Would Google's Windows Exodus Make the World More or Less Secure?
Jun 2, 2010 11:47 AM PT
Microsoft's come out swinging in defense of Windows security following a Financial Times this week that Google is phasing out in-house use of Redmond's operating system because of security concerns.
"When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else," wrote Brandon LeBlanc, who runs Microsoft's The Windows Blog.
If the Financial Times report is accurate, it's possible that Google's blaming Microsoft as a cover story for its plans to move its in-house computers over to its Chrome operating system, Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
Why Microsoft's Dander Is Up
The original report cited multiple unnamed Google employes as saying that the Internet giant is phasing out Windows from internal computing systems.
Google declined to confirm the report.
"We're always working to improve the efficiency of our business, but we don't comment on specific operational matters," Google spokesperson Jay Nancarrow told TechNewsWorld.
Google allegedly began the pullout in January, after hackers in China broke into its infrastructure. New hires are reportedly given the choice of using Apple Macs or PCs running Linux, the story said.
That attack saw hackers break into several other large U.S. corporations and dragged the United States government into the battle between Google and Beijing over Internet censorship.
Microsoft's LeBlanc pointed out in his blogpost that the software giant ships software and security updates to customers as soon as possible, and has enhanced Windows 7's security, among other things.
How Much Does the OS Matter?
Moving from Windows to the Chrome OS or other operating systems may not have much real impact on Google's overall security profile.
"When you talk about a targeted attack, the attacker will find a vulnerability to exploit," ESET's Abrams pointed out. "If Chrome gains significant market share, it will be targeted just as much as Windows."
The operating system matters less in terms of security than the expertise of an enterprise's IT department, Abrams said.
"Phishing and other social engineering attacks are rampant and are platform-independent," he explained. "If I can trick you into giving me your login credentials, the OS is irrelevant."
Will Microsoft Be Hurt?
Might other large enterprises, along with a significant number of individuals, follow Google's lead and move away from Windows?
"There are a lot of lemmings, and this announcement by Google might lead a few enterprises to switch," Randy Abrams, director of technical education at ESET, told TechNewsWorld. "However, savvy IT professionals will see the Google announcement for the public relations stunt it is and focus on technology when it comes to security," he added.
"I think most people understand that if Microsoft were to make a similar comment about Google Search or Android, it would have little credibility, and the same is true in this case," Enderle said.
What about the security issues? The Chinese hackers penetrated Google's infrastructure through flaws in Internet Explorer, which Microsoft alter patched.
That attack succeeded because Google was using Internet Explorer 6, which has long been outdated.
"It was Google's use of IE6, an incredibly bad practice, and not Windows that was the source of its security problems," Enderle pointed out. "Security is a red herring anyway -- Windows 7, tightly deployed with the proper tools, is at least as secure as general deployments of Linux and the Mac OS."
Google's Sleight of Hand?
Perhaps Google is pulling away from Windows in preparation for putting its Chrome operating system on its in-house computers.
It has, after all, accelerated development work on the Chrome OS, and now plans to deploy devices running Chrome in the Fall instead of next year.
"Google's bringing out a platform competing with Windows in the Chrome OS, and is probably beginning to prepare for moving to that new platform," Enderle pointed out.
"Google's announcement was about public relations and marketing, not security," ESET's Abrams said. "This may well be a lead-up to promote its own OS."
"A move to Chrome matches with Google's overall strategy," Wolfgang Kandek, chief technology officer at Qualys, told TechNewsWorld. "It's migrating computing to a browser-based client/server model where most of the functionality resides on the server side."