The Ubuntu Plunge – Day 3: Epiphany!

A funny thing happened to me on the way to the web this morning. I had justed booted back into Vista x64 to check on a couple of schedule items when I noticed an alert coming from Windows Defender. It seems that the anti-spyware utility had been unable to download new malware definitions for over a week. It also noted what it believed to be some “suspicious” behavior on the part of a particular executable.

So, naturally, I did what most veteran (i.e. been burned before) Windows users do when faced with a potential malware infection: Panic! How could this have happened? It’s a nearly fresh (2 weeks old) install of Vista! I’ve got UAC enabled and all the security patches in place! I even installed the SP1 Beta!

When the panic attack was over I began scouring the web for references to the executable in question. When several leads pointed to potential spyware, I decided to pull out all the stops and download the “gold standard” of anti-malware solutions: SpyBot Search and Destroy.

An hour or so of scanning and I was presented with a clean bill of health. Whatever was tripping-up Windows Defender was apparently harmless, and the various definitions errors and other false alarms I had experienced were unrelated to any actual infection. I was out of the woods. My Vista PC would live to see another day!

Then it hit me: had just wasted over an hour of my life chasing down a phantom malware infection. It was a disturbing sensation, more so since I hadn’t experienced anything like it in several days…ever since I started my odyssey into Linux-land.

To the Linux faithful: You must understand that, for us Windows users, fear is an accepted part of the Microsoft experience. We enable UAC and Internet Explorer Protected Mode. We meticulously maintain our anti-spyware and anti-virus definitions (and quake visibly when they become out of date). And more importantly, we never, ever open an email attachment from someone we don’t know (and even when we do trust the sender, we cringe with each mouse click).

As for other tasks, like downloading files from the Web, it’s all about the source: Have you downloaded from there before? Can they be trusted? What about user comments? Have other poor saps reported malware on the site? Itching to try some shiny new application or utility? You know, just to “kick the tires?” Not without a thorough background check! Anything less is just crazy talk!

To be fair, Windows is such a huge target because…well…it’s everywhere. It’s on your soccer mom neighbor’s home computer. The one she manages the family finances on. The one that has all those juicy online banking shortcuts and stored passwords just waiting to be socially engineered into some shady character’s greedy little hands.

However, Windows is also a target because it’s riddled with holes, most of which Microsoft drilled itself during its epic quest to destroy Netscape nearly a decade ago. And as I note in my upcoming feature article on the future of the “fat client” desktop, we’ve been living with the insecurity fallout ever since.

Case in point: UAC. It’s a response to problems that Microsoft itself created. And while the company has grown more serious about security in recent years, it can never stuff the genie fully back into the bottle. To do so would break way to many applications – it would kill the platform overnight.

So as I sit here typing away at this missive in OpenOfficeWriter, all the while admiring my latest Compiz theme find (“t-ish” sure is a sweet looker), I can’t help but think of all the things I’m missing since booting back into my “Gutsy Gibbon” install: spyware; viruses; and (most importantly) fear.

Next Up: My one week summary and a critical decision point is reached…stay tuned!