The Financial Times reported that Google is phasing out Microsoft Windows on employee desktops. What are the reasons and the security implications?

After Chinese security crackers infamously cracked Google security via Microsoft Windows security vulnerabilities, a number of interesting things have happened, including Google’s decision to stop censoring search results in China at the government’s request. Google also announced it would be working closely with the NSA and other major technology industry corporations to gather evidence of wrongdoing and determine the best course of action to take in the long term.

More recently, Google has apparently implemented a new internal security policy change that seems like it might be related: Microsoft Windows is being phased out within the company. Microsoft chooses to paint the policy change in the colors of what amounts to a publicity stunt, but Google is not the first business to renounce all things Microsoft, and there are definite indicators that the time has come for Google to cease relying on Microsoft for any of its mission critical information technology deployments.

Google has always been a heavy user of Linux-based systems for its massive database farms and other server implementations. MacOS X and Linux-based systems have always been options for new Google employees’ workstation systems.

Many organizations that rely heavily on MS Windows systems might have a difficult time achieving a company-wide migration without significant up-front expense, even if in the course of five years such organizations could see cost savings overall. Google, on the other hand, is in a particularly good position to move away from systems running Microsoft’s flagship OS.

Phasing out MS Windows, with the likely exception of a few systems whose sole purpose would be testing code, could be an incredibly simple process for the corporation. It seems likely that little more would be needed than to refuse to deploy new MS Windows systems, and to let the systems already in use eventually get replaced as they become obsolete. Because of these circumstances, where some companies may have to factor huge up-front migration expenses into the cost-benefit analysis of a project like this, it is possible that Google’s results will be pure savings — both cutting out licensing fees in many cases and cutting back on the need for heterogeneous network maintenance costs.

In fact, many find that even when the vast majority of an organization’s IT infrastructure is made up of non-Microsoft based systems, Microsoft Windows systems make up the majority of maintenance resource expenditures, both for security management and more mundane system administration and troubleshooting. Thanks in part to the nature of Google’s business and the size and influence of the corporation, it is even likely to be well insulated against any need for compatibility with Microsoft-specific ways of doing things, both internally and externally.

Google’s pending revolt against the Microsoft dominance of the business desktop has raised a few eyebrows, and is sure to raise a few more still. Google representatives themselves have apparently refused to comment on the status of any policies regarding a move away from Microsoft Windows, but the Financial Times reported a number of statements made by rank-and-file Google employees when it broke the story with its article, Google ditches Windows on security concerns. The quotes suggest both a growing distaste for Microsoft products within the corporation and a definite culture of “eating your own dog food” that increasingly mandates the move away from an OS provided by a major competitor.

The debate over the security merits and flaws of MS Windows, particularly in comparison (or, one might say, in contrast) to MacOS X and Linux-based systems, has raged across the Internet since some time last century — essentially for as long as the three OSes have been usable as general-purpose OSes suitable for home and business purposes on the Internet. The last decade has seen a number of high-profile instances of the incredibly desktop-dominant Microsoft Windows being ditched in favor of others, particularly some Linux distribution or other. Such examples include municipal and national governments, public school districts, cost-conscious corporations, and angry CEOs who feel their businesses have been burned too badly and too often by Microsoft’s zeal for license compliance.

In each case, even though it is rarely the primary reason cited by representatives and decision makers, the matter of security comes up when discussing the expected benefits. In rare cases, organizations that made the decision to migrate away from MS Windows have found their migration projects poorly conceived, and ultimately gave up — at least in part — on the migration. If you can find one that made the switch back for security reasons (or, really, for any reason other than unexpected costs or bargain-basement volume license offers from Microsoft), however, you deserve a cookie.

Still, the debate rages over the relative security benefits of Microsoft Windows (and whether, in fact, there are any such benefits at all). Most arguments for the security of Microsoft Windows in comparison with other OSes are based on obscurity of one kind or another. The most popular arguments seem to take one of two forms, each of which has its own problems.

  1. Microsoft Windows is more secure than Linux-based systems because Linux is open source, and anyone who wants to can change the source code.

    This argument is entirely predicated upon a misunderstanding of how open source software development works, and is so thoroughly broken that it typically elicits either laughter or apoplectic frustration from those who cannot help but marvel at the ignorance of such statements. The fact of the matter is that open source software is developed almost the same way closed source software is developed, at its core — by a central team of people who have, in one way or another, earned direct access to the codebase.

    In Microsoft’s case, that involves an interview process followed by hiring; in the case of the Linux kernel, however, it involves demonstrated merit over a long period of submitting patches of sufficient quality that the core team comes to trust the skill and intentions of the person in question. Until that point, any patches submitted to the core team are vetted for quality and desirability before anyone considers incorporating them into the main codebase.

    A variation on this argument is that, because the source code can be seen by anyone — even if they cannot simply modify the code in the main project itself — malicious security crackers will have an easier time finding vulnerabilities to exploit. The truth, however, is not so simple. In most cases, it is much easier to find vulnerabilities primarily by the same reverse-engineering techniques used with closed source software than by reading the available source code. Only the most obvious, bone-headed errors are that easy to find. Furthermore, any potentially increased vulnerability to analysis from the openness of the source tends to be offset by the fact that many more benevolent people can also see the source, and use that access to try to improve the software, developing patches not only for vulnerabilities they have found, but also patches that refactor the code to eliminate unnecessary complexity that could harbor hidden security vulnerabilities.

  2. Microsoft Windows only seems to be less secure because more people use it.

    There may be a kernel of truth in this statement. In fact, such a statement is probably very nearly entirely true of MacOS X, thanks to the way Apple manages its development and security patching policies (i.e., badly). Even so, the fact these other OSes are in effect more secure is still a good reason to use them if you value security at all, even if that additional security in practice is for no particular reason of security in principle.

    There are other reasons to believe that Linux-based systems, and other open source Unix-like OSes such as FreeBSD, are secure. These reasons involve architectural benefits such as strong privilege separation built into the system from the ground up, as well as typical policy differences such as Microsoft’s often lackadaisical approach to security patch development and deployment.

Regardless of any well-reasoned arguments for ditching Microsoft Windows where security is a concern, many simply refuse to admit that there are any significant security benefits to be had by using something else instead. Some point to the major corporations of the world that still use Windows for (almost) everything as evidence that they are not alone in their faith in the OS.

It is easy for many Americans, for instance, to ignore efforts by European governments to leave Microsoft’s products on the cutting room floor, and for people to look at Fortune 100 corporate giants as examples of professional IT infrastructure management rather than relatively small companies — though still influential within their respective industries — like Ernie Ball.

Google will not be so easy to ignore.