Hmm, I have never like the obscurity argument for any platform. Yes, many more people use various flavors of Windows and it is a much "juicier" target these days. Initially there was little business value to exploiting the weaknesses of the Windows OS since the truly mission critical stuff ran on VAX, UNIX or older Mainframe systems. These systems have been networked for years and been demonstrably less vulnerable to many of the exploits pulled on Windows systems. So basically the security problems with older Windows systems were initially exploited for fun and reputation, not profit (this changed when people figured out you could take over machines via email and send spam from a remote machine). On that basis I would have expected people to come out swinging at some of the non-MS stuff just to show it could be done. Results to date indicate that either people aren't trying too hard or non-MS stuff is harder to exploit (interpreting a small/null sample is always a challenge).

Of course MS made it trivially easy for people to find exploits. Initially there was literally no concept of designed in security and while they are improving, security often runs counter to the MS approach to ease of use (let the system automatically do that to ^h^h for you) and creeping (or maybe exploding) featuritis. This is especially true with the MS office suite, mail and IE being so closely integrated with the OS. A vulnerability anywhere can be escalated across the entire environment. At least with non-MS stuff in the loop (as browser or OS) the level of integration and vulnerability is reduced.

Are Linux and MacOS bulletproof? Of course not! But because of various design decisions they are much less vulnerable to the sorts of tomfoolery that Windows has had to put up with. It is much more difficult to escalate an exploit on most non-MS systems to the same degree that you can on a MS platform.

I don't have certifications like yours, and to be blunt in my field they don't mean much, but I do have over 20 years working with lots of Commercial Off The Shelf computing and networking systems while designing, integrating and testing safety critical systems. A lot of this computing stuff is pretty similar to our preparedness discussions - lots and lots of choices with no single answer that works for everyone. smile

- Eric
_________________________
You are never beaten until you admit it. - - General George S. Patton