On 06/13/2012 04:55 AM, Rich Kulawiec wrote:
But we don't. For example, passive OS fingerprinting of about a decade's worth of spam-spewing botnets indicates that they are running Windows to at least six 9's, quite possibly more -- which is a markedly higher fraction than we would expect if this hypotheis were true.
Windows is not attacked because it's the most popular. Windows is attacked because it's the weakest.
Mostly right, except that it is really a weighted average of factors including installed base (read, popularity), likely success of the infection, likelihood of the infection being successfully detected by the user, likelihood of the infection being removable, overall utility of the system to the spammer once it is infected ... I'm probably forgetting a few things. But your basic point, it's not just about the popularity, is sound. The cautionary tale is that merely improving one of those factors isn't going to get the job done. Doug