...because 'eff' you M$

[Isaac]

Google bans Microsoft Windows on office computers
Google will no longer allow staff to use Windows on their machines because of security fears, according to reports

http://www.telegraph.co.uk/technology/g ... uters.html

Google staff will instead be asked to use Apple's OS X operating system, or an open-source Linux platform, as the search giant tries to close the security loopholes that made it possible for Chinese hackers to gain access to email accounts. Security experts believe the hackers exploited a loophole in Microsoft's Internet Explorer browser to hack in to the Gmail accounts of human rights activists and Chinese dissidents.

\"I don't think it's fair to say that Linux and Mac OS X are more secure than Windows, but I do think it's reasonable to claim that they're safer because of the much smaller number of attacks that target the platforms,\" said Graham Cluley, a senior technology consultant with security specialists Sophos. \"It's a bit like deciding where to go on holiday – Baghdad or Bournemouth? You can come to a sticky end in either, but I know where I would rather be to reduce my chances.

Yes, it has nothing to do with how they're designed.

[Duper]

\"I don't think it's fair to say that Linux and Mac OS X are more secure than Windows, but I do think it's reasonable to claim that they're safer because of the much smaller number of attacks that target the platforms,\" said Graham Cluley, a senior technology consultant with security specialists Sophos. \"It's a bit like deciding where to go on holiday – Baghdad or Bournemouth? You can come to a sticky end in either, but I know where I would rather be to reduce my chances.

Sounds like someone doesn't understand how Linux is constructed.

[Isaac]

yup

[Thenior]

"I don't think it's fair to say that Linux and Mac OS X are more secure than Windows, but I do think it's reasonable to claim that they're safer because of the much smaller number of attacks that target the platforms," said Graham Cluley, a senior technology consultant with security specialists Sophos. "It's a bit like deciding where to go on holiday – Baghdad or Bournemouth? You can come to a sticky end in either, but I know where I would rather be to reduce my chances.

Sounds like someone doesn't understand how Linux is constructed.

Or he is just being politically correct...

Thats pretty bold of google to swtich platforms like that, mainly just from an employee ease of use aspect. Perhaps this will force alternative OS solutions and software to become more user intuitive.

[Xamindar]

Let the war continue and the chairs keep flying. Microsoft thinks because they have patched the most security holes of any other OS that they are the most secure.

When it comes to security, even hackers admit we’re doing a better job making our products more secure than anyone else. And it’s not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.

Starting out as the most broken and leaky OS and working constantly to patch up the holes is NOT better than starting out with a good secure model already and patching the few holes that appear. Keep trying M$, no one in their right mind are falling for your fud anymore.

Very good on Google. Always a bad idea to use your competitions products anyway. I doubt anyone at Microsoft is encouraged to use Android phones either.

[Sirius]

Heh... heh. Don't know about Android, but the iPhone is pretty popular.

I also disagree with that guy about Linux; nothing I've heard seems to indicate that it isn't more secure than anything else (with > 0.5% market share, some BSD variants may beat it) on the market. OS X he has a point with, although Apple has started to pay attention now.

P.S. That doesn't mean people like Steve Ballmer or Kevin Turner are all that cool with the iPhone thing, but not everyone thinks the same way.

[Xamindar]

Well, one of the main security differences between linux/bsd/unix and Windows based OS' is that on Windows everybody is the administrator and are able to install or delete whatever they want - a very bad idea. On linux and other unix's the user only has control over their home directory so they are unable to break the system so completely. A virus under normal circumstances on linux will only affect that particular user and therefore would be easy to clean out. But a virus on Windows has access to the whole system so it is very difficult to even clean out without breaking the system. Because so many programs on Windows expect to be run as the administrator it is nearly impossible to use a restricted account even if you wanted to.

That in my mind is the biggest difference and a really serious one. Windows unfortunately has to resort to popping up annoying \"are you sure?\" messages about every action you take because the security model was broken from the start. Unix on the other hand seemed to have security in mind from the beginning. Heck, I had to completely turn off UAC on my Vista machines because it blocks the ext2 driver from loading and I would have to click on the task bar on every reboot and specifically allow it to load - very annoying. Why is there not a little check box to tell Windows that yes, this is a trust able driver even though M$ didn't put their holy stamp of approval on it?

[Sirius]

That used to be the case... but pretty much ever since Win9x went into the history books, Windows has had non-administrator accounts. In XP they sucked; in Vista they ... might have been a little better, but the fact pretty much remains that I still don't use them personally because I have to use admin access way too often.

That would apply in Linux/Unix as well. If you want to install something, you'll still need to either switch to an admin user or use sudo/run a program as admin. Vista brought in UAC to do pretty much the same thing. The main reason it sucked so badly at first is precisely because too many programs tried to do things that required administrator access when they shouldn't really have needed it - but over time it seems things have improved. (Except apparently that driver... heaven knows what's wrong with that, I always thought once you installed something it stayed installed.)

