 |
Search |
|
|
|
|
Classic 2 Guys |
|
10 Random Stories:
|
|
|
|
The Market Share Myth, Why Microsoft's Biggist Argument has Critical Flaws |
|
 Microsoft is fond of saying that if Mac or Linux had the marketshare that Windows enjoyed then they too would have as many viruses. Now, this statement is one gigantic pile of horse shit. Let us examine why by using the Law of Averages.
Current approximate number of Windows viruses: 97,467
Current approximate number of OS Classic viruses: 50
Current approximate number of OS X viruses: 0
Current approximate number of Linux viruses: 100
Total Viruses for all platforms: 97,617
Now, lets look at market share. Things have been fluctuating quite a bit recently but lets just go with these approximate numbers for the sake of arguement.
Current approximate market share of Windows: 90%
Current approximate market share of Apple: 3%
Current approximate market share of Linux: 3%
Current approximate market share of misc: 4%
So, if the Law of Averages holds true then about 90% of all viruses should effect Windows, 3% for Mac & Linux and 4% for the rest (OS/2 Warp, Unix, BeOS, etc.) What kind of numbers would this produce? Lets see:
Estimated Average viruses for Windows: 87,855
Estimated Average viruses for Apple: 2,928
Estimated Average viruses for Linux: 2,928
Estimated Average viruses for misc: 3,905
Now, as you look at that you might think that those numbers don't look quite right. You would be correct, lets see the difference shall we?
Estimated Avg. # of Viruses
Windows 87,855
Actual # of Viruses
Windows 97,467
Estimated Avg. # of Viruses
Apple 2,928
Actual # of Viruses
Apple 50/0
Estimated Avg. # of Viruses
Linux 2,928
Actual # of Viruses
Linux 100
When you look at this you see beside the Apple line 50/0. That means 50 viruses for Classic and 0 for OS X. Amazing huh? But what does it all mean? It means this:
According to Microsofts big arguement about market share this is how the virus landscape should look. All things being equal (meaning Windows is as secure as Linux and Mac) this is about how the breakdown of viruses should go. According to Balmer, Windows is just as secure as anything else so these averages should be at least in the ball park. And yet, they are no where close. The only way to explain that is to admit Windows is inherently more insecure than other OSes.
Another line of tripe that I hear often is how many "vunerabilities" OS X and Linux have. Let me explain the difference between an exploit and a vunerability. A vunerability is a flaw in some piece of code. An exploit is when someone actually writes software that takes advantage of a vunerability.
So, when Microsoft proclaims that there are lots of "vunerabilities" in OS X they mean that the potential is there for malicious code to act. However, they never finish that thought and explain just how unlikely that is. Allow me to explain with the following analogy:
You have a 500 acre Army Base near a city (read Apple) and a two story cabin in the country (read XP). Now, the cabin has a problem (vunerability) with their door locks. The door on the front of the cabin can be opened with a special tool (virus) and in fact many robbers have this tool (this is now an exploit).
Now there is a main Admin building on the base. As chance would have it, the doors leading to several commander's offices also have a problem (vunerability). Their door locks can conceivabily be opened with a special tool (virus) as well. No one has done it yet but theoretically it could be done.
With me so far? Ok, now imagine if the builder of those cabins (Microsoft) held a press conference saying that this whole door lock problem really isn't that bad. In fact, everyone has this problem, even the Army! They can't secure some of their doors so you shouldn't be mad at us when we fail too. And amazingly enough people buy this horse shit.
Quite annoyed that their base was compared to a cabin the commander holds his own press conference and says "While it is true that an individual could break into some of our rooms due to faulty door locks the chances of that are fairly low. We are not terribly worried about this problem, though it will be fixed soon."
A idiot reporter asks in a belligerent tone "Why aren't you worried? If it could happen to Microsoft then it could happen to you. In fact, if there were as many Army bases as cabins it would be happening all of the time!"
