
Google ditches Windows on security concerns - martian
http://www.ft.com/cms/s/2/d2f3f04e-6ccf-11df-91c8-00144feab49a.html
======
megaman821
Is there any evidence that Windows 7 is less secured than Snow Leopard?
Windows employs more advanced security techniques. IE has outlasted Safari in
Pwn2Own since IE8. Windows releases security fixes much faster.

If they favor OS X over Windows that is completely fine, but I think they are
implying something that isn't true in regards to security. If someone exploits
OS X on them, is everyone moving to Linux next?

~~~
melling
Market share: Windows 90%, Mac 9%, Linux 1%.

Where are virus writers going to put most of their effort?

Windows being as secure as Mac wouldn't help make it safer because a lot more
implemented exploits are going to exist in the wild.

~~~
butterfi
I, for one, am pretty bored by the market share defense. There are millions of
macs out there, owned by people who could drop a little coin on their
hardware, and that make them less of a target? There's not one virus writer
out there who doesn't want the cred and the potential gain of a new audience
of victims, many of whom are probably pretty complacent about security because
they've never had to worry about it?

There aren't many mansions where I live, yet they seem to need the most
security.

~~~
spicyj
While you might liken the rarity and the glamour of owning a Mac to that of
owning a mansion, a thief has much more to gain by targeting a large house
that's more likely to be filled with expensive electronics and jewels. On the
other hand, I doubt that Macs are significantly more likely to contain data
that a hacker would be looking for.

~~~
julio_the_squid
It depends what you're up to, I suppose. If you were seeking to install
keyloggers to record financial authentication details, why not target people
whose choice of computer hardware indicates they have more money than average?

~~~
tptacek
Because Windows vs. Mac is an exceedingly weak financial signal, and because
no matter what the signal is, having 20-30 accounts is better than having just
1 account?

~~~
julio_the_squid
Sure, but there are several other factors to take into consideration.

1> Very few Macs are running anti virus/spyware software, as the users
generally believe their systems to be immune to malware

2> The malware authors are probably already targeting Windows, why not do Macs
as well? The sites I work with are up to 25% Mac usage now. That is
significant.

3> As Mac browsers have not been attacked as often and scrutinized as
carefully by attackers, it appears Apple and other browser vendors have not
taken as much care to harden the Mac browsers and OS.

4> Is having a Mac a weak financial signal? I wonder what data is there is out
there about the affluence of the Mac-owning audience. Apple isn't targeting
the low end of the market, that's for sure.

So, in summary: it might be relatively easy, plus, why not.

~~~
tptacek
You ask: So, in summary: it might be relatively easy, plus, why not.

I answer: Because for the same amount of effort you can make an order of
magnitude more money.

~~~
julio_the_squid
I assume malware authors would be targeting Mac OS in addition to, not instead
of, Windows.

The same logic works out for normal ('voluntary') software applications,
doesn't it? Most companies decide to focus their efforts on producing software
for Windows, based on the idea that the market is much larger. Companies
nevertheless do decide to produce software for Macs, for various reasons.

------
xpaulbettsx
"Many people have been moved away from [Windows] PCs, mostly towards Mac OS,
following the China hacking attacks"

Wait, so they're phasing out Windows for security reasons, and moving to _Mac_
instead? It at least made sense when they were moving to Linux or ChromeOS,
but OS X's security track record as of late is far worse than Windows.

~~~
johnl
I would agree. Windows has the largest population of non-computer literate
people worldwide so hackers get the bigest bang for their buck and windows
gets a bad rap. If everyone jumps to another OS so will the security problems.

~~~
Legion
Bad logic.

Popularity is unrelated to quality of code.

While it is true that popularity = bigger target = more incentive to attack
the platform's security, it is also often used as an excuse to try to hand-
wave away bad, insecure code.

Another platform becoming more popular would indeed mean that it would have
more people targeting it. But it does _not_ , in any way, mean that the people
would have the same level of success exploiting it as they do Windows.

We could probably safely expect that the platform would be successfully
exploited more than it currently is. And people that think OS X is a security
panacea are living in a fantasy world. But the argument that "[i]f everyone
jumps to another OS so will the security problems" is a woeful
oversimplification, and confuses two separate issues.

