Is an OS secure based on market share
 

hi

Is it true or myth that virus/malware writers only attack operating systems where they have a majority of users?

Does this make linux more secure than windows and freebsd more secure than linux in terms of market share.

Not sure of android and IOS malware stats since they both have good market shares

Short answer no.
Long(er) answer; the more popular you are, the more likely an attack and currently MSWin is by far and away the most common system and in particular desktop that is used by a lot of people who are not IT literate/security conscious.

Check the Security Forum Stickies for Linux security guidelines.

Viruses (Linux) in the wild are very rare, but stuff like rootkits do occur.
A lot of attacks are against specific services like Apache/browser, which are OS agnostic; see also weak passwds to eg login as root.
Note for instance that Apache is the most common webserver on the net (see netcraft surveys), but its pretty secure; the same cannot be said for the webpages (especially cgi eg php ones) that people put on them.

Actually. I was thinking in terns of desktop usage and not as servers

greatly appreciate the feedback chrism01

Re desktops; pretty much the same thing; MSWin dominates 9in terms of numbers) and most users aren't IT/Sec aware.
Then you've got MAC (latest OS/X is *nix underneath, hence 'X'); again mostly non-tech users.
Finally Linux/*BSD/Solaris etc; most users will be tech aware.

I'm not getting into the 'secure by default upon install' arg, as I've only run Linux at home for the last 10 yrs; its pretty secure out of the box, although I always load up firefox with add-ons:

noscript (reqd imho)
https-everwhere
flashblock
Ghostery
disable auto acceptance of cookies and images (its not that hard to manually deal with)

as the Mac gets more popular,
then even more than the current handful of virus's,
& so will increase.

Popularity is a major factor in insecurity of an OS. But it is not an absolute factor.

Popularity might be the biggest reason for the fundamental security advantage of Linux over Windows. But it is not the only reason. If Linux and Windows were equally popular, Linux would still be more secure.

1) There are differences in the fundamental security of the design. Linux is inherently more secure.

2) Just as popularity affects the attacker's choices, inherent security also affects the attacker's choices. Item (1) means that a lower fraction of attack attempts will succeed. But because a lower fraction would succeed, a lower number of attacks are launched.

3) Variety: Because of a lack of central control (over all of Linux), those managing distributions make conflicting decisions, that lead to some of the weakness of Linux as a user friendly environment. But those same conflicting decisions cause even more trouble for malware authors than for ordinary users. Linux is also more end user customizable than Windows, leading to still more unpredictability for malware authors.

4) User competence: The security of your desktop system is more in your hands than in the hands of the OS developers. On average, Linux users are significantly more competent at computer use than Windows users. Even if total popularity shifted to equal, there would remain a significant difference in average user competence.

Just as your safety from biological infection is improved when other people are vaccinated, your safety from computer infection is improved when other users of the same OS are more competent about security. So you benefit from (4) even if you aren't one of those bringing up the average.

Technically, the 'X' stand for the roman number 10.

Original question:
no, it is not more secure. Most 2013 security threats are not from intrusions, but from SpyWares/XSS/DB sniffing. As most of those run in the browser or on compromised servers, you are not better protected than a Windows users. While you are less likely to have an intrusion attack succeed, it should not be your worst fear.

The issue is profit versus cost. Secure doesn't really play into this. An obscure OS with a user that never uses bad practices may be a worthless target. A billion users running with bad practices where there bank data and personal data and shopping data on would be golden. Even more so if the hackers are trained in windows and use latest codes and exploits.

Remember in this that some very high profile targets are Linux and Unix based also. A bank running AIX might be targeted as much as any. Even the syslinux super super guru infected the Kernel repository so anyone's computer is a target. Who knows really what happened, crypto security of files may still have been breached.

Any computer system that runs arbitrary software, has a writeable filesystem, and is connected to a network can be compromised, in theory. In practice, Windows-based systems have been the most affected because of the overall popularity of the system, and the lack of a strong separation of user/admin priviledges, which makes it easy to compromise systems from the user space. Unix based systems are a harder target, since a normal user's priviledge doesn't allow all that much damage to be done to a system. Since MacOS follows that model (more or less), it has been mostly immune so far, but that may be changing. Apple has been notoriously slack regarding system security overall until recently. Microsoft, on the other hand, has been aggressive in doing what they can to make Windows systems more secure. Windows 8 has anti-virus capability built in, for example. Linux is a tough target for attackers because of a generally strong security model, and the fact that there are so many different implementations that it's a very diffuse target. If a person uses a little common sense, the risks are much less, regardless of system used. Most exploits these days use some form of social engineering to gain access to user's system. Given the huge preponderance of Windows in the market, most bogus software is, of course, aimed at that ecosystem, since the potential profits are huge. Linux users, with a system that's harder to crack, and a much smaller (and better informed) user base, have much less to worry about. Stick with the known and vetted distros and repos, and you should not have a problem.