On Mon, 28 Mar 2005 13:49:38 -0500, in <alt.privacy.spyware>, Giftzwerg
<giftzwerg999@NOSPAMZ.hotmail.com> wrote:
>
[snip]

> In article <q6nf41dim4qv8r1jjmoa34gbbr7lu1nhtl@news.speakeasy .net>,
> not.deliverable+usenet02@appropriate-tech.net says...
> >
> > I'd suggest fleshing it out just a little bit, to make the point that the
> > reason "Most suggestions are for Windows Operating Systems" (and MSIE/OE
> > in particular) is because that is where the overwhelmingly vast majority
> > of the vulnerabilities lie.
>
> I dunno. This is like saying that banks are more "vulnerable" than
> daycare centers because a lot more banks get robbed than daycare
> centers.
>
[snip]

Actually, your analogy is quite apt.

There is a very famous quote usually (mis-)attributed to Willie Sutton (you
know who he was, right?) which explains why banks get robbed:

"Because that's where the money is."

Similarly, Windows (and MSIE/OE in particular) gets "attacked" by viruses,
worms, trojans and the like for one very simple reason:

"Because that's where the security holes are."

> It may be true that Windoze is inherently more vulnerable than the
> competition,
[snip]

No "may be" about it. It's not even a question, much less a close call.

> ...but it's certainly true that the OS that runs 90+% of the
> world's desktops - and is almost always "administered" by a near-
> clueless end-user - is going to be studied and targeted far more closely
> by hackers/crackers/malware.
>
[snip]

Not really.

First, please don't confuse hackers with crackers. These are *NOT* synonymous
terms; in fact, they are nearly polar opposites. And FWIW, I've seen
virtually no evidence that there are any hackers left on the planet -- that
whole culture seemed to die out around the time that computers became marketed
as appliances.

Second, the people who create at least most malware (the "crackers", if you
will) are a notoriously lazy and unimaginative lot. (Think about it: If this
were not so, then at least the vast majority of them would be able to find
satisfaction and success via honest lines of work.) Hence, the attraction to
them of MS crapware is quite obvious: It's an extraordinarily easy target,
precisely because MS _deliberately_designed_in_ the mechanisms by which the
malware operates. This is in stark contrast to virtually everything which
might be considered "the competition", where whatever security vulnerabilities
may exist from time to time are near-exclusively due to unintentional bugs and
such -- and thus tend to get fixed in short order as soon as they are
discovered.

> In other words, there might be some truly tectonic holes in OS2/Warp,
> but not too many script kiddies are beavering away to find 'em these
> days.

No one has to "beaver away" to find the security holes in MS crapware; the
worst of them are all quite well documented and laid out so that even a
relative moron can exploit them.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.