157 comments

[ 3.4 ms ] story [ 206 ms ] thread
I'm a bit surprised that there was significant internal use of Windows at Google. I had the impression that most PCs there ran Linux.
Something tells me that the senior staff at Google was also surprised, and somebody's making this move (or was told to make this move) to save their job.
Let's not ignore non-technical employees.
Most companies do not give non-technical employees a choice of OS.
Yeah, and it defaults to Windows.
Well they did introduce their browser as Windows only at first... They have a lot of non-technical people who probably opt to use at whatever they used before (Windows).
> which employs more than 10,000 workers internationally

I thought the number was higher. Wikipedia says 20,621 (2010)... still thought it was higher.

20621 is greater than 10000.
Lots of new Mac and Linux users. Hopefully, some of the people will be dedicating some of their 20% time to improving the Mac and Linux platforms.
I can assure you that the only users at Google that are affected by this decision are sales and marketing.
Good, Linux could use some sales & marketing help.
Engineering at Google is already 100% linux or OS X (at least when I was there in 2007), unless you were writing a client application targeting windows. This decision is about sales, marketing, HR, etc...
If it just inspires them to rein in the zoom rate on Google Maps I'll be happy.
The big hack was apparently based on a zero day IE flaw. http://www.wired.com/threatlevel/2010/01/hack-of-adob

Wouldn't it be easier to make their employees use chrome?

I'd have assumed that Google Chrome or Firefox would have been default browsers at Google considering their involvement.
also, the infected URL was sent through MSN Messenger and upon being clicked, it launched the infected page. That would mean, correct me if I'm wrong, that the default browser was still IE.

Also, are IT policies applied consistently throughout the world or different regions have a diff. IT policy?

Sure, but there's only one way to completely uninstall IE and it sounds like that's exactly what they're doing.
This isn't true. Off the top of my head, Google could replace the executables (incl. DLLs) with ones that do nothing but throw up a "disabled" sign. (Which would also take care of OLE/ActiveX embedding of IE in other apps.) I see below that there are better ways of doing this from more Windows savvy folks.
Much easier. They could for example setup Active Directory policies to disable the use of IE by default.
so what happens when an exploit other than IE is used in the future when something goes down at Google?

Seems like a decision taken in haste and more of a knee-jerk reaction.

That's why they're ditching not IE but windows altogether.

Doesn't seem knee-jerk to me when you look at the security track record of the various platforms.

It's simple economics as far as the malware/security track record goes. Since windows holds the most marketshare in OS business, most of the effort in terms of malware or virus creation is directed towards windows systems. It's been shown at Pwn2Own that Macs can be easier to break into vs. Windows esp. Vista onwards.

If you were a hacker and you wanted that data, it wouldn't have stopped you if the target used Mac OSX ... you could just target some other unpublicized exploit. I mean all you need is Flash to do some damage.

Yes, it does. Recent versions of Windows (Vista and especially 7) have had security track records at least on par with OS X and desktop Linux. Mac OS X hasn't been doing terribly well lately, and Apple is notoriously slow to patch known security flaws, e.g.: http://bit.ly/62bTNQ

I'd provide a link to hard data, but for some reason Secunia's taken down their list of unpatched vulnerabilities in OS X (?!), even though they provide this data for most other operating systems, including Windows.

Sorry, but that simply doesn't matter.

Case in point, OSX even had more security advisories published than windows for a while, yet the "experts" still mostly agree OSX is the safer platform;

http://news.cnet.com/8301-27080_3-10444561-245.html?tag=rtco...

There's a very simple reason: OSX has around 6% market share, Windows around 80%. Go figure which platform the kids are going to target for the time being. Also feel free to research on which platform the major, semi-automated botnets (Storm, Zeus) are running.

>>which platform the major, semi-automated botnets (Storm, Zeus) are running.

Let me guess - not Windows 7.

Google is getting in to the OS business. I suspect this is as much about dogfood as security, but hammering on security is instant bad press for Microsoft.
Well Google is also competing with Apple's OS business. The bigger point is that Windows doesn't offer users any advantage over Linux or OS X anymore. Its not like the old days when Windows had the most applications and driver support.
The number of games supported on Windows is much better than for Mac/Linux.
In the context of Google, that is not a criteria.
.. and that is one more reason for corporates to move to Mac/Linux
Is there any evidence that Windows 7 is less secured than Snow Leopard? Windows employs more advanced security techniques. IE has outlasted Safari in Pwn2Own since IE8. Windows releases security fixes much faster.

