vulnerability and popularity (was: EBAY and AMAZON)

On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote: > If popularity were the measure of relative OS security, then we would > expect to see infection rates proportional to deployment rates I don't buy that premise, or at least not without reservation. The OS market happens to be a superstar economy. On desktops and laptops, which still happen to be the majority of devices, the overwhelming winner is Windows. Therefore, if you are going to invest in any product for which you want ubiquitous deployment, Windows is the first platform you aim for. You only aim for the others if you're chasing a niche. There is no reason whatever to chase a niche market if your goal is spewing spam, collecting credit cards, or whatever. Perhaps fortunately, we're about to have an empirical trial of these different possibilities. If the above analysis is correct, then we should expect malware targetting iOS and Android in about equal proportions as those sorts of devices displace laptops and desktops as the majority (though there will be some bias and therefore lag in favour of Windows just because of the fact that people already have tools and techniques built around Windows). If you're right that the primary issue is the fundamental security of the target, then perhaps we will not see that pattern emerge. Best, A -- Andrew Sullivan Dyn Labs
I'm not sure the iOS/Android situation provides a great emperical test, either.

Where a duality exists... (or something aproximating one), the security situation may
play a massive role in determining what platforms malware authors target, whereas
when one platform has a massive majority, the security environment likely plays a
very small role in what platforms will be targeted.

An added issue is the difference in how people use mobile devices versus their
"stuck to desk" counterparts. They may have less useful information or behave in ways
that are easier to exploit when using a mobile device than they would on their PCs.

Interestingly, from the persective of a malware author, the user-level isolation
provided by the *nix variants may make much less of a difference than one might
expect. Presumably, they're interested in either stealing information, or sending spam.
Neither one of these activities requires administrative access. Presumably *most* users,
on Windows or Linux conduct the majority of their online transactions from a single
account. An exploit that gives them control of that user account is just as damaging, in as
far as short term stealing your information (or opening network sockets) is concerned,
as gaining root or administrative access.

Considering that, combined with the fact that it's rarely Windows itself being exploited, but
the applications and plugins themselves, it seems more likely that a change in dominant
platform would be more likely to result in multi-platform payloads. The basic targets would
probably still be the browsers, plugins, etc, which would presumably exist on most/all of
the platforms involved.

That being said, I've rarely seen a *nix machine trashed by malware or exploits to quite
the same degree as Windows hosts.

--- Harrison