Virus ignorance
I'll be the first to admit that I don't run any antivirus software on any of my machines, actually. My windows boxes are all virtual with clean states that I can very easily revert back to if anything goes wrong. Most of my mac and linux boxes are "physical" (regular, tangible machines), but I keep them secure enough that I'm not worried about anything. I keep daily use limited to a single machine, and that machine doesn't store any important data or credentials.
That being said, I don't think most people realize how a lot of the more significant viruses work. Some of them spread to nearly every computer they can possibly infect before the news agencies hang up the phone call they got about them (Look up the Code Red and Code Red II viruses). Antivirus software most likely won't stop these, because it won't recognize their signature yet. By the time the antivirus agencies can get an update out for their software, most people already have it anyway.
Another big kind of virus uses social engineering to trick the user into allowing it to spread. The virus will spread itself by e-mailing itself around (Look up Storm), but is relatively harmless until someone downloads and opens up the executable attachment. These are "slower" viruses, since they require user intervention, which means that a lot of antivirus software may pick them up. Unfortunately, when it asks them if they want to [insert brand-dependent phrase for bypassing the antivirus program's security], a lot of people will just click "Yes" anyway. That's what they have to do to get all their games and other leisure programs to work.
That's just two kinds of viruses that I had at the top of my head. They're very significant, and had/have huge impacts on the information-technology world, but there are many other types out there. I suppose my real point is that antivirus software, by the very nature of it, provides very limited protection. A far better option is to read up on viruses and how they work. I don't mean your Wired or PC-Mag, I mean academic journals that are written for educated readers (if you're not a part of a college, university, or other research institution, you'll probably have to pay for access to them, or ask a friend to e-mail you some). Academic journals often have two columns per page, and come complete with an abstract, introduction, and references.
Another thing that most people need to realize is that regular updates are VERY important. Viruses (usually) exploit security vulnerabilities. Patch the vulnerability, the virus can't spread. It's that simple. If you haven't updated anything for the past two months, you're vulnerable to any new virus in the past few months. The same thing goes for virus definition updates. This is (IMHO) where linux gets it's real strength over closed-source systems, immediate updates. As soon as they've been designed, you can get them. No need to wait for a whole bunch of patches to be bundled up into one big package, meanwhile you're left vulnerable.
Third, be careful. If you're looking at a torrent for a DVD and all it contains is a 20MB executable file, it should throw up a red flag. If you're browsing around looking for songs to download, and some guy seems to have everything you could possibly search for, but they're all exactly 163.8 KB in size, that should throw a flag too.
Finally, back up anything that's important to you. This really should go without saying, but I've made hundreds recovering data from failed hard drives. This is entirely operating system independent. You can be running perfect software, without even being connected to the internet, and yet without warning ALL OF YOUR DATA IS GONE. Sometimes you can get it back. Other times you can hire someone like me to get it back for you for a mild fee. And other times it might be beyond my abilities, and then your last resort is shelling out a few thousand dollars (at least) for someone to rebuild your hard drive in a clean room. It happens, accept it and backup your stuff! Other ways I've seen data disappear:
- Laptop was stolen
- Laptop was placed on top of your car and forgotten about. He was reminded when it fell off and got run over by traffic moving in the opposite direction. (Took it back as a box full of pieces)
- Accidental deletion
- Intention deletion (and then regretting it)
- Misplacement (I've personally lose track of files all the time. And no, Spotlight can't find them either. The CLI "find" command is my best bet, if I'm going to find them.)
- Overwriting (forgot to hit "Save as" instead of "Save")
- and of course, hacking, viruses, and all other types of malware.
To sum it all up, be smart about it. Education is your best protection. If you don't feel like reading all that, don't. It's two hours past midnight where I am, and I don't feel like proofreading any of it anyway. Let me know if anything's unclear.
Hope this is somewhat enlightening
EDIT: I haven't read all of those links, but from the looks of it it seems that Consultant might have beaten me to the punch on some of that stuff. He hadn't yet posted that when I started typing mine. :\
But trojans are becoming more common -- especially cross-platform stuff. Another benefit is when they actively scan network activity to intercept trojans or things with nasty payload. Like, say, specially crafted image files that exploits a big security hole and takes over the machine.
