Risk

6/2/2010
02:06 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Windows Ban Prompts Microsoft Defense

Microsoft stands by its operating system insisting Windows' security leads the industry.

Google's decision to phase out Windows for its employees has prompted Microsoft to come to the defense of its operating system.

Following a Financial Times report on Monday that Google, as a security measure, now requires CIO approval for new Windows installations, Microsoft Windows communications manager Brandon Le Blanc published a blog post rebutting the Financial Times' claim that "Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems."

That's simply not the case, insists Le Blanc. "When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else," he said. "And it's not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others."




Image Gallery: 10 Drivers For Microsoft Surge In 2010
(click for larger image and for full photo gallery)
Indeed, Microsoft's investment in and commitment to security is widely acknowledged in the industry. The fact is that just about every substantial software application or operating system contains programming errors that may present vulnerabilities. Linux and Mac OS X have flaws, as do Google Chrome and Apple's Safari.

However, it's also fair to say that presently more malware targets Windows and Windows applications than the competition. That's because 90% or so of the world's personal computers run Windows.

"Mac and Linux are not more secure than Windows," said Mickey Boodaei, CEO of security company Trusteer, in an e-mailed statement. "They're less targeted. There is a big difference. If you choose a less targeted platform then there is less of a chance of getting infected with standard viruses and Trojans that are not targeting you specifically. This could be an effective way of reducing infection rates for companies that suffer frequent infections."

Abandoning Windows may provide security through obscurity in the short term, but security through obscurity ultimately is not enough. If cyber criminals choose to target Google specifically, as they did last year, there will be other vulnerabilities unrelated to Windows to exploit.

"In a targeted attack where criminals decide to target a specific enterprise because they're interested in its data assets, they can very easily learn the type of platform used (for example Mac or Linux) and then build malware that attacks this platform and release it against the targeted enterprise," explained Boodaei.

Even when technical flaws may prove hard to find, there are always people to dupe or subvert. People have always been vulnerable to clever social engineering tricks and will probably always be so. Fraud, bribery, and espionage motivated by nationalism predate the computer. Limiting the use of Windows at Google won't address those risks.

Google's decision to leave Windows behind had to happen, for marketing reasons if nothing else. A ban on Windows has the convenient effect of reducing the chance that incoming Google employees will choose to use an operating system other than Chrome OS, once it's released.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11354
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
CVE-2018-11355
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
CVE-2018-11356
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
CVE-2018-11357
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
CVE-2018-11358
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.