Why Safe Browsing Habits Don't Guarantee Anything

I see on sites like MakeTechEasier, Dedoimedo, and others that promote Linux articles that say that Linux shouldn't necessarily be promoted for any inherent security advantage over Microsoft Windows because browsing safely can prevent any problems from appearing. This also means that there's no need for antivirus software on Microsoft Windows because safe browsing habits alone will prevent viruses and other malware from appearing. I have two issues with this.
For one, on Linux, while it's common sense to exercise safe browsing habits anyway (i.e. not going to sites that scream "I WILL INFECT YOUR SOFTWARE"), it's not necessary to do so, because malware written for Microsoft Windows won't work on Linux, and in any case, the malware won't have administrative privileges to run (unless the user expressly allows such privileges, which can happen especially if it isn't immediately clear that the malware is malware (so the user thinks it's a harmless program)). Of course, there is a new bug out there that can automatically obtain superuser privileges in many Linux distributions, but that's a different story entirely.
The other problem I have with this is that it happened to me yesterday. I was in the library yesterday on a networked Microsoft Windows XP computer checking my email and reading the news when I suddenly saw a program called "ThinkPoint" hijack my desktop session, telling me that my computer has viruses that I need to remove (but to remove them, I supposedly need to pay a monthly fee). Obviously, "ThinkPoint" itself is a piece of malware. These news sites work perfectly fine on Linux and have worked well on Microsoft Windows (until now). I had to call our school's tech support, and (shockingly) they were very helpful, pleasant, and quick to respond to my issue. In fact, I am typing this post from the same computer now. I want to thank IS&T for being so great about this, but I also want to say that practicing safe browsing doesn't guarantee full safety from malware — antimalware software is still necessary on Microsoft Windows. So please, Dedoimedo (and other sites): even if you've never had an issue and you've always practiced safe browsing, that may not work out for everyone else, so stop acting like it will.


  1. A computer doesn't even need to be networked to get infected. I'm currently restoring my nieces ex-laptop (dead dvd drive, broken hinges, slow as treacle running uphill) for one of her younger siblings (as yet undecided). It has had the modem removed and the network interface disabled (I say disabled, I suspect broken would be a more correct description) it has not been online anytime in the last 3 years. Naturally while I had it I thought I'd better run some antivirus software on and download all the service packs and hotfixes (achieved via my own linux box and a USB stick). Naturally the laptop was riddled with malware.
    Now that malware got on the computer via USB, Floppy or CD (before the drive broke). Some fairly simple precautions may have helped (disabling autorun being the most obvious) and I'm putting them in place, but I'm pretty sure that when I next see that laptop it will have more for me to remove.

    Sadly my sister-in-law is unwilling to have me install linux on the machine (I would have used Qimo given the age of the two likely candidates).

    I'm aware that my neice could in principle have gotten her laptop onto the web using an external modem or wireless card and borrowing a neighbours network but it seems unlikely given her age, financial resources and the lack of typical web surfing cruft.

  2. @T_Beermonster: Yeah, I had a similar case with my aunt's laptop (with Microsoft Windows Vista, of all things). That laptop's network card was broken, so it couldn't get any updates, and its existing antivirus was horribly outdated. My uncle's other computers are just as bad as well. With such situations, on the one hand, I feel like Linux would be a boon because they wouldn't need to worry about running antivirus programs and stuff like that; on the other hand, I feel that if they can't be troubled to actually take care of their computers, they deserve a lot of the issues inflicted on their computers and on their software. What do you think? Anyway, thanks for the comment!

  3. I have to say I'm inclined to say that they probably do deserve some of the trouble they bring on themselves.
    I don't personally understand why someone would not want to understand and take care of their computer. However it's a simple fact that a lot of people don't. Usually adults who came to computers in the "IT" era, kids are usually quite interested in knowing how to look after their computer in the same way they like to know how to look after their hamster. You cant rely on them to do it all the time but with encouragement and a bit of prompting they can and will take a pride in their machine/pet.

    Probably the biggest irritation is that people just accept it as normal and not something they could or should do anything about.

  4. @T_Beermonster: The sad part is that the kids aren't especially interested either. Neither one is especially into computers, probably because this has been going on for so long that from a young age they both accepted the recurring computer failures as normal. (I say computer, and not just Microsoft Windows, because some of their computers have experienced things like messed-up hardware. For example, as I said earlier, their network card is broken. Other examples include their laptop charger pins (both on the cord and in the laptop end) being chewed up (somehow) and their motherboard in one of their older computers melting.) Also, your last sentence is interesting because there was an article in another blog asking why people accept faulty operating systems when they throw fits about even the slightest issue with any other tech product. In any case, myself and my family have become their semi-willing, semi-reluctant tech support. Thanks for the comment!