I can really understand why there are more infections with malware on computers running Windows than those that run other OSs. Firstly, there are of course less people using those other OSs, thus the distributors of malware naturally focus on the biggest pie first. But secondly, some of those malware installation scams are actually very well done.
Consider what I came across when I was researching digital cameras. Take a look at the top search result I got back from Yahoo for a completely innocent search query (click on the image to see a full-sized version):
Ok, so admittedly, the link title doesn't even say anything about the camera model I was searching for, but I tend to click on the top link anyway. Some sort of bad habit, I guess. Anyway, a new tab opened (I always open search results in tabs), and suddenly this pop-up appears out of nowhere:
Of course, no matter if you click 'cancel' or 'ok', the “scan” starts anyway. Take a look at this screen then (click on the image to see a full-sized version):
The green progress bar in the background? That actually was animated, showing me (very quickly) a list of the various files it was “scanning” (quite realistic looking). The expectedly devastating result, popping up in a very convincing looking WinXP themed 'window': My poor Ubuntu box was apparently riddled with Windows-only malware. Fortunately, the kind folks from that site offered to fix that for me. For FREE no less! Clicking anywhere on that page resulted in some more helpful information, just before the download of an EXE file started.
But of course, because I run GNU/Linux, I am merely offered the option to run this piece of malware under Wine! The resulting screenshot therefore was so funny (use Wine to run malware!), I just had to capture and share it (again, click on the image for a full-sized version):
It's easy to laugh about this, and it's also easy to make fun of those people who fall victim to these kinds of scams, or to go on about Windows being insecure. But we have to keep in mind that most users of the Windows computers out there are not technical, and that this site was well made and looked quite convincing. Similar scams targeted at other OSs would likely have the same chance to succeed if presented to a user of similar technical skill level.
Other related posts:
Skype surveillance: You can't trust closed-source software
Fake popup study: Users are idiots? I don't think so...
Google anonymises IP addresses in their logs? Not really...
Comment by Brendon, on 5-Sep-2008 08:37
Funny how these less technical folks suddenly get amnesia when you are asked to recover their computer from this bastard of a program. Took me a few hours to get the computer back in working order and when I asked the user how the computer got infected they had no idea because they didn't install anything... retards!
Comment by Porges, on 5-Sep-2008 18:19
There's more discussion about this here:
Comment by timestyles, on 10-Sep-2008 17:31
One malware about a year or two (you had to install it somehow first) pretended to be MS Windows activation and then requested your credit card number (although it would not be used...). I wonder how many thousands of people fell for that one. Drive by malware installations are the worst - bugs that allow viewing a webpage to install malware without any user operation at all. Fortunately they are infrequent. See http://news.cnet.com/2100-1002_3-6171727.html