IT Jobs
Google is confusing safe with secure
Mac OS X and Linux are not completely secure
By Kenneth van Wyk | Computerworld US
Published: 15:00 GMT, 25 June 10
On June 1, the Financial Times reported that Google planned to drop Windows as its primary desktop operating system and switch to Apple's Mac OS X and Linux, because the latter two are more secure than Windows. That's a pretty bold leap by any measure. Should your organisation follow suit? Not so fast.
No doubt about it, switching desktop operating systems across an enterprise the size of Google is a massive undertaking. There's just so much to take care of. It's a move that's far more complicated and disruptive than simply uninstalling one operating system and installing another. And the direct product costs are a mere drop in the bucket compared to the overall costs when you consider things like tech support, user training and so on.
I can only assume that Google was well aware of all this and made an informed business decision. If that is the case, should the rest of us consider it a warning sign that we should heed?
Google: Is it trustworthy? | Google says HTML 5 rocks | Google should take down pirate links, says copyright body | US states investigate Google WiFi snooping
Let's take a rational look at some of the factors involved here. And I'll point out that I have absolutely no direct contact with Google on this, so I'm merely making some guesses from an outsider's perspective.
For starters, Google seems to be reacting at least in part to the recently publicised attacks it experienced. From those reports, it appears that the attackers were able to exploit old browser configurations (Internet Explorer 6) at Google to gain their initial access to the company. Of course, it sure shouldn't surprise anyone reading this column that running a vulnerable browser can lead to significant problems.
Aside from that, wouldn't it be cheaper to simply upgrade these vulnerable browsers, or even switch to a different browser, than replace the entire operating system? It's got to be cheaper to switch browsers than it is to replace desktop operating systems across an entire company.
Next, does anyone really believe that OS X or Linux are inherently more secure than Windows? Seriously? I believe I'm safer on OS X than I would be on Windows, but let's not confuse secure with safe.
Consider doing something that is inherently risky, say walking around with a wad of cash stuffed in your pocket that's so large it's obvious, and without anything to protect yourself. That's just crazy, right?
Now, if you're carrying that cash while walking down a quiet country lane, you're far safer than if you were walking through crowded city streets in a foreign land where you glaringly stood out. Safer, but not more secure.
That's the difference between secure and safe, but how does it apply to switching operating systems? You may feel that an operating system other than Windows is more secure because there have been fewer published successful attacks and malware for that other operating system. That could well be a legitimate concern. But I'd argue that neither Linux nor OS X is inherently any more secure than Windows. They tend to be safer because there are far fewer attacks and malware aimed at them, at least today.
So, what makes one operating system safer than another? Published 0days? Successful attacks? All of these things and much more factor into the equation, for sure, but it doesn't end there. At some level, we're kind of at the whim of the attackers. What operating systems are they attacking most today?
If we think of attacking systems as a business, then the folks writing the attacks face similar issues as the ones faced by any software developer. What platform do you write your code for? Market share, likelihood of success, cost to market and many other things are likely to factor into that decision. Well then, by all accounts, these things tend to be dynamic. Right now, they tend to favour Windows, but that may well not always be the case.
What is safe today may well not be the safest choice tomorrow. From where I sit, it's a pretty safe bet that we'll start to see more malware and attacks aimed at Apple's systems in the future, just because of their market success in the past couple of years. See where this is going?
My point is this: Today we have far more attack code that works on Windows systems than on OS X or Linux. That probably won't always be the case, and underneath it all, there are security weaknesses in all three of these operating systems. So, switching operating systems across an entire enterprise and bearing the resulting expenses might not be adequately forward-looking to be a sound business decision.
A far more compelling business justification will be found by looking at the business applications you need. Which platform best supports your business processes? What applications are available for those business processes? How about usability? How about ease of integration with other business infrastructure? Those are the sorts of things that should factor most in the decision process.
While I have my own preferences for what desktop operating system I want to be using personally, that's hardly a basis for a sound business decision for the entire enterprise.
So, if you're looking at Google's actions and trying to decide whether your enterprise should consider switching operating systems, security and safety should certainly be factors, but don't fool yourself. Be sure to see the big picture before you make that hugely important leap.
