AndyC wrote:

Rossj wrote:

Ah the market share argument. By the same token, why would anyone hack Vista? Maybe, and I speculate, its much touted security is a result of low market share?  I don't believe that - but surely the argument holds?


Not entirely. The main aim of hacking into a system these days is to allow the running of malicious applications as part of a botnet. There is a lower barrier to entry if your mass-mailer (or whatever) is already running on Windows. Particularly given that a vulnerability in Vista is quite likely to also be present in previous versus of Windows.


I disagree.  I agree with your central premise (the goal these days is to get malware on the box), but disagree that Windows provides a lower barrier of entry.

The unpleasant fact is that most malware gets installed by the user.  They download the free smileys and get 0wned.  Most botnet clients will run just fine as a normal (non admin) user.  After all, what do botnet clients do?  They mostly send spam, or participate in DDOS attacks or surf the web and you can do that from any OS without requiring root privileges.

Right now, most botnet clients are written to Win32, so Windows clients are the most attractive. 

Remember that botnet herders are fundamentally lazy - they don't want to have to work to find targets for his botnet client, they wants to get the largest number of clients with the least work.  They can choose to target the OS with 5% market share or the OS with 2% market share, or they can choose the OS with 90% market share.

I know which one I'd go for (if I was inclined that way).