Cleaning up a minor security argument

I saw a slashdot article this morning about Apple releasing more vuln fixes. In the comment section, discussion broke into the usual “why do people think Macs are safer then Windows” arguements. The two major points of “it has less of a market” and “it’s just more secure” went back and forth. I happen to think both are an oversimplification of the subject.

Vuln finding is a function people of going after whatever is currently easiest. Many attackers have broaden their horizons to other platforms once Windows became significantly more secure and harden against attack. Oracle was the next major target and Apple might be the one after. I admit that I love the irony of the switch after both companies choose to market on how they must be more secure since people weren’t finding vulns in them.

Exploits on the other hand is based on the business case these days. The vulns are available but Windows didn’t have the magnitude of the problem it did until there was a profit motive to create bot networks.

So to put it together, vulns found help you tell about the security of an area, exploiting tells you about how profitable a particular OS is to attack. The corollary of this rule is that as a random host you are as profitable as the OS, as a specific host with specific data or rights you are as valuable to attack as that data or rights. The result being that if your data is valuable is doesn’t matter that there are few exploits for your box when there are plenty of vulns.

Advertisements

One thought on “Cleaning up a minor security argument

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s