Virus scanners remind me of dung beetles. Dung beetles can survive on elephant dung, because the elephant's digestive system is so terribly inefficient that a great deal of nutritional value remains in vegetable matter, even after it has passed through that digestive system. This odd "defect" in the elephant provides a ecological niche within which a species of insect can survive.
Virus scanners fill a specific economic niche that exists because of defects in software. In particular, virus scanners thrive in those cases where long standing, well known defects in software are never corrected, even though well known programs (computer viruses) have successfully exploited those defects to gain unauthorized access to computers for years. And while viruses are possible under any operating system, there is no economic niche within which virus scanners thrive more than that created by Microsoft.
Naturally, Microsoft would say any such comparison is unfair. They routinely argue that the main reason that their Operating System (OS) suffers so much from viruses is their OS's popularity. They claim that when other OSs get more popular (Linux, for example), they too will suffer from viruses.
To assess this claim, it is important, first, to break down software defects into two categories. Those categories are Design Defects and Implementation Defects. Design defects are, naturally enough, problems in the way programs are designed, and in terms of security, design defects often result in products that are difficult to make secure, even if they behave exactly the way they are designed to behave. Implementation defects have to do with the way the design is implemented, and in general, implementation defects cause the product to behave in a manner that conflicts with its design.
This distinction is important when it comes time to consider correcting these defects. When correcting an implementation defect, the resulting product behavior should be more like what is expected by users as a result of their understanding of the design. If users have become dependent on the defective behavior, it is clear that those users are at fault for depending on undocumented behavior. When correcting design defects, the expected behavior of the product changes. Those users who depended on the old design became dependent because the vendor told them that the defective behavior was what they should expect. When that behavior changes, the users have every right to complain that the vendor has forced them into an unexpected change. For this reason, software companies are often more reluctant to fix design defects than they are to fix implementation defects.
Microsoft does release patches to fix many of their implementation defects. Even if we set aside, for the purposes of this point, the problems associated with their patch management system, it's still important to note that many (if not most) design defects are never corrected. Release after release of their products include the same design defects, all in the name of backward compatibility. Worse yet, Microsoft continues to introduce the same design defects into new programs, as though they are completely incapable of learning from experience. Microsoft has a twenty or more year history of making and repeating these same mistakes. Perhaps the best example of the kind of mistake that is critical to users today is the inclusion of powerful, general purpose languages like Visual Basic into their products to be used as macro languages. Visual Basic was not designed with security in mind, and Microsoft's success at retrofitting security into this language has been questionable, at best. This particular mistake makes it possible for a mere document to have extraordinary capabilities to affect the entire system on which the word processor used to view it is being run.
Microsoft has pointed to Linux as being a likely next victim of virus proliferation if it becomes more popular, but these claims are self-deception, at best. When design defects become well known in Linux distributions, those defects are corrected quickly or the applications in question are abandoned by the user community. You see, in this case, the users have many more choices about what applications they use, and the companies and other organizations that manage common Linux distributions are much more committed to security.
While Linux viruses and worms are not completely unknown, they are far less common. Microsoft's claims that their own virus problems are simply a matter of popularity are wishful thinking, if not deliberate deceptions. The Linux world doesn't saddle its users with serious design defects that linger on through year after year of frequent exploitation by viruses. Microsoft users who depend on virus scanners must subscribe to regular updates to the pattern files used to recognize viruses, else they will fall victim to new viruses that their out of date software can't recognize. These users often must manually direct their systems to download these new virus pattern file. This effort involves just as much trouble as the effort that many Linux users make to download updates to their systems; And these Linux updates usually serve to eliminate the vulnerabilities that have been found in the applications Linux users run. MicroSoft users don't have such an easy option for two reasons: First, Microsoft simply refuses to admit responsibility for many of their design defects, and those defects are never fixed; And, Second, for those defects that Microsoft does fix, their applications are such a rat's nest of ill-conceived dependencies that any give patch you apply to a system may make it completely unusable. The unwary user who applies all patches as Microsoft recommends may find himself reloading his system from scratch to recover from these patches. These ill-conceived dependencies are often the fruits of MicroSoft's efforts to keep their users locked into Microsoft software and their efforts to lend what flimsy credibility they can to the outrageous claims they make in the courts. Since the various Linux distribution do not tend to engage in either of these practices, installing Linux patches is a much safer activity.
A virus scanner company simply cannot make a profit making scanners which look for viruses that infect Linux Systems. For the same amount of effort that a user might undertake to update virus pattern files for the latest viruses, that user can download patches for his distribution that will permanently fix the defects that a virus might exploit, and then it doesn't matter if the user receives the virus. Once the defects are fixed, and virus simply can't do any harm. Ironically, there are actually virus scanners for Linux Systems.. sort of. These scanners don't look for viruses that infect Linux systems; Instead they are designed to be run on Linux systems that serve as email gateways and file servers for Microsoft systems. These Linux based virus scanners are designed to search for viruses that might infect Microsoft systems.
So in the same sense that dung beetles are a testament to the inefficiency of the digestive systems of the animals who's dung they use, virus scanners are a testament to the irresponsibility of the companies that make the software these scanners protect.