yes but same thing happened to windows right?
By design, or by thought. Its not a matter if linux is more secure, I actually think its less secure then windows. It just dosnt get the attention windows does.
in the beginning of modern computer era, when UNIX ruled and Windoze wasn’t even born, computer enthusiasts were writing small programs just for their entertainment. they called them “viruses”. They could infect files (in theory), but in fact they couldn’t spread inside UNIX systems because of rights management system. Viruses gained the real power when they got inside DOS. However, network worms could infect and spread UNIX machines, but not DOS (well, not at first) because DOS didn’t even have networking capabilities.
The thing is, to infect Linux machines - a virus/worm must be reasonably advanced, whilst the simplest virus could kill not only DOS, but the whole machine.
Still. Its timing. Windows was the new thing. Viruses werent advanced enough to get around the protection yes, but if windows didnt come out, the viruses would have gotten advanced enough to bypass the security in UNIX.
It’s always an interesting subject for debate,whether or not Linux is inherently more secure than Windows.There’s little doubt that if Linux was as popular as Windows then commercial malware authors would target it to a far greater degree than at present.It just doesn’t warrant the time and effort with it’s current market share,given that the vast majority of malware is based on commercial gain.
The Open Source nature of Linux is a double-edged sword when it comes to security.The code can be disassembled and analysed by the community,in order to find flaws,but that same degree of access exists for the malware writers too.As things stand though the relative popularity of Windows makes it a far more tempting target,so we’ll only get a definitive answer when or if Linux ever reaches a substantial market share.
I do give linux credit, because linux is simple. Its streamlined however, it cant do as much as windows can. This streamlining, and simplicity, allows for quicker patches and the reduced chance that there is error in the code. I do note that linux distributer arent as experienced in releasing patches as microsoft guys are 
Microsoft are experienced in releasing patches too late :-)))) and they’re also experienced in writing help files… and the funny thing also a popup in Device Manager when you try to disable a device… “Disabling a device will cause it stop functioning!” :-))))))))))) ■■■■■■■, i didn’t know that… :-)))))))
Im sure thats not for you but for the computer illiterate citizen.
that’s really the thing i don’t like in Windows and like in alternative platforms. In Linux for example, if you are root - you are an administrator, you know what you are doing, so no questions asked, no stupid “step-by-step” wizards. In Windows a user, even if he is ten times administrator, he’s still considered a moron :-))))))
Thats product design though. With linux you can expect there is a computer savvy person using it, or a person who is close by who knows what their doing. For windows, its mass produced. You cant expect microsoft to release a new version of windows for the 5% of the population that is computer savvy.
To get past Comodo, doesn’t rely metamorphic or polymorphic viruses…
It just needs to be something unknown, but the user wants to use very very much, so he clicks yes, and you are in!
An antivirus could all blacklist almost everything (all use very broad heuristics so everything is judged bad) , and get the same result ie Warn on almost everything never mind if it hits innocent stuff…
True a less savvy user would infact just hit ‘yes.’ These viruses are rare so lets not worry. O.o
they’re rare NOW, but who knows - maybe tomorrow the first metamorphic epidemy hits the world. So, less informed users will always be less protected than those who care about all that stuff - no matter how good is AV or firewall… The knowledge is the key, and here’s the main problem… Many people don’t know anything about their car, it just works! And while computer security is quite different from that, people look at it with similar approach - it works, and nothing else matters.
Actually , one wonders whether savvy users would be less vulnerable. Unless we are talking really about elite users who can do analysis of code/even Disassembling it, how will the “more savvy” user know what to do?
I may know about the existence of stuff like metamorphic/ polymorphic malware, but it doesn’t help me one whit to know whether this file in front of me is it, or if it is just the hips being paranoid (since it alerts on many innocent things as well)
i am no expert, i can’t disassemble code… i mean i CAN disassemble it, but to me all these eax push mov bx make no sense :-))) still, i CAN determine whether alert is generated by malware or not :-))) it’s just pure experience and a bit of logical thinking :-)))) for example, why would a game install a driver?))) if you know that it installs it e. g. it is commercially protected, comes on DVD and asks a serial number - that means no threat. But in all other cases… you see the point?
