Responses (from another site) on my recent, "Security Alert: They Should Have Used Linux" led me to explore the conclusion that hacking is really only for those seeking the low-hanging security fruit as their prey. These folks, who tout themselves as "Linux Experts" intrigued me so much with their comments that I'm compelled to write this post as an analysis of that dialog. One said that, "Hacking is a business. Windows is targeted because of the size of the target... combined still over 90%, and XP allegedly *still* 65%+." Still another asserted that, "Windows is the most attractive target for botnet crackers because of its ubiquity...." Could this be true? Could it be that hackers are simply hitting Windows because it is the biggest target?
I beg to differ.
I think Windows is an easy target because it has some pretty glaring insecurities. But it isn't the least secure out of the box OS.
One of the commenters said, "I myself recently changed from PCs running Linux to MacBooks for both work and home; though almost all of my work is via ssh to Linux or FreeBSD servers."
Want to know which OS (from Mac OS X, Windows Vista and Ubuntu Linux) was hacked first at two (that I know of) security conferences?
It wasn't Vista. It was hacked on the last day of the conference.
It wasn't Linux. It was never hacked.
Wait for it...
If you said Mac OS X, you're correct.
Some guy won a $10K prize by hacking it within two minutes of the start of the competition.
It isn't as my commenters suggest, that Windows is just so ubiquitous, that it's a target of more hacks. If hackers were simply low-hanging fruit grabbers, they'd grab Mac OS X first.
I believe that if Linux were in the Desktop use majority, it would still be the most secure and least vulnerable to hacks. Perhaps the true blackhat-wearing hackers would use their powers for good since hacking Linux would prove so unprofitable for them.
If ubiquity were truly the attraction for hackers, then Linux would be the most hacked OS because most Internet sites run on Linux with Apache.
What do you think? Is hacking just an exercise for those who seek the low-hanging fruit or is there more to it than that?