Slashdot Mirror
Google Reportedly Ditching Windows
Reader awyeah notes a Financial Times report that Google is ditching the use of Windows internally. Some blogs have picked up the FT piece but so far there isn't any other independent reporting of the claim, which is based on comments from anonymous Googlers. One indication of possibly hasty reporting is the note that Google "employs more than 10,000 workers internationally," whereas it's easy enough to find official word that the total exceeds 20,000. "The directive to move to other operating systems began in earnest in January, after Google's Chinese operations were hacked, and could effectively end the use of Windows at Google. ... 'We're not doing any more Windows. It is a security effort,' said one Google employee. ... New hires are now given the option of using Apple's Mac computers or PCs running the Linux operating system. 'Linux is open source and we feel good about it,' said one employee. 'Microsoft we don't feel so good about.' ... Employees wanting to stay on Windows required clearance from 'quite senior levels,' one employee said. 'Getting a new Windows machine now requires CIO approval,' said another employee."
'Linux is open source and we feel good about it,' said one employee. 'Microsoft we don't feel so good about.'
However, they feel pretty good about a closed-source implementation of an open source operating system on locked-in hardware? This sounds rather flamebaity and very light on facts.
Probably the only reason Google used Windows to begin with was out of freedom of choice for their employees. Now that freedom of choice has turned into a liability, thanks to Microsoft's shoddy security record. No wonder they've finally decided to pull the plug.
Google makes its own mobile platform (Android) and is working on another for general computing (Google Web OS), so it only makes sense that they'd move away from a closed, proprietary platform like Windows. If there are any Mac OS X machines, I'd imagine those are being migrated to something else as well... though some people may get clearance for software like Photoshop or Final Cut Pro.
Even for testing/development, they can just run virtual machines.
http://www.tenjou.net/
I'm not as smart as most of you slashdotters, but this seems smart in that they can write their own security updates with Linux, as opposed to waiting for Microsoft to fix them.
Macs are IMO a WORSE security risk than Windows when dealing with spearphishing and other forms of targeted attacks.
How could this be true? If the system is more secure, and the user is a constant, then it's no worse "when dealing with [...] targeted attacks".
Security updates are rare.
That's not an argument by itself. When's the last time you updated the walls of your house? If it ain't insecure, don't update it.
By the way, I'm no Apple fan. I just think your arguments are ridiculous.
--
If that had been named in the article, I'd say it was a damn good possibility that they were removing Windows from any machines in favour of that. The fact that it exists, and that name wasn't used, pretty much confirms for me that it's not a legit story at this time.
Canada: The US's more awesome sibling.
...and Apple netbooks were an available option in some areas.
Cool!
Employees wanting to stay on Windows required clearance from 'quite senior levels,' one employee said. 'Getting a new Windows machine now requires CIO approval,' said another employee."
So what they'll do is get a new linux machine, and install Windows as a "guest" OS in a second partition. It's not that hard these days, and google is reputed to have lots of smart people.
Similarly, my wife telecommutes half time, and is required to run Windows XP at home. She talked to the nice folks at the Apple Store, who explained how to set her Mac up to run virtual OSs, and installed XP in a virtual partition. It works fine. She has since taught a few others at work to do the same, and they're all pretty happy with being able to run a real OS at home and only fire up the Windows that they all hate when they need to do some "work". She gave me her castoff Windows box, which is sitting in the corner running Debian linux and functioning as our firewall/gateway/server machine (and no doubt still listed as another sale to a satisfied Windows customer by MS's bean counters).
And all this is nothing at very new, as far as the computer industry is concerned. Back in 1980, I had a job at a company that mostly used their big IBM mainframe, while the engineers were playing around with unix on some of those funny new "minicomputers". I'd worked on both, so I had the fun of getting together with some Amdahl folks, who delivered their unix that ran on top of VM. We installed it (over a lot of dead IBMer bodies ;-), so that the engineering staff could run their stuff on the mainframe. After a while, the big 360 machine with VM was running at least 10 different OSs simultaneously, with each group using the OS that best fit their needs. Granted, there were lots of fanboys who thought their OS was the one that everyone else should be using, but we just ignored them and went about our jobs. Now it's 30 years later, and the "personal computer" part of the industry is discovering this fantastic new idea called "virtual" computing that lets you run more than one OS at the same time ...
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
The year of Linux on...
Never mind.
