And when using a *nix based system (linux, unix... including mac osx), you should never ever work as an admin user, aka root. The main reason why there is less virus on Linux, contrary to windows is not because there is less people using it (in fact, it is way more valuable to target linux, as its main user is $$$ company, 99% of server run linux, so way more profitable to get into a server that into random joe computer), but more because how the user / admin (aka root account) work. When a normal user account try to execute a program, the program is very limited in what it can do to the computer. Except if there is a major security flaw that allow privilege escalation, the apps cannot do absolutely nothing harmful (like a total sandbox, the apps is limited to the user directory. Normally, each service run as its own user to even enforce more the security). And on linux, 99.9999% of apps should be run as normal user. Mac osx is the same concept, except that the root / normal user separation is less clear. It is more easy for apps to get privilege escalation.
On windows, even if you are a regular (or admin user) and execute the apps, the apps still got way too much privilege (and privilege escalation is pretty easy to do on windows). But still, if you use a normal user (no admin privilege), and then don't run apps as admin, keep UAC on, even if the program get more privilege to a Linux user liking (like me), it is still more secure. The virus may still do some key logging, or encrypt YOUR PERSONAL FILE (c:/user/YOUR_USER_FOLDER), or to some extent program file repertory, but at least, other user on the same machine should be safe, again to some extent, depending if there is shared file / config between apps and user. At least, the /system32 folder and /windows folder should be keep safe, but again, to some extent, considering that on windows privilege escalation can be done easily. But normally, most privilege escalation attack type should be spotted by almost any BB or maybe even some HIPS (not sure if HIPS tough), even free Avast and Comodo. As for your personal file that may be at risk, using some sandbox, and only make one folder available to the apps should make it safe. For example, if you are using some cracked software like Photoshop, then you sandbox it, and allow only access to a project folder. Then you may scan the project folder each time you want to retrieve some project, and copy the project elsewhere. Same for browser Download folder for example. Linux privilege layout is like a Windows + Sandbox feature by default running as normal user, except without using virtualization technology as a sandbox environment would do.
This is why in school and big enterprise, windows is more secure ; as it run a directory service (active directory), aka a domain in windows jargon, they have way more fine grain control over user privilege. Not as secure as Linux + ACL, but way more safe than windows with normal user. So in a windows domain, user account is "almost" as restricted as on "linux", but ONLY if directory service is correctly configured to enforce security policy. But then there is still problem of privilege escalation, thus they still need some antivirus WITH A proactive protection.
So, if we exclude the abnormal number of way of escalation privilege on windows (thus the need of a proactive protection), the problem with windows is user / apps privilege policy. On Linux, everything is heavily restricted, on windows, its the other way. One reason is by design ; since windows is run by random Joe, they want it to be friendly, and not require from random Joe every time he want to do something to play with privilege and policy, it just need to work. Thus, instead of restricting everything, they are more open, so most apps run without much trouble, with UAC kicking in from time to time, and an apps or two giving a pop-out for admin privilege. But the policy is not so strict it, so random Joe with no technical skill can use the computer easily without having to mess with policy.
This is how some security apps work. For example, Appguard and ReHIPS, except if I am wrong (but from what I read from their webpage), is a security solution that simply enforce apps policy at run-time, and from some windows API, check if the apps respect or not its policy. Since policy are set, apps is limited. And if it try to do anything outside what the policy allow it to do, 2 thing happen ; since policy are set, it fail to do what it want. And from windows API, Appguard and ReHIPS detect it and then kill the process. This is the reason they require no update, and take almost no cpu, but they are still secure against any kind of threat. The threat is just totally contained by policy, and then monitored against those policy. No need of scan, no need of artificial intelligence or machine learning algorithm, just an oldschool rulebook the apps must follow, with a police officer that check if the apps respect the rulebook. Simple, but yet VERY efficient ; secure and lightweight. But still, i am not 100% sure of what I said here. Someone more with more knowledge about Appguard and ReHIPS may need to confirm this.
