I agree servers are attractive targets. But I think the main reason they're attractive is because they have a lot of potentially high-value data on them, depending on what they are. A server, by itself, is a valuable target. Clients, and in particular clients for home users, are really just valuable en masse. Virus, worm and/or trojan-style malware makes a lot of sense for client machines, where an attacker probably isn't going to go to any great trouble to take over any particular machine- they just want a lot of machines. And once they get control of a client machine, they're not going to spend hours figuring out what data on it is valuable. Attacks on clients just tend to be a lot more automated from top to bottom.

Because servers are valuable individually, an attacker will spend more time on it. Mainly, the method of attack will be different. They'll craft their own exploit code to get in. They probably won't just add it to a botnet they control. And, I think you have to expect that any time an attacker does something "noisy" on a server, like using it to send out lots of spam, it will get detected rapidly. But, I'm sure there are situations where that happens. I sure there are lots of insecure SMTP servers out there that get hacked into each day.

Even iOS has privilege escalation vulnerabilities. The iOS security model doesn't decrease privilege escalation vulnerabilities- it just makes them more difficult to exploit, since its hard to run even low-privilege code. You can consider Charlie Miller's recent attack, as well as the old PDF buffer overflow (CVE-2010-2973), privilege escalation attacks.

What sort of crazy conspiracy theory do you have twirling around in your head that makes you think Microsoft would rather block malware by using AV software than securing the OS? What makes you think Microsoft, who has the software industry's most advanced and rigorous secure software development methodology (SDL), isn't already trying to secure the OS?

Any piece of moderately complex software is going to have vulnerabilities. But the bigger problem for Microsoft is that users need to be able to run untrusted code on their boxes. And trusted code that really isn't trustworthy (thanks, Adobe). You could point to access control mechanisms and sandboxing, but in reality every modern OS has privilege escalation vulnerabilities. You have to assume anyone that can execute code on your box, even in userspace, can take control of that box. Mac OS X and Linux have the same sorts of vulnerabilities.

They definitely would. Baked-in AV would be probably be great for most home users, but businesses would want something that they can more easily centrally manage. Microsoft has gone to great lengths to make it possible to centrally manage Windows, but certain features running on/under Windows are not always so easy to manage (I'll looking at you, Bitlocker).

As another commenter pointed out, most AV companies would stay alive on their business sales. Most probably already make the vast majority of money on business sales. There are probably a few that are heavily dependent on OEM sales, but that's going to be the exception. Those are probably also the AV distributions with malware database subscriptions that run out after 6-12 months, whereafter the user is basically just operating without protection.

Servers are generally managed by someone at least half-competent- at least compared to most users' home desktops. A Linux server isn't a particularly attractive target for malware developers. In the grand scheme of things, there aren't enough of them compared to Windows laptops/desktops, and the attack method is more difficult because you shouldn't have people running code from outside the server. Even if a server did get infected with malware, it should be detected relatively quickly. In the end, it's just not worth it.

That's not to say Linux servers aren't attractive hacking targets. They absolutely are. And they absolutely get hacked into all the time. I really don't see why Linux would fare any better than Windows at dealing with malware if it controlled 80-90% of the client market.

OK. I'm not sure what you're worried about, but you can do whatever you want to your APs. But, did you change the MAC address for the Wifi interface, or just the MAC address for the WAN interface? Most firmwares only let you change the MAC for the WAN interface.

If your WiFi router firmware lets you change your WiFi MAC address (which the DD-WRT firmware lets you do), you could change that all the time without creating any problems with your cable modem. As long as the WAN MAC stays the same you won't have any problems.

Look at Apple's Q&A on this topic:
http://www.apple.com/pr/library/2011/04/27Apple-Q-A-on-Location-Data.html

You can also look at their support page on location services:
http://support.apple.com/kb/ht1975

Notably, the first link says: "These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."

Apple's implementation is different than Google's and Skyhook's, particularly as it relates to how a phone estimates its location from the visible APs, but its still sending geotagged MAC addresses up to a mothership.

Your absolutely right that a cell phone doesn't need to use wifi to get an estimate on where it is. But, as I said before, wifi triangulation is much, much more accurate. That's not necessarily a big deal if you're just using it to assist GPS, but it might be if you're using it as an alternative to GPS (for instance, if you're using an iPod touch, or you're inside a big building and can't see GPS satellites). Apple's Q&A says the iPhone will use geotagged wifi information from their database in addition to cell tower information.

My iPod touch is not figuring out where it is based on IP address. If you turn on location services in the settings its using the geotagged wifi database. That's how its able to pinpoint your location to around 100 meters or so. There actually seems to be a bit of an inconsistency between the two Apple pages. The first one makes it sound like the iPhone has its own cache of geotagged APs, but the second one points out that the iPod Touch needs an active Internet connection to work. I've noticed that on my iPod Touch. That implies that its sending something up, and getting a response back. Maybe the iPod just passes up the MAC addresses of visible APs, and it gets back geotagged MAC addresses, and does the triangulation computations on the iPod.

I don't understand what point you're trying to make in your second paragraph. You're right that Apple devices don't auto connect without user authorization. That's true, but irrelevant. iOS devices can certainly see the MAC addresses of visible APs without connecting to them.

Oops, I forgot to finish a sentence there. I meant to say have you ever wondered why cell phones lock on to GPS signals much, much faster than GPS navigation systems that have been off for a while? It's because the cell phones get a head start by using cell tower and WiFi data and querying these location services.

Cell phones can use cell tower triangulation, but most modern cell phones will more heavily rely on wifi triangulation because its significantly more accurate. A phone only uses just cell tower triangulation if GPS and Wifi are turned off (or if there aren't enough visible wifi access points available). But even if GPS is turned on, phones will still query the database using visible cell phone towers and wifi APs because it helps them get a GPS signal lock much, much faster. Haven't you ever wondered why

You're right that for an iPod Touch to use this it needs an active Internet connection. But its doing the same thing- querying a web-based service with the MAC addresses of currently visible APs, including the ones that it isn't connected to. You just need the active internet connection because otherwise the iPod doesn't have a way to query the web-based service.

iPhones (and Android phones) are part of the information-gathering system. Assuming you have GPS on, your phone is keeping track of unsecured and secured wifi APs, along with their locations, and reporting them up to the mothership. Google also uses their Street View cars to map access points. Skyhook sort of works the same way. Some software on mobile phones use the Skyhook data source, instead of whatever the phone vendor might provide. Mapquest on Android does this. There's a Skyhook service running in the background that captures MAC address and location data, and passes it up to the Skyhook mothership.

What would stop Skyhook and/or Apple from sabotaging Google's database using their own lists of MAC addresses and SSIDs?

Except that depending on your Wifi management software, some devices will see a device with the same SSID but a different MAC address as a different network, and make you manually reconnect to it.

The ironic thing about you complaining that geeks give Google too much latitude is that other companies (including Skyhook and Apple) do roughly the same thing Google does, yet Google is the main one getting heat for this. The other companies don't even have a way for people to opt out.

I didn't see that in the article at all. The ARS article explicitly said it was Wifi. Besides 2.4 and 5Ghz, where else is there enough contiguous unlicensed spectrum for anything like this to plausibly work?

That's only true for using a quantum computer to break symmetric crypto. Asymmetric crypto algorithms that rely on the difficulty of factoring or computing discrete logs are hit much harder.