To which the commander replies with a smile "Well Mr. Thurrott, yes, there are quite a few more cabins than bases but before you pass judgement I want you to consider this. We have three layers of 24 ft high barbed wire fence surrounding the complex. Armed guards with trained attack dogs patrol the perimiter all day, every day, year round. Oh, and all of the guards shoot to kill. Anyone entering the base can only do so through the main entrance. That entry way is secured by two dozen soldiers, four stationary guns and two M1A1 Abram tanks. We have SAM batteries positioned through out the base in case of an ariel attack. If you try to enter the base through any other way you will be met with concrete barriers, tire spikes, and road blocks. To enter any building you must show your ID badge, state your purpose and finally enter your thumb print and keycode to open the door. A badge must be worn at all times on base and anyone lacking in this area will be imeadiately arrested. But to answer your question I suppose if someone were to make it past all of that, and if they had the right lock pick, then yes, I suppose they could break into some of our offices. It hasn't happened yet but as soon as it does we will let you know."
So the next time someone tells you that OS X has lots of "vunerabilities" please let him know that vunerabilities are quite different from exploits. And then smile because by the time you read this another Windows virus has already come out. |
|
April 22 2005, 11:07 AM EDT, by |
Comments:
|
| nhmacusr |
4/22/05, 11:45 AM EDT |
Not a bad article, but you misread their argument (not one I fully agree with by the way). Your math looks okay and I can follow it, but you didn't adjust the market shares. Microsoft's stance is essentially that because they are so popular, everyone targets us. If the other operating systems had more market share then they would be targeted more too. For example take the linux example:@ 3% they have about 100 threats out there. That would mean at 50% they would have 4700 (that is 47 times more than the current number). The flaw with this assessment is that it is mathmatically a sound argument and that is all. People are unpredictable. While it is true there would be more, how much more would be debatable.
It is also a very dangerous position to lull yourself into a false sense of security. Yes, all operating systems contain vulnerabilities. Yes some operating systems are inherently more secure than others (our favorite of course). Security does not end at the fence. That is the problem. Security is a mindset. There will always be people out there that will click that box or open that e-mail. Social engineering will always pick up suckers. As an operating system becomes more popular it will attract more of these people (here comes the law of averages again). Again, there is no real way to predict how many will come over, but you can bet some will.
Users make operating systems more unsecure than vulnerabilities ever will. There can probably be an argument made (I don't have any hard numbers here, but I'd bet there are more Linux servers out there than personal installations) that Linux is more secure because it has less physical users. If it is sitting there on a network running as a server, then only the admin can screw it up for the most part. An admin is generally much more up to date on threats and security practices than the people in the office sitting there with Windows machines on their desks.
There is a lot of truth that Microsoft gets picked on because they are the biggest. It is also the truth that they set themselves up for this and reguardless if the market share was 50 50 they would still have the majority of the the viruses out there. They have set themselves up for this in their code (poorly written) and their business practices (make a lot of people angry).
It is also true that by being the biggest, you can cause the most damage there. Writing a virus is no fun (broad generalization here - I realize that not all of them are written for this, but again, human nature dictates that a whole bunch of them are) unelss people hear about it. If you don't think that is a motivator, then ask yourself how these hackers get caught. They are on the net bragging about what they did. This is where we have to be wary. We need to look out for the person looking to make a name for himself by exploiting the unexploitable.
I don't mean to sound negative here. I just think that when it comes to security, people generally miss the boat. Tools are just tools. Operating systems are tools. People will always find ways to screw them up. Good locks are effective against most people. The truth is if they want in bad enough they can get in. The worst part is most get in by dressing up as the postman and knocking nicely on the door.
Good article here:
http://www.securityfocus.org/columnists/313
|
| nhmacusr |
4/22/05, 12:31 PM EDT |
Man, I need to really lay off the caffiene. The math in the first part is more like 1700. And it should be closer to 16 times as many (you know 3 x 16 = 48 almost 50). Anyway, the argument is still valid. :)
|
| wannabe |
4/22/05, 12:53 PM EDT |
nhmacusr, that's a very good analysis, but I wanted to add a corollary that's been largely ignored in this debate.
It is beyond question that users are fundamental players in system security. If the attacker can control the user's actions in some way, he can take over the system. I've seen viruses that spread as an encrypted .zip attachment, with a message body that describes the multi-step process that the user must follow to activate the virus, and they still spread.
The corollary to this which is often missed is that much of security is a user interface issue. My dad used to run a nuclear power plant control room for a living, but when he first bought a firewall product for Windows, he was stymied. "What do these options mean? What do these warnings mean?" he asked. He had the feature he needed -- in theory he could control access to his system -- but in practice it was useless.
