back to article Microsoft picks over Google's Windows exit strategy

Microsoft responded to yesterday’s report that Google was internally ditching the company’s operating system in favour of Linux, Mac OS X Chrome OS by telling anyone that would listen that the Mountain View Chocolate Factory wasn’t exactly immune to occasional security gaffes. Redmond blogger Brandon LeBlanc felt obliged to, …

COMMENTS

This topic is closed for new posts.
  1. petur
    FAIL

    What a joke...

    Does anybody dare to connect a fully patched windows install to the internet, without it running

    1) a firewall

    2) antivirus

    3) antispyware

    ?

    Nope, because it would be owned within 15 minutes.

    When I switched to linux last year I was happy not to install any of the above...

    That' s irony, M$!

    1. Matthew Anderson

      15 mins...

      You would be so lucky. It was about 30 seconds last time I tried that nonsense. Considering there are only so many IP ranges you may possibly be on and there are hundreds of thousands of pwned units scanning the "known ranges" on a constant basis, 15 minutes would be an over exaggeration :-/

    2. Dr. Mouse
      WTF?

      Sorry...

      ...but that's just retarded.

      I am a Linux man myself, but no system is invulnerable. It is insane not to use the firewall system provided to secure your PC. There are security vulnerabilities discovered regularly for all pieces of software, including FOSS.

      I admit that their are few Linux virii in the wild, but they do exist. Also, you could potentially forward on an email containing an infected attachment to one of your mates unknowingly. When a free AV (such as Clam) could scan your email, and use very few resources doing so, I don't see why you would not do it. In adition, Linux virii will likely become more commonplace as it gains more of a following, so as time goes on your chances of infection will increase (and they are not zero right now).

      Anti-spyware, I'll grant you, is not as big a deal. But the others... I must point out the huge FAIL in your decision.

      Don't get me wrong, I agree with the argument that Linux is "more secure"* than Windows, but only providing you use the security facilities available.

      * "more secure" in quotes because it isn't the right phrase to use, but ICBA, it'll do, take it with a pinch of salt

      1. Anonymous Coward
        Anonymous Coward

        Re: Sorry...

        > I admit that their are few Linux virii in the wild, but they do exist

        Really? Got a link to information on one?

        1. Dr. Mouse

          Not in the wild...

          but I had a friend 10-15yrs ago who wrote one. It did no damage, was never released into the wild and was just a bit of fun for him, but it existed.

          I have also heard stories of them. I could be wrong, but as there is no technical reason they could not exist, I beleive they do.

          I know for a fact that at least one exists, if not in the wild, hence my comment is almost correct. The rest of my argument, I believe, would still be valid even if no Linux virii exist.

          1. Ben Tasker
            FAIL

            F*CK SAKE

            I hate to be pedantic here, but I don't think virii means quite what you think it does.

            Virii roughly translates to Man

            The plural of Virus, belive it or not is Viruses

            Sorry, but it's a bug bear

            1. bbuchholtz

              Virii is correct plural form

              Umm... Actually, "virii" *is* the correct plural form of "virus". Back in the DOS days, this was the common spelling. Just like "radii" is the plural form of "radius".

              1. Steven Knox
                Stop

                No.

                See http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us#Virus

              2. Ben Tasker
                FAIL

                Erm.... No

                You're correct about Radius, but not Virus.

                Wikipedia probably isnt the best reference to use, but I'm short of time

                http://en.wikipedia.org/wiki/Plural_form_of_words_ending_in_-us

                You'll aslo find the same in an epsiode of QI, various forums and notice a distinct lack of the term virii on etymology sites!

              3. David Simpson 1
                Grenade

                Fail!

                Mass noun in Latin

                Virus comes to English from Latin. The Latin word vīrus (the ī indicates a long i) means "poison; venom", denoting the venom of a snake. This Latin word is probably related to the Greek ἰός (ios) meaning "venom" or "rust" and the Sanskrit word visham meaning "toxic, poison".[2]

                Since vīrus in antiquity denoted something uncountable, it was a mass noun. Mass nouns — such as air, rice, and helpfulness in English — pluralize only under special circumstances, hence the non-existence of plural forms in the texts.[3]

                It is unclear how a plural might have been formed under Latin grammar if the word had acquired a meaning requiring a plural form. In Latin vīrus is generally regarded as a neuter of the second declension, but neuter second declension nouns ending in -us (rather than -um) are so rare that there are no recorded plurals. Neuter nouns of other declensions always end in -a (in the nominative, accusative and vocative), but even if we were to apply this rule to vīrus, it would be conjecture to guess whether this should give us vīra, vīrua, or something else. There simply is no known plural for this word in Classical Latin.

                In Neo-Latin, a plural form is necessary, in order to express the modern concept of ‘viruses’. Dictionaries such as Whitaker's Words therefore treat it as a second-declension noun with the following fairly ordinary forms:

                singular plural

                nominative vīrus vīra

                vocative vīrus/vīre vīra

                accusative vīrus vīra

                genitive vīrī vīrōrum

                dative vīrō vīrīs

                ablative vīrō vīrīs

            2. Poor Coco
              Thumb Up

              If 'virii'=='man':

              Then we have exactly described the problem.

          2. AndrueC Silver badge
            Thumb Up

            I'll see your Linux virus and I'll raise you..

            ..a CP/M virus.

            Yup. Written by me (no payload just the infection bit) for CP/M 3 on the Amstrad CPC range of computers. Not sure about the exact date but presumably late 1980s.

