Anti-viruses will always be necessary. There is money to be made in sending spam, running bot nets, and mining data. Regardless of what operating system you are running I'm sure there is someone out there who could find a vulnerability if he or she was motivated enough. Is this more of a PR move? Whenever you talk to Mac users they seem to flaunt the fact that they are virus free or is it that no one bothers since so few people have macs compared to pcs?
Anti-virus software is not necessary. It's a side effect of poor system configuration, slow release cycles for patched software and to a lesser extent, poorly designed software.
If a severe vulnerability is discovered, open source communities race to distribute a new version of the software (faster than anti-virus vendors can respond). Package management allows patches for _all_ software to be rolled out quickly and securely. A turnaround time exceeding 2 hours from knowledge of a critical vulnerability to patched software being distributed to 1,000,000's of computers would be considered slow. The concept of executing files downloaded from Internet sites, provided on removable media or sent via email is completely foreign.
Proprietary vendors tend to follow the processes defined in their ISO 9001 compliant Quality Management System. They wait for the next weekly "Urgent" Security Working Group Meeting so that a proposal to develop a Software Change Request can be agreed upon. ... blah blah... 2 months later you _may_ have updated software that users won't know about because they don't check the sites of the 100's of applications on their computers on a daily schedule.
Microsoft _could_ do more, particularly with respect to system-wide package management. However, _proprietary software vendors_ are the primary culprits. Microsoft can't help Windows users if software vendors refuse to respond to security vulnerabilities quickly or fail to design their software with consideration towards security.
I wish I saved the reference, but I read an interview recently where the founder/CEO of a prominent anti-virus vendor stated bluntly that the only reason the business exists is because of a failure to address {a list of well known and ignored problems including some I mentioned above}. Marcus Ranum ("inventor of the firewall")[1], Linus Torvalds[2] and many other well known and greatly respected researchers/practitioners have views on the computer security industry that may appear surprising. These people have significant influence, decades of experience and the respect to back it up. The comments they have towards the industry, including anti-virus vendors, are often quite negative (while remaining constructive). There is a reason founders of anti-virus companies can make discouraging remarks about the need for their company to exist -- they know from vast experience that software vendors won't be listening.
> It's a side effect of poor system configuration, slow release cycles for patched software and to a lesser extent, poorly designed software.
Don't forget stupid and naïve users - those who know that the dodgy crack / serial website is going to have infected files, or those who don't realise that cute cursors come with malware.
And, to be fair, it's not just MS that has these problems. BSD makes things a bit less scary for Mac users, but there's still the problem of people running as a high level user and entering their password whenever they're asked, without necessarily thinking about it.
