So what happened to the script kiddies? I get that from a business perspective it makes little sense to go after any OS but Windows. But that has nothing to do with script kiddies; writing viruses to randomly delete files or cause other low- to high-end mischief never had a profit motive. Is breaking windows and petty vandalism no fun anymore? Did Windows and the security industry make it so spreading viruses takes more than what SKs have available to them? Did a lot of the time and interest get bled off to open source projects from Linux to FF extensions so the interest has waned? Have idle malice’s targets shifted to DNS and assorted attacks on Web sites and the personal havock-causing virus is passée?
I guess I understand that in 1994 there were so few Macs online (and aside from differences in security) that exploits and viruses wouldn’t have been able to promulgate–though then again I don’t understand why PC viruses were common before the Internet when critical mass wasn’t an issue. But without understanding where the SKs went, I don’t see why there aren’t lots of malcontents writing Mac viruses just to piss off Apple fanboys. It’s not that it’s impossible, I just don’t understand where the undercurrent of destruction flowed off to.
This is two years old and data-center centric, of course. It does reflect what you see when you get out there, though - and in general business use Windows servers are favoured more heavily than that.
No its idiotic and unsupportable unless you force software to all be made in 10 different OS versions or be platform independent which would effectively crush small developers who have excellent single platfom applications that lack the resources to build and support other OS versions. What happens when your computer dies and you need another mac because you have $17,000 worth of mac video editing software that you use for your video production business. Sorry sir there is an 8 month waiting list so as not to exceed market share
Nobody is forcing anyone to run a certain platform. if you want Dos 6.22 on a PC someone will be willing to load it for you. I would be the first one to admit, if Apple backed off on the lawsuits, MacOS would explode overnight but it would not be on Apple hardware. The reason MacOS is the narrow market it is, is because Apple wants it that way.
Linux is still around 60%. Usage share of operating systems - Wikipedia of all servers, which is also what a head honcho from Microsoft has said publicly. So, windows may be used more in data centers but linux is hardly obscure. Where is the malware?
You will note how that number is arrived at, though:
[quote]
Notes:[ul][li]W3Techs survey in August 2011 checked the top 1 million Web servers (according to Alexa).[]Security Space survey in August 2009 checked 38,549,333 publicly accessible Web servers.[]Netcraft SSL survey[56] in January 2009 also checked 1,014,301 publicly accessible Web servers, but the survey is only valid for SSL Web servers and it is not a good measure for our purpose.[/ul][/li][/quote]
Of course if you limit your scope to web servers, you’re going to have a number which is dominated by Linux deployments. This is my preferred platform for rolling out a web server, too - because it gets it done admirably, and is very budget friendly. If you just want a box to sit there and serve up HTTP requests, it makes no sense to splash out for another Server 2008 license.
Note also that the Netcraft survey of web servers referenced in the notes found that Windows had a higher share than any other OS category, with a slight advantage over Linux. Why do you suppose this disparity occurs where the utilization of SSL indicates that this subset of servers is specifically concerned with establishing a secure connection?
As you would expect, it presents the most problem on the platform that presents the most attractive target, according to the numbers. Yeah, that’s Linux/Apache. Bear with me, here.
Much has been made of a Google security report from 2007 that found that, as a vector for malware distribution, IIS seemed to be the popular choice, as the split of malware between Apache and IIS (worldwide) was virtually equal, in spite of the dominance of Apache as a web-server. This lead to a lot of clucking about how IIS was twice as likely to host malware than Apache. (“Aha!” you say, “just as I thought!”)
However, if you look at the report itself, you’ll note that the weight on the IIS side is* entirely from China and Korea*, where it is usual to run unlicensed, unsupported, un-updated and unpatchable copies of Windows Server. All other countries represented show IIS as responsible for a share of malware which is proportionately considerably less than the server distribution, which may suggest that IIS (running on a legit system) is actually in the obscure sense more secure than Apache. (Again, not necessarily because it is more vulnerable, but because there is a greater benefit to the bad guy to work on exploiting its vulnerabilities.)
That said, I still choose to deploy Apache in most cases, because its benefits obviously outweigh this concern if I just want a basic webserver and I don’t want to pay through the nose for it.
Which is why I disagree with your statement “if an operating system were more secure, everyone would be migrating to it on masse.” There are a lot more things to consider than just security.
Sorry, I missed this earlier. A proper virus propagates by appending itself to executable files. Because they were carried from machine to machine on physical media, they had good opportunity to find similarly vulnerable machines. When this was the most common method of distribution, a smaller market share didn’t provide the same sort of immunity.
That’s why my statement was a bit more qualified than that… but to make the same point while avoiding the complication of other necessary considerations about changing platforms, let’s just say “If Apple (or Redhat, or whoever) utilized security strategies which could scale up to provide a significantly more secure platform, Microsoft would shamelessly rip them off and implement those strategies for Windows.”
If you’re just looking at actual vulnerabilities, OS X is in the same neighborhood as Windows. If you’re looking at the typical window of vulnerability, MS performs better. (Arguably because they have to, while Apple can afford to take their time about releasing patches, because there’s’ not a lot of pressure from people actually exploiting them.)
Topically, Apple released the third update for 10.7 just a couple days ago, (incidentally getting around to patching some cross-platform vulnerabilities which MS patched three months ago) and many users are reporting that the update has the unfortunate side-effect of causing every application to crash consistently.