            Since most machines only had 3" floppy drives and most people rebooted when they wanted to switch applications it probably never would have been much of a threat to world civilisation :)

            Tbh most of what I remember is the sheer hell of trapping BDOS calls then the excitement of updating allocation information to patch in my code changes. Ah - the happy carefree days of student life :D

        2. Anonymous Coward
          Anonymous Coward

          RST.B

          http://www.symantec.com/security_response/writeup.jsp?docid=2004-052312-2729-99

          RST.B to name but one ? Ive disinfected quite a few machine when I worked for a large colo.

          Its manly spread by skrit kiddies who dont know they are using infected binaries.

          1. TimeMaster T
            Linux

            Virus/Trojan

            If it requires the user to run a binary its a Trojan, not a virus.

            The weakness of Windows over the years is it could be compromised from outside with no user action.

            Linux and FOSS may have privilege or remote code execution fails but all the ones I've heard of require a local user with an account on the system to run some dodgy binary or click a link to a malicious site that uses a script or Flash to mess with your system.

            No OS/App is perfect, just some are way closer than others.

        3. NumptyScrub

          Linux viruses in the wild

          http://en.wikipedia.org/wiki/Linux_malware

          There is more than one linux / posix virus out there, I'd recommend ditching the attitude that *any* operating system is immune to viruses because they all have at least one. The more popular linux distros get, the more viruses will be written for them, too ;)

          1. Anonymous Coward
            Anonymous Coward

            Re: Linux viruses in the wild and RST.B

            Malware is not the same as a virus. The thing about a virus is that it has a way of spreading itself, normally via email.

            To the best of my knowledge no Linux email system will allow automatic execution of received code, so viruses can't spread themselves. I don't think there are any Linux email clients which will just blindly execute received code even if someone clicks on it. It doesn't matter how popular the OS gets, if viruses can't spread, there are no viruses. Built in security via good design is a tricky concept for a lot of people to understand...

            RST.B is a proof of concept of how to infect an ELF executable. It has no way of spreading itself so is harmless unless someone is daft enough to run it. If I send someone "sudo rm -rf /" and the recipient is daft enough to make it executable then execute it there's not much hope, but it's hardly a security issue to pin on the OS.

            1. Anonymous Coward
              Anonymous Coward

              Re: Linux viruses in the wild and RST.B

              seriously I can keep pulling them out ???

              http://www.sophos.com/security/analyses/viruses-and-spyware/linuxslappera.html

              There have been in the past and there is nothing to stop them in the future. Bruteforce viruses exist for ssh etc. As a security expert said if you unplug your machine from every wire encase it in concrete and dump it in the middle of the Atlantic then it might just might be secure.

              1. Chemist

                Re : Linux viruses in the wild and RST.B →

                Best of luck with the brute force ssh attempts !

      2. Goat Jam
        Linux

        Hmmmm

        "It is insane not to use the firewall system provided to secure your PC"

        Here is a quick question for you. How many ports does a desktop oriented linux distro have open and listening for connections in a default install?

        If the answer is less than 1 then there is no urgent need to run a firewall at all.

        Don't assume that becauseWindows *desktops* listen on an insane number of ports by default that Linux ones do to.

    3. Annihilator
      Stop

      re: petur

      Yes, I do. Granted it sits behind a NAT, but what's your point? How many Windows PCs are actually directly connected to the internet these days anyway?

      Had you not said FULLY PATCHED, I'd give you some credit. Not tomention my "fully patched" version of Windows already has a firewall. Please feel free to let me know what vulnerabilities I'm exposed to.

      1. Matthew Anderson

        @ Annihilator

        Windows firewall is easy enough to bypass so i really would not be putting any trust in their level of security. Granted it renders you immune to most "in the wild" worms that are circulating but if you have anything worth protecting on your PC then a slightly more robust firewall is in order.

        1. JohnG

          @Matthew Anderson

          "Windows firewall is easy enough to bypass...."

          How? Asking the user to switch it off and ignore the ensuing messages in red doesn't count.

      2. Anonymous Coward
        Stop

        RE: re: petur

        "Not tomention my "fully patched" version of Windows already has a firewall. Please feel free to let me know what vulnerabilities I'm exposed to."

        Windows.

        I wouldn't trust any security package from MS. If their other software is anything to go by, their firewall is probably about as hard to get through as a wet paper bag.

        "How many Windows PCs are actually directly connected to the internet these days anyway?"

        Err, lots. Granny gets the little box from BT and plugs one end into the wall and the computer into the other end...

        1. Dr. Mouse

          OK, my appologies

          I am not infullable*, I made an assumption about the plural of virus.

          If it's not virii, then it's a common mistake to make. I'll look into it.

          * you may notice the Red Dwarf reference... then again you may not. :)

          1. Ben Tasker
            Happy

            Indeed

            I did notice the Dwarf reference, and believe it or not it shed some light on a dark day! So my thanks to you :-D

        2. Rob
          Headmaster

          Pedantic

          Granny isn't technically directly connected to the net then, the box from BT will have NAT on it which isn't the best defence but it's still a 'layer', although wide spread use of IPv6 will make NAT pretty useless in terms of defence.

      3. umop apisdn
        Linux

        re: invincible Windows

        http://seclists.org/fulldisclosure/2010/Jun/243

        (note the date!)

        Any questions?

        Yup, that's an XP exploit, but I wouldn't doubt even one second that Mafia$oft's security practices regarding Windows 7 aren't fundamentally better, since it's the _behaviour_ and the security _process_ not so much the _system implementation_ that counts.