If they favor OS X over Windows that is completely fine, but I think they are implying something that isn't true in regards to security. If someone exploits OS X on them, is everyone moving to Linux next?

And what happens when someone exploits Linux?
You have a nice ecosystem of Unix OS's. Solaris, OpenBSD, NetBSD, ... and a handful of major Linux distros: Ubuntu, Fedora, Suse, Gentoo, Debian, etc. Once you've gone Unix you have lots of choices, including the Mac.

Did Google roll their own Linux? Which kernel do you target? which apps?

It seems reasonable to assume that they'd standardize on a distribution, and centrally manage patching client machines. I cannot imagine that they would expect every employee to concern themselves with such things.
Market share: Windows 90%, Mac 9%, Linux 1%.

Where are virus writers going to put most of their effort?

Windows being as secure as Mac wouldn't help make it safer because a lot more implemented exploits are going to exist in the wild.

While this move may prevent infection by FR33_PR0N.wmv.exe, I don't see how it will prevent being hacked by China (the major concern).
I believe the Chinese government has Windows source code, and Google does not. The Darwin and BSD layers of Mac OS X are open source, so Google can at least study the code to understand the security implications of using OS X.

In other words, with open source Google is on a more level playing field against potential attackers.

No offense, but level playing field is ridiculous.

Think about what you're saying, you're saying Google is going to sit there and review all of the source code, and all patches and new releases to that source code. Really? Do you actually believe this...

As per China having the source, do you really think it matters? If someone wants to break in, they're going to get in... (regardless if its Windows/Linux/Mac) why... because that's their job and they are going to spend every minute of every day until they figure it out, and that's what makes them better than you. Majority of the time the issue is not software itself, but the policies in place. Hell, why even break in technically, when I can probably call one of these 10,000 employees up and they'll give me their password. Duh.

If you believe security is 1-dimensional, then you are bound to fail. History has shown this time and time again, just read a book / biography in regards to this topic.

More importantly but less vociferously, by Google switching to an open source OS, it means anyone, anywhere, can fix vulnerabilities. Not just Google.

Considering the difficulty of patching security holes in proprietary software versus patching holes in open software, Google indeed would hugely benefit by drastically reducing the difference between the cost of defense and the cost of cracking.

It's not so much levelling the playing field, as removing Harrison Bergeron's buckshot-filled equality harness.

Switching to an open source OS? OSX is a mix between open and closed source software where quite a bit of its open source code is not updated frequently. Google can't patch Preview, Quicktime, Safari or any other closed source program develop by Apple. Also, Apple is not famous for quickly patching OSX[1]. Quoting Charlie Miller[2,3]: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."[4]

[1] http://www.zdnet.com/blog/security/apple-fixes-old-java-for-... [2] http://www.dailytech.com/Charlie+Miller+to+Unveil+20+Zeroday... [3] http://en.wikipedia.org/wiki/Charlie_Miller_(security_resear... [4] http://www.forbes.com/forbes/2010/0412/technology-apple-hack...

Google employees probably won't be using Safari but it is 95% open source (WebKit). iTunes would be a better example.
> you're saying Google is going to sit there and review all of the source code, and all patches and new releases to that source code. Really? Do you actually believe this...

It's not crazy to pay someone on their security teams to review checkins to OSS apps they use. Saying 'OH MY GOD' loudly and repetitively doesn't consitute an argument and is rude to the parent poster. Be civil.

>Think about what you're saying, you're saying Google is going to sit there and review all of the source code, and all patches and new releases to that source code. Really? Do you actually believe this...

Maybe not Google by itself, but the sum total of everyone reviewing all the source code and sharing what they know is that it's far easier to develop a more complete security profile for Linux than it is for a proprietary system we can only study by reverse engineering.

I'd be extremely surprised if Google didn't have access to the Windows source via Microsoft's shared source programme.
The source code to Windows, while not public, is some of the best studied in the world both inside and out of Microsoft. Even though MSFT doesn't publish it, they do release complete debug symbols for most of the operating system; there isn't a pro vulnerability researcher on the Internet that can't navigate Windows with a copy of IDA Pro and a couple of PDBs. The openness of the Windows source code is a red herring.

Meanwhile, most bugs aren't discovered in careful source code review or by static analysis tools. Instead, we write programs to exercise the code, either by sending random dumb buffers to the target or by working out the expected format and varying messages until we cover every basic block in the target. You can do this with or without any source code.

