Discussion on:

Google dumps Windows: Would you do the same?

Google is moving away from Microsoft Windows on internal computers. Is your organization considering a similar move?

Is your organization considering a totally new email, CRM solution, telecom, sales, or office suite system? If you?re moving off a system that?s been in place for many years, what?s driving such a radical change?cost, flexibility, ROI? Take the poll and let me know.

Original post and poll:
http://blogs.techrepublic.com.com/itdojo/?p=1816

In contrast, we are more heavily utilizing some of the Client ML's that are included within their Server Core licensing structure for the System Center Configuration Manager / System Center Operations Manager which replaced the old 2003 SMS server.

if I could get most of the software we need to run to work on another OS.

We use industry specific software that is only available on Windows server/clients. Besides that though there are a couple of other issues that would really slow the transition to another OS. But at least it would be an option. Right now it's not.

Why would I even consider moving off Windows? Security. By far the biggest reason to switch. Not usability and not features. Just security.

Windows is more secure than Mac and Linux... the problem is not security. The problem has to do with targeting. Windows is the main target worldwide and the perception is that it is not secure. Search TechRepublic's website for papers and blogs supporting the above.
It is clear to me that this is a PR move. It is like Sun's memo to all employees years ago and they had a lot of Windows when they are not a Windows shop... So like someone else mentioned here: If you offer a product make sure you are the 1st one to use it.
Just like Apple: if you buy their mail server make sure you are a genius who can figure everything out as you will soon find that they DO NOT use their mail server product to host their own mail.

It is good PR AND probably more secure. It will certainly reduce their software budget. Why pay for an operating system if they already have one.

I clean up Windows machines with various infections as well as other IT work. I also update websites and teach a class. I am considering upgrading my RAM and running Windows inside VirtualBox. I am fed up with the constant battle to keep my computers clean.

I use Kompozer on WinXP because it runs horribly on the version of Linux I was using (OpenSuSe on PPC). Maybe it runs better on regular hardware. We will see....

What on earth are you doing with that Windows machine??? Install the latest version of Comodo Internet Security, learn to use it properly, and move on. I've never had a serious breach of security on a Windows machine that I've installed - ever. I probably have a bad Wireless security setup but I'm working on improving that.

I cringe when I read about IT people having constant battles with Windows OSes. It makes me question competence.

Given Google's history, I expect that all of choices listed apply. To that I would add internal testing/debugging/improving of the OS to the list.

Ditching windows does not really change any PR, but almost any other OS is more stable and secure. Google only uses an Ubuntu based Linux distribution that they created on there servers. There employees have a choice of operating systems, but Windows is one of the least secure OS, and it is fairly unstable, and it has issues with Licensing.

Linux and Macs are both more secure, faster, and more stable than windows, so it would make sense if Google chooses to ban it from there networks. Additionally, Licensing is also a minor issue with Windows, if hardware upgrades or changes are done, windows needs to be reactivated, and upgrades could be pricey.

The ChromeOS option is useless, the ChromeOS is a Linux Distribution designed for netbooks. Ditching Windows will have no impact on ChromeOS.

If Windows is so secure, why can I type in \\ComputerName\C$ and get access to that computers C drive while on the same network.

Remember, Windows was not built with security in mind.

This share is only available for administrative usage, on a workgroup only the "Administrator" user can access it, if the user is enabled (which is not the case with windows vista/7 and if it HAS a password, on a domain network, only users member in the local admins group can access this share, which is very helpful when u have 1000s of PCs and need to access them without a sharing. I don't see this as a security hole, specially that SMB is one of the least hacked protocoles, and at home this share is blocked as I mentioned b4

Uhh, dude, I'm not quite certain what you're smoking, but I'm certain I could use some of it.

Windows is about as secure as engraving the combination just above the dial on a safe.

The poster that said Windows is more secure is informed and keeping up with the latest information, unlike this poster that is just parroting old information from years ago. There ARE numerous detailed analyses from people who eat, breathe, and sleep security that shows that the latest versions of Windows (not some years out-of-date PC that no one has bothered to upgrade) have more security built in than the Mac or some versions of Unix. Windows only seems less secure to the uninformed because the hackers in the third world only have Windows machines and knowledge. One of the protections of the Mac is its high price - it keeps poor hackers away.

