Risk
6/2/2010
02:06 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Windows Ban Prompts Microsoft Defense

Microsoft stands by its operating system insisting Windows' security leads the industry.

Google's decision to phase out Windows for its employees has prompted Microsoft to come to the defense of its operating system.

Following a Financial Times report on Monday that Google, as a security measure, now requires CIO approval for new Windows installations, Microsoft Windows communications manager Brandon Le Blanc published a blog post rebutting the Financial Times' claim that "Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems."

That's simply not the case, insists Le Blanc. "When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else," he said. "And it's not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others."




Image Gallery: 10 Drivers For Microsoft Surge In 2010
(click for larger image and for full photo gallery)
Indeed, Microsoft's investment in and commitment to security is widely acknowledged in the industry. The fact is that just about every substantial software application or operating system contains programming errors that may present vulnerabilities. Linux and Mac OS X have flaws, as do Google Chrome and Apple's Safari.

However, it's also fair to say that presently more malware targets Windows and Windows applications than the competition. That's because 90% or so of the world's personal computers run Windows.

"Mac and Linux are not more secure than Windows," said Mickey Boodaei, CEO of security company Trusteer, in an e-mailed statement. "They're less targeted. There is a big difference. If you choose a less targeted platform then there is less of a chance of getting infected with standard viruses and Trojans that are not targeting you specifically. This could be an effective way of reducing infection rates for companies that suffer frequent infections."

Abandoning Windows may provide security through obscurity in the short term, but security through obscurity ultimately is not enough. If cyber criminals choose to target Google specifically, as they did last year, there will be other vulnerabilities unrelated to Windows to exploit.

"In a targeted attack where criminals decide to target a specific enterprise because they're interested in its data assets, they can very easily learn the type of platform used (for example Mac or Linux) and then build malware that attacks this platform and release it against the targeted enterprise," explained Boodaei.

Even when technical flaws may prove hard to find, there are always people to dupe or subvert. People have always been vulnerable to clever social engineering tricks and will probably always be so. Fraud, bribery, and espionage motivated by nationalism predate the computer. Limiting the use of Windows at Google won't address those risks.

Google's decision to leave Windows behind had to happen, for marketing reasons if nothing else. A ban on Windows has the convenient effect of reducing the chance that incoming Google employees will choose to use an operating system other than Chrome OS, once it's released.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: You should see what I wear on my work from home days!
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.