The answer to the question posed in the title of this article is yes, but only under a certain condition.
It is safe to run your computer with no antivirus if the computer never connects to the internet at any time.
Yes, that sounds ridiculous, but I have a point to make with this.
Most people are under the belief that if you’re not running Windows and using Mac OS X or a Linux distribution as your operating system, you’re 100% safe and need no antivirus suite whatsoever. Maybe that used to be true, but no longer.
What’s known as drive-by downloads aren’t always targeted towards specific operating systems like Windows. Instead they’re being programmed now to target specific browsers like Firefox and Chrome. Most of them operate by running a hidden inline frame in a web page, launching a script, Flash script, Java applet or even a PDF to punch a security hole in the browser, do its thing and then your browser is in effect hijacked. Even on Linux.
Now while true the compromised software is only your web browser and remains “sandboxed” to a degree, that’s the #1 piece of software you use and it’s probably always open and running; therefore the malware is always running.
Windows is more prone to getting hijacked outside the browser because there’s so much malware specifically programmed for it. It is the volume of viruses and malware that exists for Windows that makes is so susceptible to attack. Mac and Linux aren’t nearly as susceptible because of far less market share, but consider this:
Using Facebook as an example, you truly have no control over what apps do on that site. All of it is third-party that operates outside of your operating system. And it’s well known certain Facebook apps have had less-than-noble purposes. Sure, at some point they’re found out and removed, but if you thought running Mac or Linux sheilds you from that stuff, it doesn’t.
The advice you can take is this:
First, malware/spyware programmers know that it’s much easier these days to hijack a computer via web apps rather than try to punch security holes in an OS. If you run across any web-specific app that looks suspect even to the slightest degree, don’t run it. Not on Facebook, not in your webmail or on any other web site you use that offers web-app capability. This is not to say you shouldn’t run web apps at all, because you have to run some. But you should be vigiliant about watching out for the bad stuff even for things that “live only on the web”.
Second, running Mac or Linux is not a “get out of jail free” card, so to speak, because web apps don’t care what OS you’re running. Your system won’t be attacked on an OS level but rather a browser and/or web app level if you just install web apps without thinking about it.
Third, it is difficult for most people to comprehend that web apps designed to compromise your browser even exist. People are still thinking about viruses and malware like they did 10 years ago where they sincerely believe that “it’s just a Windows thing”. No. Wrong. Web apps don’t discriminate when it comes to an OS.
The two best defenses against web-based viruses and malware are to run browser extensions that kill inline frames (NoScript will do it for Firefox, NotScripts will do it for Chrome), and to purposely leave the in-built browser protection on to block known bad web sites (which most of you already do anyway).
Again, I have to stress this is not OS-specific, and applies to Windows, Mac and Linux.
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.