[153800] in North American Network Operators' Group
Re: vulnerability and popularity (was: EBAY and AMAZON)
daemon@ATHENA.MIT.EDU (Aled Morris)
Wed Jun 13 08:45:56 2012
In-Reply-To: <20120613123322.GC26088@mail.yitter.info>
Date: Wed, 13 Jun 2012 13:44:54 +0100
From: Aled Morris <aledm@qix.co.uk>
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 13 June 2012 13:33, Andrew Sullivan <asullivan@dyn.com> wrote:
> On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote:
>
> > If popularity were the measure of relative OS security, then we would
> > expect to see infection rates proportional to deployment rates
>
> I don't buy that premise, or at least not without reservation. The OS
> market happens to be a superstar economy. On desktops and laptops,
> which still happen to be the majority of devices, the overwhelming
> winner is Windows. Therefore, if you are going to invest in any
> product for which you want ubiquitous deployment, Windows is the first
> platform you aim for. You only aim for the others if you're chasing a
> niche.
>
I note also that many so-called operating system vulnerabilities are
actually flaws in third-party subsystems like Flash or Java.
Unix has traditionally had a better isolation model than Windows and so
exploits via these attack vectors would be able to infiltrate the Windows
core operating system whereas on Linux or OS-X platforms, the attacks might
technically be more limited in their impact - not that this would be much
consolation to the end user.
Aled
