On The Causes and Cures of Malware

01/21/2008

A picture of a plant with orange coloring of its surroundings.

John Gruber asks a couple of interesting questions in a recent entry:

What if the desktop OS market share distribution were something like 40/40/20 (percent) for Windows/various Linux distros/Mac OS X? Would that sort of heterogeneous split keep malware from spreading even on Windows? Or, conversely, would numbers like that spread malware evenly across the board?

There many tantalizing low hanging fruit to grab at here, but I have a soft spot for Microsoft1, so I'll be keeping this strictly professional. First, lets look at something that I think doesn't matter as much as it would appear: the average competency of users.

The individuals who make malware a profitable venture, similar to the people who are the river making the waterwheel of internet advertising turn, are not average users. These are exceptional users. This makes the overall market penetration more important than the average sophistication of users. Following this hypothesis, even if the average Windows user became much more sophisticated, Windows would still be the overwhelming choice for malware. Following down another direction, if Mac OS X comes to secure a larger market share, then the malware will come, regardless of whether or not the average user is more sophisticated, because there will be a larger quantity of less sophisticated users.

However, despite saying that I still think that--even with Gruber's 40% Windows, 40% Linux, and 20% Mac OS X breakdown--Windows will continue to dominate the malware arena.

Thats because I think that the ability to push out updates quickly and effectively is key2.

Linux has a double win here with its open source development and easy to use update tools. OS X has a proprietary development cycle3, but still has a win here with its easy to use updater that does a good job of pushing out updates (its almost nagging sometimes, which is annoying at times, but probably helps make it effective at targeting the exceptional users who we are blaming malware's profitability on).

Windows, though, loses out in both aspects: it has a proprietary development cycle, and Windows Update is simply boorish to use.

I think that this is yet another area where Windows Update and Microsoft's attempts to fight piracy have contributed to a lesser product45. Until Microsoft finds a better solution to the updating problem, then it is going to be a malware magnet while it retains a sizable market share6.


  1. In general I think there is a failure to recognize the difference between what Microsoft does and what Apple does. Apple removes itself from an ungodly world of hurt by only installing its OS on computers that it manufactures itself. That, I think, is one of the most important reasons that Apple can offer a consistently good experience whereas Microsoft struggles. I'm not in the business of suggesting that is the only reason why Microsoft often comes off worse in comparison, but I think it is a crucial one. Off the top of my head my other top three factors favoring Apple: a smaller company, a more unified vision, and effective public relations.

  2. By 'effectively' I mean to a large enough percentage of users to attain an equivalent of herd immunity such that pursuing a certain malware technique is no longer worthwhile. Again, it is really the ability to effectively distribute updates to the exceptional slice of users who make malware profitable that matters.

    I am also making a potentially questionable leap to assume that malware depends on a flaw of the sort that can be patched by a software update. Despite that, this entry will assume that premise is true.

  3. With due acknowledgment that you could make a compelling argument that in some situations the proprietary model might have a quicker response time.

  4. This is yet another area where Apple's trick of only allowing their OS to run on machines they manufacture gives them a big advantage. Apple doesn't have to be so rigorous about separating the wheat from the chaff because they are at least running on legitimate Apple computers, even if the license is not necessarily in order, they are still putting money into the Apple ecosystem.

    At this point I am fairly certain that Microsoft would be exposed to numerous anti-trust lawsuits if they attempted the Apple 'Our Hardware Only' policy. Actually, I think that it will be interesting to watch that practice come under fire as the European Union increasingly strongarms American companies into complying with their arbitrary rulings. Prediction: if Mac OS X continues its success, and ever breaches 15% market penetration, then the EU will file anti-trust suits against them trying to force them to open their OS to other vendor's hardware.

  5. I think Microsoft needs to back away from their current webpage based implementation. They have clearly put a huge amount of resources into building it, but it simply isn't a compelling solution. A desktop software solution could conceal most of the authorization aspects that make using the MS Update website so miserable. Unless I am missing a compelling aspect of the web-based interface that cannot be replicated in a desktop application communicating with a cluster of servers?

  6. I would love to see a research group check on the average time for an update to reach 1%, 10%, 20%, 50%, 90% and 99% of the operating system ecosystems. How long does it take for Ubuntu to push out a new update compared to Microsoft or Apple?

All Rights Reserved, Will Larson 2007 - 2014.