So, what do we Europeans whip out and place on the coffee table to make a statement?

Not really. Contrary to what people say, there is practically no malware targeting desktop machines and the risk is close to zero. There have been a few select pieces of malware during Linux’ history. But as far as I remember nothing to worry about for desktop users. You need to worry about security if you run a server. And ClamAV and such are mainly for scanning for Windows viruses, so noone else in the network gets infected by files they download from your server.

Do backups, though. Loosing all your files is as easy as running ‘rm -rf *’ in the terminal.

And as anecdotal evidence: I’ve been running Linux for like 20 years and I know lots of people who do. Practically no one I know uses an antivirus. And I know 0 people who got their desktops infected. We had our servers targeted though and the website defaced because we didn’t update the webserver for nearly two years. That definitely happens.

Yeah and as other people pointed out: use software from the package repository of your Linux distribution. That’s the nice thing about Linux and a popular Distro, that most popular software is packaged and ready to install with one command/click. Lately some users have adopted the habit of installing lots of software from random sources. I avoid that unless it’s absolutely necessary.

I’d argue it’s not a defeatist attitude, since they included the proper solution. To “need new laws”. And that’s how we generally do it. We disallow companies ripping off people, despite that maybe providing a better profit margin. We force water parks to implement some minimum standards to prevent accidents, despite not caring about safety would cost them less. I’d argue it’s the same here. Just blaming it on the user isn’t the proper thing to do. It just doesn’t work for the general audience. Yes, you could do the water park inspection yourself, everyone could do some research which one is safe… And following that analogy everyone could get educated and use cash and GrapheneOS. But it’s not the correct approach to the issue as a whole. And it doesn’t really work.

It kind of ties into their argument that it’s more complex than that. And I’d agree. People always want simple answers to complex truths. Could very well be the case that you can’t say if Brave is “the best” without analyzing the threat scenario. Or even after doing that you end up with a list of both pros and cons.