Also, as a side note, people seriously underestimate the level of incentive
that currently exists for targeting non-Windows platforms. It is _not_ the
case that the incentive scales proportionally to audience size. Any
sufficiently popular platform is a desirable target to attack. It's not like a
platform has to have 90% of the market to be worth the effort. The relative
ease of attack is a far more important factor than the potential audience size
once we're talking millions of users.

~~~
tptacek
No. In fact, the incentive for attackers is exactly the inverse of what you
claim it is. The author of WinAPI malware can expect multiple tens of
conversions for every one obtained by Mac malware. That's because, breathless
accounts in the media aside, malware infections don't compete in any practical
sense. You would need to deliberately eschew all financial incentives to
target OSX. The logic here is exactly the same and exactly as simple as Joel
Spolsky's article about investing in OSX dev from 2002.

As for the rest of your comment: both Windows and OS X are conventional
monolithic operating systems written in C with core facilities designed and
built in the '90s. Both are multiuser operating systems repurposed for single-
user deployments. Both have strong kernel/userland barriers with well-defined
interfaces. In fact, if you've done systems programming on both, they simply
aren't all that different, even to a software developer.

But: for the past 10 years, Microsoft has been getting _hammered_ by
attackers, and has the benefit of a decade-long trial by fire. So when
Microsoft randomizes library offsets, they don't (for instance) miss the
entire runtime loading subsystem.

Also: most of Microsoft's most sensitive application code is written in C for
WinAPI on x86, which is one of the best-understood application runtimes in the
world. Much of OS X runs on cross-platform Objective C, which has received
nowhere nearly as much research. Put simply: nobody knows how to write exploit
countermeasures for OS X. I think mostly because nobody cares.

(Again: I say this as a Unix dev from '93 at a company standardized on Macs).

------
dejb
The danger here is that they will lose touch with the 80% of their user base
that uses windows. If they don't have enough people who intimately understand
the computing experience of their users then their products could suffer.

~~~
amalcon
They will almost certainly still have some windows machines around, if only
for testing against IE. Some Google employees almost certainly use Windows at
home. I really don't think they're going to lose anything major in terms of
familiarity.

~~~
dejb
I don't think it is the same to test something on a platform as developing it
on that platform. Developers will instinctively look to take advantage of the
strengths of their main platform and work around the weaknesses. With nobody
in an entire team using a platform it will probably become an afterthought,
left to a separate quality assurance team who are only in a position to
correct obvious errors rather than produce excellence.

------
samstokes
_"Getting a new Windows machine now requires CIO approval," said another
employee._

I really hope that's quoted out of context (e.g. maybe it's really getting a
second machine, regardless of OS, that requires CIO approval?).

I doubt we're getting the whole story here. I'm sure there are everyday tasks
that can be done more effectively on Windows (I've been Linux-only for a
couple of years now, so I can't imagine what they are, but I'm sure they
exist). And "Windows isn't secure" is absurdly simplistic (particularly at a
company which can presumably hire the best sysadmins in the business).
Constraining your employees like that to save the IT department a little
effort doesn't sound like a good tradeoff.

I'd speculate this is more about politics, or dogfooding. Maybe they're trying
to move employees from Office to Google Apps, and that's easier if Office is
no longer available.

~~~
zmmmmm
> I'd speculate this is more about politics, or dogfooding

Agree on the dogfooding.

<speculation>I think Google is planning a major attack on Microsoft's business
/ office empire. They have made it so simple to set up a new business using
Google apps that it's almost unthinkable to me that I would go out and do an
exchange setup. But this is largely still in stealth mode because Google wants
to bring its business apps up to the point where they are a alternative to
Office for real tasks before they really play this hand. And that means they
have to force their employees to live on them every day, for everything. If
they can't do it, how can they expect their customers to? And the best way to
make it happen is to take away Windows entirely. Otherwise people will
continue to fall back to Office and find reasons to sneak it onto their
computers.</speculation>

~~~
w1ntermute
There's a major flaw in your logic - Google has already begun a major attack
on Apple, but they're still allowing OS X on their campus.

~~~
robryan
In mobile computing, I don't see them making any push into the apple
desktop/laptop/osx market. So I guess you make a valid point if they were
giving their employees iphones over andriod ones which I doubt.

I doubt they are looking at chrome OS to be a replacement for a full osx like
operating system at any time in the near future.

------
melling
Lots of new Mac and Linux users. Hopefully, some of the people will be
dedicating some of their 20% time to improving the Mac and Linux platforms.

~~~
blantonl
I can assure you that the only users at Google that are affected by this
decision are sales and marketing.

~~~
sp332
Good, Linux could use some sales & marketing help.

------
MichaelApproved
Rumor has it, the China hack was an inside job. Moving to a different OS
probably wouldn't stop that kind of break in.

[http://www.readwriteweb.com/archives/was_google_an_inside_jo...](http://www.readwriteweb.com/archives/was_google_an_inside_job_the_rumor_mill_keeps_chur.php)

------
redstripe
The big hack was apparently based on a zero day IE flaw.
<http://www.wired.com/threatlevel/2010/01/hack-of-adob>

Wouldn't it be easier to make their employees use chrome?

~~~
thought_alarm
Sure, but there's only one way to completely uninstall IE and it sounds like
that's exactly what they're doing.

