This is why Microsoft Windows is threatened by thousands of forms of malicious software and, in contrast, specialized supercomputers are threatened by relatively few. This also is why as the adoption of the Internet grew and the number of nodes increased, the Internet as a whole became a threat vector. Then, as multiple popular systems began to coalesce, they too became threat vectors.
From a simple cost/benefit view as a hacker, why work hard on an attack that can only compromise a small handful of obscure machines when you can devise one attack that compromises thousands, or even tens of thousands, of systems globally, which then can be used to enable additional exploits or to stop and collect data?
The fact that the Internet, the largest network on the planet, has an extremely large number of active threat vectors is best evidenced by constant news of security problems and an awareness that there are nodes which only add negative value to the Net. When these predatory hosts are used to compromise hosts that add value, then not only is that total value lost to the sponsoring organizations, as well as society, during the course of the initial breach (assuming it is detected), but tremendous costs -- both accounting and economic -- are associated with restoring the systems, purchasing, implementing and maintaining countermeasures, etc. These costs play havoc with potential value models because they create equations with multiple unknown variables that cannot be readily solved.
For many organizations, connecting to the Internet and having email and Web capabilities are simply viewed as the cost of doing business and can be readily tallied each month by looking at bills from vendors. The value proposition, in comparison, is nebulous at best to many homeowners and businesses that are not engaged in commerce on the Internet. As a result, many spend as little as possible for the connection and put in as few controls as possible because they can't measure the value of the Internet to them. However, they can track the costs.
In other words, they know they are spending money, but really don't know if the benefits merit the costs.
Looking at past history and trying to establish rudimentary risks, the ''it hasn't happened to me before'' mentality can create an environment wherein individuals and businesses, even large ones, spend very little on controls, such as Internet security, firewalls, antivirus, antispam, etc. The final nail in the coffin is a fixation on self-interest and an unwillingness to spend personal/organizational funds to protect the Internet, which is a digital commons.
Safeguarding our Resource
Perhaps the core issue surrounding the Internet is the fact that it is a global public commons much like the environment, albeit a virtual one. As such, the Internet is a resource that needs safeguarding to prevent its misuse and ultimate destruction.
In fact, one can apply the Tragedy of the Commons to the Internet in a number of ways.
First, since people are not held accountable for responsible use, an ''anything goes'' mentality exists and is perpetuated by a lack of coordinated action by lawmakers worldwide. Second, there are diminishing returns, much like Garrett Hardin pointed out in his classic article on pollution.
With the Internet, for each additional node added that doesn't have adequate security and behave in a responsible manner, we observe diminishing returns, or even negative returns. And we lose a portion of total value. How many tens of thousands of zombie hosts are on the Internet right now due to clueless small businesses and home owners who have no idea what is going on, yet are unknowingly allowing coordinated attacks to happen on high-value targets all over the world? How many virii are running wild causing havoc? How much time is wasted and opportunity costs incurred due to spam?
These example risks, and many more, threaten the real value of the Internet to society.