In both Windows and Linux/Unix, a virus that doesn't get root access isn't particularly dangerous. But, again, in both OS architectures, the dangerous ones all do. There are probably exploits that let you bypass UAC out there, just as there are probably exploits that let a user mode program get administrator privileges in Linux. The difference is there are probably fewer of the latter.

Also, re: security by design - probably true. Unix was originally designed for multi-user mainframes, where security would be more of an issue, and Linux builds on that design (I believe). Windows was originally designed for single-user microcomputers when the only way to infect such a machine with a virus was by running an infected floppy disk.

[Jeff250]

I guess I don't buy the whole \"people target Microsoft because they're the most popular\" argument. For instance, Linux dominates the Internet server demographic, but you don't see worms as successful as \"Code Red\" attacking apache/Linux servers. I think that this is partially due to Microsoft being a monoculture, similar to how bananas have been bred by farmers, such that now one strain of fungus could wipe them all out. Having different Linux distros increases variety, which makes any individual less vulnerable.

Also, Microsoft just makes some really stupid decisions sometimes, such that the operating system should automatically execute arbitrary code when you insert a CD or USB disk. (I think this behavior may have been finally removed in Windows 7?)

I do think that Microsoft is a specific target though, but more for their history of shameful business practices. In other words, if you use software from a company that people think is evil, you are at greater risk to be hacked yourself. I think this makes a corporate case for \"Don't be evil.\"

[snoopy]

That's a bold move on Google's part.

As far as security goes: There were a number of decisions made early in Unix's inception that make a big difference in security, not the least of which being the type user that it attracted.

Program memory space was purposefully partitioned.

A conscious effort was made to keep as little as possible in the kernel space.

The user/administrator model was implemented very early.

But..... I'd say that the real driving force is the type of person that the Unix OS attracts:

People who want to see the source, look at it, and understand what they're looking at.

People who want to compile things themselves.

People who want to test their own security, and take steps to ensure that it's up to par.

Also, remember that Unix/Linux has had its share of security bouts. The famous internet worm targeted unix machines. I think Unix just hit some of those roadblocks earlier in the process.

Final thought: I think the biggest risk to computer security is the negligent/ignorant user. The average person out there would fall under that category IMO, and thus the \"mainstream\" OS will be subject to attacks because the these users regularly OPEN security holes.

[Sirius]

Having different Linux distros increases variety, which makes any individual less vulnerable.

Agreed. I don't know how much, since e.g. attacking a Flash bug might work for most of them, but then again trying to force your malware to load at boot might be different from one distribution to another... which means more effort even if you do.

Also, Microsoft just makes some really stupid decisions sometimes, such that the operating system should automatically execute arbitrary code when you insert a CD or USB disk. (I think this behavior may have been finally removed in Windows 7?)

Autorun/autoplay does still exist, but the system prompts you about what to do now. A bunch of people were infected by some worms despite this because someone managed to make an "unsafe" option (run the program) look too similar to a "safe" option (view the files on the USB drive in Explorer). A patch removed that possibility for confusion.

I do think that Microsoft is a specific target though, but more for their history of shameful business practices. In other words, if you use software from a company that people think is evil, you are at greater risk to be hacked yourself. I think this makes a corporate case for "Don't be evil."

This probably used to be true, but most malware authors these days don't do it to make any kind of point, they do it to steal data and make money.

[Krom]

This probably used to be true, but most malware authors these days don't do it to make any kind of point, they do it to steal data and make money.

Exactly, the reason *nix dominated web servers are rarely targeted for virus attacks is because there is very little profit in doing so for the effort involved.

[Grendel]

This probably used to be true, but most malware authors these days don't do it to make any kind of point, they do it to steal data and make money.

Exactly, the reason *nix dominated web servers are rarely targeted for virus attacks is because there is very little profit in doing so for the effort involved.

Heh. Yea, nerds don't have money

[Duper]

perhaps that, Krom, but as I understand it (and I'm no expert by a long shot) it's extordinarily difficult to write a virus for Linux due to multiple security layers. Malware that exploits your browser, perhaps; but a full on OS attacking virus, no.

[Jeff250]

Agreed. I don't know how much, since e.g. attacking a Flash bug might work for most of them, but then again trying to force your malware to load at boot might be different from one distribution to another... which means more effort even if you do.

Or, for instance, distros that use different versions of apache or compiled the same version with different versions of gcc might not all be victim to the same buffer overflow exploit if they place a return address at different locations in memory.

Exactly, the reason *nix dominated web servers are rarely targeted for virus attacks is because there is very little profit in doing so for the effort involved.

But it explains worms like "Code Red" written purely for malicious intent that disproportionately affect Windows servers.