if you don't, and you don't do webbrowsing from inside windows then I can't imagine the need for anti-virus.
90% of attacks are trojan horses (fake/embedded pirated software usually) and the remaining 9.9% is browser attacks.
I doubt anyone is defeating your firewall/NAT box to get a direct connection to your windows machine, and even if they did they'd have to find a service they can exploit.
What are you using to run the VM? I've always had issues integrating the host and guest VM nicely in Windows - getting copy-paste working properly, resizing the window, etc.
How is this the same as having to run anti-virus software because the system's (i.e., Windows's) security model is broken?
> jailbreak iOS
Not sure why iOS is even relevant to my comment, since it isn't built on Linux (or even Unix).
> Security starts with the user.
This is true; a user who is bound and determined to hose their system can do it no matter what protections are in place.
But that's irrelevant to the point under discussion, which is how people who do not want to hose their system can keep it secure. On Windows, you have to run anti-virus software (and even the protection that provides is not foolproof), because the system's security model is broken. On Linux, the system's security model is functional to begin with, since unlike Windows, the system was designed that way from the ground up. So you don't need to run anti-virus software, and hence you don't have to worry about what information that software, which has a privileged position on your system, might be sending to others.
> Windows security is pretty good when running as a normal user and having UAC turned on on its full level and binaries validation.
Do you still need to run anti-virus software in this configuration?
> UNIX does have a better security model configuration out of the box, but is just as unsafe for the regular users that just dump stuff into their PCs
Again, I agree, if a user wants to hose their system, Unix won't prevent them. But anti-virus software won't prevent them either.
My point is, what about the user that doesn't want to hose their system? On Linux, it's very simple: use your package manager to install software, and don't run anything that wasn't installed that way.
You don't need an anti-virus if you are only running software from trusted sources, just like in Linux.
Just that trusted sources in Windows means not installing pirated software or that thing a friend gave because it was so cool. Or going to shady internet sites.
All things that will hose a Linux system as well.
Linux package managers are nice until one needs something it isn't there, like it happens to most average users that don't care about about FOSS and forcing themselves to alternatives.
And I never saw a UNIX that would allow to prevent users to install software locally, as Windows does with Active Directory group policies. Although I bet there are some third party commercial offerings for that.
> You don't need an anti-virus if you are only running software from trusted sources
What does "trusted sources" mean in the Windows world? Microsoft itself has shipped virus-infected CD-ROMs in the past.
> Linux package managers are nice until one needs something it isn't there
My sense is that, while this can happen, it's less likely to happen with the major Linux distros than it is with Windows. Major distros have tons of software in their package managers.
> I never saw a UNIX that would allow to prevent users to install software locally, as Windows does with Active Directory group policies
Um, you do realize that all it takes is not putting the user in the "sudoers" or "wheel" group (depending on the distro), right? This is routinely done in settings where only sysadmins are allowed to install software, such as universities. You certainly don't need anything as heavyweight as Active Directory group policies.
Not a given. Where I work, most of the reports I get from security admins regarding compromised hosts (found to be port-scanning, attacking other hosts, etc.) are for Ubuntu systems. You still have to secure any services you're running and take basic common-sense precautions.
I don't think it will be much longer until I actually make the switch.