I think you would have a hard time finding a professional to say that they trust Mac OS X dramatically more than they trust WinAPI in 2010, and I say this as a full-time Mac user.

I, for one, am pretty bored by the market share defense. There are millions of macs out there, owned by people who could drop a little coin on their hardware, and that make them less of a target? There's not one virus writer out there who doesn't want the cred and the potential gain of a new audience of victims, many of whom are probably pretty complacent about security because they've never had to worry about it?

There aren't many mansions where I live, yet they seem to need the most security.

While you might liken the rarity and the glamour of owning a Mac to that of owning a mansion, a thief has much more to gain by targeting a large house that's more likely to be filled with expensive electronics and jewels. On the other hand, I doubt that Macs are significantly more likely to contain data that a hacker would be looking for.
Bad analogy.

Software != hardware literally.

Hackers don’t want to sift your personal data for the most part (unless the sifting can be automated). It’s botnets that make them money.
It depends what you're up to, I suppose. If you were seeking to install keyloggers to record financial authentication details, why not target people whose choice of computer hardware indicates they have more money than average?
Because Windows vs. Mac is an exceedingly weak financial signal, and because no matter what the signal is, having 20-30 accounts is better than having just 1 account?
Sure, but there are several other factors to take into consideration.

1> Very few Macs are running anti virus/spyware software, as the users generally believe their systems to be immune to malware

2> The malware authors are probably already targeting Windows, why not do Macs as well? The sites I work with are up to 25% Mac usage now. That is significant.

3> As Mac browsers have not been attacked as often and scrutinized as carefully by attackers, it appears Apple and other browser vendors have not taken as much care to harden the Mac browsers and OS.

4> Is having a Mac a weak financial signal? I wonder what data is there is out there about the affluence of the Mac-owning audience. Apple isn't targeting the low end of the market, that's for sure.

So, in summary: it might be relatively easy, plus, why not.

You ask: So, in summary: it might be relatively easy, plus, why not.

I answer: Because for the same amount of effort you can make an order of magnitude more money.

I assume malware authors would be targeting Mac OS in addition to, not instead of, Windows.

The same logic works out for normal ('voluntary') software applications, doesn't it? Most companies decide to focus their efforts on producing software for Windows, based on the idea that the market is much larger. Companies nevertheless do decide to produce software for Macs, for various reasons.

But its not just the size of the market... Windows machines are more likely to come into contact with another windows machine than macs are to come in contact with other macs. Thus a mac virus will spread much more slowly...

This is why homogeneity is dangerous. The more diversity an ecosystem has, the less vulnerable it is to viri, whether we're talking about crops or computer networks.

So then sites like this: cupidtino.com are really bad for Mac owners. Gotcha! :)
Until we hit "peak oil" for Windows malware, there is no real incentive for a malware author to target anything but the most popular platform. I'm guessing you have very little insight into the motives of malware authors, and so I'm not going to address that part of your argument.
And yet, when you looked at e.g. the web server data back in the early 2000's, you had 70% apache 25% IIS -- and yet about 20 times as many exploits (and much more effective at that) for IIS.

The reason was, to put it bluntly, that IIS was designed without any regard to real security, whereas Apache had _some_ regard to security.

That's also the case for Windows through its history; it has been making leaps recently, but doing things more securely requires it to become less convenient / not backwards compatible, and therefore it is still, relatively speaking, way more vulnerable when used by your average user.

I'm not up-to-date, but up until 2007 or so, a significant number of web browser vulnerabilities were directly or indirectly a result of Windows and Explorer's love of executing files after wrongly identifying them as e.g. wav or doc files.

The single Unix design decision that a file must have an executable flag out-of-band, and the convention that by default this flag is off, both of which date back to 1970, have kept Unix safe from these kinds of bugs. Sane default permissions on system directories are another decision; the latter has been adopted by Windows in XP SP2 IIRC, the former still hasn't.

I would like to hear the specific ways in which you think that Apache was designed for security in ways that IIS wasn't, and how those things persist into modern IIS.
Not a serious reply: Well, for one, IIS was designed to run on Windows servers rather than *nix.
Rejoinder in equivalent tone: you mean, the servers that ran rexd, the "run any command for me without credentials" RPC service? Or the servers that had remote calendar managers that would run commands for anyone who knew what the semicolon character meant to the shell? Or the ones that got confused if you sent FTP commands in the wrong order and too fast and would accidentally upgrade you to root instead of logging you off?
To start with, Apache default setup would bind to port 80 and switch to user 'apache' or 'httpd', whereas IIS (back then, that was IIS4/5 days) default and hard-to-change setup was that it was running with SYSTEM priviliges.

