We’ve all believed for so long that the Windows operating systems are full of security flaws: – but is this really the case, and more to the point, is it still the case?
With the significant number of security flaws impacting non-windows systems coming to light over the past nine months – a new phenomenon in computing history, I’m prompted to ask this question. General perception has always been that only Windows suffers from security flaws, but I’m not a believer, and would to present here a different perspective for your consideration. We’ve been told by the other camp – the Open-Source community – that due to the large number of ‘eyes’ continually looking at the code, that all open-source code is bound to be more rugged and secure. I never really believed that either, and given the glaring and major security flaws discovered recently in code that has been around for years, can now certainly disagree.
Consider the Heartbleed OpenSSL bug discovered earlier this year: – the buggy code had been around for 2+ years and caused major havoc across the Internet world. And there are yet still more bugs being discovered in OpenSSL regularly. More eyes on the code does not appear to produce better code at all!
The Shellshock/BASH vulnerability – affecting all versions of *nix platforms including MACs, and discovered just last month, continues to confound the ‘eyes’ approach to security.
And finally, a very specific bug targetting only older versions of Synology’s NAS operating system.
The overall question is why are we only this year seeing more and more flaws being exposed in non-windows operating systems?
The fact is that these flaws have all been around for some time, and I’d like to propose a reason why they are only coming to light just now. Consider:
- Windows machines still account for roughly 91% of the overall machine market, and this has always (roughly) been the case.
- Hackers hack where they can get the biggest bang for the buck, and so developing for 91% of machines as opposed to 9% of machines has been a no-brainer.
- Basically, they just were not interested in trying to hack open-source/*nix platforms.
So why now? Is it because non-windows machines are suddenly taking over the market? NO!
I’d like to suggest that it’s because Microsoft is (finally) making their operating systems so secure that hackers are being forced to find other avenues for their talents. What do you think?
Some takeaways form this post:
- The Internet is a dangerous place, but a necessary evil in our connected world. Switching off and becoming a luddite is not the way forward.
- All software has bugs/flaws, and we all need to remain aware and diligent in protecting ourselves and our systems.
- Having a MAC is not synonymous with not needing suitable malware protection.
- The proliferance of mobile devices – smartphones, tablets and similar – will ensure that hackers target these platforms too, and this has started already. As mobile payment systems continue to advance, so too will hackers target these devices. Be prepared.
PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.