[Hidden-tech] Random crashes in XP?

[Chris Hoogendyk]

Scott Reed wrote:
> Tom,
>
> A massive switch to Apple products is unlikely to resolve this issue. 
> While MS products are rife with vulnerabilities which is 90% of the 
> problem, it is also the case that Apple's smaller installed base makes 
> it a less fruitful target for hackers. Once a significant portion of 
> the market switches to Linux and Mac OS, my guess is hackers will come 
> after us just as rabidly as they have been harassing all the 
> unfortunate MS users. On the other hand, I fully agree that folks 
> whose business allows them and who can afford Apple products, should 
> switch and enjoy the relative peace of the non-MS world while they can.
>
>  Scott


Unless and until Apple achieves market dominance, there is no way to 
truly prove that point one way or the other. While it must be accepted 
that hackers give more attention to the dominant OS, I believe it is 
also true that an OS receives attention according to it's susceptibility 
to being hacked. Linux provides the example. About 7 years ago, if you 
had a freshly installed Red Hat Linux, and you connected it to the 
network so that you could download updates and patches, there was a very 
real chance that you would get hacked before you even had a chance to 
download the updates. That is no longer true.

I would present the counterpoint that the security of an OS is in good 
part related to the culture of the company or community responsible for 
developing and maintaining it. Apple's approach to development has 
typically been to use a relatively small cadre of extremely advanced and 
skilled programmers. Microsoft's approach has been to use a large farm 
of cheap, freshly minted computer science grads feeding their work to 
the center. Basic things like buffer overflow (which are exploited by 
hackers) reflect quick, careless or uninformed programming driven by 
marketeers demanding features. I learned in the early 1970's to always 
build in the checks for limits like end of buffer or division by 0. 
While it's true that any programmer can make mistakes, the volume of 
such mistakes that has come out of Redmond is amazing.

I would make a further counterpoint that among the Linux/Unix/BSD's, BSD 
has the longest heritage of being focused on security. We use OpenBSD as 
the platform for our routers and bridges that defend our network. And, 
BSD is the base on which Mac OS X has been built.

Finally, if you look at a fresh install of Windows vs. Mac OS X vs. 
Linux, you will find that Mac OS X comes with all the outside services 
turned off and the fire wall blocking everything. Windows out of the box 
has all the services turned on and open for connection. Linux also 
typically has its services on. The difference for Linux is that the 
person using Linux has been typically more involved with the OS 
configuration. Windows and Mac OS X often end up in the hands of users 
who don't even know what the services available are. In that setting, 
the Mac is safe and Windows gets hacked. And that is a cultural difference.

I would hasten to add that I have not made a point of staying up to date 
on Vista, or even XP. But I do read a lot, hear a lot from other 
sysadmins, and work in an environment where there is a mix of Unix, 
Linux, BSD, Windows, and Mac OS X. Disproportionate even to it's market 
share, by far the majority of problems comes from Windows. Furthermore, 
that spam that dominates internet email and that everyone has to cope 
with? By far the majority of that is orchestrated by armies of zombie 
Windows machines whose owners are completely unaware that they are being 
exploited. I think if Stiglitz and Bilmes who wrote The Three Trillion 
Dollar War were to analyze the cost of spam, they would write a book 
describing costs that would dwarf the cost of the war in Iraq. Thanks, 
Microsoft.



---------------

Chris Hoogendyk

-
   O__  ---- Systems Administrator
  c/ /'_ --- Biology & Geology Departments
 (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst 

<hoogendyk at bio.umass.edu>

--------------- 

Erdös 4