22 replies to this topic

[The Simpleton]

This was a little interesting news. Google is blaming the recent security breaches in China on the Windows operating system. Now they're suggesting that employees switch to either Linux or Mac OS X for better security. That's a really sensible decision on Google's part, although this hasn't been confirmed officially yet. The employee who revealed this news preferred to remain unnamed. Apparently, now the CIO's permission is required to get a new Windows system!

Quote

“We’re not doing any more Windows. It is a security effort,” said one Google employee.

“Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,” said another.

New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. “Linux is open source and we feel good about it,” said one employee. “Microsoft we don’t feel so good about.”

In early January, some new hires were still being allowed to install Windows on their laptops, but it was not an option for their desktop computers. Google would not comment on its current policy.

Full article at: http://www.ft.com/cm...144feab49a.html

I think this is a great way to promote Linux - if the world's top company feels Linux is better than Windows, the ordinary folks should think about using it too

[magnafrost]

I'm sure google did not decide Linux for the sake of promotion . In any case, I'm not so sure about how secure linux could be either. There's gotta be security flaws in it and considering that the code is open it'll be easier to spot. My guess is google should pool in some resources for modifying the OS source code itself and have a custom linux OS with a little more security. Though, RHEL and the type might already be highly secure.

[rvalkass]

The Simpleton, on 11 July 2010 - 09:05 AM, said:

This was a little interesting news. Google is blaming the recent security breaches in China on the Windows operating system. Now they're suggesting that employees switch to either Linux or Mac OS X for better security. That's a really sensible decision on Google's part, although this hasn't been confirmed officially yet. The employee who revealed this news preferred to remain unnamed. Apparently, now the CIO's permission is required to get a new Windows system!

I remember reading about this quite a while ago, though at the time I can't remember how official the rumours were. Still, if it's true, it's nice to see that large companies are waking up to the fact that Windows is not secure and is unreliable.

magnafrost, on 11 July 2010 - 09:18 AM, said:

I'm sure google did not decide Linux for the sake of promotion . In any case, I'm not so sure about how secure linux could be either. There's gotta be security flaws in it and considering that the code is open it'll be easier to spot. My guess is google should pool in some resources for modifying the OS source code itself and have a custom linux OS with a little more security. Though, RHEL and the type might already be highly secure.

There are security flaws in pretty much all code. The difference with Linux (and open source code generally) is that you have thousands of people looking at the code who can say "Hang on, that doesn't look right..." or "I think this could be a security hole..." and then trying to fix it. Problems are found quicker and fixed quicker. Also, the huge public effort in reviewing code before it enters release versions of software ensures a large number of security problems (and general bugs) are fixed before the code reaches a release version.

[The Simpleton]

magnafrost, on 11 July 2010 - 09:18 AM, said:

I'm sure google did not decide Linux for the sake of promotion . In any case, I'm not so sure about how secure linux could be either. There's gotta be security flaws in it and considering that the code is open it'll be easier to spot. My guess is google should pool in some resources for modifying the OS source code itself and have a custom linux OS with a little more security. Though, RHEL and the type might already be highly secure.

Lol the crackers can't just inject malicious code on a Linux machine just because they can modify the original source code. Cracking a Linux machine takes much more skill than it does for Windows. Have you used Linux before? If so you might have noticed that visiting malicious websites from inside Linux doesn't affect your system at all, and you can try executing Windows' worms and get away with it Plus it's super-fast and many popular Windows applications run comfortably inside Linux. So there are many good reasons to use Linux over Windows. In some aspects Mac OS X is much better, but Linux is free while you need to pay a premium for a licensed OS X.

@rob: It's excellent that of all companies, Google decided to take this step, because it's the biggest one out there and this might encourage smaller companies to follow their lead. Ultimately this could mean a large increase in the user-base of both Linux and OS X.

[magnafrost]

The Simpleton, on 11 July 2010 - 12:38 PM, said:

Lol the crackers can't just inject malicious code on a Linux machine just because they can modify the original source code. Cracking a Linux machine takes much more skill than it does for Windows. Have you used Linux before? If so you might have noticed that visiting malicious websites from inside Linux doesn't affect your system at all, and you can try executing Windows' worms and get away with it Plus it's super-fast and many popular Windows applications run comfortably inside Linux. So there are many good reasons to use Linux over Windows. In some aspects Mac OS X is much better, but Linux is free while you need to pay a premium for a licensed OS X.

@rob: It's excellent that of all companies, Google decided to take this step, because it's the biggest one out there and this might encourage smaller companies to follow their lead. Ultimately this could mean a large increase in the user-base of both Linux and OS X.

My point is that knowing the source code makes it easier for the attacker to explore and figure out the loopholes. It might have just 0.1% of the number of loopholes that windows has, but its also that much easier. Like rvalkass said the whole power of open source is that there are a lot of people looking at the code and saying "hey there's an issue here". While most of the people who see that will try to fix it, someone could try to exploit it. Thats why I am saying a combination of open source and closed source is better. Use a linux base which has been waded through by the community, but put in some closed source effort from your end too!

