I am trying to gain a more detailed understanding of what it is about the Windows security model that makes Windows so much more prone to infection by viruses than Linux and OS X.

I understand that the problem used to be (from Windows XP back), that it was the default for users to run everything with an admin/root account, which gave virus writers free reign to do pretty much whatever they want once a user ran an executable. But I understand that from Windows Vista onwards, this is no longer the case and that it is not the default for users to be running as system admin accounts (i.e. now Windows users at least get asked to enter a password in order to give malware full access to their entire system ) ... Yet, in spite of this, Windows is still completely unable to defend against viruses.

Just to help avoid useless/off-topic discussion:

* I am aware that it is theoretically possible for a virus to be written for Linux (even though there has never been a serious, widespread Linux virus infection in the wild). I am not implying that Linux is completely impervious to viruses - but it is clearly less susceptible to them, and I am trying to explore why.

* I am also aware that Linux is vulnerable to other forms of malware (rootkits, keyloggers, etc.), but I am specifically interested in computer viruses, which are only a serious threat to Windows hosts.

* Many would argue that the reason that there are so many more Windows viruses is that there are so many more Windows users. But the reality is that Linux is extremely common in the server market, and virus writers would have a very strong incentive to target these systems if they could. Surely, even if popularity were a major part of it, if Linux weren't better designed to defend against viruses, you'd think there would be at least *one* case of a major Linux virus ... There seems to be something beyond popularity of Windows that accounts for this ... so I'd rather avoid the discussion of "As Linux gets more popular, it will get more viruses."

So could you all share what you know about the Windows security model (especially more "modern" versions such as Vista/7/etc.) that makes it so susceptible to viruses? Or conversely, what is it about Linux that makes it so good at defending against virus infection? Thanks!

I think monolithic vs. modularized design accounts for a lot of the reason.

Single kernel specification, user privilege escalation of userspace applications to kernel space, venders using rootkit drivers to access kernel from userspace, monolithic design around a single system specification.

Things are bad but they have gotten better but only modestly. We now have NX-bit execution protection, UAC when properly used blocks admin level execution, and the fact plenty of free antimalware programs exist make Windows a target, but a harder to hit target now.

To be honest, OSX is actually worse hit than Windows is any more.

That is incorrect.
All that has changed from Win XP to Win 7 (I haven't used 8) is that now users have to click a confirmation dialog when they run an executable that requires admin access. There is no additional password dialog, and the first user to be created on the system still has full admin access. Nothing has changed there.

Since pretty much any executable a generic Windows user might download requires admin access, within a few months they become immune to the dialog and it just becomes a hassle, which means they don't bother to think about what it is they're installing and why it might need admin access, they just click "OK" whenever the dialog pops up. The bigger problem, though, is that they simply have no idea WHAT the package they're installing is actually doing. There is no oversight, no management. As soon as they click "OK", the program once again has free reign to do whatever it feels like doing, just like in XP.

This, in combination with the fact that:
1) The vast majority of desktop systems run Windows
2) The vast majority of Windows systems are run by people who don't know what they're doing

Makes Windows a prime target for viruses and malware. It's simply a numbers game. If a bad person wants to write a malicious piece of software, they first need to pick which OS they want to write it for. There are a lot of Linux users out there, but most of them are using their distro's repositories, and the ones that aren't generally have the technical understanding to know what they're installing, what it needs access to, why, and do the necessary vetting to ensure it's a reliable piece of software. There are significantly more Windows users, the majority of those users are not security-aware, and the developers know that once those unsuspecting users click "OK", their program can do whatever it wants. The return on investment is vastly higher with Windows, so that's what they primarily choose.


Above all, I think the primary reason though is the entire attitude toward 3rd party software on each system.

On Linux, 95% of the software a user might want to install is available in the standard distro repositories, which are clean and trustworthy. Another 4.9% are available on 3rd party repositories, which are also clean and trustworthy, but maybe not as stable as the standard repos (an issue you're not focusing on here). The last 0.1% are actually downloaded as tarballs or rpms or debs from 3rd party websites, but again Linux users are generally more security-conscious (in my experience) and only go that route if they 1) have to, and 2) trust the source.

On Windows, 0% of the software a user might want to install is available in any sort of standard, filtered repository. EVERYTHING is downloaded from random web sites. This makes users more - immune? That's not the right word - to downloading random software from random websites and installing it on their machines, which increases the likelihood of a user grabbing something malicious by accident. A Linux user would almost never go to a random website and download/install some software, but a Windows user HAS to do that, since that's the only way they can get software.

I haven't commented on Mac since I have no experience there.

Windows has a very robust and well-thought-out role-based security model which should be very strong indeed. In the right hands, it is.

But in the hands of millions of "ordinary users," as it is by-default deployed to them, it is "a bare-assed sitting duck." Why? Because of the way that it is deployed:

• The default user is an Administrator.
• The user has no password.
• It is not only possible, but easy, to "simply remove" the passwords from any/all users.
• Privilege escalation requires a mouse-click and no further challenge.
• Very widespread use of vendor software which runs constantly at unnecessarily-elevated privilege states.
• The fable of "anti-virus" software ... that it is "necessary," that it "makes you safer," and that you should constantly "$$ update $$" it in order to protect yourself from a quasi-biological threat.

