Paul Thurrott says: “Is Windows inherently insecure? Of course not. We’re targets because we represent 95 percent of the computing population. Attackers aren’t going to attack Mac OS X users for an obvious reason: The OS has only a few users. If we all jumped ship to Linux, for example, that platform would then come under attack.”
I keep hearing this argument from people, that Windows has more exploits only because it is more widely used. I have to take issue with this gentleman’s statement, and those of a similar nature. I understand the context he is coming from, that he has built his career around reporting on Microsoft, so he is subjective, but I believe he does his readers a disservice with this particular set of statements. Of course one of the reasons why there are more exploits for Windows is that it has marketshare. Where I take issue, however, is with his implication that Windows is just as secure an operating system as Mac OS X or Linux. It simply is not as secure. Linux has a large amount of the Web server market, yet I haven’t heard of a worm bringing down thousands of Linux machines across the Internet. This isn’t to say that Linux is without exploitable security flaws at all, I’ve had machines that were attacked or exploited. In virtually every instance, it was my fault for not patching something. Microsoft is more concerned with getting product out the door than they are in getting things right on the security front. This has made each of us who use a Microsoft OS beta-testers. The second and more relevant reason why there are more exploits for Windows XP than Linux or Mac OS X is that Microsoft has provided people who wish to develop exploits with a lot of facilities for creating them, so it is far easier for someone to create an exploit. I would like to see some of these very biased Windows journalists admit this fact for a change, it’s as annoying to me as partisan politics in this country, throwing practicality and fact to the wind in order to advance a very biased viewpoint linked to a career path.
Here’s a Slashdot thread with some interesting information on this subject.