    4. Anonymous Coward
      Jobs Halo

      I dare

      I have done so for over 10 years without being penetrated. I don't use software firewalls on computers, or anti-virus or any anti-spyware. Never had any need for them. But then I know how to spot a risk and either avoid it or sandbox it if it cannot be avoided.

      Software firewalls and anti-malware tools are for folks who need that extra comfort blanket.

      1. John 104
        Thumb Down

        Gosh

        You're so awesome. I think I'll apply your principals to my production systems. After all, you apparently have it all figured out.

        Layered security is the proven method of securing ANY machine/network. So why poo poo a software firewall if it is part of a wider security platform? Oh, thats right, because you know it all....

    5. Nightkiller

      Yep, You're right

      Evidently Google doesn't do it either.

    6. dave 46
      Pint

      Fully patched windows?

      Well apart from the difficulty in fully patching windows before you expose it to the internet - yeah sure.

      If it's fully patched up I would (and have) popped it on the DMZ with the firewall off - I wouldn't advise anyone do it full time (like I wouldn't advise a linux user to run as root with all services running as root and no firewall) but if you want to test something for a few hours, it's fine.

    7. Anonymous Coward
      Anonymous Coward

      @petur

      FYI, Windows 7 and Vista come with an integral firewall (enabled by default) and an anti-malware package (Defender). Strangely, Microsoft Security Essentials is not included but is available by download for free. Results from VirusTotal suggest the MSE is quicker to recognise new threats than several popular AV programs.

      It is unwise to run any system connected to the Internet without a local firewall, regardless of the O/S concerned. Whilst many people may feel safe because their broadband routers have integral firewalls, few people check the logs regularly or have logs forwarded to their system. My previous router, like many popular broadband routers, was running a version of Busybox with such a firewall but fell victim to an exploit in which someone gained access and then altered the router's firewall policy and routing....

    8. Anonymous Coward
      FAIL

      ... on you...

      Post your IP address, and put your money where your mouth / arse is...

  2. Naich
    Linux

    This is a title

    Petur - you are best off having some sort of firewall, even with Linux. It's easy to forget services you have running. Just being behind a NAT box is better than nothing, but if your PC is connected directly to the interwebs, it's safest to use a firewall - https://help.ubuntu.com/10.04/keeping-safe/C/firewall.html

    2 and 3 are right though.

  3. Anonymous Coward
    Pint

    Errrm...

    “Windows is known for being vulnerable to attacks by hackers and more susceptible to computer viruses than other operating system” could not be supported by the facts.

    I think you will find that it does, if nothing more than sheer market saturation making it a worthwhile target.

    Don't get me wrong, nothing wrong with Windows fine desktop O/S. However just like the shitty little padlocks you get with your new suitcase, you wouldn't use them as is, you'd get something a little stronger to make sure, like cable ties and decent locks. Same with Windows, everyone who buys Windows, always leaves the shop via the security stand, just ensure they pick up an AV(irus)/AM(alware)/AS(pyware) package.

    1. Daniel Harris 1

      Not everybody

      I don't ever leave a shop via the security stand. I think the free alternatives are mostly better than a lot of the stuff you need to pay for.

      Or atleast cheaper, and use less resources. Just my experience as in the UK the only AV etc shops seem to sell is Norton, and in PC world the main price they show for a machine includes Norton, with the "stand alone" price in smaller text below.

      Guess buying it in store makes it easier for somebody with little computer knowledge like somebodies Nan or something.

      1. SilverWave
        Happy

        Use MS Security Essentials - does the job.

        There saved £30.

    2. Anonymous Coward
      Stop

      RE: Errrm...

      "Don't get me wrong, nothing wrong with Windows fine desktop O/S. However ... everyone who buys Windows, always leaves the shop via the security stand, just ensure they pick up an AV(irus)/AM(alware)/AS(pyware) package."

      So, you've pinpointed something that's wrong with Windows almost immediately - "Security".

      Do you want me to tell you a few other things? (The most obvious one is that when you want to "stop" the system you first have to click on "start". A usability analysts nightmare!)

      1. AndrueC Silver badge
        Thumb Down

        $TITLE

        Huh? You think Linux is easy to shutdown?

        If you were Windows a user wanting to shutdown your box I could tell you over the phone with no hesitation. I'd also suggest that while clicking 'start' to stop is a bit odd everyone knows that everything is on that menu anyway.

        If you are a Linux user I have to ask you twenty questions first before I could work out how to do it.

  4. Martin Owens

    In Linux...

    petur: You didn't need to install them because

    1) Built into the linux kernel (if the distro sets it up right)

    2) Don't open ports, don't allow random code to act as services running as root

    3) Have a nice secure SELinux config setup.

    Assume you've got your security in line and you may even be able to reflect a targeted attack. Of course the confusion over targeted vs blanket continues to spread, everything is simply 'security', not running random crap on untrusted devices/websites is a good way to be blanket secure and is probably where Microsoft still falls down.

  5. Anonymous Coward
    Anonymous Coward

    can't agree

    I tried to cancel my Xbox live subscription recently - and the veins are still pulsating on my forehead. Much as MS piss me off, I have to point out that it's not Windows' inferiority as a product that causes it to be universally targeted by hackers. It's the fact it's so ubiquitous. What hacker is going to waste his time causing grief for users of Black Hat Arse Edition v1.45458372 with its user base of seven? You'll have noticed a couple of stories about Mac-focused attacks in the tech news recently. This will be down to Apple's recent success drawing attention to the platform. The reality is that Windows is titanium armour plated compared to less popular OSs.

