[canuckster]

WinTard, after rereading your post I realize you were referring to some Mac users as thinking they were invincible, and not sarcastically referring to me. Sorry if I overreacted in my reply.
No doubt we still disagree about the topic at hand, but hey - that's what these comments are for. :)

[smax013]

canuckster said:

WinTard, I believed I had been clear in my post that I don't claim to be invincible; rather, I claim to be at least as well-protected than someone who relies on AV. (Perhaps better, since paying attention to what I'm doing becomes required rather than elective.) Though I must say that, while a seven-year perfect record (at least by the standards of TrendMicro, etc, which continue to verify this) is no guarantee that I'll continue to remain malware-free in the future, it's by no means without significance, either.

(It would be interesting to learn what percentage of people have, in fact, suffered infections despite using AV for the past seven years, and compare that to the track record of "conscientious objectors" like myself.)

If I used AV, I'd have a lot less incentive to be careful online -- and then when the zero-day exploit hits that my AV hasn't updated for, BOOM! I'm infected.

By the way — how do YOU know you're not infected? Because McAfee tells you so?

I don't mean to fight about this, despite the rhetoric. I just can't help thinking that some people — not everyone, certainly; but not a slim minority, either — would be better served by relying on their own wits than those of a program, and to take 100% responsibility for the actions they take on their computer.

I will be the first to agree that the best protection is being smart about such stuff. I am a firm believer that is why I have never really suffered a major infection (excuse me while I knock on some wood...it does not hurt to be superstitious as well :D ). But, the reality is the most computers users are just no equipped to do that.

Quote

And as for whether Michael Scalisi has been irresponsible in writing about this (a suggestion made by others), I think that's bunk. He's been very clear about how he steers clear of danger, and also has warned people not to try this without a great deal of forethought. If some reader is witless enough to zip through the article and jump to conclusions then that's his own fault. Michael's audience is, after all, adults who should be able to think for themselves.

I did not necessarily say it was irresponsible...although I will admit that I did kind of imply it. I will say that putting disclaimers does not really "excuse" it. After all, if you know there are a lot of people out there that will completely ignore the disclaimers and dumbly push ahead with something they should not do, then you do bear some responsibility, even if it does give you a CYA.

[canuckster]

smax, you're absolutely right that some people will ignore the disclaimers and barge ahead recklessly. I suppose that where we differ here is that I would rather put the information out there (including the caveats and warnings) and let the wise use it wisely, and the foolish use it foolishly, rather than not ever say anything in the first place.
I'm tired of an overly litigious society that continually erodes the concept of self-responsibility. Witness the ever-present "Professional driver on closed course" disclaimers — and plenty of sillier ones — on tv commercials. Maybe the less intelligent among us do, in fact, need some protection against themselves, if only for the benefit of everyone else (ie so we don't have to keep trying to fix their screw-ups), but I don't think the price should be dumbing things down for the rest of us.
Sorry for the rant ... but I guess the theme of responsibility ties in with how I feel about computer use vis-a-vis security in the first place. Maybe some people actually need the kick-in-the-pants of data loss in order to realize they can't treat their computer like a magic box. (Yeah, I know that sounds harsh ... I'm actually more forgiving than this, but I'm trying to make a point.)
Hey PCWorld — how about a poll to determine the security habits of your readers and the consequences they've resulted in?

[WinTard]

Actually I don't disagree with you at all. I have NEVER been infected involuntarily. I've performed tests onto specimens in a virtual sandbox, just out of curiosity. And I use IDAPro to examine how and what it's doing... Very interesting stuff sometimes. Alas I don't have enough time as it is, so this is certainly an elective occupation.

The point being is even without AV,a careful user, using proper LUA methodologies and having an up-to-date OS patching mechanism can stay relatively safe IMHO.

But this is certainly not something I would recommend for the casual non-technical computer user...

