Microsoft responds to Google's Windows purge

By on June 1, 2010, 8:33 PM
Rumors spread today that Google is removing Windows from its internal machines due to security concerns, favoring OS X, Linux and its own soon-to-debut Chrome OS. Although the search company has yet to acknowledge those rumblings, Microsoft felt compelled to share its two cents anyway.

In a blog post today, Redmond's Brandon LeBlanc noted that there is some irony in heckling Windows' security. LeBlanc points to a recent Mashable story which reported that Yale University halted its transition to Gmail and Google Apps for Education package, citing both security and privacy concerns.

He further added that despite Microsoft's previous shortcomings, the company has stepped up its game in the security department. LeBlanc says that hackers, third party influentials, and industry leaders like Cisco tell Microsoft that its "focus and investment continues to surpass others."

The post lists some of Microsoft's recent security improvements, including more frequent Windows Updates (many of which users receive automatically), the addition and/or enhancement of BitLocker, Windows Firewall, Parental Controls, and ASLR in Windows 7, and more.

LeBlanc couldn't resist taking a jab at the fact that Macs also face security threats, linking an InfoWorld article posted today that suggests Macs are under attack by "high-risk spyware." It also questions the future of security on Apple's platforms, hinting that it may find itself the target of more attacks as its profile and user base grows.




User Comments: 40

Got something to say? Post a comment
Guest said:

Microsoft, I pity you....

Regenweald said:

It is ironic that google, a company that with it's every move tries to strip away the privacy of every internet user possible (why do street view cars possess hardware and software designed to capture data from private networks anyway?), is citing security as a reason to purge microsoft from it's systems. THAT, is funny

Guest said:

Only reason Mac seems more secure is because it's user base it's very low which hackers don't seem to bother too much to try to produce viruses and malware because they won't get notice. Once Mac's user base grows closer to what windows has then you'll start seeing more and more viruses pop up here and there.

matrix86 matrix86 said:

Guest said:

Microsoft, I pity you....

Why? LeBlanc told the truth. Google itself has been the center of privacy concerns, and there are viruses for Mac. And the more popular it becomes (meaning, the more it rises in the OS market that Microsoft currently dominates) the more viruses you'll see for it.

Quoted from the earlier article on this subject:

Microsoft has made some significant security improvements in the newest versions of Windows. On the other hand, Linux and Macs, while not necessarily more secure, in most cases don't have enough market share to justify coding malware for them.

Makes perfect sense to me

So, why do you pity Microsoft?

captaincranky captaincranky, TechSpot Addict, said:

It is ironic that google, a company that with it's every move tries to strip away the privacy of every internet user possible (why do street view cars possess hardware and software designed to capture data from private networks anyway?), is citing security as a reason to purge microsoft from it's systems. THAT, is funny
No, that's hypocrisy, it's not even close to funny.

Well, how much of this nonsense is Google politics, trying to talk up its own BS operating system?

I'm not a M$ fanboi, but recently they have done quite a few very positive things toward better security. Take for example, "M$ Security Essentials".

Not Google, nor Apple can run an ad campaign without trashing M$. My question is "why can't they sell their own junk without doing so".

Apple is apparently trying with the "iPad". The trouble is, the first half of the ad still sounds like a commercial for a feminine hygiene product. To wit, "It's beautiful, it's thin, it lasts all day", sure sounds like a pantie liner to me.

Every night I say my prayers thus, "dear God, please let the hackers write some really destructive malware for Mac. It may be selfish I know, but God, I'm sooooo sick of listening to those a**h***s".

Fragrant Coit Fragrant Coit said:

From what I can gather, it was an XP machine running IE6 that was hacked.

In the real world, there's still a hell of a lot of these PC's / Lappys still using XP & IE6.

I work as a self employed Mobile Computer Tech, and most casual users don't want to "update" to IE8, let alone a new O/S as they are comfortable with what they know & do not want the expense of a new PC to run W7 {majority of my customers have "just" updated to XP & forked out for a "new" PC - read 8 or 9 years ago, going from Win 9x to XP}.

