Re: Security through wide system use?

From: Adam O'Brien (adamobrien54321_at_yahoo.co.uk)
Date: 12/23/03 

Date: 23 Dec 2003 08:23:09 -0800

>
> I received an email today from my manager pointing me to an article on
> news.com.com[1] that states Windows gets hacked more because its
> popular, and Linux isn't as popular so it doesn't get targeted as
> much.

It certainly the case that the ubiquity of Windows platforms results
in more tools being developed to attack them. This is exacerbated by
the bad feelings many people have towards MS.
An other issue is that if all an organizations computing assets use
one platform then their security is very brittle. However, I heard
about an interesting article (perhaps in Slashdot, but I can't find
it) that argued the opposite. The article had two premises.
1. Almost all organizations tend to use Windows for some purposes.
2. Most vulnerabilities arise due to poor administration (mainly tardy
patching)
The conclusion they reached was that using Windows varieties for all
purposes helped the administrators and resulted in net security gains.
The other issue regarding the Windows / Linux debate in the open vs
closed source debate. Whilst I accept the general axiom that obscurity
isn't security, I'm not sure that it's so clear cut in this case. Ross
Anderson has a good article on it at
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf
Hope this helps.
Adam

Relevant Pages