The lack of viruses for Linux has little to do with any sort of alleged innate security or the competence of its user base. Trust me, with a little social engineering it’s just as easy to get a single-user sysadmin to install an infected package as it is to get a Windows user to install an infected MSI.
That's not a virus, that's tricking a human to run a trojan. One can trick an old lady into giving up her ATM card and pin, and the location of her purse. That's doesn't make the security of a bank equivalent to her purse.
However, desktop Linux is such a tiny part of the marketplace today that it’s not worth it from a virus writer’s perspective to waste time on a Linux variant of some trojan. This is especially true if you’re writing a worm distributed via email; yes, you *can* write an OpenOffice worm, but why bother with all that effort when it’ll only pwn a tiny handful of boxes? In fact, the *density* of targets is so low that you can’t even achieve reliable viral transmission; even if you succeed in getting your virus onto one Linux box, the likelihood of it successfully *finding* another Linux box to spread to is very, very low.
Oh, right, you don't know about BlackICE Defender. BlackICE was a nifty little personal firewall built to fend of script kiddies back before such things were common. I myself ran it, but it had virtually no awareness in the general computer using public. Yet in 2004 someone still went to the trouble to write a worm that only infected systems running that software, estimated to be about 10,000-12,000 worldwide.
In fact, the *density* of targets is so low that you can’t even achieve reliable viral transmission; even if you succeed in getting your virus onto one Linux box, the likelihood of it successfully *finding* another Linux box to spread to is very, very low.
The aformentioned worm infected virtually all 12,000 hosts worldwide in less than one hour.
10,000-12,000. By way of comparison, the number of Linux desktops in the elementary and secondary schools in Brazil alone exceed 20,000. The French Parliment is using Linux on its desktops, (Yeah, France, I know...) Amazon.com uses Linux on its desktops. Novell is unsurprisingly running Linux on their desktops. And thats just some desktop numbers.
According to Netcraft, Linux is the OS running on four out of ten of the most reliable Internet hosting companies (incidentally BSD, another free Unix like OS with four of the ten has been making significant gains recently... Windows server is one of the ten) Google's servers run Linux. Amazon.com runs Linux, the servers that host Freerepublic.com run Linux.
People that say Market share and therefore "worth" to the virus is the reason that vulnerabilities in Linux aren't widespread are only demonstrating a fundamental lack of knowledge of the number of internet facing Linux servers that would reap the malware writer rewards several orders of magnitude greater than Windows desktops if they could only be exploited.
So the only reason there isn't a worm or two running around pantsing Linux is that NOBODY has even tried to write one?
That's not a virus, that's tricking a human to run a trojan. One can trick an old lady into giving up her ATM card and pin, and the location of her purse. That's doesn't make the security of a bank equivalent to her purse.
How do you think most malware gets onto a system in the first place? "Click this link!" "Read this e-mail!" "Watch this video!" The vast majority of malware on people's systems got there as a direct result of some unwitting action on the user's part.
Yes, the occasional virus pops up every now and then that exploits a genuine security hole in the operating system itself, or in a commonly installed package. If you think such holes only exist on Windows systems, you might want to patch your system.
But that's really not the point. It doesn't help to prove that desktop Linux is intrinsically more secure if you try to use semantics to limit the discussion domain. If you look at the malware that's out there in the wild right now, it got there largely by the user downloading a file or clicking a link. And if you clicked any of the above links in my previous paragraph, you've proven my point that clicking potentially dangerous links isn't restricted to naive Windows users.
I don't know what distro of Linux desktops the Brazilian kids or French parliamentarians are running. But if their users use web browsers with plug-in support, media players, rich email clients, office/productivity software, games, filesharing applications, or chat clients, then they're just as vulnerable to security compromises as any Windows system. Linux is not magic.