I've turned a lot of these people onto Firefox - most can see the web speed increase instantly - but some remain steadfast & Luddite. The odd person may even take me up on installing Ubuntu & illeviating most security woes, but until all P4 & Socket A machines actually fail- i.e Motherboard dies - , then IE6 will continue to be in widespread use.

I'm no M$ fan, IE shouldn't have been so flawed in the 1st place, but when people use ancient - in Tech time - software, then there are always going to be people who'll try and exploit any vulnerability for monetary or egotistical profit.

Just my 2c worth...

:-)

Guest said:

In reality, if Google can't secure Windows based systems internally, they aren't as smart as they are given credit for. Apparently they don't have the legacy requirements that cause certain corporate environments to still use XP, so that's not really a valid excuse.

Xclusiveitalian Xclusiveitalian said:

Mac OS brides itself on the fact that it's safe so there not taking many measures to protect themselves so when malware and other viruses do come out i expect really bad results.

slh28 slh28, TechSpot Paladin, said:

captaincranky said:

Not Google, nor Apple can run an ad campaign without trashing M$. My question is "why can't they sell their own junk without doing so".

Yeah totally agree, I think companies should be spending time promoting and improving their own products rather than go after the competition. But then I've noticed that US adverts are generally a lot less subtle, whether it be Apple dissing M$ or GM stating that Toyotas are crap.

Anyway, I can see Google gradually turning more and more evil, let's see how long their reputation lasts.

Guest said:

@matrix86

No, you see, the thing is, whatever you think Google is, and whatever you think Microsoft and Apple are, has nothing to do with the problem here. Windows is still the most insecure OS out of the mostly used. THAT is why I pity Microsoft, for trying to sugar coat the truth. Mac OS X, and Linux are superior, security-wise.

Nothing more, nothing less....

madboyv1, TechSpot Paladin, said:

Guest said:

@matrix86

No, you see, the thing is, whatever you think Google is, and whatever you think Microsoft and Apple are, has nothing to do with the problem here. Windows is still the most insecure OS out of the mostly used. THAT is why I pity Microsoft, for trying to sugar coat the truth. Mac OS X, and Linux are superior, security-wise.

Nothing more, nothing less....

First of all, most people are not thinking of what "Google, Microsoft and Apple are", they (and the article) are pointing out that due to the popularity of the OS, Windows in general is more prone to attacks because the effect of the attack is likely to affect a larger target audience. It is not as simple as just saying the security issue is as black and white as how the operating system is designed, it is also a function of how widespread in both the global and regional markets an operating system is, as well as the kind of users and what software is installed on their computers.

lataak said:

It always surprises me when people usually defend Microsoft. It is like a poor man taking refugee in the home of a rich man and no matter what, he can't say anything bad about the man. The problems of Windows is too much, let us accept this fact. I know most us use Windows but that should not make us defend Microsoft. The vulnerability of Windows a danger for company like Google who has millions of customer data and search engine indexes & cache. So what is the problem if Google take more a secure option? Besides, Microsoft works not for the good of the software world, but to kill other competing companies and become monopolist.

Guest said:

So, is the mini-van, one of the most popular vehicles on the road, the most stolen?

Guest said:

@madboyv1

Is linux not the most popular for servers?

Do servers contain more data than your PC plus a million others?

Would it not be worth it to hack a server?

Also see my comment about mini-vans.

Burty117 Burty117, TechSpot Chancellor, said:

Wow! Lataak and Guest, Trust me on this, Windows is way more secure than the latest Builds of the Linux Kernal including Mac OS X, just google "virus for Linux" and you'll find that even with the latest updates to Mac OS X or the latest Ubuntu, the virus can actually wipe hard drives, Steal data without any alert at all! copy files accross the internet and the more tricky one as it requires the user to actually accept the installation, of course it could just pretend to be an existing program so of course the user allows it through and now the hackers have a leased line to use your machine for just about anything.

Now down to the issues with windows, yes it does get infected more, but with near 90% of the market can you really expected no security issues? And the Infections i've seen on Vista and 7 are far less serious, Windows XP i have seen just as bad a virus's such as the ones i've mentioned above but with Vista the worst i've come accross was porn ad's being thrown around the computer causing it to be slow and on windows 7 Sophos has picked up that the HP toolbar has a dodgy proccess killer.exe which isn't actually a virus.

