StarDestroyer.Net BBS

Google ditches Windows on security concerns

By David Gelles and Richard Waters in San Francisco

Published: May 31 2010 23:26 | Last updated: May 31 2010 23:26

Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees.

The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.

“We’re not doing any more Windows. It is a security effort,” said one Google employee.

“Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,” said another.

New hires are now given the option of using Apple’s Mac computers or

(article snipped for Copyright reasons. -Alyeska).

I thought someone would have had this up already

Copyright The Financial Times Limited 2010. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web.

General Zod wrote:

I thought someone would have had this up already

Probably because there's not much to discuss.

Although I did laugh at the last line of the article.

Copyright The Financial Times Limited 2010. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web.

Xisiqomelir wrote: I disagree Zod. If a multi-billion dollar corporation with tens of thousands of employees can do entirely without Redmond's excreted "product" at the cost of paying $0.00 in software licenses, I should hope that even the dullest-witted of CIOs could watch and learn something.

Xisiqomelir wrote:I disagree Zod. If a multi-billion dollar corporation with tens of thousands of employees can do entirely without Redmond's excreted "product" at the cost of paying $0.00 in software licenses, I should hope that even the dullest-witted of CIOs could watch and learn something.

Xisiqomelir wrote:I thought someone would have had this up already, but I'm not complaining since I love posting good news! Also looking forward to the unpaid shill force decrying this decision by GOOG.

Xisiqomelir wrote:I disagree Zod. If a multi-billion dollar corporation with tens of thousands of employees can do entirely without Redmond's excreted "product" at the cost of paying $0.00 in software licenses, I should hope that even the dullest-witted of CIOs could watch and learn something.

Xisiqomelir wrote: I disagree Zod. If a multi-billion dollar corporation with tens of thousands of employees can do entirely without Redmond's excreted "product" at the cost of paying $0.00 in software licenses, I should hope that even the dullest-witted of CIOs could watch and learn something.

Xisiqomelir wrote:Deliberate on my part, hehe.

Alyeska wrote:

Xisiqomelir wrote:Deliberate on my part, hehe.

That is against forum policy. If the media outlet spells out you are not to repost their news, don't do it. It puts SD.net in legal jeopardy.

Mr Bean wrote:Trust me when I say with ten years of experience in this area(Providing support to end users or companies). Windows is what business use because they are so locked into it because of short sighted decisions in the 90s when business started getting serious into computers above dumb terminals that it will be decades to get themselves out.

atg wrote:Coming from a tech support role myself I would also add that so many users are just so bloody stupid that they can't manage something like the transition from Windows XP to Vista/7 because the start button is different.

phongn wrote: Further, consider how most computer training is done, particularly for unsophisticated users. They are not taught to experiment, explore or actually learn. They are taught that icon X three spots from the left saves the file, menu item Y under heading Z lets you spellcheck and so forth and so on. In a slightly better course, they are taught that Internet Explorer lets you access the Internet - but not that you could use something else. Minimum effort, time and money to get users to accomplish a task.

General Zod wrote:The sad thing is it would take minimal effort to vastly improve their understanding of how systems work. When I first learned how to use a PC DOS was king, and pretty much nothing was user friendly so you had to learn its basic underlying structure and commands in order to use it. I suspect a few days spent on the command line would do a lot of people a world of good.

The Financial Times reported last night that Google was going to phase out internal use of Microsoft Windows due to security concerns. The migration away from Windows is reported to have started in January, motivated by the Chinese Aurora attacks on the company that exploited a flaw in Internet Explorer 6.

In the story, the FT said that new Google employees would be given the choice between systems using Mac OS X and Linux. Windows machines will only be available with CIO approval. This would put an end to the existing policy, whereby employees were generally free to pick the platform that they preferred. Google has refused to comment.

This seems surprisingly extreme, given that there are practical reasons for Google employees to use Windows. The company produces Windows software, such as the Chrome Web browser and Google Desktop Search. The company also has a great many Web properties, all of which need testing on Windows. As such, Windows is sure to remain a part of the Google ecosystem, at least for anyone involved in end-user facing applications. It's just too important to ignore.

In the aftermath of the Google hack, even Microsoft said that people should stop using Internet Explorer 6, as it lacks the defence-in-depth measures found in Internet Explorer 8 when used on Windows Vista and Windows 7.

But switching to the latest version of Windows, and ditching a browser that should be left behind, is a far cry from leaving Windows altogether. There are certainly reasons why Google might want to do so: Microsoft is in competition with Google, and so every user that Google can get off of Windows and Office is a net win for the advertising giant.

But to do so as a response to the Aurora hacks? That doesn't make a lot of sense. The IT industry doesn't always like to admit it, but the truth is, Windows' security is actually pretty good.

I know, I know. Windows machines are routinely hacked, there are huge botnets of machines running Windows, viruses are rampant, and so on. This is true. But I would argue that it's not actually relevant in this case. The Google attack was not your common-or-garden indiscriminate mass attack, intended to snaffle credit card numbers and banking passwords, and send millions of spam e-mails.

These attacks are common, but in general depend on exploitation of patched vulnerabilities. They're aimed at the low-hanging fruit: the (admittedly abundant) people who haven't updated their software for years. Who have no malware protection installed. Who will click on anything and, well, everything.

Windows, with its dominant market share, is certainly susceptible to such attacks. These broad-based attacks are financially motivated, with the goal being to collect as many sets of personal data or recruit as many zombies as possible. As such, it's not a surprise that attackers are aiming at the platform with the most users. They get more money that way.