~~~
stcredzero
This isn't true. Off the top of my head, Google could replace the executables
(incl. DLLs) with ones that do nothing but throw up a "disabled" sign. (Which
would also take care of OLE/ActiveX embedding of IE in other apps.) I see
below that there are better ways of doing this from more Windows savvy folks.

------
Zak
I'm a bit surprised that there was significant internal use of Windows at
Google. I had the impression that most PCs there ran Linux.

~~~
brown9-2
Let's not ignore non-technical employees.

~~~
Zak
Most companies do not give non-technical employees a choice of OS.

~~~
thwarted
Yeah, and it defaults to Windows.

------
viraptor
> _which employs more than 10,000 workers internationally_

I thought the number was higher. Wikipedia says 20,621 (2010)... still thought
it was higher.

~~~
Raphael
20621 is greater than 10000.

------
ratsbane
As Google still develops and tests for Windows I question that line about
needing CIO approval for any Windows machine. Still, great to hear.

~~~
solidus
I agree--I think the google employee either didn't know what he was talking
out or was taken out of context.

They could always do windows development and testing inside of VMs though.

------
dualboot
There are a lot of great comments in here.

I also see another possible angle on this.

What is the actual windows system usage at google currently? It might already
be low enough to represent a serious time-sink for IT/security because it's
already a serious minority?

It makes a lot of sense to maintain somewhat complex policies and management
for a vast network of Windows based systems and servers. It is entirely
different when you're looking at trying to keep a handful of systems in-line
when they are not your primary focus.

Obviously this is purely speculative but trying to look at it from another
perspective.

------
gmlk
The main reason a Mac user (in practical terms) is more secure then a Windows
user is because Mac users typically are using the latest version of the OS,
whereas an typical Windows user is at least one SP behind, maybe more?.
Especially if said Windows sits in an office environment where there is a very
slow adaption rate.

Also, any unauthorized copy of Windows is most likely never updated.

~~~
lelele
The main reason a Mac user is more secure than a Windows one is because a Mac
system is running on a sounder security architecture (not administrator by
default, etc.). You can only go that far in retrofitting an OS which made the
wrong decisions on the start.

~~~
WalterGR
> The main reason a Mac user is more secure than a Windows one is because a
> Mac system is running on a sounder security architecture (not administrator
> by default, etc.)

In specific ways, how is OS X's security architecture more sound than Vista or
Windows 7?

~~~
lelele
To us - IT guys - they look alike, and we can stay away from dangers quite
easily. To an average user - and I know what I'm talking about, since I've
taught IT security to those average users - Windows' security architecture -
UAC, applications (badly) designed to run as Administrator, ecc.- is full of
pitfalls. I guess not everybody at Google is an hacker.

~~~
WalterGR
Badly designed applications have nothing to do with Vista or greater's
"security architecture", so that leaves UAC.

Do you feel UAC has a worse security design than the privilege escalation
mechanism on OS X?

Or - since you mention teaching end users - are you talking about a user
education issue?

~~~
lelele
> Badly designed applications have nothing to do with Vista or greater's
> "security architecture", so that leaves UAC.

We agree, from a technical point of view. OTOH, applications _are_ the system,
from a user's point of view, and Windows has "taught" programmers to write
applications which run under high privileges. A Windows program requiring
administrative privileges to run is not seen as defective: just disable UAC
and it works flawlessly ;-) I guess a similar behaving OS X or Linux program
would not have it that easy.

> Do you feel UAC has a worse security design than the privilege escalation
> mechanism on OS X?

I don't know about OS X. Linux user here.

If we look at it as techies, UAC is sound. If we look at it as average users,
it is not. It's an usability issue.

> Or - since you mention teaching end users - are you talking about a user
> education issue?

Exactly. I think that a safe usage of a Windows system requires too much
education. That's it.

~~~
lelele
However, my guess is that Google's move is more of a business decision.

------
memoryfault
Security in software is relative. Everything is vulnerable. If someone wants
to hack into Google's super-secret data and Google is running Linux or Mac OS
X, then the hackers will find exploits in that software. This article is a
joke for implying that this switch will in any way make them more secure.

~~~
sorbus
If they're using Linux, they can find and patch the vulnerability immediately.
They could even have a team hunting through the source code looking for
vulnerabilities to patch.

On Windows, they would have to report the vulnerability to Microsoft, and hope
that it's patched soon. It probably would be, but that's still an extra step -
and they wouldn't be able to locate it with reference to the code. Also, as
another person mentioned, china has access to the Windows source code; Google
doesn't. This evens the playing field.

~~~
treyp
but this was rumored to be a zero-day attack, which means nobody knew about
the exploit so it was as-of-yet unpatched. even if they we're running goobuntu
with the full capability of patching the source and deploying fixes, a zero-
day attack would have made it through in the beginning. switching operating
systems is not going to secure against zero-day attacks.

