Posted on 06/14/2010 8:03:57 AM PDT by Gomez
OOps, I meant to address that to the OP. Sorry for clogging your ping list.
I'm running Ubuntu 10 under VMWare Fusion on a Mac, so I get a direct comparison of the usability of the two. Linux still has quite a ways to go to get up to Mac UI standards. Given that Canonical recently started a concerted effort to make the UI better and more cohesive, and seeing what affect that had on 10, they might actually get close with the next version.
I use a wrapper on 64bit machines to run 32bit Flash. While I don't use Ubuntu very often (generally I run Fedora), I believe that from looking around the web that the relevant Ubuntu package is flashplugin-nonfree. (There's a webpage here that mentions this solution.)
The installed base of Macs is still less than 5% of the PC market - it is still not a big enough target for most malware writers. Remember, the malware writer of today is not a college kid looking to make a name for himself. It is someone looking to steal information that will allow them to steal your money or your identity. They are business people, and will spend their time on what will give them the greatest return. Would you spend time on a "product" that would give you access to only 5% of the market, or one that would give you access to 90% of the market?
LOL!
The installed base is about 50 million. SQL Slammer infected around 75,000-100,000 hosts, estimated to be 90% of the vulnerable population. Witty infected 12,000 hosts, about 100% of the vulnerable population. Both did their job in under an hour. It can be, and is, done.
Would you spend time on a "product" that would give you access to only 5% of the market, or one that would give you access to 90% of the market?
Do you want to hit a saturated market with 90%, or a virgin market with 5%? As a kicker, most of that market is not running with extra protection. Also, the average user in that market is more affluent than a user in the other market, making money and identity theft even more lucrative.
As a money-making hacker, why would you ignore 50 million supposedly easy targets?
As a fame-seeking hacker, why would you not want to be the first one to create a successful OS X worm or virus?
There is obviously a learning curve, and Linux is definitely not as consumer friendly as Mac (or MSFT I imagine) but I'm very happy with it and I think he has come to like it.
And I paid $349 new for it which is over $2,000 less than what my MacBook Pro cost -- granted the screen size is 15 inch vs 17 inch for my Mac.
If you have the money go for the Mac. If you don't, you probably would be pleasantly surprised by the Linux.
Linux Mint is about as close to a Windows UI as you’ll find.
ping
That's a good thing?? :-)
Actually, Gnome isn't all that great but I'm going to keep life as simple as possible and stick to the Ubuntu upgrade cycle.
For Mom and Pop, it is.
Good point.
Is rather flashy.
You are making my case for me. Slammer and Witty were destructive types of malware, designed to make a big splash. And even with over a billion Windows machines worldwide (as of 2008), both of those pieces of malware only affected a small subset, but they made a lot of noise. Today's malware writers don't want to make noise, they want to make money.
Do you want to hit a saturated market with 90%, or a virgin market with 5%? As a kicker, most of that market is not running with extra protection. Also, the average user in that market is more affluent than a user in the other market, making money and identity theft even more lucrative.
Cyber criminals deal in a volume business. They may only get about a 0.05% return (in other word, out of 2000 systems attacked, they may get the information they want from one of them). That 50 million systems is but a drop in the bucket. Plus, the method for distributing such malware makes it extremely difficult to target a specific OS. If you are sending an infected e-mail as a vector, you generally don't have a list of just Mac users to target. They will blanket a huge list of e-mail addresses, and since 90% of the recipients will be on Windows, that is the market they will target to get the greatest return.
Yeah but its "temporarily" been taken offline by Adobe:
We have temporarily closed the Labs program of Flash Player 10 for 64-bit Linux, as we are making significant architectural changes to the 64-bit Linux Flash Player and additional security enhancements. We are fully committed to bringing native 64-bit Flash Player for the desktop by providing native support for Windows, Macintosh, and Linux 64-bit platforms in an upcoming major release of Flash Player. We intend to provide more regular update information on our progress as we continue our work on 64-bit versions of Flash Player. Thank you for your continued help and support. Stay tuned to the Flash Player discussion forum for further announcements.
Which is a shame, it worked beautifully on my system.
Destructive or not, the point is that the installed base of OS X is far larger than need be in order to be attacked, both for reasons of will (the desire of the attackers to target the software product) and technical (enough machines to create a 'critical mass' for fast replication).
They will blanket a huge list of e-mail addresses, and since 90% of the recipients will be on Windows, that is the market they will target to get the greatest return.
Given that the expenditure is about nothing to perform these mailings through their spam bot farms (Windows, BTW), it would be unreasonable to not also send emails that are also effective against Macs. Who purposely rejects an affluent, unprotected 50 million targets when no extra cost would be incurred in the distribution to those targets?
Of course, the reason is simple, and I alluded to it above: "effective against Macs." Nobody's come up with one yet that can survive in the wild despite many attempts.
Or let's turn the Macs into spam bots! They're unprotected, right? Getting even 1% means a 500,000 strong bot farm, a rather large farm even in the Windows world. And I've already shown how fast small vulnerable populations can be taken over by self-spreading malware. Nope, no farm in existence yet.
True, but those same 50% would be equally out of luck if the had to install Windows to a bare system. That's not considered a fault of Windows, yet its a significant hurdle to users trying Linux.
Then there is the hurdle of moving from the OS that came on their computer and they've learned to one that does things differently. Brand new computer users will accept a learning curve and all kinds of confusion when they start out because they recognize that they are new users. But you're only going to get that kind of open-mindedness out of a person once. After that they resent any equivalent learning curve as proof that what they're used to is superior to all others.
Forgot this. You are looking at it the wrong way. These malware did not have a target population of one billion Windows computers. SQL Slammer had a target population of around 100,000 or so SQL and MSDE systems, and Witty targeted a population of 12,000 BlackICE systems. In each case they infected almost all of their targeted systems.
Before Witty, people weren't even sure if a worm could replicate among 12,000 machines in the wild of the Internet with almost a billion machines. Could the copies of the worm find other vulnerable systems in enough quantity to hit a critical mass? Turns out they could, and faster than anyone thought, with the 12,000 target systems infected in only half an hour.
I'm confident that Windows 7 reaching market penetration parity with XP yet having a drastically lower base of malware in the wild than XP will finally put the lie to the notion that OS market share trumps OS design in security.
I wonder if the ardent advocates of the market-share position will remember their arguments then...
You're missing the point. Yes, these worms only targeted a specific subset of systems with a particular vulnerability, and did so quite efficiently. However, the purpose was to wreak havoc and make a splash - not to make money. These did not make money for the culprits, nor were they intended for such purposes.
If the goal is to make money, you focus your R&D on the market that will give you the greatest return for your investment (ROI). Due to the size of the potential market, that makes the Windows platform the most attractive target.
Maybe a worm or other malware could be designed to affect the Mac, maybe not - the truth is that in this environment, most cyber criminals are not going to make the effort because the potential return is so small. Sorry if that offends you in some way. If I were you, I'd be happy to be ignored by the crooks, not standing up shouting "why doesn't somebody attack me too?"
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.