Linked by David Adams on Mon 6th Oct 2003 19:34 UTC
Bugs & Viruses It's an oft-repeated maxim that one of the reasons that Windows operating systems are plagued by so many viruses, worms, and security exploits is because they are so popular. Extrapolating on this, many have remarked that if Linux, MacOS, or other OSes become more popular, they will attract the attention of virus writers. That may be true, but the increased attention will not necessarily yield the same quantity of viruses and other exploits, says a Register article. Update: Rebuttal article.
Permalink for comment
To read all comments associated with this story, please click here.
Popularity != Vulnerability
by Will on Mon 6th Oct 2003 21:14 UTC

However, Popularity == Exploitability.

The classic "network effect" comes in to play here.

Simple example is the first Internet worm. It can be argued that all Unixen running from similar sources suffered the same exploitability that the worm used, but since it was something that was machine specific, no machines other than Sun machines (I believe) were directly affected.

Also, popularity affects the ability to spread, particularly if it's just randomly spawning attacks. If 90% of the machines I ping happen to be Windows boxes, then a Windows virus has a 90% of being able to start propagating right out of the box.

Next, high popularity means high availability to the authors, as well as a large knowledgebase to work from. I'm sure some crafty hacker can come up with something vile that affects TCP/IP enabled C64s, but it also requires, if nothing else, that the author has access to that system in order to create the exploit. Since I haven't seen anyone argue that these virii and worms are State sanctioned, that means the authors are essentially "hobbyists", and will use the system at hand.

Finally, since again these aren't necessarily directed attacks from one entity to another, the motivation seems simply to be notoriety. Mad Hackers will get more out of something that had wide range affect rather than something more restricted.

None of these arguments address the exploitablity of a system. If everyone was running a very secure system, there would still be motivation and means for someone to find an exploit. For example, how vulnerable is, say, BeOS? I don't know, and it really doesn't matter because it's so obscure.

The biggest problem, of course, is that through a long history, the most popular system also happens to be extremely vulnerable. That plus historically, folks have not had to consider security as a primary element of their computing experience.

For example, many packages on Win2K require "root" to simply install, and in one case, Warcraft III, I could not even run the game unless I was Administrator. So to lower the entire Pain In The A$$ factor of the computing experience, it is easier to simply log in as Admin and stay there.

On my old NeXTStation, it was easy to NOT have to log in as root, so I never did. If a consumer oriented program needed root (few did anyway), it asked for the PW at install, installed as root, and plopped me back into my user login. Win2K has something sorta kinda like that, but it doesn't work well, and software makers don't seem to test with it.

I'm sure I'm not the only one out there running my Win2K in Admin mode 24 hours a day, ripe for the picking if not for other measures.

These bad habits, both from users and coders, along with zillions of lines of historical code written in more trusting times come together to form a ripe target for those motivated to infiltrate and cause havoc.