OS X has good security technology, but that isn't enough by itself. The interface is widely regarded as Apple's strength, and when it comes to security that is a huge advantage to them.
There is more work that needs to be done. Users generally still do not have a good way to know what each program is doing, for instance. But Apple I think has a head start, and as long as they continue to focus on the interface aspects, OS X will continue to be a highly secure platform.
|
| nhmacusr |
4/22/05, 2:01 PM EDT |
wannabe,
That too is a good point, but no firewall is going to protect from someone willing to 'click that button'. I guess the point in all of this is continued education. The more people that understand the threats and simple things to counter them added to a continued effort to develop and simplify tools the safer we all will be.
|
| jstoup |
4/22/05, 3:08 PM EDT |
-> nhmacusr
I understand what you are saying though I do disagree with several of your points. And if any of my analysis was unclear let me try and clarify my position on a few things.
There are 3 reasons why the Wintel monopoly causes so many problems:
1. Windows - Worst OS you can buy if security is your issue. Way too many holes to ever really secure due to fundamental problems with the OS.
2. Intel - The architecture that they use allows for buffer overflows and other problems that IBM's PowerPC line does not. So Windows would actually run better on a PowerPC system.
3. Users - Most people don't know anything about their computers as a result they do stupid things. This problem will get better in about 30 years because by then most people will have grown up using computers and some of the dumbest mistakes will hopefully not be made anymore.
-> wannabe
Thanks for the insights.
|
| nhmacusr |
4/22/05, 3:30 PM EDT |
ummmmmmm...
Buffer overflows are software dude.
|
| nhmacusr |
4/22/05, 3:36 PM EDT |
jstoup ---
Your point 3 is basically the whole point of my response. The only thing that I could add to your point is that in the next few years a fair number of those people will be moving to other OSs. ;)
|
| nhmacusr |
4/22/05, 3:52 PM EDT |
The hardware has little to do with the security problems. Linux runs on intel X86 remember? If windows was ported to the PowerPC (which I am sure it has inside of Microsoft) the security problems would still be there.
|
| Kendal |
4/23/05, 2:29 AM EDT |
If buffer overflows are software only, why does AMD have nx protection, and Intel some equally-similar feature on all their chips? Hard-wired to prevent buffer overflows and the like? Good start, really.
|
| 2guysandaserver |
4/23/05, 8:55 AM EDT |
Well The Register clearly backs your postiion; or you back theirs - eitherway.
http://www.theregister.co.uk/2005/04/21/apples_big_virus/
CHEERS!
|
| johnnie boy |
4/23/05, 12:02 PM EDT |
Well, if you want to write an argument piece about how good your OS is, please take a minute and use the built in Spell Checker in OS X. This piece is rife with spelling errors and it makes your article look foolish, especially since you have such great tools to use in OS X and don't use them....
|
| nhmacusr |
4/23/05, 12:49 PM EDT |
Kendal,
While NX registers and the like are a step in the right direction, they are not the solution. In reality, they are a pretty weak protection against buffer overflows anyway. They still have to be used correctly in code and in practice, have showen to be more destructive in some cases.
I am not trying to say that Mac OS X isn't less secure than Windows. I believe the oposite. You can't have a constructive talk about computer security or securrity in general while talking in absolute terms because those terms do not exist there.
Vulnerabilities are a fact of life and always will be. Security is a trade off. In most computer security situations that trade off comes between being more secure or easier to use. You can (the technology is there) completely lock down a computer system. However, that system then becomes very complicated to operate. There are more steps to remember to get the job done. Mac OS X does a pretty good job of toeing the line between users and security. Is it perfect? No. Will it ever be perfect? No. What we can't do is pretend that it is. Microsoft has drummed from the other end of the spectrum, that is why it is so vulnerable. They go for ease of use above all else. Until they change this way of thinking, they will always be the exploit leader.
