Shoot the media
A few people have been sending me links to articles this past week about the Conficker malware (whether you call it a worm, virus, or whatever). All of the articles make it out like it's the worst thing in the world, that it will destroy civilization. Usually, I have to stop reading well before the end of the articles, as my blood has already reached the boiling point from the outright lies being told.
Making people aware of malware is good, but lying and/or purposely playing on people's fears helps nobody (I've even heard people claim that this is an attack by Al Qaeda to funnel money from everyone's bank account, launder it through multiple offshore banks, then deposit it into their accounts). But what was with this unhealthy obsession of April 1? What, just because the worm was set to do something different today? Guess what, people? EVERY DAY could be the day this malware becomes destructive. To think we're "off the hook" simply because a single day has come and gone is ridiculous.
Simply put, today was no more or less dangerous than any other day for this or any other piece of malware. Watch where you go and what emails you open, keep your system (all software) up-to-date with the latest patches, use a firewall (preferably hardware), and use antivirus (though antivirus, reactionary by definition, has become pretty meaningless in today's environment). Do that no matter what OS you use (no, OSX and Linux are not un-exploitable, so you are not immune). Put another way -- use common sense. To be even safer, use Firefox with Adblock Plus, Flashblock, and NoScript. And if you think your system is infected with something, get it looked at immediately. Period. Don't let the current date or any media hype sway you in any way.
I've been online since 1992 (BBSs from 1992-1996, and the Internet from 1994 to present day), and I've only only been infected once. That happened within this past year because I wasn't paying attention when I clicked on a link on a Google search results page (for the record, I was searching for "set-cookie"). Simply visiting the page, no further action required, got me infected. That's what convinced me that I needed NoScript. But that's the only time I've ever been infected in 17 years. Use common sense and caution, and you have little to fear.
Now, if we could sandbox browsers (and the apps/plugins when called from browsers), we could drastically cut down on infections, but that would require a radically new way of thinking about security. Perhaps it's time we started thinking about only allowing whitelisted software.