I like Norton’s self-configuring and mostly un-intrusive, but adequate, firewall. But for AV, I would prefer ESET NOD32 or Avira AntiVir, both of which have been top picks in the past 3-4 years and consistently outperform most of the others.

He almost convinced me to be a Linux user, too!

Hardly. with all the demands he puts on the User to become an expert. I am a security expert in the Windows environment and I have secured thousands of Windows systems with less effort than he expects of each and every Linux user.

Even when I consider the handful of systems that have been compromised by stupid users who fell for social engineering, the time spent cleaning or “nuking and paving” their systems with a new image still doesn’t add up to the investment in user expertise required to manage a Linux system, especially when balanced against the major loss of convenience.

Having said that, I don’t disagree that *nix is better designed for security from scratch. Windows is still trapped by its legacy as a single-user, stand-alone, non-networked OS, and CANNOT be made as secure as *nix without a full re-write. However, it can be made substantially secure enough that it would take a very focused and determined attacker to compromise the system of an average user. Far more effort than the payback is worth, even to use the system in a botnet.

I still feel the trade-off between security and convenience favors Windows, as evidenced by the failure of free Linux distros to make a dent in the Windows market.

Charlie’s reasons not to go to Linux:

1. “Linux gets fixed within hours of finding the problem” (but there is nothing like MS Update to push it out) and too many flavors of Linux anyway.

2. “Linux has a higher learning curve.” (too high for most users to be bothered; that’s why hardly anyone even changes their own oil or services their own brakes anymore). One has to learn too much to even pick the best flavor of Linux to use.

3. “Microsoft is willing to compromise security for usability. They have to sell a product that people can use.” God forbid! You mean people actually prefer a product they can USE? If that’s not an admission that most people wouldn’t find Linux useful enough for the effort, I don’t know what is.

4. “Security has nothing to do with market share.” Major overstatement. Just as Dorkasaurus was dead wrong to claim that’s THE major difference. Charlie has his head in the sand, if he thinks the overwhelming domination of the market by Windows isn’t one of the major factors making Wintel systems a target.

Even without UAC on Vista and Win7, there are many means of overcoming most of the weaknesses even in Windows XP security and user ignorance, e.g. Drop My Rights, Sandboxie, SnoopFree Privacy Shield, Roboform, Secunia PSI, NoScript, RunAs, Sanur, Sudo for Windows, suDown, WinSUDO, Group Policy, WOT, LinkScanner, etc. and using these are easier than becoming a Linux mechanic.

Now to answer your question, baodad…

“Why not establish an online database of *known* NON-malware files and assume every file is a malware unless it checks positive as being ‘known safe?’”

That’s pretty much what Norton Internet Security does now via the Insight Network. After comparing the checksums, from an inventory of files after the initial scan, against a database of known safe files, they are excluded from further scans, as long as the checksum remains the same. All other files are continuously evaluated until they are cleared as safe. Unfortunately, Norton’s detections rates have suffered in the past couple of years too. But the scans are so unintrusive now, I can afford to supplement NIS with SAS and MBAM at less than $50 for lifetime licenses for both.

Almost you convince me to be a Linux user! No, actually, at heart I accept all the fundamental policies of *nix which have been tried and tested over the past 4 decades or so. It’s just that I was born into a Windows world… and that’s what I have to work with.

But I digress. I still am unsure about why it is “bad” for great services like VirusTotal to share their results with anti-virus vendors. I am also unsure as to why many top AV vendors are based in former Eastern Bloc countries…

I guess I will conclude by saying that signature-based file scanning is becoming an ever-less-effective way to protect systems. But nevertheless, it’s a line of defense that cannot go away, since at least at alerts against the “known” malware. But the public as a whole needs to come to the recognition that AV scanning alone is not even close to being real “protection” against malware.

Actually, I just had an idea! Why not turn the tables? Why not establish an online database of *known* NON-malware files and assume every file is a malware unless it checks positive as being “known safe?”

And some of the tricks (invoking small, otherwise unnoticable errors, for example) you couldn’t reproduce on a real box without making substantial changes to architecture — and again, you’d have to know exactly what moving target the malware creators are aiming at, in order to do that.

That’s one way malware research has been evolving over the years, moving from the convenience of VMs (which you can snap back to a clean state in seconds) to silicon and platters, which are somewhat slower to use but much more dependable.