Great got a conversation going Purpose of creating thread successful. *happy*
Well...now correcting bad terminology, I am sorry but yes ant2ne you are right, I meant general malware, not specifically viruses. That is my mistake for using the wrong word.
But to unspawn well...you sure picked my argument apart XD I will try to address every issue you have stated so far to the best of my understanding.
The reason I specify this is because generally this is blamed on faulty programming which allows the malware to exploit the fault and do what it is meant to. An example could be a machine whose root permissions are accessible by a malware even though the OS tried to limit root access.
Exploits and shellcode are code, just like malware is code, if a malware is coded to take advantage of an fault it will, doesn't matter if it is an exploit or a malware it depends on what the code was written to do, this is generally called the payload.
But the packaging method does actually make it more dificult for a malware to spread within the Linux community. The reason is the same as why programmers need to package their software with different packaging methods depending on which linux distro they want to install their program. If I download an rpm package on Ubuntu it won't work, because it uses a deb packaging method. While windows generally uses the exe packaging method. Even the shell commands used in different distros are different, therefore even malware written in shell script won't fully work on all distros. The distro has to decode the package to manage to read the clear binary, therefore if the malware is packaged with a certain method it cannot infect, or install, itself on distros which use a different packaging method than itself.
All commercial PCs come with windows, most PC users won't have even heard of linux. In my IT course there were people who had no idea what linux was until we had to study it. During my CCNA course the lecturer had to take a whole lesson to explain to almost half the students what the apache server was and how linux played an important part with servers.
Considering all of this most people would rather have a member of family, or a friend, or a usual technician on who they always call to service their PCs, not even understanding how it works.
Then assuming there is another percentage of PC users which are more aware of their choices of OS, they would rather not switch because they wouldn't know where to start with linux, they can barely take care of their windows machine, and are also still learning. They may find that using terminal often is not for them. And/Or they may just not want the change.
But to those who actually do the change and install a linux distro on their own machine must have researched the pros and cons, must have understood the technical jargon used to describe their differences. They are making a change knowingly thus must have some adequate knowledge of IT to keep their machine relatively clean, compared to a grandma who is just learning to send emails to her grandchildren.
If you disagree with this please explain how.
I will break it down again....it simply means that which ever OS the malware is targeting if the signature is within the AV database, or through heuristic scanning the malware WILL be detected. The OS matters to the purpose of the malware, yes, but it doesn't affect its detectability by an AV. This is what I meant if you didn't understand it initially.
Since Linux distros are so good at keeping malware out, and if it doesnt come in, it is also good at keeping the malware from running with root permission, it is highly unlikely that a malware will manage to damage your box anytime soon. Therefore realtime scanning can be unnecessary in terms that you CAN wait until a scheduled or manual scan if you so wish. Obviously any extra such as realtime and a good firewall etc... would be helpful, but maybe not necessary.
You are also right that we need to keep the OS updated and have sane browsing and software habits, but to me an AV is part of "securing and hardening" my box.
And also IMHO we shouldn't focus on any particular aspect, but we should see the security of our PCs as a whole. I made this thread with this focus simply because I was tired of people claiming Linux is impossible to get infected, when most of them don't even know how it works.
I hope you understand.
But in all exploits there will always be a payload, which is generally (not always) in the form of a malware which could be blocked by an AV.
As I said to unspawn my aim is not about the AV ruckus, but more towards the full security of the system, AV included.