Risk
6/2/2010
02:06 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Windows Ban Prompts Microsoft Defense

Microsoft stands by its operating system insisting Windows' security leads the industry.

Google's decision to phase out Windows for its employees has prompted Microsoft to come to the defense of its operating system.

Following a Financial Times report on Monday that Google, as a security measure, now requires CIO approval for new Windows installations, Microsoft Windows communications manager Brandon Le Blanc published a blog post rebutting the Financial Times' claim that "Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems."

That's simply not the case, insists Le Blanc. "When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else," he said. "And it's not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others."




Image Gallery: 10 Drivers For Microsoft Surge In 2010
(click for larger image and for full photo gallery)
Indeed, Microsoft's investment in and commitment to security is widely acknowledged in the industry. The fact is that just about every substantial software application or operating system contains programming errors that may present vulnerabilities. Linux and Mac OS X have flaws, as do Google Chrome and Apple's Safari.

However, it's also fair to say that presently more malware targets Windows and Windows applications than the competition. That's because 90% or so of the world's personal computers run Windows.

"Mac and Linux are not more secure than Windows," said Mickey Boodaei, CEO of security company Trusteer, in an e-mailed statement. "They're less targeted. There is a big difference. If you choose a less targeted platform then there is less of a chance of getting infected with standard viruses and Trojans that are not targeting you specifically. This could be an effective way of reducing infection rates for companies that suffer frequent infections."

Abandoning Windows may provide security through obscurity in the short term, but security through obscurity ultimately is not enough. If cyber criminals choose to target Google specifically, as they did last year, there will be other vulnerabilities unrelated to Windows to exploit.

"In a targeted attack where criminals decide to target a specific enterprise because they're interested in its data assets, they can very easily learn the type of platform used (for example Mac or Linux) and then build malware that attacks this platform and release it against the targeted enterprise," explained Boodaei.

Even when technical flaws may prove hard to find, there are always people to dupe or subvert. People have always been vulnerable to clever social engineering tricks and will probably always be so. Fraud, bribery, and espionage motivated by nationalism predate the computer. Limiting the use of Windows at Google won't address those risks.

Google's decision to leave Windows behind had to happen, for marketing reasons if nothing else. A ban on Windows has the convenient effect of reducing the chance that incoming Google employees will choose to use an operating system other than Chrome OS, once it's released.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0192
Published: 2015-07-02
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

CVE-2015-1914
Published: 2015-07-02
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.

CVE-2015-1916
Published: 2015-07-02
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.

CVE-2015-3157
Published: 2015-07-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2015-3202
Published: 2015-07-02
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report