That may well be part of Google's intention. Microsoft and Google have long been trying to kill each other. Tech companies seemed to have a policy of trying to scorch some earth around their market -- pre-emptive strikes against companies that might move into their competitive market in the future. So, Microsoft spent large quantities of cash to kill Netscape and AOL. Google are spending much moer than they are earning on Google Docs to try to kill Microsoft's Office market. Microsoft are spending large quantities of cash to try to kill Google's search advertising market. And more recently Google are spending lots of cash to try to kill Microsoft's Windows market. Taking the pain of moving a lot of staff from one operating system to another sounds like another effort in that regard. They hit Microsoft in PR ("see, one of the world's biggest companies doesn't use Windows at all -- it's not necessary for business"), and they particularly boost Linux's desktop user base and market reputation (they also boost Apple, but Apple needs it less). Not to mention the extra 20% time that desktop Linux projects might soon be getting...
Sorry if this is trollish, but Macs are IMO a WORSE security risk than Windows when dealing with spearphishing and other forms of targeted attacks.
Why do you think this?
From an overall security standpoint, you have:
No open ports by default.
Users who do not run as admin to run any software
Now consider targeted attacks as you mentioned. You start out with a more secure base that makes it harder to infect the system beyond a simple cleaning. Now if you are really concerned about security, what do you do?
Simple, you access all email and do all browsing through Chrome.
Why do you think Google would not do this? They could say "don't use Safari or Mail,app" and then they base all the use of the computers that spearphishing could come in on, in a platform they control and that they can update every day if they like. I'm sure they use gmail internally so it's not like that's even a switch.
They key is basing that all on a subsystem more resistant to attack to add to the layers of security. And the simple reality is, that currently there just are not a million exploits in the wild showing you how to infect a Mac like there are for Windows today. That alone makes it REALISTICALLY more secure, even if the platform still has vulnerabilities (which it obviously does since all software does).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It's first gone at pwn2own competitions because it's what people want to own. Duh!
Windows, if administered right? There are new critical flaws found almost daily. Windows can be locked down pretty tight if you remove the network cable though. I don't think Windows has yet earned the security ratings that various *NIXes have. If I'm wrong, please show me.
I had a Linux machine I put up get hacked once though... I set up a machine for someone and told them explicitly, "CHANGE THE PASSWORD!" He agreed to. He didn't and it was compromised within two days. After that, though, it was all good. Linux seems trivial to lock down but perhaps it is because it is less of a target... or perhaps not. Time will tell. But the nice thing about Linux is that there are so many of them. Find a flaw in one, it may not apply to others and even if it does, it might require some tweaks to make the exploit work as needed. The point here is that even though machines could be compromised "as easily" it couldn't as easily be done using a massive wave of self-replicating exploits where compromised machines go on the attack automatically searching for more vulnerable machines to infect. The DNA of Linux has very healthy variations while Windows is a pygmy village just waiting for someone to kill them with the next "common cold."
Every OS reaches an end point, not necessarily driven by only one thing.
Apple reached the end with the Apple II, Mac OS9, and moved to UNIX.
How is Microsoft going to break the legacy trail?
They are going to throw a chair through all the Windows, maybe?
How do you get rid of entrenched dispersed foe that attacks everything you do from inside your own OS?
How many tens of millions of user hours are wasted every year on WinPCs just with the security stuff, which still is NEVER enough?
My Guess: Never. They will Bleed Windows until competitors take their market share as users make the choice to abandon Windows.
It is truly a strange situation where the dominant player is also the most attacked and yet in the last 5 years nothing in security seems to change.
If they locked Windows up securely, all their employees would change operating systems anyway.
You have to get pretty draconian to stop a targeted attack like the Chinese one.
I hear Googlers enjoy having a network cable connected to their computer.
Tell me... what IDE runs on ChromeOS? Where's the Emacs for Android? When I see that, we'll talk. Until then, I don't think that Google's going to be able to migrate it's most vital employees (engineers) to "eat their own dogfood." Might be interesting to migrate support staff, but that's not where the heart of Google is.
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
Wow, that's the most insightful comment I've ever read!... tell me more!
"Windows, if administered right?" - by erroneus (253617) on Monday May 31, @09:52PM (#32413378) Homepage
Yes, such as is shown here:
----
HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):
http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123
(Much of what's in it "principles-wise" & yes, tools-wise, can also be applied to LINUX (or other *NIX variants too like MacOS X + other BSD variants, Solaris, etc.) & e.g. -> There is a CIS Tool for them also, as it is a cross-platform benchmark for security analysis, and it's been highly rated over time by various sources in publications like Computer World & others also)
----
"There are new critical flaws found almost daily." - by erroneus (253617) on Monday May 31, @09:52PM (#32413378) Homepage
Per SECUNIA.COM it appears that currently the Linux kernel (not counting other distros with diff. softwares & functions + interfaces to them being diff. at usermode GUI shell levels either) seems to have more going on wrong with it than does Windows 7 for example (keeping it current version vs. current version here as to both OS'):
----
Linux 2.6x KERNEL SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 05/31/2010:
http://secunia.com/advisories/product/2719/?task=advisories
Unpatched 5% (11 of 217 Secunia advisories)
(Again, that's JUST THE KERNEL/CORE OF THE OS ALONE (how much more would be added by diff. distros & their softwares/shells etc.- et al?))
