On Thu, 23 Dec 2010 18:42:29 +0000 Wayne Stallwood ALUGlist@digimatic.co.uk allegedly wrote:
On 23/12/10 14:05, mick wrote:
The/only/ reason we do not see the same problems that beset the MS world is that we/are/ a minority. If Linux were running on 90% of all corporate desktops then we would be drowning in Linux malware.
What percentage of say hosting services are running on linux ? A lot more than 1-2%, more than 10% in fact last time I paid attention it was over 50%
Sorry Wayne, you are comparing apples and pears. I was talking about the desktop, not the server base. Sophisticated attackers target the desktop because they use social engineering techniques to gain the first beachhead. And only 1-2% of desktops are estimated to be running linux (though as I said, I think this may be a slight underestimate).
For an interesting view of current attack techniques take a look at Mandiant's M-trends report. You can get a copy here:
http://www.mandiant.com/services/advanced_persistent_threat/
Yet most of the exploits attack platform independent code (like PHP) running on those systems which is equally vulnerable or perhaps even more vulnerable when it is hosted on a Windows system. Compare that to the amount of attacks that target platform dependant flaws on Windows.
Again I think you are talking here about servers not desktops. I agree that the application is what is attacked (but that is the same on the desktop - nobody attacks the windows OS per se, they exploit vulnerabilities in the applications running on those desktops (Office used to be the most popular target, but of late poor old Adobe is taking most of the flak) in order to run code on the underlying OS.
Also malware writers have proven they will attack a platform that has minimal market share when that platform is unguarded and the infection is likely to go undetected for a long time. 8% of your target infected for a very long time is almost as effective as 80% infected for a short time till the AV vendors catch up.
Case in point, recently some malware has been discovered in the wild for S60 phones, a platform that has nothing like market share, but it's easier to infect than iOS or Android.
Engel's attack on the SMS component is reminiscent of Charlie Miller's attack on the iPhone via SMS. (See http://www.iphoneexploit.com) No security professional I know is happy with the state of security of the iPhone. And expect to see a huge rise in attacks on Android as it becomes more dominant in both the phone and tablet space - particularly as they start to be rolled out to senior execs ("ooooh shiny give me one and connect it to the corporate LAN" says CEO even when his IT director says "NO WAY"). Given the huge amount of valuable personal data held on the average smart phone, I'll bet that that 2011 is the year of phone exploits.
I am not saying market share isn't a factor but it is far from the only one.
I still contend that market share is the most important factor - and Symantec said recently:
"Of the Web browsers analyzed by Symantec in 2009, Mozilla® Firefox® had the most reported vulnerabilities, with 169, while Internet Explorer had just 45, yet Internet Explorer was still the most attacked browser. This shows that attacks on software are not necessarily based on the number of vulnerabilities in a piece of software, but on its market share and the availability of exploit code as well."
(See Symantec's Internet Securoty Threat Report at http://www.symantec.com/business/theme.jsp?themeid=threatreport )
Also your statistic that says effectively 100% of home users are on Windows is out of date..Apple have made big steps and a lot of home and college student machines are running OSX now...go into any internet enabled cafe and count up the macbooks and you generally hit a number not far from the number of Windows laptops.
Beware of sample bias. Western (and in your observation probably a small sample in GB alone) students are not representative of the typical demographic of the home user worldwide. I could as easily say that if you go into any large corporate conference (and believe me, I have attended more than I care to think about) you will find nearly 100% windows laptop usage. But that will simply reflect the fact that attendeees are using their standard issue machines, and very probably using the corporate VPN to access systems back at base.
Mick
(We seem to have strayed way off topic, but this is an interesting discussion)
---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------