Mark Graff wrote: > I have therefore often wondered if we should be talking, not about how > "secure" a system is, in a static sense, but rather what its security > half-life is.
Interesting point! > This reasoning leads me to the > thought that Mac OS X, for example, is "more secure" than Windows XP for > reasons having nothing directly to do with design or implementation, but > rather pertaining to its very ubiquity. XP, in this sense, is the center of > the bullseye. This one however has been raised many times before. Yes, if MacOS (or Linux or BSD or OS/2 or whatever) had a much larger market share, there would be many more attacks developed against it than now. However, from all I've read (not having actually TRIED to attack it myself), it is indeed much more securely designed, implemented, and typically deployed, installed, and maintained, than Windows. So, assuming equal market share, I predict that you'd have several times the viruses, worms, rootkits, etc. directed against Windows, simply because there are several times as many chinks in its armor, and, just as now, gazillions of times as many Windows machines actually broken into or otherwise damaged due to bad security, as Mac. > Gee, maybe software systems emanate a modicum of "unsecurity gravity", so > that if you get a great many of them together (that is, if millions and > millions of people buy the product), security plummets, and declines as the > square of the distance to True Dead Center of the day's commonplace > platform. Or, to put it another way, this is why XP sucks. It's one factor. If the market share figures were reversed, there would probably not be as many attacks written for it, and certainly there would be fewer worm-infected machines trying to attack other XP boxen. But it's far from the only reason. > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <sc-l@securecoding.org> > Sent: Friday, July 21, 2006 5:05 AM > Subject: SC-L Digest, Vol 2, Issue 124 Please trim your quoted matter to just what's necessary to give us a clue what you're talking about. Google nettiquette. -Dave _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php