If I’ve realized anything in my 31 years, it’s that the conventional wisdom is often so wrong, so demonstrably false, so easy to debunk, that I find it hard to believe that it has become conventional. One piece of conventional wisdom I’d like to comment about today is the ever popular…
Macs don’t have viruses and spyware because they’re such a small share of the market! If they had the market share Windows does, they’d be just as vulnerable!
I’m not under any kind of illusion that this idea will be put to rest in my lifetime. It’s way too ingrained in the minds of too many people (hence, conventional wisdom) to die soon. What I would like to do is point out the giant logical fallacy behind this statement, and the demonstrably false implication that follows it.
Here’s the very simple logical problem that everyone who subscribes to this idea misses: It assumes that all other factors are equal, and that the only difference between the two platforms is the number of sales (?), users (?), installed machines (?), active machines (?), or some combination of the aforementioned with the additional stipulation that they’re attached to a network, or otherwise available for exploitation. I use the question marks because there is no solid definition of what “market share” means, as used by people discussing this topic. Consequently, if indeed vulnerability was directly proportional to “market share”, then Apple’s 5% (Or is it 2%? 3%? Nobody can really agree.) of the “market” would have already earned it 5% of malware infections. Obviously, that’s false.
There are all kinds of different factors for both platforms, and yes, the actual number of available machines is one of them, but not the only one, and I don’t believe the major one. Think of the company you work for, and consider its “market share”. Is your company completely free from miscreant behavior simply because it’s so small? What about the knowledge levels of the platform’s users, and the mix of those levels in the user base as a whole? What about differences in the way the OS handles security? What about the security consciousness of the developer community for your platform, and the ability of those developers to create secure applications and services? What about the reaction time for patching vulnerabilities? What about the technical information provided to users to assist them in defending themselves, and developers to correct flaws? What about other factors I’m too lazy to write down? The question is much more complicated than, how much “market share” does the platform have.
Additionally, but on less solid logical grounds, I think those discussing the topic don’t accurately take into account the human factor. People who write malware don’t write it because they’re hard-working, honest people who have just chosen a dodgy way to make a living. They’re criminals, people who don’t want to work, and who don’t give a damn about the rights or feelings of others. They’re out to pick the low-hanging fruit, to steal from the stupid, to trick the witless, to scam the slow. Others are out to make a name for themselves, to earn a reputation, to receive recognition and acclaim they don’t get in person, for whatever reason. They don’t care what platform you use or how big its “market share” is, they want to put as little effort as possible into separating you from your money, or into fulfilling their need to feel important. If something is easy to crack, it’s a target, no matter how many users it has.
The conventional wisdom is once again wrong and, considering the lack of definition in the premise of this particular bit of it, impossible to prove.
My .Mac Web Gallery
Loading ...
Recent Comments