    Jeez I feel dirty now. I'm off to shit in my xbox. I'll show you a ring of death, you bastard.

    1. Adam Salisbury
      Grenade

      Finally

      Someone who hasn't missed the point entirely! the security risk to ANY OS is directly proportional to market share (ubiquity). How about all the linux folk who've posted here telling us that you don't need added protection for your uber-OS come and post again once ChromeOS has been released and started gaining traction?

      As a linux varint (IIRC?) it's only a matter of time before the hordes fleeing to Google from MS, and subsequently all Linux users, find themselves the objects of affection of a new generation of black hats coding not for Windoze but for OSX ChromeOS and Linux.

      1. Mostor Astrakan

        Bollocks.

        "Someone who hasn't missed the point entirely! the security risk to ANY OS is directly proportional to market share (ubiquity)."

        What a load of old rubbish. The security risk to any operating system is *inversely* proportional to the amount of Clue applied to the subject by those who make it. You're assuming that every programmer is as stupid as the MS ones.

        There's a few people at MS who know what they're doing.

        If there were a LOT of people at MS who knew what they're doing then Windows wouldn't top the pwned charts quite so reliably.

      2. Random_Walk
        Thumb Down

        Really?

        "...coding not for Windoze but for OSX ChromeOS and Linux."

        So, which distro? Which patch level(s)? Which browser?

        Some of it can be guessed at (esp. in OSX), but stop and think about this for a moment... popping a *nix box isn't as simple, nor is it as straightforward.

        As for the marketshare claptrap, will someone kindly explain why MacOS 9,8,7, etc had a rather decent pile of viruses floating about for them, but OSX blackhats are forced to rely on trojans and extremely stupid users to get their wares installed?

        ( g'wan, say the same for Windows, but read this first: http://news.cnet.com/8301-27080_3-20006478-245.html )

        As for this bit:

        "the security risk to ANY OS is directly proportional to market share (ubiquity). "

        If that were true, then 5-10% of all malware out right now should be OSX-related... instead the number is (roughly) 0.001% (give or take a decimal place).

        --

        Now - all that said... the truth lies somewhere in-between. Yes there are market-share factors, but anyone who claims it to be the end-all be-all is a fool. Likewise for anyone who claims that any OS is infallible.

      3. Fred Flintstone Gold badge

        Umm, no. Not true.

        "The security risk to ANY OS is directly proportional to market share (ubiquity)"

        I think you forgot to add ".. and system design". The reason MS has such a massive problem is that the OS wasn't built from the ground up for process and user separation, they only started working on that since about Win NT 4. The "others" share the Unix heritage of default user and process segregation, so don't have to start from scratch.

        Sure, other OS can suffer malware - no OS will ever fix a room temperature user IQ - but it's much harder to hose the box by accident, even if it's fresh out of the box*. I'm writing this from a Windows desktop, left is the new Macbook Pro, on my right is a laptop with OpenSuSE and virtual box to run suspect Windows files, so I'm fairly familiar with most platforms..

        (*) Amusing fact: just bought a Macbook, and guess what was the first thing it did? Patching -- and asking for a reboot..

      4. Peter 39
        WTF?

        codswallop

        So market share is the only factor?

        You think that OS architecture and careful implementation have nothing to do with it, then? Cosdwallop! All OS's are NOT created equal. Some are better than others. Most are better than WIndows.

        Of course some of the black hats will target Linux and Mac OS X. And there will certainly be some issues. But nothing like the disaster that MS has left us with - millions of zombies worldwide.

    2. Anonymous Coward
      Coffee/keyboard

      @radiet

      "The reality is that Windows is titanium armour plated compared to less popular OSs."

      You forgot to select the "Joke Alert" icon there mate.

      Have you read El Reg before? About once per week (sometimes more) there is an article about how Windows systems are now able to be compromised in a new and exciting way. Hardly "titanium armour plated".

  6. Anonymous Coward
    Thumb Up

    "That type of self-defeating behaviour..."

    Then why does Google leave a choice for mac OS X? Isn't that defeat?

    Chrome OS is for netbooks. I would be seriously amazed if it could be used to compile code or do anything else than access Google's online products. It's a kind of Andriod on steroids.

    Google wants to be independent of any technology from another company. One can see that, because all the technology Google uses, is open source. Using mac OS X, that uses open standards to connect to the outside world, or Linux which offers complete control, Google's IT infrastructure becomes 100% vendor independent.

    Their desktop client was the last piece of vendor lock-in they had. Removing that makes a lot of business sense. because it drives down costs. And also generates more knowledge about open source. Which can then be used to offer more advertisements (<-Google's core business remember?).

    So the whole security thing is a smoke screen. Some of it is true of course, all of Microsoft products are insecure by design, but it's mostly a nice phun towards Microsoft. An easy score.

    1. Daleos

      Chrome < Android

      >"Chrome OS is for netbooks".

      It's a thin client OS. It's perfect for a huge business. It just sits there and lets big servers do all the work. You don't store apps on it and you don't leave data on it.

      > "It's a kind of Andriod on steroids"

      No it's not. It's more like an anorexic Android stripped to it's bra and knickers.

      1. Robert E A Harvey
        Thumb Up

        Mmmm

        Bra and knickers. Mmmm

      2. Rattus Rattus

        "Android stripped to it's bra and knickers."

        You know, I always did have my suspicions about the way C-3PO's voice sounded...

  7. Daleos
    FAIL

    Yeah, Yeah

    Yawn, the same old misinformation. Don't you just love it when people wheel out 5 year old boilerplate myths.

