[funsec] Microsoft announce most secure OS on the planet
Rich Kulawiec
rsk at gsp.org
Sun Apr 19 15:00:08 CDT 2009
On Thu, Apr 16, 2009 at 12:32:37AM +0000, security curmudgeon wrote:
> "Popular" products have more published vulnerabilities, that would be
> pretty easy to argue. May have to qualify "popular" to who though (the
> researchers/blackhats, or the general public which makes them appealing
> targets to the bad guys, etc).
Along those lines: one of the canards that I frequently find myself
defusing is "X is attacked often because it's popular". It may be
true that X is attacked often, and that X is popular, but that doesn't
prove a causal relationship between the two. I think it much more
likely that X is attacked (a) because it's weak or (b) because it's
perceived to be weak. I also think it likely that "X is attacked often",
that is, "more often than some other things", may not actually be the
case; rather, it may well be that "everything is attacked frequently,
but X succumbs more often, leading to the perception that it's
disproportionately attacked.
And the problem with all of this is that "why" can only be answered by
those doing the attacking (or writing the automated agents which in turn
do the attacking). We often do not know who they are, and even in when
cases where we do, we're not in a position to ask questions -- or to
necessarily believe the answers we'd get.
---Rsk
More information about the funsec
mailing list