Saturday, May 30, 2009

Viruses are NOT a Technology Problem

There is a myth that has been going around for YEARS that if you run Windows on a computer that it is automatically going to become infested with viruses. It is perpetuated by many, particularly in the “I’m a Mac, I’m a PC” ads, but also by the companies that create anti-virus software in hopes that you’ll buy their product to protect yourselves from the inevitable technological intrusion into your virtual computer space. And most of us buy into it. The truth is, that it is NOT true that running Windows will guarantee that you’ll become infested with viruses. (I’ll prove it later in this post.) Windows in and of itself is not the problem. The problem isn’t even technological at all. It’s social.

The term used to describe the techniques used by viruses writers to get their software onto your computer is actually called “social engineering.” Basically it means they trick you into installing the viruses on your computer. They’ll do things like disguise their software as something else that you’re likely to want or want to see. They use methods to make you believe that these things are coming from trusted sources, like friends or family. Combined, those are pretty effective methods. (And truthfully, these same methods work on ANY operating system; they aren’t specific to Windows.)

This might be a blow to the ego of some, but if your computer has become infested with a virus, it is because you let it install itself. You opened a file you shouldn’t have. You installed some software you shouldn’t have. You are the one to blame that it is there. Please don’t blame your computer. Don’t blame your operating system. You did something that let the bad stuff in. The wolf knocked at your door, and instead of replying with a “not by the hair of my chinny-chin chin” you said “come on in.”

Personally I don’t run anti-virus software. I never have. I do install it, because that’s what you’re “supposed” to do, but I don’t let it run scanning and watching my computer all of the time. After I install it the very first thing I do is disable it. I don’t like the slowdown that comes with having everything I do be monitored by bloated software that isn’t going to find anything anyway. And despite the fact that I do not run antivirus software, I have NEVER had a single virus on ANY of my computers. Ever! I’ve been running Windows for nearly 15 years and I haven’t had a virus yet. I’ll run anti-virus scans every once a while just to make sure that I’m still clean, but NONE of those scans have EVER found even a single virus.

If susceptibility to viruses was a technological problem with Windows, my computers would be massive infestations of virus muck. They wouldn’t be usable. And they’d be out there trying to find ways to infect others. How have I been able to remain clean? Just by being careful about what I install and keeping my computer up to date with security patches. That’s it. No more. No magical hardware firewall watching my Internet activity. No magic fairy that shows up in the middle of the night to clean off anything that may have arrived that day.

But the situation gets even worse for the theory that Windows inherently becomes infested with viruses when I tell you that I also don’t run any firewalls. Yep, I turn those off too. And here’s another kicker… I break the cardinal rule of data security: three of my computers have public IP addresses (meaning they are totally exposed to, accessible from, and visible to the Internet). Gasp! That’s an absolute security no-no! Nobody should EVER run Windows with a public IP address, right? Well, I wouldn’t recommend it for most people, but the truth is that Windows, despite its many flaws, is not the primary cause of viruses becoming installed on our computers, so I really don’t worry about it. Viruses are installed by people, not their operating system. It’s people tricking other people into installing their ill-intended garbage that gets computers infected.

I’m not the only one that doesn’t run anti-virus software. In a recent episode of the Security Now podcast, noted security expert Steve Gibson also admitted that he doesn’t run it either. If a security expert doesn’t run it, then the computer he’s using isn’t the main cause of the problem, is it!?

So why do Windows PCs so often have viruses? Mostly because they’re so popular. If you’re someone conjuring up evil plans to take over the world by creating virus software, who are you going to target? The 90% of computers running Windows? Or the 7% running a Mac, or 1% running Linux? Which offers a better return on your time investment?

Windows XP also made an easy target because it makes it so easy to install software. No password or validation required to do an installation; installers can just run and do whatever they please whenever someone starts them. (That has changed with Vista; passwords and validation are required there, just like OS X and Linux.) Not requiring a password to install has never been a good idea, but it isn’t the cause of viruses on computers. It just made it easier for the bad guys. Big difference. And viruses are software; they just have a different intent than something like Firefox.

With all of this said, I will not recommend that most people run without anti-virus software or a firewall. Most people should take those steps to protect their machines. But these tools are just extras layer of protection; they should not be the only form of protection used. Neither will ever be able to make up for all of the shortcomings of someone using a computer. Even with both installed, it’s still up to you to avoid the bad stuff. And that, my friends, is a social problem, not a problem with technology.

1 comment:

Anthony D said...

I haven't had antivirus software installed on my computer now for about 2 years and I've never had a virus either. I always had it before just in case, but since I never had a virus I just decided to not waste my computer resources having it installed. I've never looked back. I do have my firewall enabled however.

Google Search