As a matter of fact, just as a test, I have used Administrator privileges onto a XP-SP3 unprotected by any additional AV or firewall, out there in the wild using static-IP address and wide open VNC since last year and have yet to be infected with anything. I use out-of-band scanning tools (totalscan.com) in addition to MSRT to find out the status of the system. I can say that with the simple Microsoft Firewall, Defender, and MSRT augmented with fully automated and regular patching by Microsoft, nothing bad happens... But I had to prove it to myself, and not just take my intuition as fact... And I don't hesitate to visit whatever, whereever and still no infections...

To the benefit of the majority of our membership at PCWorld, I WOULD NOT RECOMMEND that as normal procedure. This is a verification test...

I can confidently state that just putting a properly and timely patched Windows machine out there naked on the Internet, doesn't make it infected within 10 minutes, as the typical urban myth pretends...

Anyway, all my best to you, I certainly didn't mean any insult or whatever. Thank you for your understanding. :)

PS: actually, it is the vulnerabilities we don't know yet about that worries me the most...

[canuckster]

Wintard,
I have to say ... it has been a long time since I've entered into an argument (and I mean that in the best sense of the word) online, as it usually devolves into sarcasm and "selective" rebuttals worthy of politics. But I'm glad that this discussion has remained pretty useful (I think, anyway).
You (and others) may be right about the dangers of foisting this notion onto the general PCWorld readership; my impression has always been that, by definition, they're already a geekier bunch than average, and so it's not much of a risk, but I'm not privy to the demographics involved so I could be wrong. I certainly wouldn't recommend this article be published in USA Today, for example. :)
But I'd still like to believe that, given an hour of someone's attention, I could teach them enough to substantially lower their risks -- maybe not enough that they should ditch their AV, but enough to give them a fighting chance should they ever need to fend for themselves. All without having to resort to the blunt instruments of NEVER open attachments, NEVER use file-sharing software, NEVER click on links in emails, etc.
Hopefully as others find this story, they'll comment about their own experiences, be they I-surfed-naked-and-got-stung or no-AV-is-fine-for-me. And even better, maybe all us readers (myself included!) will find cause to re-examine their own opinions.

[smax013]

canuckster said:

You (and others) may be right about the dangers of foisting this notion onto the general PCWorld readership; my impression has always been that, by definition, they're already a geekier bunch than average, and so it's not much of a risk, but I'm not privy to the demographics involved so I could be wrong. I certainly wouldn't recommend this article be published in USA Today, for example. :)

Try spending a little time in the more techinically oriented PCWorld forums (rather than just the New Discussion forums) and try helping some people out. You will likely get disabused of that notion that PCWorld users are a "geekier" bunch than others rather quick. Granted not everyone who posts a problem is necessarily a PCWorld reader, but I suspect that quite a few, if not most, are. And you get the full range...some are of the "geekier" variety...but others are very limited computer users who require a lot of hand holding to deal with the most basic tasks. The point is that there are a LOT of people out there that read PCWorld (and other) articles that would have a tough time understanding some of the smarter things to do just because computers are not their thing...and it not necessarily because they are dumb or ignorant...they just don't get computers, but may be great at understanding other things.

[Anysia]

I have also been running my now with Vista machine for years without any mal/spyware protection, and haven't had a single problem. Mostly for all the reasons the author of this article states, and because I know better. I don't now nor ever have used Outlook or Outlook Express for my email program, my email program doesn't automatically launch attachments, nor do I click on SCAN MY COMPUTER or other popup buttons. Mac users aren't immune to getting computer virus. (http://www.redherring.com/Home/15766). True there are only about 200 virus that attack Macs, vs the tens of thousands (mostly which are variations on the same one over and over) for PCs, but neither of my computers have been virused, malware bombed or had spyware installed,

[SimonL]

Best antivirus i know is called human brain, if that fails, you can always count on a Norton Ghost or equivalent... antiviruses are just rip-offs
And as for me, work is done on a debian/KDE or Kubuntu , Windows i keep on my gaming pc only :)

[avivm]

Running unprotected is like walking at night in east Los-Angeles, shouting : "come rob me", yes probably you will be fine, but why risk it. The best why is to be protected with safety tools, and be caucious.
Aviv m
http;//www.anetonline.com

[Anysia]

Not if you know what you're doing, and I do. Been doing so for 10 yrs now, and haven't had any computer issues other than an old hd finally give out, but not before I managed to make a back up.