For a user uninterested in keeping their system up-to-date, Mac OS X or Linux would certainly provide an advantage of sorts against this kind of attack. It might not be the most robust protection possible, but absent any drastic growth in Mac OS X or Linux market share, it's likely to be effective nonetheless.

The Google attack, however, was not this kind of attack. It was a targeted attack that was aimed specifically at certain companies. On top of this, it used a previously undisclosed (and hence unpatched) vulnerability in Internet Explorer 6. Use of undisclosed vulnerabilities is not unheard of, but it's relatively unusual. There is a black market for undiscovered flaws, but they are expensive to buy (nobody really knows for sure, but figures of $100,000 per exploit have been claimed), and for widespread scattergun attacks, there's just not much point. Unpatched systems are sufficiently abundant that it's likely to be much more cost-effective to simply use vendor security bulletins and patches as the source of flaws.

Attackers using non-public flaws gain several advantages. Most obviously, their victims will always be vulnerable (no need to hope that they've not patched their systems). Also important is the fact that typical anti-malware measures—anti-virus software, anti-rootkit software, intrusion detection systems, etc.—won't generally detect such attacks.

The decision to specifically target particular companies also makes it easier for the attackers to encourage a victim to visit a malicious webpage (or read a malicious PDF, open a malicious e-mail, etc.). It's easy to dismiss e-mails that are obviously fraudulent—e-mails telling you about the iTunes purchases you haven't made, the Fedex deliveries that you haven't ordered—but when an e-mail arrives with your name, or address, or other personal information, it's a lot harder to ignore.

It's these properties that make the Google attack unusual, and it's these properties that make switching platforms ineffective. Worse than ineffective: if this is the kind of threat that Google is concerned with, Windows 7 is one of the safer operating systems to use.

The thing about targeted attacks is that the relative obscurity that might provide some semblance of protection to normal, everyday users stops working. If a hacker wants to break into a specific organization, then that hacker will exploit the specific software that's used by that organization. That more people outside the target organization use Windows becomes irrelevant in this scenario. So the question of which OS to use changes—it's no longer "Which OS is less likely to be attacked?" but rather "Which software is less likely to be exploitable?" and "Which OS will protect me best in the event that I am attacked?"

With regard to the former, there's no especially good solution. All Web browsers have exploitable flaws, and this is a persistent and recurring problem. Internet Explorer 6 let Google down, but as the recent pwn2own competition showed, Internet Explorer 8, Firefox 3.5, and Safari 4 were all exploitable.

Google's own Chrome wasn't exploited, but whether this represents genuine immunity is not clear. The flaw used to exploit Safari was in the WebKit rendering engine—which is also used by Chrome. Chrome mitigates the impact of such flaws through its use of sandboxing, and its success in pwn2own has been widely attributed to that sandboxing. Internet Explorer 8 also uses sandboxing—however, breaking out of the sandbox wasn't necessary to win pwn2own.

Of course, in a targeted attack, the vector doesn't have to be a browser anyway. Just some application that you know the victim will use. Browsers are a good choice, because they're so widely used, but the Google attackers could have gone after Office or Adobe Reader, say, if they'd wanted to. And this is where the OS comes into play. Windows has a range of features designed to make software exploits harder to pull off even in the event of bug in a program. These features are not insurmountable, but they nonetheless serve as a hindrance to attackers.

Microsoft has also invested heavily in development methodologies that attempt to systematically reduce the number of security defects that occur, and reduce the impact of those defects that are left. Though not perfect, these methods do yield results for Redmond, with researchers saying that Windows' code auditing is better than Apple's.

The net result is that fully-patched Windows 7 machines, especially running 64-bit software, represent a tough nut to crack for attackers. Assuming Google's system administrators are competent, modern versions of Windows would provide decent—not impenetrable, but good nonetheless—protection against precisely the kind of attack that Google is apparently striving to guard against. So banning Windows for security reasons makes no sense.

Linux doesn't have the same organized development process as Microsoft—that's just the nature of a decentralized open source development effort. It does, however, have a range of complex and powerful security capabilities, if you elect to use them. The result is that by default Linux may be a bit easier to attack than Windows; conversely, it can also be made harder to attack. If Google wants to avoid another Aurora, Linux, too, could be a good choice.

Where things get a bit weird, however, is Google's alleged decision that Mac OS X is a good alternative. Though Apple likes to trumpet the security of its platform, the reality is quite different. Mac OS X is easy, even fun to exploit. Safari, too, is "easy pickings" for hackers.

Even when Mac OS X does implement exploit mitigation techniques, these implementations are often weak or flawed. Apple also lacks an equivalent to Microsoft's secure development methodologies, an omission criticized by security researchers. Apple is beginning to take security more seriously, but it still lags behind other vendors.

The result of all this is that any hacker wanting to attack a company that uses Mac OS X is going to have an easier job than if they were attacking a company that uses Windows 7. Depending on the distribution and configuration, Linux too may represent a softer target than Redmond's offerings. Mac OS X and Linux would certainly leave the company less exposed to the bulk, non-specific attacks (though keeping systems patched and filtering e-mail already handles that problem pretty effectively), but as a defense against the next Aurora-like attack, the decision is a very strange one indeed.

Xisiqomelir wrote: I thought someone would have had this up already, but I'm not complaining since I love posting good news! Also looking forward to the unpaid shill force decrying this decision by GOOG.