Apr 2, 2008

Why Windows has viruses and Ubuntu (or another non-Windows platform) doesn't

The most obvious answer to this question can be summed up by a picture:

This is a pie chart of OS market shares, from Google Analytics. This comes from a fairly popular website, so the percentages are fairly accurate. The blue section is Windows. Green is Mac. That little orange slice is Linux (Ubuntu is a flavour of Linux designed to be easy for users). The rest is random other things like Playstation 3, iPhone, etc.

This is enough to convince most people why Windows has viruses. Many Linux advocates argue that the viruses to users ratio for Linux is much lower (by much lower I mean much much much lower), but this doesn't mean anything. Why would a virus maker make a virus for Linux when he/she could make one for Windows instead, and have a much higher target market?

Now for a little thought experiment. Suppose these three platforms had equal market share. Since the target market is the same for each platform, there is no preference based on market share for virus makers. So put yourself in the shoes of a virus maker. Which platform would you write your virus for?

For Windows, there is no concept of a superuser. Most of the time, the user logged in has access to the entire system. That means so do the programs that are running, like viruses. So if I were to write a virus for Windows, this means that I can start deleting files and installing things to my heart's content. Compare this to Linux, where this is not an option, you need a root password. You could probably get the root password by having a program simulate the password request screen or some junk like that, but that's a lot of work. On top of that, in order for the virus to propagate, it would then have to install itself on other systems, meaning you'd have to get the root passwords for those ones, etc. So in order to make a virus for Linux, you have a lot more work cut out for you, just by the nature of the system. Therefore, even with equal market share, I would instead build a virus for Windows where it would actually have enough of an impact to be worth the effort.

In Windows, there is a standard set of software: Microsoft. If biology tells us anything, it says that homogeneity is a breeding ground for extinction. If a virus is able to use an exploit in Outlook to infect the system and broadcast itself, any other computer with Outlook (a large number in the Windows world) is also easily infected. Compare this to the Linux world, where there is a heterogeneous mix of software: Evolution, Thunderbird, KMail. Although a virus may be able to exploit a bug in Evolution, it may not be so successful with Thunderbird, thus decreasing the spread of the virus. Same goes for distributions, if an exploit in Ubuntu is found, it may not affect Fedora or Mandriva (or even Kubuntu).

This is not necessarily true and is completely speculation, but it is even possible that the anti-virus software companies may not be working completely in your favour. Their goal is not to keep you safe, but to make a profit. Although competition drives them to create a better product, they'll still want to have a high demand for it. This means that it is in their interests to keep viruses out there that infect systems and are able to get around their software. I've seen situations where Norton was completely oblivious to viruses that free virus scanners like Avira caught. So it is profitable for an anti-virus company to be slow on catching new viruses, or to even create new viruses to make a profit.

Since Windows is so easy to infect, the market share of Windows would have to fall so low that the virus makers wouldn't even have the incentive to use a tiny effort to create a virus for the system. Since this probably isn't happening any time soon, it looks like Windows users will just have to deal with it.

1 comment:

Anonymous said...

Binary data regardless of choice of OS is the flaw, fact remains regardless what you write your code in be that java, c, python etc.. To machine language its just binary bits, all this OS bs and favoritism is just that bs. Everything is equally in respects vulnerable of some form of attack, threat or virus. What it comes down to is what written with better intentions, how that translates and how people use that said tool.