|
| clwilla |
4/23/05, 1:54 PM EDT |
Although I would agree that users are in great part responsible for the virus outbreak among the windows world (as the first response noted), one doesn't have to do anything but plug the computer in to the wall and get it on the internet for a virus to be run on windows box . . . and all within 20 minutes (on average according to studies). That's not even enough time for an advanced computer user who knows about viruses and how to "prevent" them, (in my experience, preventing viruses regardless of how many firewalls, virus scanners, etc one runs, is not possible) to get online and download any patches (SP) or virus definitions to help with the problem. That has nothing to do with user base knowledge or market share. That's [doodoo]ty software!
|
| jstoup |
4/23/05, 2:29 PM EDT |
->johnnie boy
>Well, if you want to write an argument piece about
>how good your OS is, please take a minute and
>use the built in Spell Checker in OS X. This piece
>is rife with spelling errors and it makes your
>article look foolish, especially since you have such
>great tools to use in OS X and don't use them....
Thank you as always for your insightful comments but, if I may, let me shoot these two observations to you in hopes of clariflying my position. For I wouldn't want anyone to think me or my article was foolish.
1. I wrote this (quickly I might add) on XP while at work. Since XP doesn't have a built in spell checker I didn't get a chance to use one. I suppose I could have copied everything into word, checked it, and then copied it back but, as I said, I did this rather quickly.
2. All articles I write are submitted to the editor of this site for review. Most of the time if I have any errors in it he tends to fix them but he must have been in a hurry too.
For those of you like johnnie boy who were torn asunder, nay bollixed by my egregious spelling mistakes, I apologize. Being the kind person that I am, I would like to extend my heart felt regret to any reader of mine who was unable to finish my article due to its clear lack of editorial oversight.
And for those of you keeping track . . .
marketshare should have been market-share
arguement should have been argument
Microsofts should have been Microsoft's
vunerabilities should have been vulnerabilities
conceivably should have been conceivabily
judgement should have been judgment
perimiter should have been perimeter
imeadiately should have been imeadiately
Verily the rifedness is there.
Johnnie boy, I am deeply distressed that my eight spelling mistakes made this piece nigh unreadable for you. In the future I stipulate that I will stringently strive to ensure that no spelling error might misconstrue the meaning that I aspire to impart to you and all of my other loyal readers.
|
| dab2 |
4/23/05, 8:35 PM EDT |
nhmacusr, I just want to chime in on one point.
jstoup is right, hardware can make a difference when it comes to security.
Buffer overflows have been around since the beginning of electronic computers (I don’t think they happened to often on the abacus or on adding machines) and many recommendations and implementation have been created. The PowerPC chips implement better hardware protection than the x86 chips do for buffer overflows.
Buffer overflows can happen on any OS but the PowerPC chips use two separate caches, one for data and one for code. A buffer overflow will load unneeded data in the PowerPC’s data cache but the extra data will not become executable. On an x86 chip there is only one cache. When buffer overflows happen the extra data can be executed if the software expected executable code to be cached after the data. Windows XP SP2 has tried to work around this problem but the hardware still lacks the basic separation needed to truly fix the problem. Yes, Intel and AMD have tried to introduce hardware improvements to prevent overflows, but as you said, unless the software takes advantage of the features...
I agree that Windows XP would in fact run better on a PowerPC platform but what a horrid thought! Once upon a time, Microsoft had Windows NT for Mac but, thanks to God, that went bye, bye!
Buffer overflows are just one of the many vulnerabilities that can be found on a computer system but this is the one that we all chose to look at and happens to be one that does have hardware solutions. (In a "perfect" machine we would have separate fiscal memory for data and executable code but Apple does have to keep cost from getting too high!)
|
| mactheplanet |
4/24/05, 12:36 AM EDT |
Wow fellas...I'm a learning mind and this article has been very educational both in theory and straight up facts. I am constantly reading the articles here among other places to keep up with the "mac" beat. I am an enthusiast of the company who is looking to work with them for a career. As far as my experiences have taken me, I've used the machines since OS 7.6 and I've bombed a few machines in my time, but it was never due to viruses of any kind. I am of course on the latest build of OSX now, I've read up on security and know the latest facts via Macworld, but I still choose to keep my virus software in .dmg form on an external drive. The platform is simply stronger, more consistently updated for vulnerabilities and holds up in the growing digital age of maliciousness. That’s my deal...nice vocabulary by the way jtsoup…mactheplanet
|
| Maze |
4/24/05, 10:05 AM EDT |
Good article, I wholeheartedly agree that OS X and potentially Linux is inheriently more secure than Windows XP, but I think you're missing something important here.
