Another Good Reason to be 3% of the Market... - Page 3

Krevinek · #17 May 28th, 2005, 11:23 AM

Well, let me interject with a bit of logic, even if it is slightly flawed:

Budget tends to be based on the marketshare of the platform being targetted in software firms. So, security analysis targets the larger platforms (since they are getting more business from companies on that platform) when it isn't specifically requested and paid for. So, because of the small marketshare, security firms aren't spending /as much/ time and effort on MacOS as they are on Windows.

While this could mean is that it is likely that the resources allocated to our platform are not sufficient to snuff out the really tricky exploits that I wouldn't be surprised if they exist. However, since we don't have the resources to do detailed security analysis like this ourselves, it is something rather unprovable.

So, the question becomes: If I am a greedy SOB wanting some free money fast, do I go after a 'richer' (not always the case), smaller culture where I have to spend hours and hours finding an attack vector on my own, or do I go after more people in the 'poorer', much much larger culture where I can simply download information on an attack vector from a security website and have the potential to infect many more users?

The risk/reward of targetting MacOS with a virus is very high risk with little reward. (You risk spending a lot of time searching in places for a vulnerability and not finding one)
The risk/reward of targetting Windows with a virus is very low risk because of user behavior (unpatched boxes, reams of vulnerability information at your fingertips that don't require user interaction) with moderate to high reward depending on your goals.