Fact is, Google should be keeping their systems not just up-to-date but locked down with Firewalls so even if a hacker could get in, it shouldn't be allowed out.

This is just google trying to get a bit of free publicity for their OS, nothing more or less.

Burty117 Burty117, TechSpot Chancellor, said:

Guest said:

So, is the mini-van, one of the most popular vehicles on the road, the most stolen?

Toyota is the most brought brand of car and also has the highest record of call backs for faults with their cars. No point trying to compare a popular car on this one as virus's and popularity have no similarity in this particular arguement, unless of cause cars can get Virus's already.

Archean Archean, TechSpot Paladin, said:

lataak said:

It always surprises me when people usually defend Microsoft. It is like a poor man taking refugee in the home of a rich man and no matter what, he can't say anything bad about the man. The problems of Windows is too much, let us accept this fact. I know most us use Windows but that should not make us defend Microsoft. The vulnerability of Windows a danger for company like Google who has millions of customer data and search engine indexes & cache. So what is the problem if Google take more a secure option? Besides, Microsoft works not for the good of the software world, but to kill other competing companies and become monopolist.

It is exactly the same for Google or any other business, so i am not buying that MS killing others s***. I remember saying here that (while i was still in IT and tracking developments more regularly) non-MS OSes were suffering from more security issues on average each week. But anyway, as some very informed members already pointed, no OS is completely secured, neither it can every be, there will be issues with them from time to time. And reason there are less issues with MacOS or Google's whatever that stupid OS is called because hardly any one uses it. I believe, MS is in much better position now to compete Google in some areas much more effectively, infact they can simply eliminate google's useless docs (which is neither good nor of much use for above average users) with their better office online solutions, and even in the search arena; provided they play their cards right. I believe in the longer run Google is in much more vulnerable position than MS is IMHO, because they so heavily rely on just one source of revenue.

Edit:

Earlier I was looking for this excellent article for all those google fanbois but couldn't find it beside I was at work.

Guest said:

"I try to explain that permissions on Linux make such tribute unnecessary. Without quibbling over the definitions of viruses and trojans, I tell them that neither can execute on your machine unless you explicitly give them permission to do so.

Permissions on Linux are universal. They cover three things you can do with files: read, write, and execute. Not only that, they come in three levels: for the root user, for the individual user who is signed in, and for the rest of the world. Typically, software that can impact the system as a whole requires root privileges to run.

Microsoft designed Windows to enable outsiders to execute software on your system. The company justifies that design by saying it enriches the user experience if a Web site can do "cool" things on your desktop. It should be clear by now that the only people being enriched by that design decision are those who make a buck providing additional security or repairing the damage to systems caused by it."

http://www.linux.com/news/software/applications/8261-note-to
new-linux-users-no-antivirus-needed

Re: Toyota

Recalls are more akin to security updates. Stealing your car is more like getting a virus on your PC, you are no longer in control, some one with malicious intent is in control.

Mini-vans are most prevalent where I live, they are from from the top of the hit list of most stolen vehicles.

Servers contain more data and are a more valuable target than your PC.

Ever hear of pwn2own? Linux isn't included anymore because it is too difficult to compromise. At least according to past winning experts. Guess $40 000 isn't enough incentive.

captaincranky captaincranky, TechSpot Addict, said:

Toyota is the most brought brand of car and also has the highest record of call backs for faults with their cars. No point trying to compare a popular car on this one as virus's and popularity have no similarity in this particular arguement, unless of cause cars can get Virus's already.
I still drive a '79 automobile because it doesn't have an onboard computer! Although truth to tell, it isn't because I think it would be hacked. In hindsight, if a car does have a computer, Google has probably found a way to run their "Google Analytics" script on it. They're everywhere I tell you. (Insert looking over its shoulder, paranoid "smiley", >>here<< ...!

