Strange. This was posted via the MS news server and wound up in a black
hole! Reposting using another server...
You are generally correct. However there are worms like Blaster and
its variants which you can get directly, and very quickly. But the
main protection against these is a firewall, not an anti-virus
program.
I have never gotten a virus. True, I run anti-virus software, but
still I suspect even without it, I probably wouldn't get one. The only
reason I still run AV is because nothing is ever 100%, and I'd rather be
safe than sorry.
To me, safe hex involves avoiding dodgy Web sites (porn, warez, etc.),
staying away from "freeware" which contains spyware, enabling the
viewing of extensions -- so if I believe I am downloading an MP3 file, I
know it is indeed one (I always scan the file, too, before I click on
it... better safe than sorry...), turning the preview pane off in my
e-mail client and examining the message source before opening anything
that looks suspicious (a good way to deal with phishing if you know what
to look for), never clicking on an e-mail attachment (I always save to
hard drive--and only if I am expecting it, then the usual noting of the
extension followed by scan). Anit-spyware apps like AdAware, Spybot
Search & Destroy, and SpywareBlaster are also helpful.
My understanding is that Blaster and its variants exploit a security
hole which has been patched. Still, installing XP and going online
before downloading and installing all the necessary patches without a
firewall enabled can be risky, I suppose. But specifically, how can a
user get infected with one of these worms? What is the mechanism?
Peter's "3 seconds" statement seemed to me to be sensationalistic, but I
am open to all ideas.