"If as many people used Linux as use Windows today, we'd have just as much of a problem with Linux malware as we do with Windows malware."
I often hear that argument made and yet in the time I've been using Linux (since 1994) the total number of Linux users has increased by many orders of magnitude but I have seen no corresponding increase in the number of security issues. I think that it's because Linux is (much) more secure by design and process but I guess I'll just have to wait until the apocalyptic Xth user moves to Linux and I start having to worry about viruses, malware etc. to see if I'm right or wrong.
I don't understand why this is so hard for people to understand. There's virtually no Mac malware, either! But it is demonstrably trivial to create Mac malware; in fact, it's far easier to do that than to come up with a new Microsoft vulnerability.
The issue here is simple. People will target Linux when it stops being so overwhelmingly profitable to target Windows. We're nowhere near "peak oil" for Windows malware. It is, as Joel Spolsky points out, just economically irrational to target anything other than Windows.
This is the difference between safety and security. You are indeed safer on a Mac, just like you're safer living out in the country, even if your city house has a serious alarm system and bars on the basement windows.
I can't refute your argument any more than you can prove it to be true which is why I said I'll have to wait for the apocalyptic user to arrive. But if you can demonstrate some Linux malware (trivial or otherwise) it would add a lot of weight to your argument :)
What's your point? Malware is enabled by vulnerabilities. Nobody is arguing that Linux has lots of malware. Linux is safer than Windows. But it's not more secure.
I'm not so sure about that. Some malware installs itself by exploiting vulnerabilities. (Not all of it, though - there's plenty of Windows malware that gets installed by social-engineering the user.) But, in order to stay installed, most malware depends on other properties of the OS to conceal itself and stay installed. Windows makes this much easier for a programmer than Linux does.
I know that a lot of people say this, but I don't know a single professional security practitioner who --- when push comes to shove --- actually believes it. I'm not being glib or dismissive, but I'm also not going to argue the point anymore.
I often hear that argument made and yet in the time I've been using Linux (since 1994) the total number of Linux users has increased by many orders of magnitude but I have seen no corresponding increase in the number of security issues. I think that it's because Linux is (much) more secure by design and process but I guess I'll just have to wait until the apocalyptic Xth user moves to Linux and I start having to worry about viruses, malware etc. to see if I'm right or wrong.