There had been security audits of the apache code base since its early dates (as NCSA Web Server), whereas IIS didn't (or, judging from its track record, if it did have they were done by incompetents who didn't notice the strcpy(host_field, ...) would overflow with a host name > 1024 bytes.

IIS had everything in the same process, meaning every thing exploitable somewhere would bring the whole server with it. Apache used a worse-performing but better compartmentalized process-per-request model.

Just to be clear, apache at the time was NOT a beacon of security or good design or anything. But it did follow standard Unix practices, which put it a significantly better place than the IIS of the time (which was written like a Windows desktop program). At the time, IIS exploits were being found at a rate of 4 remote roots per month, with worms actively exploiting them, whereas apache had one of these every several months, usually only exploitable if you knew the exact O/S version it was running on.

Mac OSX is inferior from a security standpoint, but enjoys herd immunity so the actual risk of infection is lower.
Herd immunity? That's a pretty bad metaphor. There is not "safety in numbers" on the Mac. Safety comes from their lack of numbers. Unless you meant to imply that Macs are like the kids at school whose dipshit parents don't vaccinate them.
Actually, that's not what herd immunity means. Herd immunity is based on the concept that, if a large enough subset of the population is protected from infection, then others in the population are inherently more protected due to lower transmission rates.

For herd immunity to apply in this case, we'd be assuming that OS X users are more likely to take proper measures to ensure that their system is not compromised (which may or may not be the case).

If Windows computers make up a majority of the market, then the transmission rate for viruses that target only OS X is low. Therefore, you could argue that computers collectively enjoy herd immunity versus OS X viruses, even if machines running OS X individually have weaker security than average.
Herd immunity doesn't mean "safety in numbers". It means insulation from transmission vectors because the rest of the herd is immune from diseases that might infect you. An isolated OSX machine surrounded by Windows machines in a network is relatively isolated from virus transmission vectors.

Then again, Jeff Goldblum was able to write a virus on his Mac that he used to infect the alien mothership, so maybe they're not so secure after all...

Security contests are poor measures of security. A "new" windows flaw is a valuable commodity and most people who are aware of such things are not going to use them to "win" a contest. In the real world there are three issues, systems that are not up to date, systems that are more open than ideal, and unknown issues.

The ideal contest wold take a reasonably permissive system that's 3 months out of date and see how long that lasts under normal usage.

No. There is no evidence that Windows 7 is less secure than Mac OS X Snow Leopard --- at least, not clear evidence (we could certainly spend a few days tit-for-tat'ing about this disclosure or that, but it wouldn't amount to a coherent argument).
Except for in default configuration, with a user account that's passworded, there's this massive at-console exploit that requires no specialist knowledge other than very basic shell knowledge. cmd+s on boot.
If you have physical access to the machine, all bets are off anyway.
"Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks"

Wait, so they're phasing out Windows for security reasons, and moving to Mac instead? It at least made sense when they were moving to Linux or ChromeOS, but OS X's security track record as of late is far worse than Windows.

I would agree. Windows has the largest population of non-computer literate people worldwide so hackers get the bigest bang for their buck and windows gets a bad rap. If everyone jumps to another OS so will the security problems.
?! Are you missing the part where OS X is based on BSD?
That's a myth. There are some parts like libc and the command line apps that were ported from BSD, the the kernel is a mach-that-isn't-anymore hybrid oddity, and the user interface is an Apple-only system.

So, to a good approximation, you can say that the command line is based on BSD, and the rest came from NeXT and Apple, with a bit of GNU mixed in.

The BSD heritage is rather insignificant when it comes to security, since the largest attack surface comes from Apple applications like Safari, or the file manager, or other apps the end user uses directly on a regular basis.

Mac OS X Leopard receives UNIX 03 certification: http://arstechnica.com/apple/news/2007/08/mac-os-x-leopard-r...
Sure, but that just means it provides the correct library calls, has the right shell utilities, and so on. It says nothing about the pedigree, or the amount of security. It's undoubtedly a good thing, but it's not important in this context.
Where do you draw the line when a BSD based OS has been customized to the extend that it can't be considered a BSD based OS?
That only describes the interface, not the implementation. It says (almost) nothing about the kernel, or security.
You are right. I just double checked my facts and OSX kernel is actually a hybrid kernel and not a direct descendant of BSD flavor (which was my impression).