I don't recommend it for the novice or uniformed, but I am neither.

[Evildave]

I run Linux. Pretty much impossible to 'get me' with your pandora's box full of windoze crap. My ports don't answer when strangers knock. My web apps are running in 'user' mode, with the kernel protecting its files directly and effectively.

As the windorks are so fond of pointing out, ALL of the work for viruses and such is being done on Windoze.

Contrary to their assertion that it's because Micro$uck is the 'biggest', it's mostly because Windoze is so easy, and the exploits are so well known and last so long that people can make whole software development libraries to use the exploits. Just link your payload and set it loose!

Apple OS X is just another POSIX OS based on the security model that's worked very effectively since the 1970's, and based on still earlier security models that existed through the late 1960's. Microsoft never had to reinvent the wheel, like they've been doing, evolving their kludge of an OS baby steps toward the POSIX security model. Microsoft is still trying to catch up, but since 75% of their users are still running XP and almost ALL of those running all of their apps with 'Administrator' privileges, and untold numbers of Vista luzers have brilliantly disabled their 'UAC' so, they're effectively running their web apps as 'Administrator', too.

In other words, Micro$uck is low-hanging fruit. Nobody's going to break into your double-dead-bolted POSIX house and crack open your safe to get your valuables, if all of your neighbors leave their valuables strewn in their yards day and night.

Even if people really start TRYING on Mac/Linux, it's a nice, manageable level of threat. Maybe one nasty new surprise shakes down a few unwary people every few months, before it is detected, and then shut down. Not like threat on top of threat on top of threat that you get with the worm-and-bot-ridden windoze platforms that can never seem to keep up. The threat there is outstripping everything your 'antivirus' software developers can keep track of. 'Anti-etc.' software is no substitute for having a consistent security model and ongoing security review, assessment and patching to stay on top of the threat.

Anti-etc. software for Windoze is just like a 'magic rock' that protects you from tigers. It's 100% effective until you're confronted by a real tiger.

Your 'anti' rock is only as effective as its database of malware signatures, which is updated 'daily' for most users, but realistically not only does it need to be updated more often than that, it needs a TARDUS to let you go back in time to let you know about the threat before the antivirus people found out about it. After all, the first thing a promising new virus is tested against is all existing antivirus software. When it sneaks past all of that, there's a window of time when NOTHING detects it, and it can infect any windoze machine it likes, no matter what antivirus software you have.

My recommendation for Windoze luzers is to run your browser in a virtual machine, and have that VM 'forget' all changes it makes to its virtual file system. If you're truly hopeless, VirtualBox can be had for free, and you can install Windoze inside of Windoze. Or you can use a lightweight Linux distro in a virtual machine and save a gig or two of RAM for other things, like getting M$ Orifice to load in less than a week.

Or just make clean, solid drive images of your windoze partition and get good at restoring it. Most of the newest worms will make a basket-case of the windoze OS and all of its 'restore points' will be trashed. If you have a drive image, you can restore it to pristine, uninfected condition in minutes. Or you can just spend all damned day reinstalling Windoze and every application you had ever installed in it, again and again.

[Anysia]

Your comments or recomendations would have been read by me if you hadn't kicked in with the name calling (Windorks) . After that, anything you might have said got ignored by me.
I have never had an issue with viruses, malware or spyware. Neither have I had to keep reinstalling Windows over and over. I routinely make a system back up, which came in handy when I had a harddrive failure (it was old and had been making noise for 2 weeks before it finally crashed its heads). I know, you don't like hearing/reading that a Windows user can go on using their systems without problems. Makes that LINUX ROOLZ or LINUX ONLY cheerleader routine a bit meh doesn't it?