No big deal - but imagine the howls and declarations of shameful incompetence if this happened on an OS that was a bit more prominent.
Not really. Linux is “Unix-like.” “Linux Is Not UniX.” “Gnu is Not Unix.”
You mean, like the introduction of UAC in Vista? I think they already did.
Unrelated to this thread, but just for the record, I doubt it’s that frequent of an issue. I know of four people that upgraded (including me, on a desktop and a laptop) and none of us had those problems.
By the way, something I noticed again yesterday, so I’ll just throw it out there: a neat security feature that I think Windows should emulate from Mac OS X. On my Mac at home, if I download a program through my browser and install it, the first time I run the program I see a message saying “this program was downloaded from the Internet, are you sure you want to open it?”
That’s been present since XP - though the wording is more like “While programs downloaded from the internet can be useful, this type of file can harm your computer. Do you want to run this file?”
Oh, I would never pretend that it was anything other than what it is - hence the “no big deal.” This sort of thing happens, and the bigger the user base, the more people are affected. (Similar problems with the simultaneous rollout of the update for Snow Leopard.)
That distraction aside, I mentioned this update because it patches 19 vulnerabilities which could allow arbitrary code execution, and speaks to the OP’s original question.
You know what, you’re right! I don’t install software nearly as much on my Windows machines (I only use Windows at work) and it does do that sometimes, though when I tried it on two downloads it did it for one and not the other?!?
I guess I forgot because for Windows, it happens when you run the installer for a program, whereas on the Mac, you run the application itself directly because the installation is typically just a “copy this .exe file to the applications folder”.
Windows Server 2008 takes this idea far enough to actually be a little annoying. All executable files that are copied from the internet or across a network automatically have an attribute set: “Block execution of this file.” No easy-to-accidentally-click-through dialog box for you - it’ll just flatly say “You do not have sufficient privileges to open this file.” If you don’t know that you need to right-click the file, select “properties” and uncheck “Block execution” before you try to run it, you’re not trusted to correctly answer a “yes” or “no” question.
Yes, what I meant is that the file you download is usually an installer for the program and not the program itself.
Though, like I said, I just tried it with two programs I downloaded, and one of them did not show the message when I double-clicked on the “installer.exe”. I wonder why that is?
This logic is getting a little too circular for me to care about anymore. But a few points…
I just now got a chance to look at that and I don’t know what this is supposed to prove. It is basically a survey showing how long it takes for different operating systems to issue patches. Turns out microsoft is the quickest and Red Hat was second, but all of Red Hat’s patches were for third party applications and all of Microsofts were their own. Red Hat had no vulnerabilities but issued fixes for third party applications. Windows did have vulnerabilities. This proves… I dunno, doesn’t it kind of show windows to be less secure?
That’s from 2009, but they apparently don’t have anything newer. The numbers from the survey were:
Windows - 41.59%
Linux - 41.02%
Windows having a higher share than any other OS category may be technically true but it’s a rather bold statement given the difference is only half a percent.
But if you click “Analysis by individual operating system” you’ll see that out of windows’ numbers, all but 4% were running Windows Server 2003. This is 11 months after server 2008 was released.
I think this goes against the idea that if Linux were more secure, everyone would migrate to it. People get the systems that are popular or that management has heard of and they stick with it. When components die, they replace them with the newer version of what died instead of hiring people who know a new system and can integrate it with the systems they’ve been using for years. That’s why the vast majority of windows SSL servers were running Server 2003 a year after Server 2008 had been released. How are they going to migrate to Linux if they can’t even migrate to the current Windows?
If you go to the main page and look at the graph, you’ll see windows making a steady decline and Linux making a steady gain until they practically tied at the time of the survey. If the trend continued, it would be safe to assume Linux has well overtaken Windows by now.
It shows a long term decline in windows usage, a steady rise by linux. Isn’t that kinda the opposite of what you’re arguing?
My main point is that Linux is not more secure because it’s obscure. Half (of more) of the internet runs on Linux, making it a really attractive target.
You’ve steered the arguments toward IIS being as secure as Linux, but IIS ain’t Windows. Granted, it’s the closest thing Windows has to compare with linux, but you’re comparing the most secure thing microsoft has against the only thing linux has and declaring them equal. Ok, maybe they are, but by definition, that must mean the rest of microsoft products are inferior to linux.
In 2010 there were 4 new Windows viruses per minute and 0 for Linux. No one thought to make a single one that targeted half the servers on the internet?
Yes, I encounter this sort of thing very often too. This behavior is precisely the type of thing that supports my earlier argument that Windows does not have “baked-in” security features like Unix and Linux. Yes on the surface of things Windows has some sort of annoying popup that you click through. But very often it does not appear. My hypothesis is that this symptom comes from the same fundamental design rot that allows hackers everywhere violate Windows at will.
Just this afternoon I was at work installing Ansys Fluent on my Win 7 workstation. If I double click on setup.exe then accept the UAC popup, then follow the typical prompts, I obtain a, *get this * partial installation of Fluent ( I mean wtf?). But! If I right click on setup.exe then Run as Administrator the accept the UAC popup and follow as normal, I get the proper installation.
How is this kind of shit even possible? But it happens. And a million little variations of this kind of inconsistent behavior pervades Windows. You honestly cannot say with a straight face that Windows was designed with security in mind. Saying that it has security attached like a post it note is being a little too generous, a little too British overstatement .
.