Posted on | June 2, 2010 | 2 Comments
The thing is, you never really know with Google. From the outside looking in, guessing at the internals of Google technology is just that, guessing. However, reports of some Google employees claiming that the giant is ditching Windows completely over security concerns following the incident in China are surfacing. I think that reporting is once again coming out way too early, and too much emphasis is being placed on the security aspect of what may or may not be an actual decision of the Google higher ups.
Lets take a look at what we know about Google, mostly from the code that they give us and what they’ve said in talks:
- A significant amount of their search infrastructure is powered by the Linux kernel and some sort of compatible OS. We can consider this the first time they took what was available, made it fit their needs and rolled it into happy production.
- Andriod uses the Linux kernel. This is the second time they took Linux, modified it to suit their needs and built a product around it.
- Chrome OS uses the Linux kernel. This is the third time they took Linux, modified it to suit their needs and built a product around it.
- Google is pro free/open source. The number of lines of code contributed to the world written by Google employees is staggering.
Even if the China incident never happened, what would make a reasonable person think that Google would continue to pay licensing fees and deal with the unavailability of source code indefinitely? They have produced at least three functional operating systems based on Linux, the last one transitioning users to the concept of doing everything with your browser (which they also wrote) instead of running local applications. Someone might think that they’d prefer their employees embrace this new concept of computing?
Is the breach a catalyst that expedited a decision that was likely already made? Possibly. Is security the only reason that Google would ditch Windows altogether? Most likely not. I have seen many companies mistakingly believe that using GNU/Linux MacOS OS/2MS Dos anything other than Windows makes them bullet proof. Hint, if a user has privileges to modify system libraries, there’s an exploit waiting for them. If the user blindly downloads the first thing that turns up in a Google search for “cdrom driver” and runs it, you’re in deeper trouble. If a user doesn’t know how to use a browser safely, all bets are off. I don’t care what OS you are using.
Yes, the incident in China exposed that even very savvy / security conscious people might not be aware that something bad is happening. Yet, this problem is not at all unique to Microsoft. Ask any security researcher how many bot nets are comprised of compromised Linux web servers. There is no magic bullet in security, what you run and who you allow to use it is paramount in keeping things safe, no matter what operating system or kernel you happen to be using.
I really hope this does not lead to an exodus of clueless computer users flocking to a UNIX like operating system while expecting that they can continue with bad practices and be perfectly safe. I really hope that your IT consultant didn’t tell you that Ubuntu is immune to viruses no matter what. Yeah, Ubuntu, or Chrome, or the others are immune to exploits designed to run on (and compiled for) Windows. Naturally, they will not run on another operating system. This is not some amazing feat of security, try getting MS Office to run on Ubuntu without using something like WINE. They don’t work because the computer running them isn’t Windows.
As operating systems like Ubuntu become more popular, the community behind them will naturally want to abstract more and more “Unix stuff” out of the view (and way) of the user. Its not a question of if this will lead to more exploits – but when. If you make an OS that takes little thought to use, you can be sure that people will use it without thinking. Add a false sense of security and you have a disaster. Add real security and you’re back to the OS getting in the user’s way. The only happy medium is an educated user.
If you read the reports and decide that its time to secure your company from the bottom up, first make sure that your users know how to use a computer safely. This is most decidedly a corner case. We can save the MS bashing for another time, like the next time they break out the patent nunchucks.
Also, I’m not picking on Ubuntu. I use it myself quite happily (most of the time). I’m using it as an example because it happens to be the most popular UNIX like desktop operating system.