On Fri, 2004-10-08 at 15:55, Matthew Miller wrote: > On Fri, Oct 08, 2004 at 02:32:02PM -0500, John Thompson wrote: > > exploits. If this were true, however, we would expect that in markets > > where Windows has less penetration -- e.g. internet severs, where > > Windows servers comprise ~40% of the market -- that Windows should only > > suffer ~40% of the exploits in this arena. That is not what we see, > > however: even with ~40% of the internet server market, Windows still > > suffers ~95% of the significant exploits. One can conclude from this > > that Windows is inherently less secure than other platforms. > > One can conclude all sorts of things. :) > > But the one you've picked doesn't necessarily follow. 95% of desktop share > might lead to increased incentive and ability to develop exploits, which > then _happen_ to also work when the same OS is used in other markets -- > leading to more exploits there than you would expect by looking at that > segment in a vacuum. Actually John has a point still. A large number of the viruses out there target IIS installations which is not necessarily running on every desktop instance out there. However there is still the issue that the OS sitting in front of the hacker is what they will craft their exploits for so over all most of them have windows boxes sitting in front of them. Of course if you compare the number of exploits on IIS to apache.......... There are lies, damn lies, and statistics. You can get statistics to show pretty much either side of an argument. You just have to phrase the question correctly. -- Scot L. Harris webid@xxxxxxxxxx FORTRAN is the language of Powerful Computers. -- Steven Feiner
