(Sorry for the top post. Mail client is being obnoxious.)
Why? The prevalence of malware for a given OS is going to, generally, be a matter of most return for least work.
If you're writing malware to steal credit card numbers, say, you're much better served writing it for Windows than you are OSX or Linux,
even if it were slightly more difficult to do, because that will get you the largest number of card numbers, simply because more people use
Windows. It's generally safe to assume that malware writers want to target as many machines as possible, thus they will focus on Windows, reg
ardless of the relative ease or difficulty of the other platforms.
There is no reason to believe that the platform distribution of malware would have a linear relationship with general usage rates or ease of
exploitation, given the motivations and methods involved.
--- Harrison
Really? I'm positive that there are far more credit card numbers stored on various flavors of *nix systems (web servers) than windows systems. And you only have to crack one to get a plethora of credit card numbers.
If both flavors were equally easy to exploit, according to your theory above we would see more exploits on the *nix servers. Yet server-side exploits are seen on Windows servers far more often than *nix servers, despite the fact that more web pages are served by *nix servers than Windows servers.
I'm really surprised to see this "Windows is more popular, that's why it's exploited more often" misinformation being spewed on a technical list like NANOG. I thought people here had more clue.
jc
I suspect the *real* issue is that for really large systems, it's not so much
"exploits" as "one-off customized attacks". The chances of pwning Bank
of America with an off-the-shelf attack are pretty low - but finding a blind
SQL injection and leveraging it are a bit higher.
And given all the 'XYZ got pwned' news stories, I suspect that in fact
the *nix boxes *are* being attacked - just not with COTS attack tools.
JC Dill wrote:
I'm really surprised to see this "Windows is more popular, that's why it's exploited more often" misinformation being spewed on a technical list like NANOG. I thought people here had more clue.
I don't think a individual opinion is representative for the whole 10000+ (?) member list. Besides there were very knowledgeable people expressing the opposite view.
And this is a network operators list. I figure the subject of operating system security is less prevalent on here than it would be on a systems administrator list (is there one like nanog?), and compared to, say, IPv6 
For the record I too do disagree wholeheartedly with the "Windows is more popular, that's why it's exploited more often" sentiment. It is patently untrue which others already explained rather well.
Greetings,
Jeroen