----
MICROSOFT WINDOWS 7 SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 05/31/2010:
----
http://secunia.com/advisories/product/27467/?task=advisories
Unpatched 13% (2 of 16 Secunia advisories)
----
Errors in both, but, less apparently in the current builds of Windows (7, Server 2008) than there is in Linux, and that includes Windows kernel/core AND ITS OS SHELL in this analysis... not just kernel's like Linux 2.6x shown above (there is most likely even MORE security holes in Linux, especially if you toss on GUI shells & Windows managers most likely, inclusive of diff. distros variations of both to compound that more).
(PLUS, AGAIN - This is a comparison of the "latest/greatest" cores of the OS too, mind you!)
So older versions of Windows, if brought up, would allow me to add on older versions of Linux too and their security problems too mind you (keep this in mind).
So, sure: There are "other older flavors" of Windows, such as what VISTA &/or Windows 7 + Windows Server 2008 are based upon, in Windows Server 2003 (& it shows some "holes" but, they're not that bad - for instance, there isn't any I can't really handle here via ACL's or either cutting services or usage of some features (not that I use many that have security vulnerabilities in them anyhow) but, once more - We're keeping this comparison CURRENT VERSION vs. CURRENT VERSION here only).
Both OS' turn up new vulnerabilities all the time, & thank goodness they tend to patch them quickly nowadays (within a month's time, USUALLY, from Microsoft but sometimes they have ones that take longer, but they typically seem better/faster @ patching, than say, Apple is... Linux has a fast patch time also!)
----
"Windows can be locked down pretty tight if you remove the network cable though." - by erroneus (253617) on Monday May 31, @09:52PM (#32413378) Homepage
Others from using the guide of mine in the URL have seen differently. Here are some of their testimonials quoted in fact
Those are personal accessories, and while they do say a lot about the attractiveness of Apple in the consumer sector, I believe GP was posting a slightly parallel question: i.e. can Microsoft employees even do their JOB nowadays without Google?
While I have no doubt it's accomplish-able, I wouldn't be surprised if there was some pains in a department or another.
This old myth has never been true.
Apache is more popular than the Windows web server, yet gets hacked less, which completely debunks the idea that being a market leader is the only reason Microsoft products are so shockingly vulnerable to attacks.
OS X is a GUI shell on a BSD layer on a Mach engine. Like any flavor of *nix, it was designed from the ground up to live safely in networked, multi-user environments.
It's an order of magnitude harder to hack than a Windows box, because of superior design. This has been demonstrated over and over for nearly a decade now, yet the MS fanboys continue with the silly drumbeat that Macs are only enjoying security via obscurity.
Information wants to be anthropomorphized.
I wonder what Google uses for an accounting package?
Very hard to find accounting programs that do not require Windows OS.
"Remember, the system that was compromised at Google was an XP system running IE6 and logged in as administrator. IOW, they made no serious attempt to secure it."
As a developer, the only way to use is XP is as a full admin. Otherwise you cannot do anything. This is due to the primitive security model of the OS.
You can run as a normal user on *nix and mac and use sudo to perform "dangerous" operations. Windows XP has no such thing, and UAC on Vista is worthless.
blah blah blah
This is very wrong. You can run XP as a normal user just fine and browse the internet, run regular programs that behave well, etc. In fact, due to the many programs being fixed to run without annoying prompts in Vista/7, XP is now easier than ever to run as a regular user.
That explains why they have no clue about whats going on.
No sir I dont like it.
No, you've got it backwards. It is Microsoft who are on a jihad against all things non-MS.
Embrace, extend, extinguish... remember?
Do what thou wilt shall be the whole of the Law
And yet the Pwn2Own competitions keep showing that Macs aren't hard to hack...
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Everying f***ing time I hear somebody say "But I HAVE to keep Windows, for Visio!", I thank my lucky stars that I never learned that damn thing. OpenOffice Draw isn't quite as slick, but for 99% of the shit people don't think OODraw can do, the reality is that they're just to willfully ignorant to learn how OODraw can do it. And, bonus, I don't have to deal with the cognitive dissonance of justifying keeping a $200 OS for the sole purpose of running one app of dubious uniqueness.
Perhaps it's easier to find a exploit for a Mac then Windows, there just aren't enough Mac's in the world to make developing one worthwhile outside a competition.