TJGeezer said:

@captaincranky - I bet you'll catch from flames for that. FWIW, I agree with you but couldn't have said it as well.

ravisunny2 ravisunny2, TS Ambassador, said:

"Permissions on Linux are universal. They cover three things you can do with files: read, write, and execute. Not only that, they come in three levels: for the root user, for the individual user who is signed in, and for the rest of the world. Typically, software that can impact the system as a whole requires root privileges to run."

And these permissions cannot be altered by an attacker ?

TJGeezer said:

burty117 said:

Guest said:

So, is the mini-van, one of the most popular vehicles on the road, the most stolen?

Toyota is the most brought brand of car and also has the highest record of call backs for faults with their cars. No point trying to compare a popular car on this one as virus's and popularity have no similarity in this particular arguement, unless of cause cars can get Virus's already.

See [link]

Coming soon to a highway near you: Human with subcutaneous RFID i.d. chip to unlock house, enable mobile phone, access workplace, etc., gets virus. Car with RFID diagnostic i/o gets its multiple internal computers virused. Passes same on to every passing newer car and truck. What fun for a script kiddie!

Burty117 Burty117, TechSpot Chancellor, said:

LOL! =)

Burty117 Burty117, TechSpot Chancellor, said:

Guest said:

"I try to explain that permissions on Linux make such tribute unnecessary. Without quibbling over the definitions of viruses and trojans, I tell them that neither can execute on your machine unless you explicitly give them permission to do so.

Permissions on Linux are universal. They cover three things you can do with files: read, write, and execute. Not only that, they come in three levels: for the root user, for the individual user who is signed in, and for the rest of the world. Typically, software that can impact the system as a whole requires root privileges to run.

Microsoft designed Windows to enable outsiders to execute software on your system. The company justifies that design by saying it enriches the user experience if a Web site can do "cool" things on your desktop. It should be clear by now that the only people being enriched by that design decision are those who make a buck providing additional security or repairing the damage to systems caused by it."

[link]

Re: Toyota

Recalls are more akin to security updates. Stealing your car is more like getting a virus on your PC, you are no longer in control, some one with malicious intent is in control.

Mini-vans are most prevalent where I live, they are from from the top of the hit list of most stolen vehicles.

Servers contain more data and are a more valuable target than your PC.

Ever hear of pwn2own? Linux isn't included anymore because it is too difficult to compromise. At least according to past winning experts. Guess $40 000 isn't enough incentive.

Dude, after doing a quick google i think you should probably stop while you've got the chance to, as a post above me said, what stops a hacker from changing the permissions? actually they already do if i read my stuff right...

Guest said:

You will need my root password to change permissions!

I am going to build two cars. One is for profit and the other is for my personal enjoyment (and whoever else wishes to enjoy it).

Which one would you prefer?

Which car would a mechanic/repair-shop/salesman recommend?

madboyv1, TechSpot Paladin, said:

Guest said:

Ever hear of pwn2own? Linux isn't included anymore because it is too difficult to compromise. At least according to past winning experts. Guess $40 000 isn't enough incentive.

The total cash prize this year was $100,000 with $40,000 for web browsers ($10,000 for each), and the other $60,000 was for mobile platforms ($15,000 each), NOT PC operating systems. After that there are two things going against Linux as an operating system in this particular example.

First is its lack of reach in the consumer market. Pwn2own is not about industrial or server equipment/implementations which are far more secure without any doubt, it is about consumer type software and products using consumer hardware. Pwn2own is naturally biased against Linux and Opera and [insert your own software here] because of this; they are not trying to offer alternatives (even if they may or may not be more secure) but to give incentive for a select few (also a major flaw of Pwn2own) to break common software.

Second is the high variability of the Linux kernel and the various distributions. While the constant updating of the kernel and the large number of options to start with before individual customization is generally considered as a good thing, it is bad when being used as a test bed for one reason or another. What will affect one configuration may not affect another, and being that Linux users generally are required to be more knowledgeable in how their own operating systems work in order to deal with their own problems, they as a user group are not generally safer, but smarter in the choices they make.

How secure a computer can be is ultimately defined by the user (and software they choose) and the choices they make (among other things, the choice to update/upgrade), this is universal regardless of operating system.