The original poster isn't smoking anything, but this poster is definitely drinking the Kool-Aid of "accepted wisdom" that is in fact uninformed and out-of-date.

You say you have information that Windows is more secure than other OS's. Can you cite some credible examples (Not random blogs)?

http://arstechnica.com/security/news/2009/03/chrome-is-the-only-browser-left-standing-in-pwn2own-contest.ars

Also, look at previous pwn2own contest.

As hackers already know what hacks they are going to use, pwn2own does nothing more than prove that all systems are vulnerable.

But as it does say, Windows was harder, and Chrome was invincible...

...is what I believe to be the contest to see what OS falls to a hacker first. With 3 OSes to hack, Windows was the last to fall and Mac was the first. No, I don't have a link for this, but it is fairly common knowledge in my circles...

may be this:
http://news.cnet.com/8301-27080_3-20002317-245.html

It is actually an interview with the White Hat hacker Marc Maiffret when he is saying that Win7 is more secure than the Snow Leopard.

He never says Windows is more secure though, just that their security development model is better than Apples and adobes. He then counters his own argument by saying MS can take nearly a year to fix security holes.

Still a good read though.

The article never stated that the Chrome browser or OS was "invincible"; it was just a "formidable challenge". If you read the next paragraph:

"The game isn't over yet. During the second day of the event, the focus will turn towards Chrome. Nils, who demonstrated impressive skill during the first day by conquering the three most popular browsers, might have a few more tricks up his sleeve."

So, Chrome is up to bat on a dedicated day of attacks. Nils says he has some tricks to use so we will see how Chrome fairs in the next article.

"Windows only seems less secure to the uninformed because the hackers in the third world only have Windows machines and knowledge. One of the protections of the Mac is its high price - it keeps poor hackers away."

Let me see, hackers in the third world are too poor to buy Macs but can afford a Windows license. So they buy Windows and hack it rather than download Linux for free and hack that. I guess the fact that the source code for linux is freely downloadable takes the challenge away. :-P

That's insane.

"Let me see, hackers in the third world are too poor to buy Macs but can afford a Windows license."

I would like to see the receipt of purchase from a third world hacker. Do you think he would show it to me? I don't think so. No, the art of piracy lends itself well to these hacker groups. I doubt they have purchased a single resource.

As for the linux code being freely downloadable, I would like to see someone sneak a rogue kernel compile by the linux community. I wouldn't want to be you on any day. Plus most people who use Linux use a distro anyway and the distro companies keep a sharp eye on what they are doing.

Just grab a latest copy of Virtual Box and a copy of Mac OS X, create a VM, and you have a Mac machine sans hardware.

As we have seen, the hardware is irrelevant now due to the browser being the main interface for attacks. The object is to gain control of someones workstation and use it for whatever purpose. So, a hacker can work with the Mac OS (freeBSD core) and learn all they want to about it. However, the real reason why Mac's aren't targeted is do to market share and Microsoft's bullseye on Gates' forehead. Everyone knew how easy it was to gain access to a Windows machine there was no reason to hack anything else. Now that Macs are gaining some market share, it could be possible that Macs can be controlled from a hack. Since Macs are based on Linux, a hacker would have a nice stable telnet platform to work from.

D

I moved off of Windows because I got sick of the things not working. Windows has a history of it and while I have never seen BSOD on my Windows 7 Ultimate machine it does lock up on me quite often. I have checked the error codes in the logs and Microsoft of course does not have a fix as with just about every error code I have ever gotten with a Microsoft product. So from a security stand-point, if the OS is providing you with a Denial of Service condition all by itself wouldn't that count as a security problem?

Windows is not more secure than Mac or Linux.

I understand what you mean.

Windows is the most targeted OS in the world. Obviously. It has, by far, the largest install base for PCs.

I guess what I'm saying is that right now and probably for the foreseeable future Linux and OS X are far less a target for malicious software. So there is at least some prevention there just because of that.

No one who supports Windows even in a home or a business environment can say they are surprised at how easy Windows machines are infected. The user doesn't even have to open an attachment any more get get infected with some type of malware. One click to the wrong site and bam, infected. Even educated security minded individuals fall for this now and again.

