There have been quite a few articles recently in/on a variety of magazines/web sites about the vulnerability of Linux and Mac OS X to viruses and attacks. The general feeling seems to be that Linux and Mac OS X are safer partly because there is less reward (fame) in bringing down only a few machines. If someone were to write a virus or worm for one of these operating system, it probably wouldn't get very far because most of the machines it would try to infect (whether by using IP scanning, email or another method) would be running Windows. Such a virus/worm would be stopped before it could start.
A lot of Windows viruses are passed via executable email attachments. There is nothing inherent to Linux and Mac OS X that would protect against a user running a virus attachment. Now, most Linux users are probably more savvy than the average Windows users and wouldn't be likely to fall for that trick--but that doesn't mean the OS itself is any better. I don't think a similar statement could be made about Mac OS X users. While the Unix-like base of Mac OS X provides some protection against modifying system files (mechanisms that are more difficult to circumvent than on Windows), a virus could still trash a user's files.
I have always believed that the scariest attacks are those that are socially based rather than technically based. Phishing scams are not platform-specific, for example. The biggest danger to a computer is the user sitting at its keyboard. Are buffer overflow vulnerabilities real? Of course they are, but look at the prevalence of phishing schemes and how many people fall for them. The damage from a phishing scheme can include significant financial and personal loss, including a stolen identity.
There is a tie-in here to instant messaging and BitWise: can software protect against social attacks? Should it be required to? Just like preventing a virus from installing itself, can social attacks be identified and stopped? This is an area of software very much unexplored. Just imagine if email software was found liable for damages that occured as a result of a user falling for a phishing scam in an email.
Or we can just wait until computers have enough intelligence to stop us from using them for their own sake. :)
Gmail, for example, puts a large, colored header at the top of e-mails that may be scams that says "This e-mail may not be what it seems!" (or something like that). I think this kind of prominent warning is as effective as we can get until software can actually tell for itself what is real...
Call me old fashioned, but how about one not be stupid? Why should it be a developer's responsibility to protect a user from themselves?
I wonder how gmail manages to determine if an email is not what it seems?
Eva: Unfortunately, it is difficult to tell someone not to be stupid. :-/ Some people just are gullible or naive. It's the same reason that there are disclaimers on the products we buy, like don't use bleach in your eye. Telling people not to be stupid is ignoring reality and isn't going to be very effective. They need protecting because that's just who they are. IMHO.
Yes, people need protecting. But if they are that dumb no one but themselves should be responsible. Even if the package did not tell them, "Contents hot, when heated."