Jochen Schulz wrote:
You wouldn't believe how many Windows programs want to talk to the Internet, and nobody knows for sure what most of them want to talk about. Windows from XP onwards has a built-in firewall controlling incoming packets, but only from Vista on does it also control outgoing packets. Most programs seem to want to upgrade themselves every time the computer is turned on, and a security-conscious person might want to prevent this, as there's no way a user can tell if the upgrade request is genuine. It is safer to download the latest version from the website and install it manually.And, by the way: I don't know about any "desktop firewall" like Trend Micro's for Linux. Firewall applications for Linux take a different approach than those for Windows and this is generally a good thing. In short, you don't need such software when running Linux and in my opinion you don't them on Windows either.
Another issue is that Windows viruses normally want to send lots of email, and if you're using webmail, there's no need for the client PC ever to send any SMTP messages. Even if you do use SMTP, it will only ever be to one smarthost, so control of outgoing SMTP is usually a good idea.
Viruses also masquerade as genuine programs which should be allowed to use the Net, so most Windows 'personal firewalls' now make a quick check of a program requesting outgoing access, and match it against a hash which was calculated when the program was first installed and made its first attempt to connect out.
None of this actually stops a Windows machine from getting infected, but it tries to offer an early warning that it has happened, so the machine doesn't keep sending a flood of spam for weeks. With no outgoing packet control on PC or router, there is no way for the average home user to know what his machine is getting up to.
Agreed, there's little need for an outgoing firewall for Linux, though the restriction of packets in and out to those known to be necessary is never a bad idea. *nix may not (yet) have viruses spread by users, but it certainly has had worms, and I wouldn't be surprised if many Windows viruses now look around the network to see if there are any *nix machines running on it.
I also expect to see many more closed-source applications, mostly games, running on *nix in the future, and some of them could well contain what the AV vendors like to call 'potentially unwanted programs'. Not actually keyloggers as such, but things which might log and report on web browsing or downloading. There's a lot of (financial) connections between legitimate software publishers and legal but aggressive and unethical marketing companies in the Windows world, and we can expect some spillover as Ubuntu and other distributions appeal to people like the OP.
-- Joe