And you can preach all day about up to date AV, firewalls, URL filtering, HIPS, etc. You know and I know it only stops some of the infections. Far too little. The amount and frequency of malware coming out these days is way too much for security software to handle.

Security is a moving target and switching to Linux or OS X would get me a little closer to the bullseye.


http://krebsonsecurity.com/2010/06/using-windows-for-a-day-cost-mac-user-100000/#more-3247

Read the story then the comments section. Interesting to say the least.

Is that a lot of the apps developed for Windows run under the SYSTEM context, which gives them access to a lot of the dll's that drive the bus. Come on, if MSPAINT can run code of choice, something's wrong. If a good Linux box is configured correctly, the kernel space is restricted to root. The apps can blow up all day, but the box stays up. Of course, if I am so foolish as to start to start some of the daemons as root, I'm opening up a a hole there. But Windows 2K8 has come a long way towards equalizing the playing field there. Most of my issues with Linux apps have been with my permissions being too restrictive, where most of the attacks on Windows apps have been with the permissions being too lax

Dan

Do you mean Kernel mode? Only the Kernel and some parts of drivers run there.

Paint (or any other normal app) runs in user mode and has no special access. The only acces apps have to system dlls is through system calls when the app asks for services (and can be refused).

Many apps get SYSTEM by default if you look at the security tab. Since you need to be local admin to install anything, these permissions come for free. Unlike Linux, where if you install as root, you have to spend time opening up permissions so that the user can actually access libraries (DLLs) to make the application work

I like these type of posts. It all has to do with CONTEXT. Mark Russinovich - Sysinternals, Wininternals and now a Microsoft Fellow - wrote an article of how easy it would be to elevate a power user to administrator by manipulating the context. The UAC is Microsoft's answer to SUDO for linux. It's a lame implementation because I prefer the command line and group policy (especially for HOME computers) to dictate what I allow and don't allow on the OS. But it is an improvement. Microsoft will get better and they will continue to be dominate in the years to come.

I would love to see Windows port over to Linux kernel. It's there already with Windows running on Mac (emulated but still very fast and stable). I don't know if QEMU or Xen can be used from an x86 linux distro to run Windows?

D

It has nothing to do with Windows security. David made a bad decision:

"Trouble was, he?d left his Mac at work. So he decided to log in to the company?s bank account using his wife?s Windows PC."

The article continued to explain that the PC was the same PC the kids were playing their games on, surfing the web, etc.

I don't understand what David was thinking. For that kind of transaction, I would have never, ever, ever used a home PC to conduct that type of transaction without a secure VPN, or at least scanning the computer first. If the transaction was that important, I'd call someone who has a Mac and get the job done. Or find a secure Windows system - yes, they do exist - and continued with the transaction.

The title of the article should read: Mac user makes a $100,000 bad decision.

It had nothing to do with Windows.

Dino

You don't know what you're talking about.
Maybe you should be in a different business.

Windows is not more secure than linux or MAC but a Windows pc can be highly secure. People outhere think they are secure only with AV and updates. Security in a windows system is a 10 items checklist. With this, your windows is secure like any other OS:

1- Antivirus (updated)
2- Last Servicepack
3- Firewall
4- UAC
5- User limited permissions (most important)
6- Windows updates
7- Apps updates (java, flash, office)
8- IE last version (w updates)or good browser (updated)
9- NTFS / Auditing / GPO
10- Steadystate

You for sure will be highly secure.

Umm, I've installed a few linux OS in a lab environment and I can tell you if you are not careful, it can be just as porous as a Windows computer.

The largest security issue on a PC today is the browser because everyone is online surfing. So, it really isn't the OS but the browser which interfaces with the OS. I'm glad there were people out there like the L0pht group who forced Microsoft to change their paradigm.

Would I switch? I'm working on an Ubuntu installation in a VM to get used to using Linux. I plan on getting certified in Linux. But I've always enjoyed using Microsoft products and have had great success with them.

By the way, has anyone heard of Comodo? I wonder how many people were infected if they were using Comodo security products?

Up to a month ago I would have agreed... now, not so much. I just made the switch to OS X and I have got to say, "I wish I did it years ago." Maybe it wasn't as good before. I don't know.