[Evildave]

Well, lucky you, you're already smart enough to make backups.

Technically you're 'protected'.

Why the hostility? Who do you think Windoze luzers come whine to when their computers break, expecting me to give them free tech support at the drop of a pin? Show patience and compassion even once, and an eternity of whining, clingy, needy morons will be your fate.

As I point out (though you were too 'sensitive' to read), it's possible to surf safely, but most Windoze luzers don't back up, don't do much of anything to ACTUALLY protect themselves. Many idiots honestly believe that 11 different 'anti-' programs will be 'protection enough', and then neglect to back anything up! And then they even post their 'opinions' here about how well protected they are. The same sort of 'logic' enables men to wear a condom, then kiss a whore on the lips.

Those same tools don't have copies of their software activation codes, or even know any of their own passwords because they let the browser/software remember and didn't record it anywhere. Can they find their Windoze CD when the system takes a dump? Of course not! They swear up & down that they have a 'real' install of Office and Photoshop, too, but they don't seem to have any of the disks, nor do they have the software codes. Naturally they believe it's my sacred duty to pull a 'clean' pirate a copy of that out of my rectum.

Windoze luzers who actually believe they attain 'security' by running a box of security bandaids on top of their OS are contemptible fools.

It would be dishonest and treat them as anything else. What shall I do? Coddle willfully ignorant idiots? I think not.

Medicine should be bitter.

[quackadilly]

"I run Linux. Pretty much impossible to 'get me' with your pandora's box full of windoze crap."



Of course.....all the stuff in the box is made for Windows. Anything made for Linux will get you easily.
-----
"Contrary to their assertion that it's because Micro$uck is the 'biggest', it's mostly because Windoze is so easy, and the exploits are so well known and last so long that people can make whole software development libraries to use the exploits."



It's because everyone targets Windows. They target Windows because it makes up 89% of the market. You want to do damage? Go big. Hit Windows.
-----
"Apple OS X is just another POSIX OS based on the security model that's worked very effectively since the 1970's, and based on still earlier security models that existed through the late 1960's."



It's worked so well because no one wants to waste their time ruining Mac fans' computers.
-----
"Nobody's going to break into your double-dead-bolted POSIX house and crack open your safe to get your valuables, if all of your neighbors leave their valuables strewn in their yards day and night."



Your POSIX house is just another cardboard box with no valuables in it. Again, why waste the time?
-----
"Not like threat on top of threat on top of threat that you get with the worm-and-bot-ridden windoze platforms that can never seem to keep up."



Shows where virus developers think their time is better spent.
-----
"The threat there is outstripping everything your 'antivirus' software developers can keep track of."



And that's Microsoft's problem?
-----
"My recommendation for Windoze luzers is to run your browser in a virtual machine, and have that VM 'forget' all changes it makes to its virtual file system. If you're truly hopeless, VirtualBox can be had for free, and you can install Windoze inside of Windoze. Or you can use a lightweight Linux distro in a virtual machine and save a gig or two of RAM for other things, like getting M$ Orifice to load in less than a week."



I don't have any AV on my machine. I'm smart with what I do online. Been virus free since I put the computer together. Lucky me right?
-----
"Or you can just spend all damned day reinstalling Windoze and every application you had ever installed in it, again and again."



Or you can get a copy of nLite and be done in an hour.....100% configured.
-----


Typical Mac troll post...... Thanks for the laugh Dave.

[BGG001]

Let me try being you here for a second here...

Linsux and crapple users all sux bad. They all get viruses becuz they're luzers.

You don't want to read that? Me either, same with most the other people on here. Perhaps Linux is more secure, I can't say I've ever been hacked on either system (yes, I run Ubuntu 9.04 as a secondary to W7, so I have experience) because I'm careful enough not to. I don't give a damn what computer you're running, you should have basic knowledge of how to avoid viruses, which most people don't, and you probably do, which should mean that running Windows (LOOK, I CAN SPELL IT RIGHT), Linux (AGAIN!!!), or Mac OS X shouldn't be an issue of security.

