2010-11-03

Why Safe Browsing Habits Don't Guarantee Anything

I see on sites like MakeTechEasier, Dedoimedo, and others that promote Linux articles that say that Linux shouldn't necessarily be promoted for any inherent security advantage over Microsoft Windows because browsing safely can prevent any problems from appearing. This also means that there's no need for antivirus software on Microsoft Windows because safe browsing habits alone will prevent viruses and other malware from appearing. I have two issues with this.
For one, on Linux, while it's common sense to exercise safe browsing habits anyway (i.e. not going to sites that scream "I WILL INFECT YOUR SOFTWARE"), it's not necessary to do so, because malware written for Microsoft Windows won't work on Linux, and in any case, the malware won't have administrative privileges to run (unless the user expressly allows such privileges, which can happen especially if it isn't immediately clear that the malware is malware (so the user thinks it's a harmless program)). Of course, there is a new bug out there that can automatically obtain superuser privileges in many Linux distributions, but that's a different story entirely.
The other problem I have with this is that it happened to me yesterday. I was in the library yesterday on a networked Microsoft Windows XP computer checking my email and reading the news when I suddenly saw a program called "ThinkPoint" hijack my desktop session, telling me that my computer has viruses that I need to remove (but to remove them, I supposedly need to pay a monthly fee). Obviously, "ThinkPoint" itself is a piece of malware. These news sites work perfectly fine on Linux and have worked well on Microsoft Windows (until now). I had to call our school's tech support, and (shockingly) they were very helpful, pleasant, and quick to respond to my issue. In fact, I am typing this post from the same computer now. I want to thank IS&T for being so great about this, but I also want to say that practicing safe browsing doesn't guarantee full safety from malware — antimalware software is still necessary on Microsoft Windows. So please, Dedoimedo (and other sites): even if you've never had an issue and you've always practiced safe browsing, that may not work out for everyone else, so stop acting like it will.