Originally Posted by Puddle Jumper
How detailed would information about what OS people are using to visit a site have to be for it to be considered dangerous? For example would releasing that of the visitors to site xyz 40% use Windows 7, 20% use XP, 20% use Vista, 10% use OSX and 10% use Linux be hazardous or would the info need to be more specific than that?
Even posting that information can be hazardous. I mean just look at the Windows update cycles from the time a known exploit is released and the patch comes out. Your talking about a month's time that someone could know exactly how many users they could easily infect with a specific exploit before it is patched.
So lets say that All Windows versions are at risk. That means by posting that information that 80% of our members would be at risk of someone knowing that they are at risk and that they could be subject to an infection from just visiting our site.
Could you feel comfortable knowing that could happen to you? Now imagine you are a first time visitor and it happens. What are the chances you come back?
kmote is right about the user agent string, and i can tell you that it isnt that hard to dupe that little detection mechanism either.
The fact is it isnt going to happen. We are not going to release the information about how many of our users use a specific OS. With the amount of viruses that are out there, exploits that are found almost daily for so many different version of all OS's we are not willing to risk our members safety so people can have some information that isnt necessary for anything relevant to them. Just to fulfill their curiosity.
I will find out about the % of people checking from mobile devices, as that information can range from a phone to an iPod touch and so on that it is very difficult to arrange an attack against a specific device. But as far as the OS debate goes, it aint happening. No amount of griping, no amount of trying to sway that decision is going to work. Sorry but that is the way it is going to be.