Google's weekly PR Stunt: Ditching Windows for Macs and Linux

According to the Financial Times (or should I say “according to Google you gently asked the Financial Times to make an article about it” ?) Google is phasing out internal use Microsoft’s Windows operating system in favor of Mac’s (OSX) and Linux machines because of “security concerns”. This whole story can be described by two words: PR Stunt.

The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.
“We’re not doing any more Windows. It is a security effort,” said one Google employee.
“Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,” said another. “Linux is open source and we feel good about it,” said one employee. “Microsoft we don’t feel so good about.”

Switchin to OSX because of secutiry concerns ? What’s up with that ? The vast majority of security expertsthis isn’t the case at all (I highly suggest that you read this CNET post) :

3ric Johanson, security researcher: “If you look at the number of published vulnerabilities in software and the number of users and compare Windows versus Mac OS you will discover that Mac OS has far more published vulnerabilities per user than Windows does so I think the data pretty much speaks for itself.”
Mike Bailey, senior researcher at Foreground Security:“I’m a hardcore Unix guy, but I am happy to say that I have about as much faith in Windows 7 as I do in OS X. Both have a solid design, a great SDL (software development lifecycle), security-minded developers, and a responsive support team. OS X does still have a small edge due to its smaller install base, but it is quickly losing that.

Nitesh Dhanjani, researcher and consultant: “I realize the market share argument is a cliche, but I feel it is true–OS X wins from a security perspective because it has a lower market share. Windows Vista and Windows 7 have some impressive security controls that are not present in OS X. If we were to flip the market share, we would see a lot more exploitation in the wild. More specifically, browser security is one of the more important items to consider today from a risk perspective. I know Internet Explorer has had a considerable share of vulnerabilities, but the Safari Web browser also has a lousy reputation in the security community–it almost seems a child’s play to locate an exploitable condition in Safari. Apple really needs to get its act together with Safari since OS X is enjoying a healthy market share climb at the moment.”

Halvar Flake, head of research and CEO of Zynamics:“General state of affairs: Vista/Win7 has more extensive countermeasures against attacks and a codebase with presumably fewer security issues. But it’s the operating system of the majority of users, hence making it profitable to attack. Attackers will therefore spend lots of time bypassing the countermeasures. Mac OS has fewer countermeasures and lots of easily exploitable bugs, but the market share is low, making it a less likely target.

Mikko Hypponen, chief research officer at F-Secure: “Mac is more secure, simply because it has less attacks targeting it. If Mac would be targeted more, it could have exactly the same problems as PC does today.

Charlie Miller, a principal analyst at consultancy Independent Security Evaluators: “Technologically speaking, PCs are a little more secure than Macs. Macs have a larger attack surface out of the box (Flash, Java, support for a million file formats, etc.) and lack some anti-exploitation technologies found in PCs like full ASLR [Address Space Layout Randomization]. This means Macs have more vulnerabilities and it’s easier to turn a vulnerability into an exploit on the platform. Despite the fact it is less secure, paradoxically, Macs are actually safer to use for most people. This is because there simply isn’t much risk of being exploited or installing malware.

“This safeness is purely a function of market share. Since Macs are only around 10 percent of computers out there, and it takes just as much effort for bad guys to write malware or exploits, they tend to spend all of their time targeting PCs. In other words, despite the fact that Macs are less secure than PCs, if you give one teenager a Mac and another a PC and come back in a month, the odds are the Mac will have no problems and the PC will be infected with malware. At some point the market share of Macs will reach a threshold to interest attackers, and then things will quickly turn bad for Mac users.”

ETC…..

Wonder why this story is coming out today ? Well this is how business is done lately especially when a company doesn’t have anything new to talk about (Microsoft does it, Apple does it, Sony etc…). Steve Ballmer is also going to be interviewed at the All Things D conference today so this PR Stunt is also a way to put some pressure on him. Google has been doing this on a regular basis lately especially when it comes of Google Docs/Apps vs Office and Gmail vs Outlook/Hotmail etc. These past years the Mountain View company is on a full PR blast pumping out announcements about big companies, Universities etc switching from Microsoft’s productivity suite to Google Docs/Apps and Gmail. A few years late and a couple of those deals went south. One interesting case was the Cap Gemini / Google deal that was announced in 2007 . That thing was AFAICS nothing but smoke and hot air. I’m close to people at Cap and can safely say that nearly nothing was ever done and that Microsoft BPOS was  always (and still is) the only productivie suite used by the company, this was later confirmed by Microsoft’s announcement a few weeks ago…. So take all these kind of announcement lightly and don’t get cought in the hype folks.