nanog mailing list archives
Re: EBAY and AMAZON
From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 13 Jun 2012 07:55:37 -0400
On Tue, Jun 12, 2012 at 11:44:44AM +0000, Jamie Bowden wrote:
While MS may be a favorite whipping boy, let's not pretend that if the dominant OS were Apple or some flavor of *nix, things would be any better.
I've heard this argument many times, and I reject it this time as I have before. If popularity were the measure of relative OS security, then we would expect to see infection rates proportional to deployment rates: thus if operating systems A, B and C respectively accounted for 85%, 10%, and 5% of deployments, we should see those numbers reflected in infection rates. But we don't. For example, passive OS fingerprinting of about a decade's worth of spam-spewing botnets indicates that they are running Windows to at least six 9's, quite possibly more -- which is a markedly higher fraction than we would expect if this hypotheis were true. Windows is not attacked because it's the most popular. Windows is attacked because it's the weakest. (And yes, if it instantly disappeared -- oh happy day! -- the next-most-weakest would take its place, but at least we would have incrementally improved the state of security.) ---rsk
Current thread:
- RE: EBAY and AMAZON, (continued)
- RE: EBAY and AMAZON Hal Murray (Jun 11)
- RE: EBAY and AMAZON Keith Medcalf (Jun 11)
- RE: EBAY and AMAZON Jamie Bowden (Jun 12)
- Re: EBAY and AMAZON Michael R. Wayne (Jun 12)
- RE: EBAY and AMAZON Jamie Bowden (Jun 12)
- Re: EBAY and AMAZON Gary Buhrmaster (Jun 12)
- Re: EBAY and AMAZON Barry Shein (Jun 13)
- Re: EBAY and AMAZON Dave Hart (Jun 13)
- Re: EBAY and AMAZON Barry Shein (Jun 13)
- RE: EBAY and AMAZON Keith Medcalf (Jun 13)
- RE: EBAY and AMAZON Keith Medcalf (Jun 11)
- RE: EBAY and AMAZON Hal Murray (Jun 11)
- Re: EBAY and AMAZON Rich Kulawiec (Jun 13)
- vulnerability and popularity (was: EBAY and AMAZON) Andrew Sullivan (Jun 13)
- Re: vulnerability and popularity (was: EBAY and AMAZON) Aled Morris (Jun 13)
- Re: vulnerability and popularity (was: EBAY and AMAZON) Owen DeLong (Jun 13)
- Re: EBAY and AMAZON Doug Barton (Jun 13)
- Re: EBAY and AMAZON Jimmy Hess (Jun 12)
- Re: EBAY and AMAZON JC Dill (Jun 13)
- Re: EBAY and AMAZON valdis . kletnieks (Jun 13)
- Re: EBAY and AMAZON Jeroen van Aart (Jun 14)