My mistake.

That's like saying Windows is UNIX-based because it conforms to POSIX.1.
That would be like calling someone a Ph.D. after completing kindergarten.

UNIX 03 certification means MacOS X is a UNIX. It doesn't say anything about its status as a BSD though.

xnu's BSD code isn't a myth. Have you ever actually read any of it? Which parts?

I had to dive into it headfirst for a Black Hat presentation in 2007, in which we loaded probes into a running xnu kernel to detect hypervisors. I was surprised by how easy it was to navigate based on my familiarity with FreeBSD's kernel. Obviously, there's quite a bit of non-BSD code in OS X, but for anyone who has worked with a BSD kernel before, the similarities are impossible to miss.

Hell, even if you can't read kernel code, the fact that OS X has sysctl, doesn't have proc, and debugs with ptrace() doesn't tell you anything?

Bad logic.

Popularity is unrelated to quality of code.

While it is true that popularity = bigger target = more incentive to attack the platform's security, it is also often used as an excuse to try to hand-wave away bad, insecure code.

Another platform becoming more popular would indeed mean that it would have more people targeting it. But it does not, in any way, mean that the people would have the same level of success exploiting it as they do Windows.

We could probably safely expect that the platform would be successfully exploited more than it currently is. And people that think OS X is a security panacea are living in a fantasy world. But the argument that "[i]f everyone jumps to another OS so will the security problems" is a woeful oversimplification, and confuses two separate issues.

Also, as a side note, people seriously underestimate the level of incentive that currently exists for targeting non-Windows platforms. It is not the case that the incentive scales proportionally to audience size. Any sufficiently popular platform is a desirable target to attack. It's not like a platform has to have 90% of the market to be worth the effort. The relative ease of attack is a far more important factor than the potential audience size once we're talking millions of users.

No. In fact, the incentive for attackers is exactly the inverse of what you claim it is. The author of WinAPI malware can expect multiple tens of conversions for every one obtained by Mac malware. That's because, breathless accounts in the media aside, malware infections don't compete in any practical sense. You would need to deliberately eschew all financial incentives to target OSX. The logic here is exactly the same and exactly as simple as Joel Spolsky's article about investing in OSX dev from 2002.

As for the rest of your comment: both Windows and OS X are conventional monolithic operating systems written in C with core facilities designed and built in the '90s. Both are multiuser operating systems repurposed for single-user deployments. Both have strong kernel/userland barriers with well-defined interfaces. In fact, if you've done systems programming on both, they simply aren't all that different, even to a software developer.

But: for the past 10 years, Microsoft has been getting hammered by attackers, and has the benefit of a decade-long trial by fire. So when Microsoft randomizes library offsets, they don't (for instance) miss the entire runtime loading subsystem.

Also: most of Microsoft's most sensitive application code is written in C for WinAPI on x86, which is one of the best-understood application runtimes in the world. Much of OS X runs on cross-platform Objective C, which has received nowhere nearly as much research. Put simply: nobody knows how to write exploit countermeasures for OS X. I think mostly because nobody cares.

(Again: I say this as a Unix dev from '93 at a company standardized on Macs).

Citation? I haven't seen anything near the equivalent of Windows flaws on OS X. How many remotely exploitable OS X vulnerabilities have there been in the last 2 years?
http://www.computerworld.com/s/article/9129978/Researcher_cr...

Mac isn't significantly more secure. In fact, after all the bad press, Microsoft has invested significant amounts of money on intrusion mitigation systems like address space randomization, non-executable stacks, and so on. Linux is playing catch up to Windows in some regards there, and from what I know about OSX, it's also far behind in intrusion mitigation techniques. (edit: here's a blog post that covers some of them: http://blogs.msdn.com/b/michael_howard/archive/2006/05/26/ad...)

There are perfectly good reasons for switching to OSX (like, for example, the fact that the interface isn't a pain to use, and the command line doesn't suck, although I still favor Linux with a good tiling WM), but I don't think security is a valid one.

Uh, citation, please?

You liked to an article that says "there once existed a vulnerability in Safari" and then right away claimed that Linux and OSX are "still catching up to" Windows in terms of security. Now, I want to believe you, but it sounds to me like you're speaking with a little too much conviction relative to the evidence you're presenting.

