Robert Pogson

One man, closing all the windows.

Myths and Market Share and Malware

  • Apr 22 / 2012
  • 6
technology

Myths and Market Share and Malware

One of the myths propagated by haters of FLOSS is that GNU/Linux and other FLOSS are not targets of malware writers because there are not enough units to bother or rather that M$ offers a larger target.

There is no doubt that the existence of a target affects a shooter’s probability of shooting at it but Kaspersky is way off the mark:

  • Kaspersky claims MacOS is now on the radar of malware writers because it has reached 5% market share (units, not $), and
  • Kaspersky claims GNU/Linux is less than 2% share (units) so is not on the radar.

That’s utter nonsense:

  • GNU/Linux is on hundreds of millions of servers (virtual/real) and is a huge target for malware-writers. The malware artists have no trouble finding GNU/Linux targets but the bullets are not penetrating.
  • GNU/Linux exceeded MacOS unit share of shipments back in 2003 and has not slowed down. “According to IDC, Linux desktop shipments outstripped Macintosh shipments in 2002. By 2006, Linux will likely have a larger installed base than the Macintosh OS.” see DESKTOP LINUX TECHNOLOGY & MARKET OVERVIEW (2003)
  • In 2003, IDC reported unit sales of licences: MacOS 2.9% and GNU/Linux 2.8%. That was before the huge roll-outs at Extremadura, Spain, Munich, French national Police etc. which were in excess of “sales” of licences which IDC counts and before Brazil, Russia, India and China endorsed GNU/Linux. Is MacOS really that big of a target?

The current vulnerability in MacOS is actually about Apple’s Java virtual machine, not the UNIX architecture underneath. The UNIX system of security does work and it is better than that other OS regardless of the numbers of units installed. That’s why UNIX still lives on many servers in large enterprises. They don’t care about price. Security is paramount. The argument about size of target is almost irrelevant when thousands of times more malware are out there for that other OS. Anything else is more secure. GNU/Linux is more secure than that other OS. It’s about the law of combination of probability. The probability of a compromise is the product of the probability of encountering a malware and the probability of being susceptible. We have less of each factor with GNU/Linux or MacOS than that other OS.

See Kaspersky: Mac market share means more malware | ZDNet.

6 Comments

  1. Robert Pogson

    That’s not what he wrote at that link. He was advising people how to check for rootkits, quite a different matter. We still don’t know what happened at kernel.org but my guess is someone had a weak password or it was an “inside job”, not malware. It’s also possible someone was using that other OS…

  2. Ivan

    The malware artists have no trouble finding GNU/Linux targets but the bullets are not penetrating.

    That’s because you have selective memory gaps. Even Greg Kroah-Hartman says Linux users need to run anti-virus software.

  3. oiaohm

    ernest I have a volume of machines.

    -Possibly, Robert, but the probability of encountering “a malware,” as you put it, is 1.0 on the Internet.-

    I would say the number is not 1.0 but around 0.9 to 0.99. I have that odd machine that in it life time never gets infected and never hit a bit of malware on the Internet. This person friends are virus clean. They use email and stick to a limited number of sites and don’t end up on spam mailing list. So remain clean.

    Yes to most people it would appear 1.0. Now pirating software your machine is basically 100 percent for getting infected sooner or latter.

    Yes you could say the ones that don’t get infected are the lucky ones.

  4. ernest

    “It’s high but not that high or oldman’s PC would have fallen over long ago.”

    No, you’re confusing “susceptibility” with “encountering.”

    These are your terms: not mine, nor anybody else’s.

    The probability of “encountering” is, indeed, as close to 1.0 as makes no difference. Luckily, Oldman seems to be unique amongst Windows users in that he is in possession of both Magic Pixie Dust and the Blessing Of God, and consequently he can ignore that pesky 1.0 multiplier.

    Lucky man!

  5. Robert Pogson

    ernest wrote, “the probability of encountering “a malware,” as you put it, is 1.0 on the Internet.”

    It’s high but not that high or oldman’s PC would have fallen over long ago. Theoretically, one could stick to a single site with text-only on a read-only site and be pretty safe, not that many do that… There are ~100million websites out there and a moderate percentage are spreading malware. It is quite possible to have a lot of fun while missing the bad sites. The port-attacks are usually stopped by any modern fire-wall. Even at the schools where I worked and that other OS was riddled with malware there were some machines not being infected even though they had the identical hard drive image. I think the biggest factor is the energy of the user to visit more sites. If you only visit a short list of reliable sites, you are fairly safe. I think most people are in that category but people who really use IT to find random information all day long are much more likely to encounter malware. e-mail used to be a major vector but many people use cloud services using very sophisticated techniques so I think the probability of encountering malware at any PC behind a good firewall is likely about 25%, if I had to guess. There are millions of malwares and ~100 million web sites. It takes some effort to plant a malware so there is a good chance many sites have not been infected.

  6. ernest

    “The probability of a compromise is the product of the probability of encountering a malware and the probability of being susceptible.”

    Possibly, Robert, but the probability of encountering “a malware,” as you put it, is 1.0 on the Internet.

    I’ll leave you to work out what effect this has on the probability of being susceptible.

Leave a comment