Who's got the safest operating system? Apple, Google, Microsoft? According to one security expert, what really matters is who's using the OS.
"Microsoft doesn't have a monopoly on all the technical vulnerabilities that are out there," Zulfikar Ramzan, technical director of Symantec Security Response, said.
Today's online criminals are far more likely to target user behaviour rather than a technical flaw in the OS. "It's a lot easier to do that," said Zulfikar. "You don't need as many technical skills to find one person who might be willing, in a moment of weakness, to open up an attachment that contains malicious content."
This trend has been rising rapidly over the past two years. Currently, only about 3 percent of the malicious software that Symantec encounters exploits a technical vulnerability. The other 97 percent of malware is either "piggybacking on that 3 percent," or more likely trying to trick a user through some type of "social engineering" scheme, according to Zulfikar.
Tricking the user
In other words, most attackers now target human, not technical, vulnerabilities. The key is to trick someone, usually via psychological manipulation, into compromising their own security by installing malware, for instance.
One such attack is when an organisation's chief financial officer (CFO) receives an email claiming to be from the IRS. "It says you haven't paid your taxes, and if you don't open up this attachment and fill out this form, we're going to fine you," Zulfiker said.