One citation, describing flaws in the current implementations.

http://web.archive.org/web/20080111062141/http://www.matasan...

Another (fairly poorly written) article about it: http://www.tomshardware.com/news/hack-windows-security-snow-...

I'm sure you can find more if you dig around.

Also, non-executable stack has been supported OSX since it was shipped, but non-executable heap is new. I believe (I'm not sure) that non-executable stack is also disabled fairly often because of trampolines in GCC.

Security in OSX isn't broken, of course, but the mitigation measures are strongest in Windows, out of the mainstream OSes these days.

You shouldn't've been downvoted; you're absolutely right.

MacOS -- and I say this as a long-time user, since the System 6 days, and as an OS atheist -- only seems to have a better security track record in the minds of users because it hasn't been targeted anywhere near as much as Windows has.

As far as Google is concerned, they may just be banking on security-through-obscurity. Use a system that the bad guys aren't familiar with exploiting, and you're less likely to be exploited.

The core difference between Unix and Windows, that has persisted since the beginning, is that by default on any Unix you get a user account which is different from the root account. On Windows, this hasn't even been possible until a few years ago (Vista? 7?), and AFAIK you still have to specifically configure Windows to give you a user account that really, really has no administrator rights. My parents wouldn't know how to do that.

On Linux, if someone hacks my browser all I could ever lose is the stuff on my home directory. Should that happen, I can just log in as root, kill all processes of my user account, rm -rf the home directory and restore the most recent backup, and relogin with my account. Without rebooting.

There are local vulnerabilities that might give you root privileges on Linux, too. But that's already a secondary attack and one of its own. Given the diversity of various Linux builds, it takes a lot more to crack into a machine and if successful, even that one is only one kind of a machine. With Windows, the homogeneity sweeps large installation bases at once.

On Linux, if someone hacks my browser all I could ever lose is the stuff on my home directory.

Of course these tend to be precisely the only things you actually care about in the whole system. Assuming it's a desktop machine of course.

Which is why he talked about backups, and why they're important.

This doesn't mean your backup couldn't get infected...

I have backups for my files anyway. Everyone should.

It's the long, painful reinstallation process that I would have to do on a typical Windows machine to fully restore the pristine installation state after a virus/malware attack.

This argument is a load of baloney. Desktop machines, whether Linux, Mac, or Windows, are single-user machines. Attackers don't want "root". They want your documents and they want access to your network, both of which they get just peachy with your user account.

The only thing you can do with root that you can't do with a user account is write vanity malware that persists in ways that are harder to detect. But the most effective malware isn't written as a vanity exercise.

In Google's case, it's even less important to have root; what Google is protecting is access to their corporate network.

Regardless of the security record, it is often the case that hackers and virus writers target the most popular OS. So I don't see how all switching to the same OS is a good idea for security.
This was done by two company vips in direct opposition to the very vocal recommendation of the security team.
"Getting a new Windows machine now requires CIO approval," said another employee.

I really hope that's quoted out of context (e.g. maybe it's really getting a second machine, regardless of OS, that requires CIO approval?).

I doubt we're getting the whole story here. I'm sure there are everyday tasks that can be done more effectively on Windows (I've been Linux-only for a couple of years now, so I can't imagine what they are, but I'm sure they exist). And "Windows isn't secure" is absurdly simplistic (particularly at a company which can presumably hire the best sysadmins in the business). Constraining your employees like that to save the IT department a little effort doesn't sound like a good tradeoff.

I'd speculate this is more about politics, or dogfooding. Maybe they're trying to move employees from Office to Google Apps, and that's easier if Office is no longer available.

This is how big companies work. They want even the smallest task (like, "viewing documentation for the product we just bought") to take days and require multiple levels of managerial approval. Because I guess it's cheaper to have 10 employees doing the same job than it is to get sued if one employee posts confidential information to a blog, or something. (If you've ever wondered why you only get 0.00025% interest on your savings account... now you know.)

(This is being downmodded, but it's really true, at least where I work. The IT system is set up for HR people and bank tellers, not programmers. So the programmers just have to deal, because the system isn't setup for "average joe" employees to do anything useful. The good news is, we bought some company that says they won't be able to continue doing business if this stuff doesn't change, and the company we bought is more prestigious than we are ;)

who do you think runs Google - the programmers or the IT staff?
Sales. Google is an ad-company after all. There was little interest in Gmail until contextual ads were brought into the picture.
> I'd speculate this is more about politics, or dogfooding

Agree on the dogfooding.

