"John Rumm" wrote in message
...
nightjar nightjar@ wrote:

However, it is their relative obscurity that protects them much better
than their relative security. If there were serious money to be made from
breaking them, as there is with MS products, it is unlikely that they
would fare a great deal better.

Not sure that adds up... The large installed base of MS products will make
them an attractive target, but I don't think you can cite that as the only
reason for their apparent lack of security. MS has only recently jumped on
the security bandwagon, prior to that they paid it little attention at
all, preferring to concentrate on adding features.

I'm not saying that is the reason for their lack of security. I am saying
that the lack of similar levels of attack is one factor in other systems
appearing to be more secure than they possibly are.

Remember that MS do not dominate in the server space. One of the most
common OSs about must be IOS from Cisco. As deployed in critical internet
routers and gateways the world over. Highly attractive (and profitable)
target for the black hat community, but in comparison relatively few
compromises despite a massive installed user base.

There are far more internet servers out there running Solaris or Dead Rat
with Apache, Tomcat, PHP etc, but the vast majority of the compromises
affect the less common Windows / IIS setups.

The people running servers are likely to be much more computer savvy than
the average Windows user and, even if all other things were equal, that
alone would make them less attractive targets. As it is, there will be a
better return on the time and money spent on finding even more
vulnerabilities in Windows, so why bother with other systems?

Colin Bignell