The Financial Times reported toward the end of last month that Google was going to stop issuing computers running a Microsoft Windows operating system to their employees, with very few exceptions.
The story has caused some furor in IT circles with many opinion columnists warning about the "consequences" of such a sweeping decision. It's hard to understand how anyone could be surprised by this move given Google's Chinese operation being
hacked due to vulnerabilities in their Windows computers.
In fact, I was surprised the search giant was still using Internet Explorer internally given the very warnings published on Googles own site. Yet, the attack did exploit vulnerabilities even Google had not documented.
It is interesting though how so many are now taking on the role of advisors to Google on their OS decision. PC World columnist Tony Bradley, for example, criticized the move while using the oft-cited platitude that Windows has more viruses because it has more users.
Mathematical modeling might suggest that the most used OS will be the one most targeted by by hackers, and the concept cannot be proven to be totally false. However, this alone is not a valid argument nor does it comport with other realities of computing.
Although most users access the Internet using a Microsoft OS, the majority of servers run a Unix-based OS. Given the greater documentation and source code available for the various *NIX operating systems, these servers should be an easier target for exploits. After all, it is much easier to get the fixed IP address of an unpatched server than the transient IP of a broadband subscriber. Yet, it is the latter that gets hit most often, but only if he or she is running a certain browser/OS combination.
Some of the arguments I have been reading from Widows advocates quote the famous yearly Pwn to Own contest as proof that OS X is insecure. However, some of these same people eschew the very same result set and quote Secunia advisories instead to prove that Linux is insecure.
Two things become clear from such truncated arguments:
1) neither result set can be used by itself as a determinant of OS security, especially given real world evidence, and
2) the tap-dancing betrays a lack of seriousness and intellectual honesty.
Moreover, from the comments by Windows users that I have read in which they explain how much better Microsoft security is, I gather they do not understand how UNIX security works.
Let's begin by admitting freely that all operating systems have vulnerabilities.
Even when there isn't an OS-borne vulnerability, plugins and applications such as Adobe Flash, Acrobat Reader or Microsoft Windows Help And Support Center may introduce one — as of today, these three are at the top of Secunia's list interestingly enough, but lets move on.
While Windows OSes are built on the NT base which is based on the old VMS model. All Linux distros and Mac OS X, are based on a UNIX architecture to one degree or another.
There are fundamental differences in how these two OS families are structured. Without judging just yet, let's examine the key differences between security models.
In the UNIX world security is based on ownership. Ownership determines access and access determines privilege. All files are owned and all objects are treated as files. There is a superuser who initially owns everything and can dole out privileges and ownership to other users.
In Windows machines the security model is access based. There are user access controls (UACs) and access control lists (ACLs). A file's owner is more of an attribute that is mapped to the an ACL. Unlike UNIX there is a "system" that owns processes and files. This "system" is not a login user (and is not subject to any UAC or ACL) but plays the role of owner of last resort, not necessarily subject to the "Admin" or most privileged login user. Such splitting of the superuser's powers is baffling to UNIXheads.
The merits of each system versus those of the other could be debated ad nauseam. In fact, I think many pubs owe their livelihood to throngs of UNIX and windows sysadmins imbibing enormous amounts of libation while deliberating on these differences.
In the real world, however, the UNIX system has consistently proven to be a lot more resistant to outside attacks. Day after day millions of windows machines get exploited and controlled the world over, while their nearby Linux and Mac counterparts (even on the same networks) are untouched.
I think the main reason for this is that, in Windows, the elusive "system" user can be easily manipulated or impersonated by a hacker. I remember a particular vulnerability I witnessed where a rogue website operator could open a command window and perform system tasks without the local user even seeing what was going on.
The worse part is that, since "System" has a higher rank than "Admin" in the Windows hierarchy, even an alert administrator can only counteract such attacks by pulling the power plug or the network cable. Is it any wonder how so many trojan horses, worms and malware can get installed so fast on so many systems?
To achieve comparable access on a UNIX-type system, a hacker would have had to steal a root or superuser password. Or the superuser would have had to have opened up too many doors to guest users. The only ways for the former to happen is for the hacker to pry the information from sysad or physically break into the data center.
Another weakness in Windows systems is the Registry, which no version of windows seems to ever check for integrity or validity before loading the values it contains. However, the Registry controls just about every aspect of the system's operations.
Many of the infections I have had to clean from Windows computers have taken advantage of various Registry hacks. The irony of this [and I faced this not long ago when dealing with a particular virus] is that, although a user can be prevented from accessing RegEdit, the Registry editing tool, the hacker's script can freely modify it because the malware runs with System privileges!
Another Windows weakness is Internet Explorer. Although Microsoft has been improving on it's flagship browser over the years, the nexus between Windows Explorer (its Window Manager) and IE provides a handy backdoor for mischief. To make matters worse, the same scripting engine used for local shell tasks is used by the browser to control web pages. ActiveX (a binary execution layer and plug-in container) and VBScript are probably the two biggest holes in IE, and JScript is not far behind.
Despite all these issues, most IT departments do not have the options that Google's has. For reasons of culture, convenience or necessity, they must support machines running one or more versions of Windows operating systems. Also, despite the proven security of competing operating systems, "social engineering" — hackers fooling users into cooperating with them— remains a big vulnerability in any shop.
The bottom line is that, having honestly assessed what the risks are — without spin, sophistry or FUD— IT departments need to proceed with caution and remain vigilant to keep their systems uncompromised. As an old US Army slogan went, "OPSEC is 24/7."