[rpgsearcherz]

magnafrost, on 11 July 2010 - 03:10 PM, said:

My point is that knowing the source code makes it easier for the attacker to explore and figure out the loopholes. It might have just 0.1% of the number of loopholes that windows has, but its also that much easier. Like rvalkass said the whole power of open source is that there are a lot of people looking at the code and saying "hey there's an issue here". While most of the people who see that will try to fix it, someone could try to exploit it. Thats why I am saying a combination of open source and closed source is better. Use a linux base which has been waded through by the community, but put in some closed source effort from your end too!

By being able to see the source it's also easier to protect it from flaws.

The problem with Windows is only Microsoft employees are able to see what is going on in the code. As we have seen in the past, they can't even stabilize their OS, much less fix security breaches. Linux has more people working on it and stabilized their OS's years ago; something Microsoft has still failed to manage.

It's really like forum bases. For example, VBulletin often goes through security breaches. phpBB, on the other hand, goes through them on a much lower rate, because there are soo many others working on the same system.



Some claim that Linux isn't really "harder" to hack, it's just that it isn't mainstream (there was a report a while ago about how less than 3% of all PC users are using Linux). As such, it just isn't worth the time to do so.


Either way, I feel safer with open source than proprietary. At least with open source I know what I'm getting.

[rvalkass]

magnafrost, on 11 July 2010 - 03:10 PM, said:

My point is that knowing the source code makes it easier for the attacker to explore and figure out the loopholes. It might have just 0.1% of the number of loopholes that windows has, but its also that much easier. Like rvalkass said the whole power of open source is that there are a lot of people looking at the code and saying "hey there's an issue here". While most of the people who see that will try to fix it, someone could try to exploit it. Thats why I am saying a combination of open source and closed source is better. Use a linux base which has been waded through by the community, but put in some closed source effort from your end too!

The code, before being released as a software release, is studied by loads of people. If security problems are spotted, they're fixed before the code is marked as released. If, at that stage, someone malicious spots a problem with the code then the developers are also incredibly likely to spot the same problem, and fix it, so there is no risk. If problems manage to sneak through to code that gets released then they're usually spotted quickly and fixed quickly. For example, someone recently tried to release a screensaver (if I recall correctly) that contained malicious code. Within a few minutes of its release, people had spotted the problem. Then they fixed it. All in under an hour I think. Pretty impressive!

rpgsearcherz, on 11 July 2010 - 03:35 PM, said:

The problem with Windows is only Microsoft employees are able to see what is going on in the code.

And the Russian secret service, don't forget! http://tech.slashdot...gency?art_pos=1
It seems they just didn't believe it was secure, and demanded to inspect the source before they would consider using it.

[web_designer]

well, this is not the first time i hear that google giving up windows and microsoft, but i don't think that they promote linux or any other company or product, they are only use what benefits them. and unfortunately, windows shows a lot of flaws and less security lately therefor they have the right to replace it with a better operating system like MAC or LINUX even if that's mean they are promoting for them, and showing that they are not trusted in windows anymore, after all it's all about business.

[rpgsearcherz]

rvalkass, on 11 July 2010 - 03:44 PM, said:

And the Russian secret service, don't forget! http://tech.slashdot...gency?art_pos=1
It seems they just didn't believe it was secure, and demanded to inspect the source before they would consider using it.

Man, I had never seen that before -- just read over it and I find that a little ridiculous. No wonder we always get hacked -- Russia has more access to our operating system than Americans do!

[magnafrost]

rpgsearcherz, on 11 July 2010 - 03:35 PM, said:

By being able to see the source it's also easier to protect it from flaws.

The problem with Windows is only Microsoft employees are able to see what is going on in the code. As we have seen in the past, they can't even stabilize their OS, much less fix security breaches. Linux has more people working on it and stabilized their OS's years ago; something Microsoft has still failed to manage.

It's really like forum bases. For example, VBulletin often goes through security breaches. phpBB, on the other hand, goes through them on a much lower rate, because there are soo many others working on the same system.



Some claim that Linux isn't really "harder" to hack, it's just that it isn't mainstream (there was a report a while ago about how less than 3% of all PC users are using Linux). As such, it just isn't worth the time to do so.


Either way, I feel safer with open source than proprietary. At least with open source I know what I'm getting.

Yes, from what you say I gather that Linux is a lot more value for money in any case.

rvalkass, on 11 July 2010 - 03:44 PM, said:

The code, before being released as a software release, is studied by loads of people. If security problems are spotted, they're fixed before the code is marked as released. If, at that stage, someone malicious spots a problem with the code then the developers are also incredibly likely to spot the same problem, and fix it, so there is no risk. If problems manage to sneak through to code that gets released then they're usually spotted quickly and fixed quickly. For example, someone recently tried to release a screensaver (if I recall correctly) that contained malicious code. Within a few minutes of its release, people had spotted the problem. Then they fixed it. All in under an hour I think. Pretty impressive!



And the Russian secret service, don't forget! http://tech.slashdot...gency?art_pos=1
It seems they just didn't believe it was secure, and demanded to inspect the source before they would consider using it.

That makes perfect sense. I'm actually considering switching to Linux from now. Just waiting to get a new laptop for that though.