Mark Graff wrote:

> I have therefore often wondered if we should be talking, not about how 
> "secure" a system is, in a static sense, but rather what its security 
> half-life is.

Interesting point!

> This reasoning leads me to the 
> thought that Mac OS X, for example, is "more secure" than Windows XP for 
> reasons having nothing directly to do with design or implementation, but 
> rather pertaining to its very ubiquity. XP, in this sense, is the center of 
> the bullseye.

This one however has been raised many times before.  Yes, if MacOS (or 
Linux or BSD or OS/2 or whatever) had a much larger market share, there 
would be many more attacks developed against it than now.  However, from 
all I've read (not having actually TRIED to attack it myself), it is 
indeed much more securely designed, implemented, and typically deployed, 
installed, and maintained, than Windows.  So, assuming equal market 
share, I predict that you'd have several times the viruses, worms, 
rootkits, etc. directed against Windows, simply because there are 
several times as many chinks in its armor, and, just as now, gazillions 
of times as many Windows machines actually broken into or otherwise 
damaged due to bad security, as Mac.

> Gee, maybe software systems emanate a modicum of "unsecurity gravity", so 
> that if you get a great many of them together (that is, if millions and 
> millions of people buy the product), security plummets, and declines as the 
> square of the distance to True Dead Center of the day's commonplace 
> platform. Or, to put it another way, this is why XP sucks.

It's one factor.  If the market share figures were reversed, there would 
probably not be as many attacks written for it, and certainly there 
would be fewer worm-infected machines trying to attack other XP boxen. 
But it's far from the only reason.

> ----- Original Message ----- 
> To: <>
> Sent: Friday, July 21, 2006 5:05 AM
> Subject: SC-L Digest, Vol 2, Issue 124

Please trim your quoted matter to just what's necessary to give us a 
clue what you're talking about.  Google nettiquette.

Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -

Reply via email to