From what I've heard, Microsoft is not making the argument, that the relation between popularity of an OS and the number of exploits can be viewed in the form of an mathematical expression like you guys do. Rather, says Microsoft, there is a certain TRESHOLD of marketshare that is important, and as long as any one OS keeps below that treshold of marketshare, virtually no hackers would bother to attack said OS, and no critical mass of exploits would occur. This may be untrue, but thats impossible to verify until Linux or Mac OS X gain significant marketshare, which sadly isn't going to happen in the foreseeable future. The marketing people at MS are not stupid, mind you...
The only thing to do to cut through all the M$ FUD is to focus on the inherent strenghts and weaknesses of the different OS'es and as someone pointed out, the strength of even the GUI and interface appproach Apple has to security.
(I see that some of your readers care deeply about spelling and grammar, please don't hurt me, English is not my first language :-) )
|
| nhmacusr |
4/24/05, 2:55 PM EDT |
mactheplanet,
If you think buffer overflows can't happen in Mac OS X, you are kidding yourself.
Here is one fixed right here...
http://docs.info.apple.com/article.html?artnum=301326
I agree that architecture can 'help' limit this type of error, but it is not a substitute for good coding practices.
|
| noob4life |
4/25/05, 1:06 AM EDT |
jstoup, I agree, Windows IS a virus. Where is that [edited]naughty word[/edited] ing any key at anyway?
------Boring PC story:--------
I remember being called to my best friend's mother's house to fix her computer from running slowly one night, and I noticed she was running Windows ME :[ So I smoked one of her cigarettes and downloaded AdAware first, seems like I have to do that alot with my Windows XP box at school, hmm....
Lavasoft AdAware SE with all of the updates available found over 150 objects of spyware, and it took 45 mins. to finish a scan (on a P3 box with around 128 MB of RAM and a 20 GB HDD) due to all that crap being on there. I decided I wouldn't even attempt to look for viruses seeing as how I couldn't remember the URL for that Russian warez site that had the full-version of McAfee VirusScan :[ I haven't been over there in over six months' now, if the computer dies I'll recommend that she buy an old G3 iMac for $75 on eBay and just use iChat for her IM fix, hey, it could work...
--------End boring story-------
Oh yeah, the nickname for XP at my school is "Xtra Problems", and it fits. My mom's computer got hit by lightning and won't run anything but linux without rebooting itself and *gasp* turning itself on at random, and even with linux it crashed more than usual. I'm scrapping that piece of [doodoo] and buying an old iBook or PC laptop, depending on which one I can find a wireless 56k modem and 802.11 card for. ...And to think when Windows 95 came out, I thought it was better than the Apple IIe that I had in 1986, how the teenage mind doth play tricks on its owner.
|
| mactheplanet |
4/25/05, 1:51 PM EDT |
nhmacusr,
Umm, I never said anything about buffer overflows on Mac OSX, thanks for the info though? I said I was a learning mind, which because of this article has made me dig deeper into things I didn't know before (such as buffer overflows), but I kept my comment all my opinion and experience, so like I said, thanks for the info?
|
| nhmacusr |
4/25/05, 2:52 PM EDT |
mactheplanet,
Sorry dude... That was for dab2
:)
|
| dab2 |
4/25/05, 8:03 PM EDT |
nhmacusr,
First let me say that I am not trying to offend you personally and I like most of your comments on most articles. We are on the same side; we use Apple computers.
I am not one of those people who fail to back-up my data or think that I don’t need to use virus protection. I have seen too many things happen in the over twenty-five years that I have been programming computers. I know that overflow errors can still happen on a Macintosh or any other PowerPC based computer, but I am trying to point out that the hardware does make a difference. You are correct in saying that it requires the software to take advantage of the hardware correctly and some legacy UNIX applications and some poorly written applications will suffer from buffer overflows that can lead to arbitrary code execution but that does not invalidate that claim that superior hardware design can reduce security issues. (The reference to “legacy UNIX Applications� is intended to mean programs that have been ported to OS X but have not been fully optimized to take advantage of all of the Macintosh hardware advantages.)
