I think the answers of ‘use a mac’ or ‘use linux’ are flawed because in my mind, i can still download and run a rogue application, and it can still trash my data. Who cares about reinstalling the machine if all the data is corrupted.
Same with running as non-admin - that rogue program, running under your credentials, can still read all of your files looking for passwords and credit card details, and corrupting what it feels like.
Running windows in non-admin mode never worked for me. I had a few commercially bought programs (Adobe Photoshop Album 2.0) that would simply not work as non-admin (a nice dialog informed you of that on start-up). Non-admin (currently) just makes it harder, but not impossible for the virus writers. Death by 1000 cuts indeed.
Anecdotally, I’m sure my machine was last infected when I let someone use my computer. They were staying with us and I (thought I) set up a non-admin very low privilege account. Some sort of mostly benign trojan got me, and that was only defeated by a clean wipe - I was lucky.
Virtualisation is good, but it’s no panacea. Virtualisation is better because I can load of certain configurations (dev, not dev, playground) but trying to do it for things like email and browsing - the most exploited virus vectors - is pretty impossible. Graphical programs suck too. You’re still reinstalling a virtual machine, because the virtual machine has all the same downfalls of the real machine. You’re really just putting up walls to limit damage when it does happen, but are you really making that much of a dent in the problem? Oh, and you did buy all of those licenses for all those virtual machines right? Mr Universal MSDN is fine, but my mom isn’t.
Sandboxing - it’s mostly the answer. And not done the way .net’s access permissions work, but something that any old user can use and understand. Heck it should be something that any old programmer can understand too - because they’re the other 1/2 of the problem.
- don’t need access to all files in the system (or all file types in the system)
- don’t need access to system files (after install, ever?)
- don’t need unrestricted access to all network ports/sites
- don’t need to listen on tcp connections
- don’t need unlimited network bandwidth
- don’t need access to the entire registry
Done as part of the install (program supplies a manifest) and enforced from the OS would probably make a lot of these issues go away. The OS could highlight warnings (and allow the user to override) saying ‘no this program may not do xyz’. I’d like to do this with commercial programs that I trust too. I want to know what any program is doing or allowed to do in the system.
It’s not a simple fix, but MS (and others) will have to make some breaking changes at some point or they will continue to be plagued from all of nonsense. The truth is there’s a lot of things in Windows that are broken and not getting fixed anytime soon.
What’s the rest of the answer - I wish I knew. For now just filling up the security holes, avoid IE, and Hope For The Best ™.