[LINK] Re: Windows XP versus Vista

Craig Sanders cas at taz.net.au
Sat Jan 26 08:35:08 AEDT 2008 

On Sat, Jan 26, 2008 at 12:55:46AM +1100, Scott Howard wrote:
> On 1/25/08, Craig Sanders <cas at taz.net.au> wrote:
> >
> > Windows doesn't have more viruses, more exploits, more malware because
> > it is the most common operating system. it has those things because it
> > is crappily written, insecure software and because microsoft don't give
> > a damn about security and never has.
> 
> 
> And you can sight references for that of course?  Or is it just an opinion?

somebody posted numerous URLs just last night.

and no, it's not just an opinion.  it's fact.


> The two biggest reasons why more viruses, malware, etc, exist for
> Windows more than for other platforms, IMHO, are (in no particular
> order) :
>
> 1) Market share.

this is the Fallacy of Ubiquity.

> A virus which can infect "one-in-a-million" Linux workstations is not
> going to get very far.  A virus which can infect "one-in-a-million"
> Windows PCs has a far bigger target audience.  If you were writing a
> virus - ignoring all other factors - which would you write it for?
> Virus/Malware/etc today is almost entirely about money - and money
> comes from quantity.

here's another silly Market Share/Ubiquity example that completely
ignores the relative difficulty:

police are far more likely than ordinary citizens in this country to
possess guns, at least while on duty, therefore criminals steal all
their guns from on-duty police officers.


yes, of course that's a a stupid argument (just like the fallacy of
ubiquity). that's because it's *much harder* to steal a gun from a cop
than from an ordinary citizen or even to buy one on the black market.
so much harder that it basically doesn't happen except in very rare
and exceptional circumstances, where some other factor (like injury or
unconsciousness) makes it possible.




> 
> 2) Clue level of users.  If you take the "IT clue level" (for some

Cluelessness contributes of course, but Windows doesn't have a monopoly
on clueless users.  The average Mac user, for example, has no more of a
clue about computers and technology than the average Windows user.

there are technically proficient users of both Mac and Windows, but that
makes little difference - they are in the minority in both cases.  more
importantly the proficient Mac user can honestly and confidently say
that they have secured their computer.  the proficient Windows user can
not.


> definition of that term) for the average (or even better - median)
> Windows user, and compared it to the "IT clue level" for the
> average/median Linux or Mac user, which do you think will be higher?
> If the median Linux user gets a flash-initiated pop-up saying their
> computer is infected with Malware and to click here to remove it - do
> you think they would do it?  How about the median Windows user?

the point you're missing is that it wouldn't matter at all if the linux
user did click on it.

in any case, any "security" system that relies entirely on the user not
doing dumb things is completely broken.

not that users have to do dumb things on a windows box to get their
machine infected - all they have to do is visit the wrong web page with
IE (or, with a bit less risk, firefox...it's more secure than IE but
cannot completely compensate for the flaws of the underlying operating
system).

users don't even have to visit a virus-hosting web site.  cross-site
scripting attacks can see them get infected merely by visiting a known
and trusted forum site.


> I'm not saying there aren't clueful Windows users out there, nor
> clueless Linux/Mac users, but for the moment at least the Linux/Mac
> camps are much more top-heavy than the Windows camp.

all that shows is that clueful people gravitate towards quality
operating systems. doesn't that tell you something?


craig

-- 
craig sanders <cas at taz.net.au>

BOFH excuse #44:

bank holiday - system operating credits  not recharged

More information about the Link mailing list