Re: vulnerability and popularity (was: EBAY and AMAZON)

[Aled Morris <aledm () qix co uk>]

On 13 June 2012 13:33, Andrew Sullivan <asullivan () dyn com> wrote:

> On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote:
>
> > If popularity were the measure of relative OS security, then we would
> > expect to see infection rates proportional to deployment rates
>
> I don't buy that premise, or at least not without reservation.  The OS
> market happens to be a superstar economy.  On desktops and laptops,
> which still happen to be the majority of devices, the overwhelming
> winner is Windows.  Therefore, if you are going to invest in any
> product for which you want ubiquitous deployment, Windows is the first
> platform you aim for.  You only aim for the others if you're chasing a
> niche.


I note also that many so-called operating system vulnerabilities are
actually flaws in third-party subsystems like Flash or Java.

Unix has traditionally had a better isolation model than Windows and so
exploits via these attack vectors would be able to infiltrate the Windows
core operating system whereas on Linux or OS-X platforms, the attacks might
technically be more limited in their impact - not that this would be much
consolation to the end user.

Aled