Guest said:

@ Guest,

Seriously dude stop while you can, it only takes time, patience and the right tools to crack your root password regardless of how well secure you've might have made the machine, besides if someone really wanted to get into your system, they would do it.

Archean Archean, TechSpot Paladin, said:

If a car does have a computer, Google has probably found a way to run their "Google Analytics" script on it.

Excellent point about Google's predatory practices Captain, which now include wireless network hijacking (a bit harsh word I admit, but frankly seems fitting to me) to get all information about people and what they do with their computers on Internet.

Guest said:

"Participants competed to find a way to read the contents of a file located on the user's desktop, in one of three operating systems: Mac OS X Leopard, Windows Vista SP1, and Ubuntu 7.10."

http://en.wikipedia.org/wiki/Pwn2Own

"So at the end of the last day of the contest, only the Sony VAIO laptop running Ubuntu was left standing."

http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-fi
al-day-and-wrap-up

"Needless to say, after day 2 titles were slight variations on the "Mac OS X Hacked First" theme, while last day the song changed into "Vista Breached, Linux Unbeaten", casting the event into a security contest among OSes."

http://hackademix.net/2008/04/01/pwn2own-the-winner-is-noscr
pt/

Seriously dude, linux was never beaten and the reason is not that it can't be, but that it is too hard to do so. I believe it was Charlie Miller who said he could hack linux, but why bother to take days to do something that could be done in minutes/hours elsewhere.

Seems to me Opera has the largest mobile market.

http://gs.statcounter.com/#mobile_browser-ww-monthly-200905-
01006

Seriously dude, why not provide some links instead of some "opinion."

jink said:

It always amazes me how clingy geeks are to the operating system they use. They believe being "popular" has some kind of direct correlation to quality and justness. Al we have to do is look at "pop" music to see what nonsense this is - popular is very often highly superficial.

That Windows is most popular should ring alarm bells in those that prefer a quality experience rather than the usual childish empty ego-defending slurry of remarks that are typically sputtered at others (which unfortunately only reinforces the "popular=superficial" tendency).

Whether we like it or not, Windows has been struggling for years now to keep pace with OSX on most fronts. Trying to take the dos/win3.1/nt4 antiquated underpinnings but create a modern OSX-like experience has been very challenging. Win7 is the most mature attempt yet.

If being popular means being considerably more attractive to disease, I'll pass thanks.

PanicX PanicX, TechSpot Ambassador, said:

The comments here have left me daunted.

I'm guessing there's a bit of trolling going on, but wow, just wow if there isn't.

Now, I'm not an expert in security, but I'm pretty sure the basics aren't that hard or complicated for anyone here to grasp. The pedantics of which operating system is inherently more secure are too difficult to derive, as no body knows how many undiscovered vulnerabilities remain in each OS or how many will be created in the future.

If a particular OS has patched 400 vulnerabilities last year and another only patches 50 vulnerabilities, would you say the one with 50 patches is more secure? How could you know if that OS only has 50 vulnerabilities as opposed to 50,000?

Saying that my OS is better because you don't run as admin or my UAC prevents vulnerabilities or my market share is too small is naive at best. An exploit is code that uses vulnerabilities to execute code irregardless of your security design. If even 1 unpatched exploit exists for your operating system, you cannot claim your OS is secure.

The real measure of the security of an operating system is by the patch response times to vulnerabilities found and active wild exploits. The longer you're forced to remain unpatched to known vulnerabilities, the more insecure you are.

I haven't seen a vulnerability patch response time report in a few years, but the last one I came across showed ~ 4 day response time average for Linux kernel patches, ~ 45 day response time average from Microsoft, and ~ 4 month response time from Apple. (This is from memory, my apologies to fanboys if I'm off a little)

The only factor outside this that I can think of is the fact that Linux is open source and if so inclined, one could create their own patches much easier than with the other operating systems.

Wagan8r Wagan8r said:

captaincranky said:Every night I say my prayers thus, "dear God, please let the hackers write some really destructive malware for Mac. It may be selfish I know, but God, I'm sooooo sick of listening to those a**h***s".

