Posted Aug 19, 2010 22:21 UTC (Thu) by elanthis (guest, #6227)
Parent article: Some GUADEC notes
The problem with viruses on Windows has a lot to do with the software ecosystem on Windows, which is entirely different than on Linux. On Windows, you get software by browsing the Web and clicking a Download link on some site.
On Linux, you either magically know the cryptic package name of the software you want or browse the packages in a huge bloated repository, and then hope that the software you want is actually packaged for your distro and that it is actually up to date (and if it's not, you generally have to wait 6+ months for the next version of the distro to roll out, and then you upgrade EVERYTHING to get one package updated).
The Windows way is far, far, far more user and developer friendly. Users don't find software by browsing a freaking package repo. They find software from friends sending them links or with Google, or links off of other sites. The Linux method requires finding that software, then transitioning to another app to find it AGAIN to get it installed. Gross. The Windows way is better for developers because it gives them the ability to create ready-to-go installers instead of having to wait for half a dozen popular distributions (and hundreds more of unpopular ones) to actually package up the software, which may take months to years after the software first comes out.
The Windows way is also more dangerous, because there is no central authority in charge of the software and installers. Thus, anti-virus software is needed to protect users from themselves. Windows itself is not inherently super insecure. I know more than a few people who've never used anti-virus software and never gotten a virus on their comptuers, because they are idiots and they don't download random crap from random sites that nobody with a clue would ever trust. Most people are uneducated and clueless, though.
I whole-heartedly believe that Linux needs to at least support the Windows software distribution model to really meet Ubuntu bug #1. There is more software out there than even Debian's 15,000 package repository scratches the surface of. There are applications that need frequent updates to even be useful (e.g., tax software) that can't wait for 6-month release cycles There are users who need bug fixes when the app is released, not when some unrelated packager gets around to updating the distro's updates repository. There are applications that -- plain and simple -- are proprietary and will never be in ubuntu's or Fedora's repos, but real users really want and would rather not have a computer than live without (e.g., games, which the Linux folks CONSTANTLY underestimate the extreme importance of to regular everyday home users).
When (or more likely if; I doubt it'll happen soon, if ever) Linux distros start shipping at least an installer packager to supplement their core repos with a distro-neutral package format (that can also automatically install an update URL for PackageKit to check) that is friendly to componentized software (e.g., not just a single big huge RPM you download and install, but a package that can let the installer look at a URL to grab dependencies not in the core repo) and software on multiple-disc media (many games are coming out requiring 2 or more DVDs for all the content), Linux will find itself in need of anti-virus software.
If the distros would stop cock-blocking software like AutoPackage and other failed attempts at installation software, they could actually realize that there's a huge strength in buildign in a standardized third party software installation tool. Windows is a mess because there are a billion different installers, and anti-virus software basically has to scan every .exe ever run. With a unified, single installer that all third-party software has to go through (what Microsoft is slowly trying to get with .msi, but for legacy reasons it has a loooong way to go) you can remove a lot of the bloat of anti-virus software by only really needing to run it at install time. It wouldn't be fool-proof, but nothing is, and it would be Enough(tm) for most cases.
Unfortunately, the distros are too focused on imposing as many artificial barriers of incompatibility between each other as they possibly can, while forcing users to use a central repository as much as possible to maintain control. They claim its for protection and stability, but at best it's laziness and at worst it's just user hostility.