This having been said, I also acknowledged that Apple has not fully adopted a hardware configuration that is completely foolproof. They chose to share memory for both data and executable code rather than greatly increasing the cost of the machines by having separate memory banks, one for data the other for executable code. I know of very few companies who have attempted this costly measure, but if implemented, it would prevent overflowed data from ever becoming executable. The data would be shuffled aside as unused data while the processor continued executing from the executable memory bank.
Thanks for your thoughts and input.
|
| dab2 |
4/25/05, 8:10 PM EDT |
jstoup,
I have just got to compliment you on your articles. I don’t think that I have seen anybody consistently get as many comments as your articles have.
Keep up that great work and keep us arguing, it keeps the mind active and the blood flowing.
|
| noob4life |
4/26/05, 12:34 AM EDT |
jstoup's articles kick much booty. Keep up with the good writing sir / madam / robot clone. :]
Observation: I have found that pressing the any key solves all of my Windows XP woes, but it is when I hit CTRL + ALT + DEL that I acquire the vast knowledge of the gods...
|
| jstoup |
4/26/05, 8:40 AM EDT |
->dab2
->noob4life
I appreciate your comments very much. I am glad to hear that you like my articles enough to post so many replies. I always try to come up with something new and unique.
And if you wouldn't mind would you two (and anyone else who wants to add their 2 cents) tell me which type of my articles did you like the most? The more wildly humorous ones, the factual ones or the critic/review/prediction ones? I am curious. Thanks for your help.
|
| nhmacusr |
4/26/05, 9:52 AM EDT |
dab2,
I also agree with many of your points but legacy UNIX software is not the only culprits. If you look at the link, the last one was in Apples own iSync app. All I am trying to say is that the way things stand now, the hardware makes very little difference. Buffer overflows are in all platforms for the time being.
The real point is, when you look at security you can't be too complacent no matter what platform you are using. Mac OS X is more secure, but it is far from invulnerable.
|
|
4/26/05, 11:37 AM EDT |
nhmacusr,
Fair enough, I do agree with you. Unfortunately I think iSync may have fallen into the poorly written category when it was first released although it may have been an adaptation of an existing UNIX sync program with extra features and a pretty face thrown on, who knows.
jstsup,
I always enjoy humor and satire in any article and I most enjoy factual articles that can convey information while making me laugh. Your talent is not just in how you write but that you have done a good job choosing subjects that make people think. I don't want you to put too much effort into this though, because you have done well just trusting your intuition. As I said before, keep up the great work.
|
| noob4life |
4/26/05, 1:24 PM EDT |
The humorous comparison of Microsoft vs. Apple with the towers was good, I dont care what your motivation for the tower objects was; it was simply killer. The article of which I am now responding is pretty 1337 too, or else i wouldn't have written my boring-ass PC vs. Mac comparison in the middle of it :] I wish more people in the IT industry who write articles would use more humor. Thank you yet again sir/madam/or robot clone.
|
| Tim |
4/28/05, 4:11 AM EDT |
There is an alternative explanation. Rather than supporting proportional representation, virus writers are majority-ist, ie will go with the biggest platform to the exclusion of others, more often than not.
|
This article is archived, so you may not comment on it.
(The good news is there's always the shoutbox, the forums or the contact form if you're socially-inclined at the moment!)
|
|
|
|
Site Links |
|
|
|
|
Deep Thoughts |
|
|
If you ever fall off the Sears Tower, just go real limp, because maybe you'll look like a dummy and people will try to catch you because, hey, free dummy.
|
|
Around Da Web |
|
| iProng: |
iPhone steals show at CTIA Wireless 2007
|
DLO offers dual cover fashion case for iPod
|
AT&T received 1M inquiries on iPhone
|
| MacDailyNews: |
Ars Technica in-depth review: Apple TV ?impressed all those who touched it?
|
Inside Apple?s Mac OS X 10.5 Leopard Server OS
|
The chips inside Apple TV
|
| Think Secret: |
Adobe Creative Suite 3 pricing revealed
|
|
|
We Like: |
|
|
|
|
Side Projects |
|
Jonahan
- JediPoker.net
- Jonahan.com
- iProng
- MacProng
iKen
Jedbeck
J.P.
|
|