Calling someone a "hater" only means you can not rationally rebut their argument.
Anybody who runs Exchange bare ass to the outside world is out of their minds. Any kind of medium length joe job or dictionary attack will take it down. Exchange isn't the only one. An ISP I used to work for used IMail for Windows as its primary client mail server, and it too was susceptible to these attacks. We played around with a lot of parameters before we went to a Postfix-Exchange gateway. The irony was at the time we were running our Windows servers are state-of-the-art (for the time) Pentium IVs, and both Exchange and IMail could easily be overwhelmed by dictionary attacks, to the point where the two Windows servers would become hopelessly unresponsive. I built a Postfix server running on top of Linux on an old Pentium II with 256mb of RAM, and had it feed to Exchange and IMail, and that little bastard just couldn't be brought down. In part I suspect that it was the crappy databases that Exchange and IMail used, which could be overwhelmed by a large number of queries, but in part I really do suspect that Windows Server's TCP/IP layer just isn't as resilient as Linux's or BSD's.
At any rate, building a Postfix gateway from a fresh FreeBSD or Debian install takes about an hour or two, you can throw stuff like SpamAssassin on there, and it works great.
The world's burning. Moped Jesus spotted on I50. Details at 11.
The fact that it is written "UAC on Vista is worthless" means the poster has no practical experience with UAC, that they've likely had to respond to one or two prompts and then just shut off UAC.
Follow me for a moment.
I'm running as a Standard User in Windows Vista Home Premium 64-bit as I post this. If I do something that requires elevation, I'll get a UAC prompt asking me for the password of the administrator user defined on my system. Installation of a new driver or installation of a software package will cause a UAC prompt if elevation is needed, as two such easy examples.
If I run the task and enter the password when presented with the UAC prompt, then I am logged in as Administrator for the task that will run. I fail to see how this is fundamentally different that using a Linux/Unix sudo, except for not having to drop to the command line and enter a sudo command. Of course, if I click Cancel, then the task will not run.
Now what if I didn't run the task and I suddenly see a UAC prompt? Then I know for sure it's a program that is requesting elevation since I didn't launch anything, just to be sure I can expand the details. The task trying to run without my specifically launching it could be something like the Java runtime trying to launch the autoupdate, or if it's malware then it still can't finish it's task if I don't enter the administrator user password and allow the task to continue. In any case if I fail to respond to the UAC prompt, the default response after a timeout period is Cancel, so a task that may try to run while I am away from the computer still cannot run.
All security is through obscurity to some extent. Encryption, passwords etc.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
I agree. When the New York Times reported that Iraq had bought yellow cake uranium from Nigeria I knew I could take that to the bank.
As a network/systems administrator, Windows has little to no use left on the desktop any longer.
Compared to alternatives (and there are many!) common Windows machines on the desktops are costly and relatively expensive to maintain (in terms of manpower and infrastructure): you've got complex SUS arrangements (due to in-house app compatibility, usually), AD (same reasons, as well as work flow) and malware contentions - just for starters. Compare that to pointing all workstations at (say) a local Ubuntu LTS repository cache or updating from Apple. A lot can be said about Windows ACLs and its other underpinnings, but keeping things secure while allowing users to work is not one of them.
Additionally, the time and (domain) knowledge required to roll a minimalist Linux distro vs. a minimalist, locked-down Windows install (ie a 'thinclient image') is significantly different. With one, you've got a maintainable minimalist system that uses negligible resources to update; the other is pretty much a custom hack which will require significant efforts to update. I'll let you figure which is which.
The average user uses no more than 3 or 4 applications in a large environment, from what I've seen. There aren't many people who multi-role: they've got their own world and aside from a web browser, might touch one or two apps on a given day. For these apps, you've got things like Citrix Presentation Server or Windows Server 2008 remote applications. Centralize the common stuff when you can, so it's easier to maintain, update, etc.
As for Google, my experience has been (with the technical crowd) that those actually developing for Open Source type environments, having your development environment be similar to your production environment is a wee bit helpful. Aside form things like Picasa, I can't see much of a need for Windows; indeed, there's likely not even a preference for Windows at Google, short of the occasional mathematician. The yuppie post-graduate degreed geek seems to prefer Apple.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Actually, since all platforms are hacked at the conference, it shows that the Mac is the biggest prize.
More to the point, the weakness exploited was in Safari (in all but one case) and required user intervention in all cases. For Windows, systems were compromised in ways requiring no user interaction.
So it does actually show that a Mac is harder to "pwn". It's not like the time of pwn2own means anything--the hackers have all prepared their exploits and practiced them for months in advance.