I do know that as a Network Engineer and Consultant OS X is a dream. It runs on UNIX, Perl is native, and the UI is a hundred times better than Windows XP, Vista, or 7 Ultimate. It took me about 4 days to go from a frustrating walk to a comfortable run and now I am in bliss. Seriously, if you try it you will never look back.

Google, like any good company, does not have just one reason to make major technical changes. PR, use their own OS (eat your own dog food) and security are all the reasons Goggle is making this move.
Google has the resources to create, place this alterative OS on the market, set and control the example of how good Chrome OS will be. What more could any tech company want when going up against Microsoft?
Microsoft will continue too lose market share and customers if they continue to make poor produces (VISTA).
Competition is good and this will prod Microsoft and even Apple to bring their A game to the market and their customers.

I have had a REALLY bad experience brought about initially getting in to my Googlemail Account leading to an enormous amount of VERY clever fraud using data culled over time from my incoming emails (diverted, read carefully and SELECTIVELY returned in a manner I could read (but, of course, not those that would warn me of what was going on. I have NEVER provided the password (why would I actually have a wish to?). In sorting all this out I was quite surprised by the effort that was put into this problem between Google, Ebay and PayPal (can someone remind me who owns those companies?....?. As an Ex Executive Director IT for a really major international bank I read that this is a current major security problem prompting a panic-level action......

Chrome OS is a netbook OS, very resource light with limited features. No good for a corporate desktop OS.

Microsoft errors from the past (Windows ME, Windows Vista, etc) is only a proof they made mistakes and go forward. Windows 2000, XP, Windows 7, Exchange, Server 2008 are proof of very good products from Microsoft. You can get high-end support from MCP's, MCSA's, MCSE's, MCTS's and lot of certified technicians and engineers out there. If you adopt Chrome in your company today and start having issues with one specific app, you will be out of luck, is hard to get a good tech certified in such technology.

And security in Microsoft is ... like we say... well.. depends!. If you setup a secure enviroment (firewall, updates, patches, service packs, antivirus, permissions, GPOs, etc), your pc, servers and enviroments will be highly secure!

Sorry, the alphabet soup of MS certification makes one little more than an annoying, singleminded salesperson.

Google not using Microsoft products will just make Steve Ballmer grin with complete satisfaction. I think the response will be indifference because there is no love loss between Microsoft and Google. Both are pioneering companies in their own right, but Google has a leg up on Microsoft - a young company with young minds and fresh ideas. Microsoft is going toward that, but it will always have that corporate look and feel.

And probably not even true.

But I totally understand it.

I would never buy a VZ Wireless phone if the salesman had an iPhone at the presentation.

How long has it been available? Not considering it now, especially with the release of Windows 7.

I agree with Derteufel! Why did they wait so long? I knew a driver for the Coca Cola Co. who got caught drinking Pepsi in his truck. He was fired. "We make Chrome, but we use Windows..." This sounds like a lack of confidence, to me.

Chrome OS is not far along in development.
Chrome Browser has truly made it to a real consumer product.

I suspect we will see Chrome thin client/cloud OS as the biggest push to challenge Microsoft.
But its a bit like running your own prototypes
you learn about problems in a way that limits negative pr if it needs fixes.

I see the oposite here in Mexico... Pepsi trucks drivers drinking Coca Cola!!! nice!!

No use for desktops. Google will not be switching to it. Chrome and Windows 7 are appealing to different markets.

#1 - PR. It's the main reason Microsoft got excoriated so many times: for a long time they weren't even running their server products as web hosts. It's really bad for business when you can't even say you use your own products internally.

#2 - Security. Because of failure all across the board - including both the use of IE 6 on Windows platforms and insecure server setup, they got hacked. By moving to their own OS, they can make security completely dependent on themselves.

#3 - Testimonials. If Google wants to promote the Chrome OS, it has to start wooing customers. That starts internally so that Google has a place to tout its products to potential customers.

#4 - Money. Licensing fees for Windows just keep going up. For the number of employees Google operates, they can save tens of millions on licensing.

#5 - Applications. Contrary to what some may believe, the only area on the desktop you can't find good applications to run on the *nix kernel are games. Now Google can concentrate on having its engineers find more applications to integrate/buy/include with the Chrome OS, such as the Apache web server engine, GIMP, and others.

.

How come I don;t see drivers for Chrome OS when I'm searching for drivers?