Your comment about the popular systems being the ones that draw the exploits is on the mark, but:

1. The first worm (Morris) was a long time ago, by definition in a climate when the threat was not understood, and UNIX was an OS geared more toward research than commercial environments; while

2. Microsoft on the other hand, after years of highly public security gaffes (and somehow obtaining security classifications for NT), still seems to excel in shipping product with security holes right out of the box.

But the point here isn't so much Microsoft vs UNIX - if the market in general wants to engage in that form of masochism, so be it. It's that critical infrastructure - and the vendors that cater to it - should be more discerning and proactive. Why not base such systems on an OS (FreeBSD or QNX?) that emphasizes security, rather than one obsessed with productivity gimmicks?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6767/21776#21776