Melih sorry if I partially disagree with that: it is true that most anti-virus intercept the infected file once it’s too late, downloaded on the disk, and they won’t even be able to repair anything. But something as “simple” as the Avast WebShield module (Eset NOD32 has the same) that scans the files in memory, without caching anything to disk, can stop a virus, if it detects it, to be downloaded. I personally set the Avast WebShield alerts to “silent” which means that in case of virus detection, the connection is terminated. And I’ve experienced it with the Eicar test file. It works perfectly well, even when the file is zipped (where the standard shield doesn’t detect anything in a zip file once it’s downloaded).
Unfortunate exception though: this WebShield proxy obviously cannot read encrypted connections, so anything downloaded through the port 443…hmm…will be downloaded. And you’ll get an alert, when it’s too late.
(you also said AV software cannot prevent against new viruses, but they use heuristic as well don’t they? I’m not saying that it always work…it is also a source of false positive).
Leopard19
how will any AV stop a virus that they don’t have a signature for? Heuristic: is just glorified signatures.
Melih
well heuristics are not just glorified signatures… at least not that simple :-))) though we can’t really tell, maybe AV companies are cheating when, for example, i turn off signature detection in NOD32 and it still detects viruses with heuristics while in fact using plain old signatures… but i don’t think this is true :-)))) so… heuristics give somewhat protection but it ain’t really that good, 'cos all these AV tests state that heuristic analyzer which detects 30% unknown stuff is ADVANCED+… of course, detecting 30% new viruses is a big deal, but 30% ain’t no 99% or even 80% which would be enough to make virus makers think hard to write an undetectable virus… so right now when heuristics analyzers are ineffective we are forced to use another software like CFP :-)))))
btw i like the “block all” idea instead of “intellectual” behaviour analysis… here’s a really simple example. imagine you have a door. If you have a door and a really fuzzy lock on it, someone possibly CAN produce a key that could open the lock - that is, if behaviour analyzer alerts only about actions it considers suspicious - then there is a possibility to fool this analyzer. But if you have plain old 2-meter thick brick wall instead of a lock - what key can open it?:-))))))
not sure about that. One thing I’m sure is when heuristic is too sensitive, you get false positives. I never said heuristic analysis worked 100 %, only that it exists and that it’s better than nothing. And then come the HIPS…there will always be the issue whether one clicks allow or block to an unknown process, mixed to a known setup.
There are many people out there who don’t install application everyday. Setting V3 in clean mode means literally no pop up and ultimate protection for them!
Now compare the above scenerio of a user (a good majority) who doesn’t install things regularly enough (so that they get bored to say yes to every click) where they are using an old style protection called AV 
they go to a site and they get Drive -by-downlaod, etc etc.
With V3 they literally get total protection with almost no pop up! (apart from one machine where i install stuff to try out, i have installed CFP V3 in clean mode in 3 home machines i have, I just don’t notice it! it just doesn’t give me any popups enough for me to say i am bored and will click on yes to everything)
So, for the majority of users running V3 in Clean PC mode will give them a MUCH b[/b] higher protection against any malware than running an AV.
Now, lets talk about the other type of users who install stuff regularly
As I said above, in one machine I install stuff. Once i did it without clean pc mode and 400 popups later i gave up… but then I setup the install mode on V3 voila! Not a dickie bird, nothing, nada! If i am kind of guy who will keep installing stuff, then its as simple as when I install things to put the V3 in an install mode. What that does is not to turn off protection at all! What it does is, it trusts the installation and all the related of the installation hence no popup.
There is one more category:
A user who installs stuff without really knowing whether its good or not. So sometimes things like malware gets installed cos it was “shiny”. For those kind of users, AV won’t work either! the only thing that can protect them is a whitelist!
Name of the game is “protecting the user”
So in which scenerio could AV offer better protection?
thanks
Melih