Malware's Greatest Hits

Tue, 2008-10-07 10:05 — dave
Printer-friendly version

Many computer users believe that the viruses and malware that afflict Microsoft Windows computers do so only because of Windows popularity, and not because of flaws in Windows' design. They often claim that if Linux had a similar level of popularity, it would be similarly fall victim. Now, I'll never claim that any computer system can be completely secure, but based on my experience, Linux is more secure by design than any version of MS Windows. I'm not the first to say this (nor the second) and many others with more security expertise than I have reached the same conclusion.

Interestingly, Linux is the most widely used platform for web servers. It - with the help of Apache and various other open source web servers - serves the majority of websites on the Internet. Given that the transmission vector for most malware is the Internet, one would assume that a Linux server would be a highly desirable target. It's surprising then, that the underdog platform, Microsoft's IIS webserver (which only runs on Microsoft platforms) has copped most of the malware trouble over the years.

In fact, for those that value security, it seems that what you don't want to run is anything written by Microsoft. The history of the most devastating computer malware epidemics seems to support this. In his article, Jun Auza lists the 12 most damaging IT epidemics on record... all of them affect only MS Windows computers. Almost all exploited flaws in the operating system, Microsoft Internet Information Server (IIS) web server, the Microsoft Internet Explorer web browser, Microsoft Outlook or Outlook Express email clients, or the Microsoft Office suite...

I have read that anti-virus and anti-malware is the fastest growing segment of the proprietary software market, and it all focuses on Microsoft platforms. It's ironic that Microsoft has itself entered the fray with their "Onecare" programme. Rather than fix the problem, I suspect that they've decided that they can make more money from businesses by building an insecure operating system, and then selling bolt-on patches for it. Even more ironically, hardly anyone uses Onecare - most opt for 3rd party anti-malware products... What do you think?