Sometimes it certainly seems that way, but there was also period of time when Apache dominated the web and yet Microsoft's IIS was having a lot more exploits despite Apache having more market share. Marketshare isn't the only factor, but it probably is a factor.
I wonder if that might have been due to Windows market share? Windows was everywhere on the desktop, and those Windows desktops provide a good intermediary vector for attacking instances of IIS on Windows Servers.
Also, thinking back to the bad old days and the script-kiddie-eseque of many viruses of the early 2000s (iloveyou, et al), I suspect it may come down to attacking what you know: Windows was more prevalent and better understood so that's what people tried to break.
We're the exploits helped out in any way by Windows itself or were they solely exploiting IIS alone? Never used it but I assume at least before it may have been pretty integrated into Windows.
It's a factor, but is it really that big of a factor for Linux? I'd've thought that its usage on servers would make it a sizeable target (both as powerful machines to use in a botnet and as a way to compromise company information).
Desktop Linux just as well has software repositories, which are similar to app stores, but human beings look over each application that's included. And you find essentially all popular software in this trusted repository.
So, this strategy would barely work, as users would only look on the internet for a download, if it's not in this trusted repository and then it's gonna be a really unpopular application. (Theoretically, it's possible for your grandma to go on the internet before checking this trusted repository, but that is really just so much more effort.)
Linux user base also has an effect. It's all people who know what they're doing or someone having a newbie relative using it just for browsing the web.
If Linux was 90%+ of the market, getting people to download some stuff with a curl command promising some BS or having people download and run sudo would only need to touch a fraction of users to be highly valuable. That's just a random example off the top of my head. And also because I don't use Linux on desktop so I don't fully know how everything works there.
And if someone thinks regular people would be "too scared" of CLI to pipe curl into sudo sh, remember that people are "too scared" of developer tools in browsers too, and yet Facebook and others have to implement self-XSS protection measures in there, because it turns out there's nothing too complicated in computing when it stands between a person and fulfilling their desire (as promised by a scammer).
Yeah for sure about the "too scared" to do any CLI or any other different sort of thing. I've had some Mac friends just copy paste homebrew stuff in. Without any knowledge of how popular it is or if they are for sure on the correct site. They just knew I said homebrew [cask] is good and installed it. They could've easily gone to a wrong site and gotten screwed over. Half these people are people into gadgets and electronics, but probably will only open terminal once a year on their Macs, if that much.
You can't put up a wordpress site with more than 4 plugins selected at random on a linux box that is secure. I even experienced a THEME that was hacked.
That’s more a PHP problem than a Linux problem; a lot of the Wordpress hacks don’t care about compromising your system at large as long as they can just take over your www-data user.
Can't that also be because that's easier to do and already lucrative enough for the hackers? Not the only reason, but a big reason? Add on that a ton of [hacked] wordpresses are in jailed settings.
You're off considerably. The world population is only 7.6 billion, if every single person on the planet used the internet and 3% were using Linux to do so it would barely multiple hundreds of millions (228 million).
The actual number of users is closer to 3 billion, so even if your 3% is correct (it isn't) that's not even 100 million.
That's also assuming that every user of the internet is a laptop or desktop to access the internet, but that isn't case. More and more people are only using a smartphone or tablet, especially in emerging markets.
The netmarketshare stats have been hovering around this for a few months, and all the "global internet usage" stats that I could find were closer to 3.75 billions.
Even then, assuming 3 billion, it's still 90 million users... that's most than the inhabitants of any country in the european union
Still? I love Windows Phone relative to other mobile OSes and I clung to webOS for as long as possible. But seems like clinging to Windows Phone still has to be tough at some point. The ecosystem is gone.
1) What does it matter? If it's better by being small, it's still better.
2) The F-Droid maintainers manually build the apps on F-Droid from the respective code repositories. They will notice when something like that is off. This has to do with it being FOSS.
And if you're wanting to tell me that this doesn't scale, not really, no, but it's the same thing that Linux distros have been doing for a long time and Red Hat, SUSE, Canonical actually do have a crapton of users, especially on the server side.
Manual code inspection and FOSS or closed is entirely orthogonal to typo squatting of package names.
Every one of those distros gets around volume of desired apps by allowing the inclusion of third-party repos (e.g. current Python or docker) which in turn introduces typo squatting as a vector.
You're asking for app store maintainers to slow everything to a crawl and never get popular. No entity which wants to be successful will do that, corporate or otherwise.
They don't do a thorough code review, but they are human beings and they manually build the software from its code repository, so they will notice these kind of discrepancies.
