There’s a lengthy but interesting article at the Washington Post about botnets. Brian Krebs interviews a guy who makes quite a lot of money running such botnets and infecting people’s computers. He gets paid by spyware companies as he installs spyware on the computers of his unknowing victims.
The article is good, but has one gross omission. There is not a single mention of the fact that this problem ONLY affects windows users. Shame on you, Brian Krebs. You’re a reporter, you should not live with your head in the sand. Windows is not the only option!
If you are a Windows user, read the article. If you also use Internet Explorer and/or Outlook, read it twice, and then see if you still dare to use IE or Outlook. Then go and download some safe software – the Firefox web browser and Thunderbird e-mail client are a good start. And don’t forget to check out Ubuntu, too – they will even ship you an installation cd for free.
If you’re not a Windows user, go read the article anyway to see what you don’t have to worry about as much, because your operating system is designed properly.
And to fend off the ‘but Windows has such a bad security record because it is deployed much more widely than other operating systems, and hence is a much bigger target’ people: if you would manage to infect a GNU/Linux, Unix or Mac machine – which is much harder than infecting a windows box – you’re not going to get further than a user account. It’s much harder to get root (i.e. superuser access). Unlike Windows, which is basically a free-for-all, once you infect the box.