-----------------------------
So Witty
Friday, 11 Jun 2004
A brief postscript to the recent security-oriented coverage:
I don’t think anyone would dispute that Windows’s overwhelming market share is a significant factor as to why Windows is also the target of an overwhelming majority of security exploits. The question I’m interested in — and wrote about in “Broken Windows” — is whether this also explains why security exploits against Mac OS X are practically non-existent.
The idea — which is widely-enough held that it probably qualifies as conventional wisdom — is that with regard to attracting security exploits, it is inherent that a monopoly platform will attract virtually all of the exploits. E.g., even if Windows has only 90 percent market share, it somehow makes sense that Windows would attract upwards of 99 percent of all security exploits. And that conversely, the Mac’s 4 percent market share should not translate into a 4 percent share of exploits. The conclusion here being that just because Windows has a disproportionate share of security exploits, does not mean that it has disproportionately more vulnerabilities.
I certainly think there’s some truth here. I can believe that even if all platforms were assumed to be equally vulnerable, the 90-percent-share monopoly platform would suffer more than 90 percent of the exploits. But I don’t believe that this explains the extraordinarily disproportionate share of security exploits that Windows suffers.
For one thing, it doesn’t explain why the Mac previously suffered a number of serious viruses. The Mac’s overall market share has never been all that much higher than it is now. (Apple once had 16+% market share, but that was back in the Apple II era; to my knowledge, the Mac has never had double-digit market share.)
For another, it doesn’t explain the fact that some security exploits are aimed at extremely specific targets, including subsets of the Windows population that are much smaller than the overall Mac population. For example, the Witty worm, released in March this year, was specifically targetted only at Windows machines running specific versions of firewall software from Internet Security Systems.
From Bruce Schneier’s Witty analysis in Computerworld:
Twelve thousand machines was the entire vulnerable and exposed population, and Witty infected them all — worldwide — in 45 minutes. It’s the first worm that quickly corrupted a small population.
(See also: “Reflections on Witty: Analyzing the Attacker” from the MITRE Institute and the International Computer Science Institute.)
My points here being:
> Despite the fact that Mac OS X is relatively secure, Mac OS X users should not grow complacent. Witty devastated a target population vastly smaller than the overall Mac OS X population.> There are factors other than market share that have led to the remarkable paucity of security exploits on Mac OS X. Maybe it’s superior engineering by Apple’s engineers; maybe it’s something along the lines of my “Broken Windows” theory; maybe it’s just dumb luck. My guess is it’s a combination of those three, more or less in that order. But it’s something.
Market Share at Google
Google’s Zeitgeist usually contains a chart listing the percentages of Google users broken down by OS. Their numbers for April 2004 show Windows with 92 percent market share; the Mac, 4 percent:
| % | |
|---|---|
| Windows XP | 49 |
| Windows 98 | 21 |
| Windows 2000 | 18 |
| Windows NT | 3 |
| Windows 95 | 1 |
| (Windows total) | 92 |
| Mac | 4 |
| Linux | 1 |
| Other | 3 |
| (Non-Windows total) | 8 |
Thanks for the additional information.
Even the Witty worm isn't a fair example as a fault of Windows. Witty worm attacked a third party's software not Windows. That third parties security hole was published making the it known to the attacker(s). It was then promptly exploited.
%
Windows XP 49
Windows 98 21
Windows 2000 18
Windows NT 3
Windows 95 1
(Windows total) 92
LOL. Windows ME is down to 0%.
Too true. With the internet, you don't need a large population of targets to make a worm/virus successful. A couple of months ago, there was an attack against a specific home-grade router product. I think the number of potential targets was on the order of 60k devices total. The worm struck, and had compromised 95% of the target devices within a timeframe similar to the quote above. In this case, you should also consider that the target audience for this attack was probably at least a bit more security concious than the average user, as they were employing a hardware-based firewall, yet they were targeted and hit because the opportunity existed.
This idea that Macs and Linux are not virus-ridden petri dishes like windows because the market share isn't there is just crap. It doesn't hold up under close scrutiny. The probolem with windows is windows itself. IT is a poorly designed product that makes it easy for worms/viruses/spyware/adware to hijack a system, then make it as difficult as possible to ferret out the problem so as to repair the damage.
"E.g., even if Windows has only 90 percent market share, it somehow makes sense that Windows would attract upwards of 99 percent of all security exploits. And that conversely, the Mac’s 4 percent market share should not translate into a 4 percent share of exploits. The conclusion here being that just because Windows has a disproportionate share of security exploits, does not mean that it has disproportionately more vulnerabilities."
HACKERS DON'T USE MACS.
Windows is easy to get and runs on cheap hardware - the same hardware on which hackers run FreeBSD or Linux or whatever.