Virus protection?

[AmbitiousLemon]

Actually several of the studies have very detailed breakdowns of what they mean by malware and repeatedly show that the majority are "The big guns."

Since several of the studies I quoted are by Microsoft, and yet you still do not accept that malware is a serious problem on Windows suggests that it is you who are unable to draw an unbiased opinion on Windows.

People do not just pick Macs because they are shiny (it helps though), decades of research by professionals and experience by users has demonstrated that Windows has serious security issues that other operating systems do not share, and that continue to escalate in frequency, severity, and stealthiness.

Since many of us have to use Windows from time to time, it is extremely important that we be fully aware of the risks and the effectiveness of the protection we have available to us. Spreading FUD about the seriousness of the security problems inherent in running Windows only makes the situation worse.

 

[jsw]

I'm not going to quote hundreds of studies for you but here is a small sampling of what can be found on the first page of a google search of such data (the numbers vary wildly, but even the lowest estimates are disturbingly high):
35% had up to date AV software
one quater of US computers infected
Microsoft says 60% of Windows PCs infected
Microsoft claims 70% of Windows Vista PCs are infected
Malware uses Windows update to infect machines
Three-quarters of enterprises will become infected with undetected, financially motivated malware next year
Microsoft reportedly observed a 43 percent rise in the prevalence of malware-infected computers. Researchers are also observing a rise in what they refer to as Malware 2.0: malware that is increasingly virulent and stealthy.
Worm infects 1.1M Windows PCs in 24 hours
45% of US computers infected
Obama website spreading malware

Thanks a lot. I clicked on those links, and now my Nokia N800 is infected.

I will just leave it here though, it is very clear that the majority of forum users here can not be unbiased towards windows... Which I don't understand, it is a piece of software.

I'm not sure why the fact that it's a piece of software means one cannot be biased (positively or negatively) with respect to it. It is an operating system, and it's used by hundreds of millions of people every day as a key part of their lives (email, business, web access, etc.). Of course people will be biased. And those who have had systems adversely affected and/or information stolen will be biased against it. Of course, not everyone has their info stolen and their PC turned into a 'bot. But no one on a Mac has had their system turned into a bot, and vastly fewer have had info stolen, and for the vast majority of those who've had it stolen, it was due to physical access to the computer.

As AL mentions above, pretending the problem doesn't exist is a big part of why it still does.

 

[VPrime]

Since several of the studies I quoted are by Microsoft, and yet you still do not accept that malware is a serious problem on Windows suggests that it is you who are unable to draw an unbiased opinion on Windows.


Since many of us have to use Windows from time to time, it is extremely important that we be fully aware of the risks and the effectiveness of the protection we have available to us. Spreading FUD about the seriousness of the security problems inherent in running Windows only makes the situation worse.

I am not saying malware is not a serious problem on windows. I am trying to point out that people saying (like Pika) saying things like " stay away from the internet." is blowing it wayyyy out of proportion!
A little common sense from the end user goes a long way!

Also, if I was a biased windows user why would I own a mac, a linux machine, and a hacintosh + a windows machine... then go and recommend OSX to others?

 

[Tumbleweed666]

Actually no.

Your first article is just pointing out security holes of the past. Finding exploits in certain browsers to run malicious code. As I mentioned browsers have been updated since then, and the exploits closed.

LOL I see, there were lots of problems but once you installed the fixes, removed the malware, cleaned up your PC its safe now as apparently there are no more security holes left ?!! No more to be discovered or exploited? Windows and Apple are now perfect?

As for your examples, all of them require some form of user interaction..

Doh ! In many of them all you have to do is visit the site. Have you never heard of 'drive by downloads'? http://blogs.zdnet.com/security/?p=1361

And you said banks.. Where are the banks?

http://www.theregister.co.uk/2007/09/01/bank_of_india_website_takeover/print.html
http://www.malwarecity.com/news/cache-poisoning-attack-snares-top-brazilian-bank-418.html

This is all just typical mac user propaganda. Running windows is not like being in the wild west!

Where's the propaganda? I currently have java turned off on my browsers as there is an unpatched vulnerability that was fixed on Win some months ago

There must be security holes for such things to happen, and they are quite quickly patched by microsoft.

http://news.cnet.com/8301-13846_3-10094696-62.html 7 Years
http://voices.washingtonpost.com/securityfix/2008/12/microsoft_big_security_hole_in.html 5 years
http://www.theregister.co.uk/2000/09/01/microsoft_wont_fix_new_windows/ never

 

[jsw]

I am trying to point out that people saying (like Pika) saying things like " stay away from the internet." is blowing it wayyyy out of proportion!

Yes and no.

With adequate preparation, one can certainly use Windows on the internet without a lot of issues, if any. However, "adequate" preparation is very difficult to determine and constantly in flux.

Going online with a new Mac vs. a fresh Windows install is like driving through a wooded suburb in a Jeep vs. being dropped naked into the Amazon basin. You can get hurt in the first case, and you can be safe in the second case, but you need a lot of bad luck in the first and a lot of prep and good luck in the second.

 

[AmbitiousLemon]

But no one on a Mac has had their system turned into a bot...

Hate to disagree with someone who is supporting me, but actually the recent trojan than masqueraded as iWork and Photoshop was used to turn about 30,000 macs into a botnet which was first used to perform a DDoS attack.

Malware is quite rare on the Mac, but it exists. And while this malware was attached to files obtained via P2P services it wouldn't be any more difficult to have attached it to legitimate software by hacking the creator's website as was recently done with a Windows malware attack that infested hundreds of legitimate websites.