~~~
kwyjibo
Just imagine all their machines were running debian linux with the wrongly
patched openssl binary. About 1024 different private/public keys to rule them
all :-)

------
abrahamsen
Does anyone have a source directly from Google?

The article doesn't contain much substance.

------
jasonkester
My advice: Try to avoid making business decisions for emotional reasons. Do
business based on rational analysis of the facts, or it will cost you in the
long run.

Google seems to be ignoring that advice, ditching an entire operating system
and all the potentially cool stuff that comes with it because they're a
company full of developers who don't particularly like Windows, and because
they compete with Microsoft and therefore hold a bit of a grudge.

They're certainly within their rights to do this, and they can justify it to
themselves as being for "security reasons", but in the end all it will do is
weaken them a little bit.

~~~
lelele
Of course they are not making a business decision for emotional reasons. By
choosing an open source OS, Google gains more control on its systems, and
avoids using a product of a competitor. Moreover, Google trusts its employees'
judgement about a product: if you think your employees are competent, then you
listen to them. If something, their decision weakens Microsoft.

~~~
jasonkester
Sure they are.

They're saying "Windows has nothing to offer us, and there is no Windows
software that our developers might want that justifies having Windows machines
in our offices." If you work at Google and want to use, for example,
CodeSmith, you have to get special permission from the CIO to build a Windows
machine to install it on.

Clearly CodeSmith is a good tool that developers might want to use, but
because of management's vague fear of "security concerns", it's now off the
table for your average dev.

~~~
lelele
I guess this is a case where you choose not to buy a restaurant because you
happen to like a specific dish ^_^

My understanding anyway is that Windows is allowed, if you can demonstrate a
strong enough case for it.

------
jrockway
How do they test Chrome for Windows?

~~~
melling
<http://www.virtualbox.org/>

Just run Windows in a VM. You could even rdp or vnc into a few test boxes.

~~~
treyp
> Just run Windows

...but they're (allegedly) banning Windows.

------
ck2
Wasn't Google in China hacked by an internal employee that really worked for
the government?

------
cognivore
Heh, that's funny - that means I'm better at securing Windows than Google.

~~~
naz
China isn't trying to hack you

------
toto
So now we know who they will blame for the next security issue. :p

------
desigooner
so what happens when an exploit other than IE is used in the future when
something goes down at Google?

Seems like a decision taken in haste and more of a knee-jerk reaction.

~~~
moe
That's why they're ditching not IE but windows altogether.

Doesn't seem knee-jerk to me when you look at the security track record of the
various platforms.

~~~
Niten
Yes, it does. Recent versions of Windows (Vista and especially 7) have had
security track records at least on par with OS X and desktop Linux. Mac OS X
hasn't been doing terribly well lately, and Apple is notoriously slow to patch
known security flaws, e.g.: <http://bit.ly/62bTNQ>

I'd provide a link to hard data, but for some reason Secunia's taken down
their list of unpatched vulnerabilities in OS X (?!), even though they provide
this data for most other operating systems, including Windows.

~~~
moe
Sorry, but that simply doesn't matter.

Case in point, OSX even had _more_ security advisories published than windows
for a while, yet the "experts" still mostly agree OSX is the safer platform;

[http://news.cnet.com/8301-27080_3-10444561-245.html?tag=rtco...](http://news.cnet.com/8301-27080_3-10444561-245.html?tag=rtcol;pop)

There's a very simple reason: OSX has around 6% market share, Windows around
80%. Go figure which platform the kids are going to target for the time being.
Also feel free to research on which platform the major, semi-automated botnets
(Storm, Zeus) are running.

~~~
whatusername
>>which platform the major, semi-automated botnets (Storm, Zeus) are running.

Let me guess - not Windows 7.

------
s3graham
Colour me skeptical. Writing Chrome? Testing on IE?

------
raggi
single. user. mode.

------
lushootseed
[http://www.pcworld.com/businesscenter/article/159565/mac_os_...](http://www.pcworld.com/businesscenter/article/159565/mac_os_x_gets_huge_security_update.html)

It says there were 48+ security fixes. Doesn't matter what the reality is.
People just want to believe Apple is more secure.

~~~
tlb
Count is a poor measure. Both Apple and Microsoft lump together fixes for
remote code execution vulnerabilities (terrifying), privilege escalations (not
a big deal for personal machines) and denial-of-service vulnerabilities (not
important except for public servers) as "security fixes".

------
known

        Closed source software = USSR
        Open source software = USA

