Hi Steve,



I submit that just because they're the biggest websites doesn't make them the biggest targets. I tend to agree that Windows is most targeted because it's the most prevalent. Have you ever read "The Cuckoo's Egg?"

I suspect that the most significant vulnerability of either OS is the naivete of the user. For example, was it Jeff who wrote that a Windows machine can be infected just by "receiving" an infected email? But as I understand it, the truth is that the actual vector of attack is the attachment, not the email itself. And the attachment can't do anything until and unless you open it. (Sound familiar? Did you read "The Cuckoo's Egg?")

And there is one other problem I see with one of the arguments proffered here. It has been suggested that since everybody has access to the source code, security patches would be much more quickly realized. But who would actually, intentionally, modify their OS with something that was "making the email rounds?" And if it became the norm to do so, how long would it take the hackers to exploit this new behavior as a vector of attack?

Talk about an easy-in to infect countless machines. Just send out a "new security patch" email, especially one that actually addresses a real vulnerability, and then wait for as many people as will to install it on their own machines and send it on to their friends.

Of course, after this happened once or twice (or thrice) people would quickly stop installing "email patches." Then those discovered vulnerabilities would remain known and open for years.

Just a thought,

Joe