    Windows 7 comes with a firewall and if it weren't for all the antitrust issues they would have included their own antivirus / antispyware too. As it is you can download MS Security essentials which is more than adequate for general purpose use.

    Besides, a bog standard (NAT) home router blocks out 99.9% of all attacks almost out of the box. The only thing that really left is trojans and phising which other OSs are equally prone to.

    I have a great respect for Linux. In fact if things were different I might have gone that route but it's not the operating system that make Windows what it is, it's the apps and frankly, most Linux apps are second rate. I've spent over 20 years in IT and I've tried a couple of times to move over to Linux but I'm always brought back because a) the Linux apps just don't work as well and b) because I've built up a heck of a lot of knowledge on Windows apps and I'm, not going to ditch all that and start again.

    I also think Android is a great smartphone OS and whilst I can imagine owning an Android Tablet to mooch around the house on, but I still can't imagine it on my main desktop at home. It's far too limiting. Chrome by all accounts will be even more restrictive in features and require an internet connection.

    I support small businesses running PCs of all sorts (Windows, Macs & Linux) and the number one issue they have is due to internet problems of one sort or another. I would not want to be in a situation where I couldn't even type out a letter, run an accounts package or do some spreadsheet work if the connection suddenly went down.

    Chrome may be getting ready for the internet but the internet is certainly not ready for Chrome.

    Google are going back to the 'mainframe'. Chrome OS is basically nothing more than a thin client OS. Google has the servers onsite so going the Chrome OS route inhouse makes total sense. I'm just not sure there will be enough flexibility in the system for all the small & medium sized businesses out there.

    I'm worried about Chrome OS as a philosophy too. If you take thing to the logical end, this will mean Google will own all your apps and hold all your data. Where does the application developer fit into this? If you were a developer be happy with one outfit controlling what you could or could not distribute?

    Lastly, If you thought Microsoft's monopoly was bad, just wait five years and see how bad it's going to get when Google, Apple (and Microsoft) really start locking things down. They all talk of 'standards' but they're all trying to differentiate, through fair means and foul and I believe there's going to be a massive issue of top level fragmentation which is going to hurt businesss and especially small developers. The web is about to be chopped into pieces and Business will end up having to pay three times (or more) to make sure they're connected to everything.

    :D

    (not one for sticking to a point and much prefers a good ol ramble)

    1. Mark 65

      Same switching issue here

      I had the same issue with trying to switch from Windows to Linux - some of the apps I need weren't there and/or I couldn't convert due to invested time/data creation or usability issues - gui design is seldom best done by devs.

      So I just switched to a Mac instead as it got me closer to Linux and still had the apps I needed. Never been happier with my machine. I'd have preferred to use Linux as I like it, but you go with what fits the bill.

  8. Annihilator
    Boffin

    OK in the Googleplex maybe

    As far as I'm aware, Chrome OS depends on a fully networked environment, which I have no doubt the Googleplex has in spades. It runs web apps exclusively.

    Also, it runs only on very specific hardware - which presumably Google has its desktop estate in this format already, or its a very expensive hardware refresh required.

    I'm not saying Chrome OS doesn't have its place, but out here in the real world my ability to store documents on my hardware and available independently of a good enough network connetion and/or cloud is my priority.

    Wasn't there a reason we moved away from green screen terminals??

  9. Anonymous Coward
    Jobs Halo

    Hardly a big swing IMO

    everyone I've seen working for google was using a MBP anyway.

  10. Kerberos
    FAIL

    Fail

    My shiny new MacBook Air comes with the firewall off _by default_ - a situation not seen in the Windows world since XPSP2.

    As for:

    "Does anybody dare to connect a fully patched windows install to the internet, without it running

    1) a firewall

    2) antivirus

    3) antispyware"

    That's a load of crap, you'd have to deliberately disable the firewall first anyway and I doubt there are that many known unpatched remote execution and elevation exploits out there for this to be possible.

    What you are actually doing is quoting ~5 year old anti-MS propaganda where someone would use a pre SP1 disk with no patches half a decade after release and then be all surprised when they got rooted in 5 minutes.

    Do try to keep up.

    1. Matt Piechota

      Re: Fail

      "My shiny new MacBook Air comes with the firewall off _by default_ - a situation not seen in the Windows world since XPSP2."

      Does your shiny MacBook Air have any ports open by default? (I suspect yes, but the question needs to be asked). Ubuntu catches grief since it doesn't have a firewall turned on by default, but it also doesn't have any ports open by default either.

      Also, the end game isn't necessarily everything running on Google's servers. I'm guessing they have a plan to sell folks standalone Google service clouds that you can roll into your own data center.

  11. Anonymous Coward
    Anonymous Coward

    eating their own dogfood

    it'll be interesting to see how well Google get on at eating their own dogfood.

    At least if they were going to OSX they would still have a tried and tested operating platform - sure, not as widespread and with the rich application eco-system Windows has... but it does have a version of Office so you're not stuck with Open Office for off-line use

    If they really are switching wholesale to ChromeOS and Docs to run their business I wish them all the best

    I can't imagine that their real motivation is security concerns... if it was they wouldn't be running a decade old OS and browser without decent security, they would have trained their employees to not click random links in IM messenger windows and they'd provide some backing for their reasons ... this is about scoring a cheap shot at Microsoft in the press because it makes them feel cool.

    1. Doug 3
      Paris Hilton

      decades old OS and browser?