Email
Print
Comment
Permalink
Contact Us
RSS
Add your commentComments
K1773r37f | Published: 18:25 GMT, 07 July 2010
Let's take a rational look at some of the factors involved here. And I'll point out that I have absolutely no direct contact with Google on this, so I'm merely making some guesses from an outsider's perspective.
Translation:
I have no facts, so what follows is just a buncha BS and Microsoft shilling.
Sherman T Potter | Published: 14:13 GMT, 28 June 2010
The analogy of carrying cash doesn't really work here. Linux/Unix are not secure because they are remote or ignored. The bulk of the internet infrastructure is built on unix/linux and these systems are attacked relentlessly. Yet compromises are few and far between. Unix/Linux are inherently more secure. A better analogy is Windows is like carrying cash and wearing transparent plastic wrap. It doesn't matter where you go, since you're always exposed.
Petem | Published: 13:02 GMT, 28 June 2010
well.. im not going to call you any names.. however.. your views are very very short sighted.... the savings go far beyond not paying for MS licensing.. you seem to fail to look at that.. no OS is perfect.. however..looking at the track records of each OS.. there is really no way one can come away feeling good about MS Windows.. your entire article sounds like it came from a Microsoft checklist of reasons not to use anything else other than Windows.. ..
olivierz | Published: 09:54 GMT, 28 June 2010
Hey! stop the comments stating that the guy who posted the article is an idiot. No need to get personal! Anyway, just to say that I think Linux is a heavy implementation and can be expensive to deploy if you have an existing MS infrastructure. However, it is a long-term investment, as then as stated in previous posts, the upgrades are free, forever with Linux. And increasingly, Red Hat is cooperating with MS to make interoperatbility of systems possible. And also Linux is virus free, period.
joe | Published: 03:30 GMT, 28 June 2010
this is the dumbest article i have ever read. do your homework. this writer is a paid employee of microsoft, this is just micro soft advertising. never trust a word this writer publishes.
Bill Gates. | Published: 02:49 GMT, 28 June 2010
Wow. I hope this guy doesn't read comments or has a really thick skin. He'd be feeling pretty stupid about now. Like he should. He's about as knowledgeable of computer security models as my grandma is of quantum physics. You should put a user destruct button on articles where if enough people press the red button the article disintegrates. Seriously. This one isn't worth the storage it's wasting on your servers.
MarkT9 | Published: 02:11 GMT, 28 June 2010
Would you disclose how much of your paycheck comes from Microsoft? Cost to switch to linux should include the savings of not having to pay for a new version of windows/MSSQL/Outlook/Word/Excell/etc. every 4 years. How many Linux users run a virus scanner? Why so few? You think because we are stupid or falsely thinking we are safe? Do you think Google is stupid? Does Google have experience running Linux? My Linux distribution is very easy to update ALL my programs, not just Microsoft.
Rambo Tribble | Published: 15:52 GMT, 27 June 2010
You neglect an important option that Open Source Software provides any organization even a fraction the size of Google: self-implemented mitigation. With proprietary code, you must wait for the supplier to address an inherent security issue. With OSS, you, yourself, can implement a zero-day remediation.
Greg Folkert | Published: 14:48 GMT, 27 June 2010
You are forgetting two very important decisions Microsoft made that affect OS Design. 1) They put device drivers and userland programs into Ring 0 of the OS. This colludes privileges and allows things that should only run in userland (which is not Ring 0 or even Ring 1). This makes getting Admin Level access Child's Play. 2) They integrated ActiveX browser controls directly into the OS, bypassing privilege separation again. This with the other makes it infinitely more compromisable.
Ed | Published: 10:20 GMT, 27 June 2010
Have you ever used a Linux operating system? Linux is more secure than Windows in many respects it's not just the difference amount malware software. "Isn't it cheaper to just switch a browser?" What about free licenses on Linux machines? What about all that extra software like antivirus and firewall for windows that you have to pay? Linux may not be for anybody jet but it's the best OS for companies and better the bigger the company.
[ 1 ] [ 2 ] [ 3 ] [ 4 ] older comments »