John Gruber asks a couple of interesting questions in a recent entry:
What if the desktop OS market share distribution were something like 40/40/20 (percent) for Windows/various Linux distros/Mac OS X? Would that sort of heterogeneous split keep malware from spreading even on Windows? Or, conversely, would numbers like that spread malware evenly across the board?
There many tantalizing low hanging fruit to grab at here, but I have a soft spot for Microsoft1, so I'll be keeping this strictly professional. First, lets look at something that I think doesn't matter as much as it would appear: the average competency of users.
The individuals who make malware a profitable venture, similar to the people who are the river making the waterwheel of internet advertising turn, are not average users. These are exceptional users. This makes the overall market penetration more important than the average sophistication of users. Following this hypothesis, even if the average Windows user became much more sophisticated, Windows would still be the overwhelming choice for malware. Following down another direction, if Mac OS X comes to secure a larger market share, then the malware will come, regardless of whether or not the average user is more sophisticated, because there will be a larger quantity of less sophisticated users.
However, despite saying that I still think that--even with Gruber's 40% Windows, 40% Linux, and 20% Mac OS X breakdown--Windows will continue to dominate the malware arena.
Thats because I think that the ability to push out updates quickly and effectively is key2.
Linux has a double win here with its open source development and easy to use update tools. OS X has a proprietary development cycle3, but still has a win here with its easy to use updater that does a good job of pushing out updates (its almost nagging sometimes, which is annoying at times, but probably helps make it effective at targeting the exceptional users who we are blaming malware's profitability on).
Windows, though, loses out in both aspects: it has a proprietary development cycle, and Windows Update is simply boorish to use.
I think that this is yet another area where Windows Update and Microsoft's attempts to fight piracy have contributed to a lesser product45. Until Microsoft finds a better solution to the updating problem, then it is going to be a malware magnet while it retains a sizable market share6.