Microsoft VP suggests PC health tax

"Unsurprisingly, Microsoft's Scott Charney did not talk much about how the overwhelmingly vast majority of malware is found on Microsoft's operating systems, and not other free OS'es, such as the many less-popular, but far more secure, Linux based distributions"

I'd just like to point out that the main reason MS OSes are targetted is because of the vastly higher usage of them, and a greater amount of highly susceptible people like parents and children. If Macs, for example, were to become the vastly used OS, any serious virus coders would go after them instead.

Yup, no arguing that point.

Though you could argue that rates of infection would still be much lower overall if Linux-spawn were the predominate OS in town, not Windows.

Windows 7 improves things somewhat, but there are they have been many holes big enough to drive ships through, over the years, in Mircosoft OS'es. Holes that took extensive time to be patched up.

I'm not saying that it would be easy to make Windows more secure, but I would argue that when it comes to security, Windows doesn't compare well to Linux, in fundamental kernel design.

If there's a widely used OS there's going to be plenty of viruses for it no matter how "safe" they are. It was like when firefox was saying it was safer or less hackable than IE, to a point it's true as it took longer to hack BUT the hack still only took 14 seconds or so.

quote Crafter

"Unsurprisingly, Microsoft's Scott Charney did not talk much about how the overwhelmingly vast majority of malware is found on Microsoft's operating systems, and not other free OS'es, such as the many less-popular, but far more secure, Linux based distributions"

I'd just like to point out that the main reason MS OSes are targetted is because of the vastly higher usage of them, and a greater amount of highly susceptible people like parents and children. If Macs, for example, were to become the vastly used OS, any serious virus coders would go after them instead.

Care to explain why Mac OS 9, who was just as popular as linux back in the day, is riddled with viruses?

Super-=> There would be many Linux viruses if Linux was the world's most popular OS, but I still contend that if Linux and Windows operating systems had a 50/50 split of popularity, you would still find there to be about twice or triple the malware on Windows systems as Linux systems.

With Windows, there is in-house team working on security patches. With open source software, not only are there many, many variations of Linux, which is a great counter precisely to the situation you suggest (that the more popular an OS version is, the more attackers it will have); but in addition, with open source software were the code is public, because the entire community at large is able to point out and address and fix problems in a collaborative environment, (as opposed to a more tightly-drawn proprietary one), it is more difficult for malware-makers to sneak things through security protocols, and get greater infection rates.

To be frank, I don't specialize in malware or network security, so I'm not going to say I speak as an authority on the matter, but as described is how I see the situation. I'm always open to others' points of views.

All systems are insecure. (True) Therefore, all systems are equally insecure. (NOT true)

Richard reread my post, I dont think you caught it right.

Bass Ultra,
It's irrelevant that OS9 had a lot of viruses, as Windows still held a VAST majority.

kspiess,
"that if Linux and Windows operating systems had a 50/50 split of popularity, you would still find there to be about twice or triple the malware on Windows systems as Linux systems. "

I agree. As the popularities even out, the factor of ease of infection increases more and more. Which, as you said in your example, would push Windows infection count/rate higher than Linux's. However, I do not agree on all of your reasons why, assuming the user base remains the same.

There's one major difference between a Linux virus and a Windows virus that some people don't realize. If a competent (I reiterate, competent, ie. someone who knows what they're doing, not your grandma) Linux user is unfortunate enough to catch a virus, the system administrator simply has to back up the uninfected files, delete the user account, and readd it. No harm done to the system whatsoever. In most Windows environments, a similar virus would have devastating effects on Windows XP or, in instances where UAC is disabled, Vista and 7. This is due to a fundamental difference in how user accounts are set up.

On Linux, a default installation forces you to create a standard user account for your day to day tasks and disables logging in as root from a GUI (or in Ubuntu and its derivatives, the root account is disabled all together which is a dumb idea in itself). On Windows, when you create the first user account, it's given full administrative access over the system, so all you'd have to do is go into Windows Explorer, delete C:\Windows\System32, and select OK, and you've effectively destroyed your entire OS. It's not quite that simple for a Linux system unless you know the root account's password or your account was given sudo permissions.

Yes Supernova1332, I re-read your post. Then I read it again. You are saying security depends on how many copies of an operating system are out there. That's BS in the extreme.

The following is what I was going to post but opted for the simple statement instead. There more words but it still says the same thing.

[Supernova1332 reread my post, I dont think you caught it right.]

This is the pervasive theme: The most ubiquitous operating system will be the most targeted, the most targeted will have the most units appropriated by third parties. It does have a kind of simplistic appeal, but it fails under the slightest scrutiny.

If the criminals were in complete control of our computers' security then yes, the biggest numbers would see the worst security. But the criminals are not in control of our computer's security. The operating system's vendor is. It's not my fault if I press F1 and get infected, it's the vendors fault. The criminals don't make security holes, they exploit the ones put there by the company who made the operating system.

Microsoft has been fostering this belief that computer security happens after you install your operating system. One tactic to push the responsibility for security away from themselves is to offer a huge reward for virus writers. It makes them look good but it won't make your computer any safer. In contrast Google put a reward of up to $1,331 for bugs found in their software. That will make their software safer.

Microsoft recently issued a patch for 17 year old security hole in their Windows operating system. What does that tell you? That they are a conscientious company and fix holes no matter how old they are? Maybe, but it tells me that there is 17 year old code in the heart of their center piece product.

The idea that we should pay for the security disaster caused by a defective product is outlandish. That the company responsible for that defective product is the one who suggested it puts it in the realm beyond any script Hollywood could invent.

All systems are insecure. (True) Therefore, all systems are equally insecure. (NOT true)