There’s some evidence that Windows has become secure enough that the bad guys that write viruses and rootkits and phishing attacks are looking elsewhere.
It’s anecdotal so far and the defenders of other OSes will find other explanations, but the idea makes sense. In fact, Windows defenders have long said that attackers would move on as soon as other OSes were easier to attack than Windows, and as soon as they became more popular.
This article from ComputerWorld reports on a speech by eBay’s security chief, describing the increasing professionalism and organization of the criminals working on eBay attacks. He notes that the vast majority of web servers displaying phishing websites – the ones you’re taken to if you click on a link in a phishing message – are compromised Linux machines, not Windows-based servers.
This blogger sees a bigger trend. An up-to-date copy of Windows with security software is very secure – so much so that attackers are changing their focus to exploit weaknesses in the programs that run on our computers, not weaknesses in the underlying operating system itself. Skype is under fire, Oracle released 51 security patches this month, Adobe is scrambling to get a security update for Acrobat out the door.
That’s why Vista’s user account control is so important. When your programs run by default with reduced privileges, the bad guys aren’t able to use those programs to compromise your computer behind your back. It’s a bit arcane but trust me – it matters.
The bad guys are fierce and determined. We will continue to be forced to patch and upgrade and deal with the side effects of our defensive measures for the foreseeable future. Simply put, though, you’ll be safer with Windows Vista as your operating system.