      FYI, Windows XP is still a supported corporate OS and IIRC Internet Explorer v6 was part of the OS and had been getting updates. And I suppose they should have been running Microsoft's Windows Vista or maybe thrown away the hardware and purchased new hardware which would run Windows 7?

      FYI, there has not been a very good upgrade path from Microsoft for businesses to follow for the past 20 years except rip and replace. Each time they have said that the latest new OS is the best ever but always shown to be less than expected and costing more and more each time. Google already uses alot of Linux based software inhouse via Goobuntu but since securing Windows is like a dog chasing its tail, that breakin via Windows PCs was probably the last straw.

      I guess Microsoft should have let Linux own the netbook segment and let Windows XP die but in their brilliance they shipped Windows Vista and had nothing to use but their "old OS" and even then, the netbook vendors needed to bump up the hardware to run it. In my eyes, every OS Microsoft ships is an "old OS".

      Paris because no matter how old she gets, her picture stays the same.

  12. j38
    FAIL

    Internet Explorer 8 is tip-top secure?

    IE8 is still NOT secure. Try http://crashbrowser.j38.eu/ and leave it for 1 minute. It will crash the browser.

    Now, try it on a Chrome browser...

    1. Annihilator
      FAIL

      re: crash != insecure

      You do know don't you, that crashing a browser doesn't make it insecure? Have just tried that website on FF, and yes, very clever, it recursively produces iFrames and fills up a lot of memory - my FF gets to about 500MB.

      Just checked IE8 - it doesn't crash either. Presumably if it gets big enough (judging by the code, it can vary) it can run into memory exceptions. If (and only if) it spills its data into a protected kernel space, then yes, it's insecure. If it just craps out and closes, then I find that quite acceptable.

  13. Anonymous Coward
    FAIL

    Windows Security

    As others have pointed out, it is possible to lock down a Windows machine into a quite secure state. (Using a firewall, using IE8, not running as an Admin for normal use)

    The issue is that MS consciously installs the default user as the admin user when running the Windows 7 installation. Probably "normal users can't be bothered with the idea of a normal user versus an Admin user". Apple and Linux don't do this and that means WINDOWS => FAIL.

    Also, Linux and BSD have very strong sandbox mechanisms (LSM, chroot(), SE Linux etc) built into the OS. Microsoft has none of that. That means WINDOWS => FAIL.

    Sometimes I think MS still lives in the MS-DOS mindset; that is the only way I can explain these things and stuff like ActiveX.

    Or, also very nice, their Windows Update Servers. If you are serious about security and would like to lock down your firewall, you have to allow nice URLs like

    windowsupdate.c653467.acmecorpNotRelatedToMS.com

    windowsupdate.afpusher77.acmecorptRelatedToMS.com

    windowsupdate.c653467.microsoft.com

    And these URLs change weekly. All part of the Good Windows Update System !

    WINDOWS IS A BIG FAT FAIL. Can somebody return Steve B. to the Redmond Zoo ?

    1. Anonymous Coward
      Gates Halo

      Failure is relative

      Windows is commercially successful and in a capitalist world, that's NOT a FAIL.

      1. Random_Walk
        Coffee/keyboard

        That's the standard?

        re: "Windows is commercially successful and in a capitalist world, that's NOT a FAIL."

        So was Cocaine and Morphine at one time. Your point?

        Thing is, commercial success has nothing to do with technical merit.

      2. Anonymous Coward
        FAIL

        RE: Failure is relative

        You forgot to mention that the BeeGees were once commercially successful as was the "music" created by Pete Waterman...

        I didn't buy either because there was better stuff available. Same applies to Windows.

    2. Anonymous Coward
      Anonymous Coward

      Default admin on Win/ Linux

      Mostly agree, but -

      "The issue is that MS consciously installs the default user as the admin user when running the Windows 7 installation. Probably "normal users can't be bothered with the idea of a normal user versus an Admin user". Apple and Linux don't do this and that means WINDOWS => FAIL."

      Unfortunately that is exactly what Ubuntu desktop does by default (at least as of 8.04 LTS). Also the user access control is Win is a little more fine grained and easier to setup than the corresponding one in Unix, no need to mess around with chown, user groups etc... Had to struggle a bit to setup a normal user id with the requisite permissions in 8.04, hope this is fixed in 10.04 LTS...

  14. Kerberos

    @j38

    Secure has nothing to do with Stable. Plus that site of yours locks up Firefox too - I fail to see your point.

  15. Anonymous Coward
    Anonymous Coward

    At the end of the day...

    M$'s main biz is selling software licences. Google's is selling my personal data to advertisers (and anyone else who turns up with a wallet/warrant). Of the two, I'll take M$ every time.

    The idea of running everything in the cloud -effectively giving someone else veto over whether you can access your stuff- fuck that with something pointy. I can see how it would appeal to big biz to offload a lot of the server/tech/maintenance costs, but it definitely doesn't do it for me.

    MacOS- walled garden. Someone else with veto over what you can/not do on your own kit.

    Linux would be the obvious choice were I starting again; but all the shiny stuff is written for Windoze and I can get the job (whatever it happens to be) done with it. (Insert obligatory Wine comment here). I've already done the 'locking down Windoze' research and -as for me computers are a tool rather than a lifestyle- it'll do. Sure; there's flaws. Big ones. But you can get stuff done with it, and that's the point.

    1. Anonymous Coward
      Anonymous Coward

      Walled Garden

      Currently, this only applies to iPad and iPhone. You can run any MacOS app on a Mac; no approval by King Steve necessary.

    2. Anonymous Coward
      Anonymous Coward

      Not really your day.....

