Much is said in tech circles about how you must protect your equipment from viruses, spyware, adware, Trojans, you name it. I have recently completed a three-year experiment with an unprotected laptop, that I used every day, and on multiple networks. Here’s what I started with:
– A Gateway M275 convertible laptop running XP Tablet edition in Administrator mode as installed from the factory
– Windows Firewall turned ON, Windows defender not available on Tablet version of XP.
– Standard installations of MS Office 2003, OpenOffice, Thunderbird, Firefox, CoffeeCup FTP, Adobe Photoshop 7, Adobe Acrobat Pro 7, iTunes, Yahoo Instant Messenger, amongst others.
– No installation of any virus program, spyware checker program, ad removal program, etc.
– Machine booting straight into windows without a login required.
– Set Windows Update to notify me of updates but not to auto install. I always installed all updates myself with the exception of updates to I.E. as these tended to botch up other programs on the tablet (this is not true for most laptops and desktops).
I used the onboard Intel wireless network adapter to connect to my home network and to wireless hotspots all over St. Louis and when I traveled, which included Florida, Colorado, Arizona, Indiana, Louisiana, Alabama, Mississippi, and Georgia. I used the onboard NIC to connect to our public network on the college campus where I work. I used ATT Elite-Class DSL Broadband at home with a router, and ATT wireless when traveling when free wireless wasn’t available (mostly at McDonald’s, Barnes and Noble, and Starbucks).
From this configuration in April of 2005, I used this machine for everything: email, surfing, uploading my photos from my camera, writing web pages, posting in blogs, installation of my WordPress blog, FTPing to my websites, managing my finances, and doing my taxes with TaxCut. I did not use Internet Explorer, only Firefox, and I kept Adobe Acrobat, Flash, Java, and QuickTime updated as needed. I also updated programs as needed, like iTunes, Firefox, Thunderbird, and Open Office. I used this machine at work, I used it at home, I used it in the car, I used it on airplanes and in airports and restaurants. This machine was like a baby, I carried it everywhere. I watched for signs of infection or trouble, but never installed or ran a virus program, spyware check, or anything else to deep clean or assess the machine. I have also never run a defrag or any other program to tighten up the computer. I’ve just let it run and run the way it is.
Yesterday, I downloaded and installed AVG Free, Spybot Search and Destroy, and Adaware from Lavasoft. I had them get their most recent updates and then set them to work on my tablet.
To my huge surprise, Spybot found absolutely nothing to remove. AdAware found two tracking cookies, and nothing else. AVG found one inactive and non-functional Trojan and an email in my deleted bin with an infected attachment.
Three years of running this machine with no protection, and it is not infected. I’m stunned and amazed, considering how much we are told to lock machines down tight. In my experience, it isn’t the machine that is the problem. It is the user of the machine. I’m an experienced techie and watch myself and where I’m surfing and what I’m downloading and what attachments I choose to open. For others, the protections may be absolutely necessary. I know it is for the other machines on my home network that are used by people other than me. My husband’s machine alerts me to possible infections almost every day, and each of my teenagers’ machines alert me several times a week. I keep them all up to date and set a lot of things to auto-update to keep out the bugs.
But on my own machine, I use nothing at all, and do not fear getting infected. I’m fully aware that I was leaving large holes in my system for infection, including running under the administrator account instead of a more locked down user account, not having virus or spyware checking programs installed, and never checking the machine for infection. The only thing I ever did consistently was to let Windows Update download patches, although I refused every patch that was a cumulative update to I.E. because I found it caused issues with other programming on the tablet. I’ve since learned that this is a result of the tablet version of XP and doesn’t affect desktop machines. And yet for three years this machine has run consistently well and without being infected. My only explanation is that it is the care of the user that makes the difference in a machine’s chance of getting infected.
One might ask why I tried such an experiment. It was partially because I didn’t want virus programs and spyware checkers to slow down the performance of my machine, which was not as high end as I wanted it to be. I don’t want a virus program checking all incoming mail and slowing down the program while it does so. The other reason is because I truly didn’t feel it was necessary to lock the machine down, that if I took care with how I was running the machine, visited websites that I trusted using a browser that I trusted, and knowing the difference between a nasty attachment and an okay attachment in an email, that I would be fine.
And for three years, I have been. Go figure!
This is probably why most of us Linux users don’t worry about viruses. We are simply aware of what a dangerous website or attachment looks like. Plus using Firefox helps no natter what OS you have.
@Mark Schneider: AVG (free) is lighter because it doesn’t have a real-time scanner that checks all incoming traffic. It’s only a periodic scanner.
I don’t think a user has to be so afraid of the Internet in general, it is when people start surfing for jollies and bad stuff they have to be afraid.
My sister has never had a virus killer installed in her life, and she so far knock on woods never had a virus, I know because I admit I sneak a scan or two in when I visit her.
You don’t get virus by going to google.com or websites like that, that is just my experience as a long time tech.