EBAY and AMAZON

• Previous message (by thread): EBAY and AMAZON
• Next message (by thread): vulnerability and popularity (was: EBAY and AMAZON)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 12, 2012 at 11:44:44AM +0000, Jamie Bowden wrote:
> While MS may be a favorite whipping boy, let's not pretend that if the
> dominant OS were Apple or some flavor of *nix, things would be any better.

I've heard this argument many times, and I reject it this time as I
have before.

If popularity were the measure of relative OS security, then we would
expect to see infection rates proportional to deployment rates: thus if
operating systems A, B and C respectively accounted for 85%, 10%, and 5%
of deployments, we should see those numbers reflected in infection rates.

But we don't.  For example, passive OS fingerprinting of about a decade's
worth of spam-spewing botnets indicates that they are running Windows to
at least six 9's, quite possibly more -- which is a markedly higher
fraction than we would expect if this hypotheis were true.

Windows is not attacked because it's the most popular.  Windows is
attacked because it's the weakest.  (And yes, if it instantly disappeared --
oh happy day! -- the next-most-weakest would take its place, but at least
we would have incrementally improved the state of security.)

---rsk

• Previous message (by thread): EBAY and AMAZON
• Next message (by thread): vulnerability and popularity (was: EBAY and AMAZON)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]