      Since when is MacOS a walled garden? I'm running mostly open source software - there are no problems there. If you are talking iPhone OS which is, admittedly a subset of MacOS then yes that is walled (have iPod & iPad - don't have a problem with the control in that context plus I knew what I was getting when I made the purchases).

      And @38 - damned Safari - still going after 10 minutes....

      1. Steen Hive

        Walls schmalls

        "Since when is MacOS a walled garden?"

        Since it couldn't be installed on anything else other than "one apple-branded computer" without supposedly breaking an EULA.

        Different wall, different garden, but still...

  16. Anonymous Coward
    Go

    Leading Indicators

    I did a little googleing and looked at the page number estimator:

    "+job posting +gtk +c++" -> about 13.000

    "+job posting +qt +c++" -> about 97000

    "+job posting +mfc +c++" -> about 62000

    "+job posting +wxwidgets +c++" -> about 3200

    This seems to indicate that there are quite a few apps in the pipeline which can easily be ported to some non-Windows operating system.

  17. Frank 2
    Gates Horns

    Could happen

    "Windows is known for being vulnerable to attacks by hackers and more susceptible to computer viruses than other operating system"

    ...but there's a crack team of Microsoft developers just waiting to put that right just as soon as Chrome OS gets released!

  18. Wallyb132
    FAIL

    Fail

    Let me get this straight, Google, who's entire backbone is built on linux, its mobile OS and its up and coming desktop OS, all built on linux, everything that is holy to them is built on linux, got hacked by the chineese, and they're blaming it on microsoft.

    sounds to me like the people buying in to this googlish spin need be riding on a little yellow bus while wearing a football helmet, because you're fucking retarded...

    1. chr0m4t1c
      FAIL

      Yes, get it straight

      The hackers got in by exploiting Windows machines in use on desktops in Google's network.

      Not the servers.

      Not the mobile OS.

      Not the upcoming desktop Chrome OS.

      Got that straight now?

      Google have noted that most attacks are made against Windows machines because of their high numbers. Moving to away from that OS to less used/attacked ones is roughly the same as parking your car somewhere that has low rates of car crime rather than somewhere that has high rates. It won't improve the inherent security of the actual vehicle, but it reduces the number of potential attacks; it's about improving your odds.

  19. Pascal Monett Silver badge

    "our focus and investment continues to surpass others"

    Of course it does ! When you build a sieve to hold water, you're gonna need a lot more hole-patching funding than the guy who builds a proper bucket.

    Not impressed.

  20. JC 2
    Alert

    Fools And Their Opinions

    I hate to break it to the supposed security conscious "experts" out there, but you can connect a COMPLETELY UNPATCHED Windows 2000 box to the internet, no firewall, no nothing, forever and have it secure.

    As I've always said and will continue to say, the great secret is very simple. Do not leave ports open. Disable by default, use APPLICATIONS that are patched because THAT is where your open port vulnerabilities lie when a box is only running what you needed. Besides, what is the point of leaving code listening on a port if you are going to firewall it away also?

    It is the equivalent of saying don't lock the bank vault door, put a guard dog next to a stack of cash in the parking lot.

    1. Anonymous Coward
      WTF?

      RE: Fools And Their Opinions

      Umm. Let me get this straight...

      Are you suggesting that I connect the computer but close down the firewall so no traffic can get through?

      Why bother connecting it at all?

      If on the other hand, you're suggesting closing all ports except those required to view web sites. Well, we know that isn't very secure on Windows machines anyway...

      If you really want to connect an elderly machine to the internet then I suggest a ZX Spectrum. There are no internet viruses for those...

  21. paul-s
    Gates Horns

    Remember "Trustworthy Computing"?

    And www.trustworthycomputing.com?

    That is all.

    1. Doug 3

      that was yet another 'the next version will be better' skits

      And that was when Windows XP came out. We'd already had at least 5 years of the public having Internet connected computers and security was just starting to become a focus for Microsoft. I forget how many virus infections had already shut down businesses and services by this point. Wasn't the great east cost blackout due to an energy company network being flooded with Windows virus messages so the computer sending grid status couldn't get through? Trustworthy Computing... ha, it's all just PR blah blah from Microsoft and with every word from their mouths, the phrase I keep hearing about Microsoft being a marketing company and not a technology company sounds about right.

  22. dave 46
    FAIL

    Google PR spin

    Windows is fine, I think the problem lies with Google's geeks - they let them install any OS they like.

    Great when your a linux geek, but when the admin or PR noobs install an old version of windows and don't patch it, don't update anything, probably don't install AV, maybe turn off the Firewall (if their crummy version even had it in the first place).

    Well, you can see where it goes.

    If Google had strict IT governance instead of pandering to their geeks nobody would have been running IE6 in the first place.

    Dumping Windows will help, but it's just sticking a plaster over the wound, not a cure.

    1. Anonymous Coward
      FAIL

      RE: Google PR spin

      "If Google had strict IT governance instead of pandering to their geeks nobody would have been running IE6 in the first place."

      Come on, you know as well as I do why they had machines with IE6. It's because they're still VERY commonplace. Every client my employer has sent me to recently is on XP with IE6 and they're not planning to upgrade soon.

  23. Anonymous Coward
    Paris Hilton

    heh! heh!

    "I have done so for over 10 years without being penetrated" - heh! heh!

    Paris - because, well, she hasn't.

  24. Wibble
    Flame

    Sue them...

    "LeBlanc grumbled that the assertion of the Financial Times (which wrote the report) that “Windows is known for being vulnerable to attacks by hackers and more susceptible to computer viruses than other operating system” could not be supported by the facts."