<speculation>I think Google is planning a major attack on Microsoft's business / office empire. They have made it so simple to set up a new business using Google apps that it's almost unthinkable to me that I would go out and do an exchange setup. But this is largely still in stealth mode because Google wants to bring its business apps up to the point where they are a alternative to Office for real tasks before they really play this hand. And that means they have to force their employees to live on them every day, for everything. If they can't do it, how can they expect their customers to? And the best way to make it happen is to take away Windows entirely. Otherwise people will continue to fall back to Office and find reasons to sneak it onto their computers.</speculation>

There's a major flaw in your logic - Google has already begun a major attack on Apple, but they're still allowing OS X on their campus.
In mobile computing, I don't see them making any push into the apple desktop/laptop/osx market. So I guess you make a valid point if they were giving their employees iphones over andriod ones which I doubt.

I doubt they are looking at chrome OS to be a replacement for a full osx like operating system at any time in the near future.

(comment deleted)
I don't know about needing approval directly from the CIO, but last I talked to a friend of mine that works as a sys admin at Google, he did mention that they were requiring users to have to be able to make a business case for getting a Windows machine, otherwise they were deploying all Linux and Mac systems. This has been maybe 4 or 5 months ago now, not sure what, if anything, has changed since then.
How do they test Chrome for Windows?
i'm sure they still have dedicated windows test machines (that are sandboxed from their super-secret data) ... or using virtual machines
May be they'll outsource it.
As Google still develops and tests for Windows I question that line about needing CIO approval for any Windows machine. Still, great to hear.
I agree--I think the google employee either didn't know what he was talking out or was taken out of context.

They could always do windows development and testing inside of VMs though.

Such a policy would only apply to non-engineering staff, obviously.
The danger here is that they will lose touch with the 80% of their user base that uses windows. If they don't have enough people who intimately understand the computing experience of their users then their products could suffer.
(comment deleted)
They will almost certainly still have some windows machines around, if only for testing against IE. Some Google employees almost certainly use Windows at home. I really don't think they're going to lose anything major in terms of familiarity.
I don't think it is the same to test something on a platform as developing it on that platform. Developers will instinctively look to take advantage of the strengths of their main platform and work around the weaknesses. With nobody in an entire team using a platform it will probably become an afterthought, left to a separate quality assurance team who are only in a position to correct obvious errors rather than produce excellence.
True. A very strange decision. How to you develop products for the majority of people when you don't use their OS and can't relate to their 'pain'.
they are not saying that they are getting rid of all windows machines full stop, they are saying that none of their employers can use windows machines as their dev machine / work machines. They don't want to expose any private data to the windows machines. They certainly will keep around some windows boxen for testing purposes.
Big difference between "I'm gonna mess around on this windows box for an hour or two a day to see what it's like to use" and "this is my machine and it runs windows"
You mean intimately understanding feelings of frustration and annoyance?

ducks

Seriously though, I'm sure that the folks who are allowed to use Windows are exactly the ones who need it: Picasa and Chrome devs (and the other desktop apps they have).

i'm sure they would still run windows under virtualization with vmware fusion, etc. they would still would have to do very heavy testing of IE on their apps, so that would be the easiest way to do it. i don't think google can escape the suffering of writing for IE just yet
Exactly this happened at a company I worked for! The engineers were too snobbish to use Windows, sticking with their Solaris and Linux boxen instead. Result? Windows user experience sucked. Further result -- Windows workstations forced on the engineers. Further result -- "Hey, this thing really does suck on Windows!"
Security in software is relative. Everything is vulnerable. If someone wants to hack into Google's super-secret data and Google is running Linux or Mac OS X, then the hackers will find exploits in that software. This article is a joke for implying that this switch will in any way make them more secure.
If they're using Linux, they can find and patch the vulnerability immediately. They could even have a team hunting through the source code looking for vulnerabilities to patch.

On Windows, they would have to report the vulnerability to Microsoft, and hope that it's patched soon. It probably would be, but that's still an extra step - and they wouldn't be able to locate it with reference to the code. Also, as another person mentioned, china has access to the Windows source code; Google doesn't. This evens the playing field.

but this was rumored to be a zero-day attack, which means nobody knew about the exploit so it was as-of-yet unpatched. even if they we're running goobuntu with the full capability of patching the source and deploying fixes, a zero-day attack would have made it through in the beginning. switching operating systems is not going to secure against zero-day attacks.
Just imagine all their machines were running debian linux with the wrongly patched openssl binary. About 1024 different private/public keys to rule them all :-)
(comment deleted)
Wasn't Google in China hacked by an internal employee that really worked for the government?
http://www.pcworld.com/businesscenter/article/159565/mac_os_...

