preference.

In regards to the Linux side, viruses are inherently stupid due to the way the Linux security model is setup. There is no feasible way, at present, to get a file to your computer, have it already have execute and write permission for any user and then run on its own. But for the sake of argument, let’s say some fiendishly clever person figures out how to do this. Your point is valid, any linux AV out there would be unprepared to handle this.

The only exception I can think of would be for something like a mail server. It would be wortwhile to be able to scan for this, so that your network does not end up flooded with spam from infected computers; this is kind of an “ounce of prevention” situation.

I read somewhere that within 40 minutes of a Windows computer running it is likely for it to be attacked. That’s pretty sad.

I think Edmund is correct in describing what kind of protection anti-anything brings, however that doesn’t make it the right tool for the job.

The reasons as to why are discussed in an interesting article I read a while ago entitled “The Six Dumbest Ideas in Computer Security” by Marcus Ranum. The problem with anti-anything is that those tools enumerate badness, which basically means you define what is bad (read the article itself for a more detailed explanation).

Instead wouldn’t it make a lot more sense to define what is good? Start off with a policy of “Default Deny”, no program is to be trusted until the user explicitly states so and should always run within a sandboxed environment.

Lets take the example brought forward by Edmund. In this case the user downloads a program which should be able to play DVDs. That’s what any reasonable user expects it to do. Should this program be able to access local files? Should it be able to delete local files? Should it be able to communicate over the network? The answer to most of these questions would be no, all it needs to do is access the DVD drive and display the movie.

I’m not saying that anti-anything couldn’t assist the user in making these decisions, it could be very useful to find out whether a program you download is trustworthy but anti-anything 1) should never be considered the holy grail in computer security 2) doesn’t offer much in the terms of actual defense.

This should also provide an answer to your questions ubuntucat. What I’d personally welcome to GNU/Linux is a user-friendly and efficient method of sandboxing applications and supplying privileges to individual applications.

And in my opinion, the ‘active protection’ is only as good as the person who use the machine. I have had a friend who override active protection and install the virus onto their system.