Seems like you're in denial over the entire userbase issue, which everyone who hates Windows, or is completely uninformed and ignorant, is. Pretend you're a restaurant. You've got two parties that called at the exact same time and want to book out the entire restaurant, both are going to pay the same up front and everyone is paying for their own meals, gratuity included. Party one has 10 people, party two has 90 people; who are you going to take?

^
|
|
I can come up with a thousand more ways to explain it but I won't waste any more keystrokes because your next message will call me a "windoze luzer zorrrrr" anyways.

[WinTard]

Evildave said:

Why the hostility? Who do you think Windoze luzers come whine to when their computers break, expecting me to give them free tech support at the drop of a pin? Show patience and compassion even once, and an eternity of whining, clingy, needy morons will be your fate.

{Snipped}

>

Quote

Windoze luzers who actually believe they attain 'security' by running a box of security bandaids on top of their OS are contemptible fools.

It would be dishonest and treat them as anything else. What shall I do? Coddle willfully ignorant idiots ? I think not.

Medicine should be bitter.

Why the hostility? Need I say more? Are evil people also clueless? Wink. Wink. Nudge. Nudge? But once we look beneath the shell, you are allright Dr. Evil, oops, I meant Evildave! ;)

~~~~~~~~~~
The superior man is satisfied and composed; the evil man is always full of distress.
~ Confucius, The Confucian Analects

The meanest, most contemptible kind of praise is that which first speaks well of a man, and then qualifies it with a "But."
~ Henry Ward Beecher, 1813-1887, American Preacher/Orator/Writer

When we see men of a contrary character, we should turn inwards and examine ourselves.
~ Confucius

He who wishes to secure the good of others has already secured his own.
~ Confucius

When an elephant is in trouble even a frog will kick him.
{Hindu Proverb}

Successful people are always looking for opportunities to help others. Unsuccessful people are always asking, 'What's in it for me?'
~ Brian Tracy

It is easy to hate and it is difficult to love. This is how the whole scheme of things works. All good things are difficult to achieve; and bad things are very easy to get.
~ Confucius

Everything has its beauty but not everyone sees it.
~ Confucius

Respect yourself and others will respect you.
~ Confucius

To be able under all circumstances to practice five things constitutes perfect virtue; these five things are gravity, generosity of soul, sincerity, earnestness and kindness.
~ Confucius

To see what is right, and not to do it, is lack of courage or of principle.
~ Confucius

By nature, men are nearly alike; by practice, they get to be wide apart.
~ Confucius, The Confucian Analects

Fine words and an insinuating appearance are seldom associated with true virtue.
~ Confucius, The Confucian Analects

(Better stop here, I've got 600+ pages of these pearls of wisdom {for now})... Some nerds do appreciate philosophy as well as technology...

[scunnerous]

"If for some reason a pop up Window comes up asking me to click OK or Cancel, I click on ‘X’ instead"
IME the "X" you click on is bogus - I've seen files still download and try to install under that scenario. The only safe exit from that is to terminate the browser task from Task Manager.
Remember there are also drive-by infections on apparently benign, innocuous Web sites which have been poisoned. I used to try to get by like you by careful habits but it's just to dangerous now. In fact, unless you already have I'd suggest running some rootkit tools and the usual tools like HiJackThis and Autoruns - you may get a surprise.

[canuckster]

Please correct me if I'm wrong — what doesn't completely shatter my ego makes it stronger, lol — but is there any reason why you can't just hit the Escape key rather than Cancel, X, or terminating the process?

I realize that if you're in an endless Javascript loop, Escape will only cause the popup to reinstantiate, and you'll be forced to kill the process altogether, but it is my understanding that you'll certainly do no harm by trying Escape.

Are there any circumstances under which that assumption would be false, and malicious Javascript (I keep Java off, though I wonder if even it can override the native function of Escape ...) or Flash or ActiveX could, in fact, override your Escape key and use its pressing to activate arbitrary code?