I am not saying malware is not a serious problem on windows. I am trying to point out that people saying (like Pika) saying things like " stay away from the internet." is blowing it wayyyy out of proportion!

I don't believe Pika was blowing anything out of proportion. A significantly large minority of malware found on Windows PCs was installed without any interaction from the users and was not detected by up to date antivirus protection. Windows can and frequently does get infected simply by being plugged into a network. This is something Windows users need to be aware. While this is not the majority of malware out there, it is a significant percentage of the malware found on PCs.

It is also noteworthy that Microsoft and outside security researchers agree that malware is becoming increasingly stealthy both in its ability to infect without user interaction and its ability to remain undetected by antivirus software.

I do not know why you are commenting as you are, but I do find it concerning that your posts here demonstrate a lack of understanding and appreciation for the severity of the Windows security problem, are encouraging others to be equally naive, and all the while you claim to be such an expert that you, unlike the majority of Windows users, have never had a machine compromised by malware. This last point is an opinion most Windows users have, but that does not usually stand up to forensics on their current machine.

 

[jsw]

Hate to disagree with someone who is supporting me, but actually the recent trojan than masqueraded as iWork and Photoshop was used to turn about 30,000 macs into a botnet which was first used to perform a DDoS attack.

Good point. I'd prepared my reply a year ago and hadn't gotten around to posting it yet.

I revise my statement to "almost no one." And yes, we should all be aware. The risks are still substantially smaller but not non-existent. However, I still feel perfectly safe while surfing on my 1996 BeBox. I think it's pretty much malware-proof.

 

[VPrime]

I do not know why you are commenting as you are, but I do find it concerning that your posts here demonstrate a lack of understanding and appreciation for the severity of the Windows security problem, are encouraging others to be equally naive, and all the while you claim to be such an expert that you, unlike the majority of Windows users, have never had a machine compromised by malware. This last point is an opinion most Windows users have, but that does not usually stand up to forensics on their current machine.

If that is the way my posts are coming across then I am sorry. I am not trying to encourage others to be naive. I am just trying to get the point across for the original poster, where he is just using windows for auto cad he probably will not need anti virus... Does that mean he should not have any? No.
I am not trying to encourage users to run no antivirus, I am just trying to point out you can not blame all problems on the OS or the specific software you are using. A lot of the time it is the end user.
Sure there are viruses like nimba that can infect just by going to the site..

But if you are an admin running a an unpatched IIS server then you have more issues then this.. And it sucks to be you, and even worse to be a visitor to your site.

But with antivirus and some extra care you should not have to worry. It really is not as bad as people make it seem to be, just a different "life style".

 

[AmbitiousLemon]

A lot of the time it is the end user.

...

But with antivirus and some extra care you should not have to worry. It really is not as bad as people make it seem to be, just a different "life style".

I hate to get caught in a back and forth with you, but I still feel your comments run counter to the facts. While the majority of malware requires user interaction of some sort, a large percentage does not. Even in cases where malware requires user interaction, the tricks used can be quite convincing and sophisticated. A blame the victim mentality is not helpful and is naive. We have long since left the days when most malware was created by kids in just goofing off on the computer. The attacks are very sophisticated and those that involve user interaction are clever enough to trick even experienced computer users.

Furthermore the data suggests that a significant percentage of users with up to date Windows and up to date antivirus software are still falling victim to malware. To suggest that one is secure just because they install antivirus software runs counter to these facts.

Also note that just because someone never launches a browser does not mean they are not connected to the internet. It only means they are not browsing the world wide web (www does not equal internet). Modern operating systems such as Microsoft Windows connect to the internet and leave ports open to the internet with little to no interaction from the user. While malware that infects without user interaction and not through the browser is not the majority, data suggests it represents a significant percentage of malware and should not be ignored or dismissed.

If you need to run Windows (and many of us do) and do not need the internet from windows (as is the case with the OP and myself) you should take some time when setting up windows to close all ports and remove any physical, wireless, or software (in the case of windows on mac setups) connections to the internet. This is not how things are set up by default. If you are running Windows using Parallels or one of the other Windows in a window on your Mac solutions just configure the software so it does not have access to the internet. User your antivirus software to scan any documents you need to move to your Windows partition, and any drives (particularly flash drives) that you may use with your Windows partition.

 

[Pika]

Seriously though. What is your opinion of the windows side of my computer not having virus protection, knowing I will NEVER go online while windows is running. I will be online almost always when the Mac OS is being used (which will be 99% of the time). Again, the only reason I am installing windows is for the use of one program.

Is it possible, using boot camp, to have something attack the windows partition while the mac partition is online?

if you are running Windows—either in a dual-boot configuration with Apple’s Boot Camp or under a virtualization tool such as Parallels Desktop—your Mac is just as susceptible to viruses as any PC. In fact, if you have a Windows operating system on your Mac, you should really consider virus protection for both Mac OS X and Windows.

 

[Jethryn Freyman]

if you are running Windows—either in a dual-boot configuration with Apple’s Boot Camp or under a virtualization tool such as Parallels Desktop—your Mac is just as susceptible to viruses as any PC. In fact, if you have a Windows operating system on your Mac, you should really consider virus protection for both Mac OS X and Windows.

No. If you're doing that, Windows is susceptible. Your OS X partition/installation is fine (so long as you don't allow Parallels/Fusion to access OS X files)