    Come on Microsoft, if you're so certain the FT are wrong then sue. Then we can all look forwards to finding out who the liars are.

  25. Captain Thyratron

    I'll believe it when I see it.

    I've said it before, and I'll say it again.

    Though I grant that Windows' biggest security flaw is, well, most of its userbase, that only accounts for such events as people logging in as Administrator and clicking dodgy e-mail attachments. It does not account for the things that don't require any logging in or any attachment-clicking, and there's never a shortage of those. It should certainly not account for quotes from military personnel such as "USB devices pose a unique threat to our warfighting system."

    An OS isn't secure because some analyst said it is or because the people who write it promise to have finally caught up with the last decade's state of the art. You learn an OS is secure when it has withstood attack for years and, thereafter, not become widely known in an industry as being everybody's bitch. Has any Windows yet managed this?

  26. Anonymous Coward
    Jobs Horns

    LOL Microsoft - Bahhhh Humbug.

    I hate Microsoft with a passion - partly for it's dumbarse management and a complete lack of innovating thinking....

    But mostly for it's shit software.......

    In a nutshell:

    Microsoft gave me all the reasons to ditch them and their products;

    And the competition gave me every reason to keep using theirs.....

  27. Anonymous Coward
    Gates Horns

    turn about

    Microsoft relied on AS400s for many years after they began bashing IBM's 'dinosaur' systems.

  28. Matthew 3

    ...falling victim to the trolls

    Jlocke puts down Microsoft because the *first* account you create on Win7, during installation, has admin rights. But every subsequent account is minimum privilege by default and recommends a strong password. This doesn't seem all that different to me to the process used for installing Linux or MacOS.

    Sure, it is easy to bash Microsoft but these days it is getting increasingly lazy to do so. Most of the anti-MS sentiment seems to be based on decade-old products. Is there no allowance for rehabilitation or improvement?

    And incidentally I'd say to Random_Walk that both cocaine and morphine still seem to be very successful. Even being made illegal hasn't managed to destroy the market for cocaine and the medical profession don't seem to have stopped using morphine.

    1. Anonymous Coward
      Stop

      RE: ...falling victim to the trolls

      "Sure, it is easy to bash Microsoft but these days it is getting increasingly lazy to do so."

      Last I looked, "easy" was spelt with an "e". That word you used was "lazy".

      ...but you're right. Even the lazy can bash Microsoft. You don't have to look hard for ammunition or stories to use against them. Their OS is and always has been a mess of security holes. They seriously need to start again from the ground up and write a new OS.

      1. Kevin Bailey

        'They seriously need to start again from the ground up and write a new OS.'

        They did - cost $5 billion - was called Vista.

        It was so bloated it wouldn't even fit in to a single code repository.

        1. Goat Jam
          FAIL

          Vista is *not* Longhorn

          "They did - cost $5 billion - was called Vista."

          You couldn't be more wrong if you tried.

          Microsoft *tried* to rewrite Windows, it was called "Longhorn" and it was huge Epic Fail.

          They gave up after 5 years and spent another year doing a slapdash face lift to Server2K3 in order to get something, *anything*, out the door in an effort to stem the rising levels of derision and ridicule being sent in their direction from the rest of the IT industry.

      2. N2

        "They seriously need to start again from the ground up and write a new OS"

        I couldn't agree more & long overdue

        Also need to get rid of the registry & all the other crufty stuff they've bodged and worked around over the years

  29. Anonymous Coward
    Anonymous Coward

    the "Windows exit strategy"

    Is that where you shout "boom goes the dynamite" before kicking your partner out of the car and driving off in a cloud of wheel spin?

  30. Anonymous Coward
    Thumb Down

    It's easy to play catch up.

    "When it comes to security, even hackers admit we’re doing a better job making our products more secure than anyone else. And it’s not just the hackers; third party influentials [sic] and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others"

    It is easy to surpass others when they are already doing it. They can't go back and resecure their browers and software if it is already secure, can they? So Microsoft has all the ground to cover to catch up. So have to invest, have to put their money into making secure what their less than great developers came up with in the first place.

    Vista wasn't new????? Come on guys, anyone that developed something new and yet still managed to cram all that XP stuff in is blinkered. It wasn't new or if it was we need to see Redmonds dictionary defiinition of 'New'.

    Windows 7 isn't new, it is the crud vista had with yet more glossy stuff and some altered screens. Then thrown in are some linux widgets from Ubuntu and Mandriva to make it look different.

  31. Tom_B
    WTF?

    @jlocke

    Windows 7 asks you to create users during the install process. It only defaults to the admin account if you choose to skip this step, so if that's the case on your machine it's your own fault. By default windows does have it right on this point.

    1. Doug 3

      no way, users on Windows?

      well then, welcome to the 1980s Microsoft. What took you so long, have your customers not been asking you for this feature? Yup, it is 2010.

  32. Steve 53

    @ Matthew 3 ...falling victim to the trolls #

    I'm fairly sure most linux distros still ask you for a root password and then insist on creating a standard user account as well. (Debian for a start)

    Some of the more cuddly distros don't operate in that way, requesting your user password again when you try to do any actions requiring root access, but it is at least a positive action you need to take. (Windows 7 has UAC of course, which will give you a yes/no)

  33. Rattus Rattus

    Fibbing

    "LeBlanc grumbled that the assertion... could not be supported by the facts."

    Someone's telling outright porkies, and for once it isn't the journalist from the Financial Times.

This topic is closed for new posts.

Other stories you might like