However, [b]it is a myth that Linux, OS/X, or any other operating system is "categorically immune" to malware, just as it is a myth that Windows is somehow "sickly." Malware is ... software. Nothing more or less. It isn't magic, not even dark-magic. Malware is simply opportunistic.

An analogy that I like to use has to do with the (probably, apocryphal) tale of the "pizza-delivery cat burglar," who walked down the street carrying a pizza box. He tried the front door of one house after another, usually finding it unlocked with the burglar-alarm (if any) off, and so he slipped into the master bedroom and helped himself to just a few choice pieces from the lady's dresser. Malware is a lot like that. If your system has the slightest defensive posture at all, it's less attractive than the millions of nearby systems who don't. Just lock the door. It doesn't have to be a good lock.

Moved: This thread is more suitable in <General> and has been moved accordingly to help your thread/question get the exposure it deserves.

No system is ever going to be 100% safe from malware. However, the more you learn about your system the better off you are.

Thanks for all of the information folks. There are several things I hadn't thought about before (e.g. software repos vs. downloading from random websites).

One thing I've noticed is that many people point to the monolithic design and software "monoculture" of Windows as being one of the major reasons why it is so easy to target by virus writers, compared to the huge diversity of system architectures found in different Linux distributions.

But I wonder how this is going to change with the widespread adoption of systemd, which is creating precisely this type of monoculture on all of the most popular Linux distributions ...

No research I can find backs that up the same protocols and small user base that makes Linux unattractive make OS X unattractive. There is something like 200,000 malware threats to Windows discovered everyday and a dozen or so in the last ten years with OS X. If you combine that with zero virus' in the wild for OS X the two systems are not in the same ball park, league, country, or continent.

Remember: security is a process, not a product. Nor is security (or the lack thereof) "inherent" in any product. If you put the most expensive padlock on a door that's sitting next to an open, unguarded window, and if you then proudly boast of how secure that lock is (according to the manufacturer's statements, which are true), then ... you are not secure.

I think that by far the biggest target today would be Android and iOS. These are the most-widely deployed computers in use today, and they have access to plenty of sensitive data ("photograph your check to deposit it!!"), and they have virtually no security at all, physical or logical.

You're right--Win7 doesn't require the password, only that you click OK. Win8/8.1 is the same. The only exception is when you're using a non-admin account, then it asks for the admin password...However, 99% of people are already running as admin...

Not really...The only program that I used in Windows that needed admin access was Core Temp, a CPU temp monitor. And I can see why it needs higher privleges. Of course, 99% of the software I installed was open source, so that probably means that the people writing it had a little bit of knowledge of what privleges they need and don't need... but that's getting a little off-topic

I agree, especially with #2. I'm constantly amazed at school at how computer illiterate some of the teachers are. Not that it's their fault...it's not like there are any places that you can go to learn how to really use a computer...

This is IMHO the real answer to the title of this thread. (Very well written, BTW) It would be very difficult for a malware author/programmer to just make a binary, put it up as a "YOU'RE A WINNER!!! CLICK HERE TO CLAIM YOUR PRIZE" ad, since (1) the majority of people who would click it are Windows users, (2) most Linux users realize it's a scam and close the tab, and (3) there's the executeable bit that needs to be manually set. So even if a Linux user downloads a malicious binary, they have to deliberately "chmod +x" it and then run it.

Same here.

Slightly off-topic: Google seems to have been thinking about the whole repo-versus-website method of installing software. Their "Chrome Web Store" looks a lot like a Linux repo, only without a CLI interface . And since you're only installing apps/extensions from there, it's at least filtered to some extent. I highly doubt that Google would allow a malicious app to make its way to the Chrome store.

Just my

Actually, I have seen Mac malware and it actually can be worse than Windows malware in terms of threat and damage potential.

http://www.welivesecurity.com/2014/0...-os-x-malware/

About a year or two ago, OSX got a very nasty malware that attacked the CMOS UEFI of the MacBooks and would attach to the firmware. You could remove the malware in the system, but within moments it would return as the CMOS UEFI would reload the malware payload nearly instantly.

http://arstechnica.com/security/2013...jumps-airgaps/

ping ReaperX7-
That's surprisingly bad for OS-X but I don't see how this is worse than windows. Firmware level malware has been haunting Windows since CIH (Chernobyl) made it's debut in the late 90's. Recent ones are able to write to UEFI and also gear like raid controllers and specifically target certain versions of windows. IoTs are likely to worsen the vulnerability.

They were not born equal.

From the ground up, Unix was designed to be a professional multi-user OS with networking capabilities. The software was expensive and meant to run on extremely expensive huge computers.

On the other hand, windows started as a gui front-end to ms-dos, a gadget OS for small and cheap personal computers.

I think this has something to do with the present state of things.

Also I think the point is that on Linux above 95% softwares are open source whereas Windows users tend to download whatever they find irrespective of source model, hence a typical Windows user would only have at most 5% open source.
And I think having open sourced software is a safer option, because any hacker would not release a virus with it's source open to anyone to view and find that it is indeed a virus.