So Witty

A brief postscript to the recent security-oriented coverage:

I don’t think anyone would dispute that Windows’s overwhelming market share is a significant factor as to why Windows is also the target of an overwhelming majority of security exploits. The question I’m interested in — and wrote about in “Broken Windows” — is whether this also explains why security exploits against Mac OS X are practically non-existent.

The idea — which is widely-enough held that it probably qualifies as conventional wisdom — is that with regard to attracting security exploits, it is inherent that a monopoly platform will attract virtually all of the exploits. E.g., even if Windows has only 90 percent market share, it somehow makes sense that Windows would attract upwards of 99 percent of all security exploits. And that conversely, the Mac’s 4 percent market share should not translate into a 4 percent share of exploits. The conclusion here being that just because Windows has a disproportionate share of security exploits, does not mean that it has disproportionately more vulnerabilities.

I certainly think there’s some truth here. I can believe that even if all platforms were assumed to be equally vulnerable, the 90-percent-share monopoly platform would suffer more than 90 percent of the exploits. But I don’t believe that this explains the extraordinarily disproportionate share of security exploits that Windows suffers.

For one thing, it doesn’t explain why the Mac previously suffered a number of serious viruses. The Mac’s overall market share has never been all that much higher than it is now. (Apple once had 16+% market share, but that was back in the Apple II era; to my knowledge, the Mac has never had double-digit market share.)

For another, it doesn’t explain the fact that some security exploits are aimed at extremely specific targets, including subsets of the Windows population that are much smaller than the overall Mac population. For example, the Witty worm, released in March this year, was specifically targetted only at Windows machines running specific versions of firewall software from Internet Security Systems.

From Bruce Schneier’s Witty analysis in Computerworld:

Twelve thousand machines was the entire vulnerable and exposed population, and Witty infected them all — worldwide — in 45 minutes. It’s the first worm that quickly corrupted a small population.

(See also: “Reflections on Witty: Analyzing the Attacker” from the MITRE Institute and the International Computer Science Institute.)

My points here being:

  • Despite the fact that Mac OS X is relatively secure, Mac OS X users should not grow complacent. Witty devastated a target population vastly smaller than the overall Mac OS X population.

  • There are factors other than market share that have led to the remarkable paucity of security exploits on Mac OS X. Maybe it’s superior engineering by Apple’s engineers; maybe it’s something along the lines of my “Broken Windows” theory; maybe it’s just dumb luck. My guess is it’s a combination of those three, more or less in that order. But it’s something.

Market Share at Google

Google’s Zeitgeist usually contains a chart listing the percentages of Google users broken down by OS. Their numbers for April 2004 show Windows with 92 percent market share; the Mac, 4 percent:

Windows XP49
Windows 9821
Windows 200018
Windows NT3
Windows 951
(Windows total)92
(Non-Windows total)8