For a good rundown of how the Melissa virus affected the Federal Government, try this article from Federal Computer Week.

While the press has played up these stories, there is one important aspect they have rarely mentioned. This virus phenomenon is entirely a Windows phenomenon. Non-Windows systems are not affected.

Why are Windows systems so vulnerable and other systems so immune?

• The uniform Windows environment is as perfect for computer viruses as monocrops are for plant diseases and crowded populations are for animal and human diseases. Every computer is a potential carrier and a potential victim, and they are all exposed to each other.

• Tight integration of Windows products. Microsoft is tying all their products closely together into an integrated whole. Data is transferred from module to module without user intervention. This has the dual benefit of making things easy for the user and locking out all competing products.

• Tight integration between computers on a Windows network - for the same reason as tight integration among Windows products.

• Powerful imbeded "integration tools", such as macros and Visual Basic for Applications (VBA) can be imbeded in documents and are allowed to run without notice and can access all system resources without restriction. These are perfect hacker tools that exist only for Windows.

• Active X mobile code, which can be picked up and run just by visiting a Web page. Active X controls can have total access to system resources. Active X runs only on Windows systems.

• Very low security settings. All Microsoft products default to the lowest security settings (or no security whatever in the case of Windows95 and Windows 98). Effective security settings conflict with "user friendly" and "totally integrated", Microsoft's two primary objectives. Turning off automation features is made difficult and inconvenient because doing so goes against Microsoft's integration goals.

• A myriad of bugs and security holes that can be exploited by hackers. Microsoft's products are chaotic in structure and rushed to market with little attention to security. New holes are found every week and posted on both hacker and security bulletin boards. Any system who's administrator is not monitoring security sites and installing all the patches and fixes is at risk. This is practically a full time job.

• Easy to use hacker tools and virus kits for Windows are easily available on the Internet and easy to use even for the semi-skilled would-be hacker. Hacker tools for other systems require very considerable skills.

• Out-of-date anti-virus software. New viruses appear every week. This didn't use to be much of a problem because they didn't spread efficiently. That has changed, and anti-virus software now needs to be updated weekly to be effective. Viruses are possible, but difficult to write and almost unknown for systems other than Windows and Apple Macintosh.

• "Dumbing Down" of administrative personnel. Where at one time a system administrator had to really know what s/he was doing, most today are Microsoft trained "point and click" artists with no real expertise.