Matthew Miller wrote:
On Fri, Oct 08, 2004 at 02:32:02PM -0500, John Thompson wrote:
exploits. If this were true, however, we would expect that in markets where Windows has less penetration -- e.g. internet severs, where Windows servers comprise ~40% of the market -- that Windows should only suffer ~40% of the exploits in this arena. That is not what we see, however: even with ~40% of the internet server market, Windows still suffers ~95% of the significant exploits. One can conclude from this that Windows is inherently less secure than other platforms.
One can conclude all sorts of things. :)
But the one you've picked doesn't necessarily follow. 95% of desktop share might lead to increased incentive and ability to develop exploits, which then _happen_ to also work when the same OS is used in other markets -- leading to more exploits there than you would expect by looking at that segment in a vacuum.
But the vast majority of desktop exploits involve Internet Explorer and Outlook and/or Outlook Express. Neither of these should be doing much on internet *servers* and conversely, IIS and other Windows server exploits should have little relevance to desktop users. So I think my point still stands...
--
-John (john@xxxxxxxxxxx)