It says there were 48+ security fixes. Doesn't matter what the reality is. People just want to believe Apple is more secure.

Count is a poor measure. Both Apple and Microsoft lump together fixes for remote code execution vulnerabilities (terrifying), privilege escalations (not a big deal for personal machines) and denial-of-service vulnerabilities (not important except for public servers) as "security fixes".
The main reason a Mac user (in practical terms) is more secure then a Windows user is because Mac users typically are using the latest version of the OS, whereas an typical Windows user is at least one SP behind, maybe more?. Especially if said Windows sits in an office environment where there is a very slow adaption rate.

Also, any unauthorized copy of Windows is most likely never updated.

The main reason a Mac user is more secure than a Windows one is because a Mac system is running on a sounder security architecture (not administrator by default, etc.). You can only go that far in retrofitting an OS which made the wrong decisions on the start.
> The main reason a Mac user is more secure than a Windows one is because a Mac system is running on a sounder security architecture (not administrator by default, etc.)

In specific ways, how is OS X's security architecture more sound than Vista or Windows 7?

To us - IT guys - they look alike, and we can stay away from dangers quite easily. To an average user - and I know what I'm talking about, since I've taught IT security to those average users - Windows' security architecture - UAC, applications (badly) designed to run as Administrator, ecc.- is full of pitfalls. I guess not everybody at Google is an hacker.
Badly designed applications have nothing to do with Vista or greater's "security architecture", so that leaves UAC.

Do you feel UAC has a worse security design than the privilege escalation mechanism on OS X?

Or - since you mention teaching end users - are you talking about a user education issue?

> Badly designed applications have nothing to do with Vista or greater's "security architecture", so that leaves UAC.

We agree, from a technical point of view. OTOH, applications are the system, from a user's point of view, and Windows has "taught" programmers to write applications which run under high privileges. A Windows program requiring administrative privileges to run is not seen as defective: just disable UAC and it works flawlessly ;-) I guess a similar behaving OS X or Linux program would not have it that easy.

> Do you feel UAC has a worse security design than the privilege escalation mechanism on OS X?

I don't know about OS X. Linux user here.

If we look at it as techies, UAC is sound. If we look at it as average users, it is not. It's an usability issue.

> Or - since you mention teaching end users - are you talking about a user education issue?

Exactly. I think that a safe usage of a Windows system requires too much education. That's it.

However, my guess is that Google's move is more of a business decision.
Does anyone have a source directly from Google?

The article doesn't contain much substance.

My advice: Try to avoid making business decisions for emotional reasons. Do business based on rational analysis of the facts, or it will cost you in the long run.

Google seems to be ignoring that advice, ditching an entire operating system and all the potentially cool stuff that comes with it because they're a company full of developers who don't particularly like Windows, and because they compete with Microsoft and therefore hold a bit of a grudge.

They're certainly within their rights to do this, and they can justify it to themselves as being for "security reasons", but in the end all it will do is weaken them a little bit.

Of course they are not making a business decision for emotional reasons. By choosing an open source OS, Google gains more control on its systems, and avoids using a product of a competitor. Moreover, Google trusts its employees' judgement about a product: if you think your employees are competent, then you listen to them. If something, their decision weakens Microsoft.
Sure they are.

They're saying "Windows has nothing to offer us, and there is no Windows software that our developers might want that justifies having Windows machines in our offices." If you work at Google and want to use, for example, CodeSmith, you have to get special permission from the CIO to build a Windows machine to install it on.

Clearly CodeSmith is a good tool that developers might want to use, but because of management's vague fear of "security concerns", it's now off the table for your average dev.

I guess this is a case where you choose not to buy a restaurant because you happen to like a specific dish ^_^

My understanding anyway is that Windows is allowed, if you can demonstrate a strong enough case for it.

Colour me skeptical. Writing Chrome? Testing on IE?
(comment deleted)
So now we know who they will blame for the next security issue. :p

    Closed source software = USSR
    Open source software = USA
Heh, that's funny - that means I'm better at securing Windows than Google.
China isn't trying to hack you
(comment deleted)