Haha! That freakin' made my day!

captaincranky captaincranky, TechSpot Addict, said:

Panic....., I Think You Misspelled "Toll".......

The comments here have left me daunted.

I'm guessing there's a bit of trolling going on, but wow, just wow if there isn't.

Nothing could be further from the truth. The whole concept of "News and Comments", is to generate opinion-editorial type comment from Techspot's membership. The whole atmosphere should be collegial, with plenty of lively forensic discussion.

Thus snickered captaincranky from beneath his bridge....... "

Guest said:

Well said PanicX!

So the majority run MS?

"A new survey indicates that most Americans are pretty clueless when it comes to the speed of their Internet subscription. Four out of five have absolutely no idea what it is."

http://arstechnica.com/tech-policy/news/2010/06/we-dont-know
how-fast-our-isp-is-but-we-like-it-anyway.ars?utm_source=r
s&utm_medium=rss&utm_campaign=rss

I am not sure who that reflects the worse on. Americans or MSers, but it does explain a lot.

Archean Archean, TechSpot Paladin, said:

@jink

Just to refresh your memory here is a link you should have a look at. I remember posting a thread which traced path from where Steve Jobs probably 'lifted' his idea of iPad (about which I 100% agree with Captain that it sounds like a women's product).

Now, having said that, it is a fact that MS too have incorporated many ideas which were first implemented in OSX. So before you start to drumbeat superiority of OSX correct your facts, and remember OSX is used by a relatively small number of people, hence it is not yet the prime target for hacks / malware etc. but that doesn't mean there are no issues with it (just read PanicX's excellent comments above).

I have used many operating systems e.g. DOS/OS2, OSX, Windows, Linux, FreeBSD, Unix, and Windows again (in this order) over the last 20 years. But, frankly windows despite its horrendous shortcomings in the past is the one I will choose over the others, for now. Regards

Guest said:

"Mac OS X, and Linux are superior, security-wise."

Oh really?

http://tmrepository.com/trademarks/virusesmeanlinuxismainstr
am/

http://blogs.apache.org/infra/entry/apache_org_04_09_2010

http://www.zdnet.com.au/mac-os-x-hacked-under-30-minutes-139
41748.htm

http://www.zdnet.com/blog/security/ubuntu-servers-hacked-to-
ttack-others/453

Make no mistake, doesn't matter what OS you use, in can't prevent social engineering attacks, or lack of proper security procedures and patch updates. If you think hiding behind mac is good enough, think again. Common sense and sensibility is more important than just the OS alone.

madboyv1, TechSpot Paladin, said:

Guest said:

"A new survey indicates that most Americans are pretty clueless when it comes to the speed of their Internet subscription. Four out of five have absolutely no idea what it is."

[link]

I am not sure who that reflects the worse on. Americans or MSers, but it does explain a lot.

Well, as I live in the US, I can attest to the general lack of prowess involving computers with the general population, which has been dummied down to the use facebook, twitter, and other social networking software, and which half the time, if not more, it is on their phones. As long as it happens fast enough (which isn't hard for these kinds of sites regardless of what access mode they are in) they don't care. On top of that ISPs are less than forthcoming in providing service that actually matches their advertised speeds (phone companies aren't as bad, but they'll chalk it up to lack of service availability when it doesn't), and most users don't know how to or that they can benchmark that relative speed, even if there are sites to help them do that like speedtest.net.

Anyways, I'm not sure what the point of linking that was.

To the other Guest from earlier: I've decided that you aren't going to listen to other peoples opinions, regardless if 5 minutes of searching around backs up everything said, so I'm giving up on you. I never said they never used Linux in pwn2own or that Linux did not have its own merits in security, just why they don't usually use it as a testing platform. The world is run by economy of scale and adoption rates generalized through statistical data, not what may or may not be better. =p

Guest said:

"Mac OS X, and Linux are superior, security-wise."

well that didn't take too long to correct:

http://www.infoworld.com/t/malware/macs-under-attack-high-ri
k-spyware-698

(snicker)

ravisunny2 ravisunny2, TS Ambassador, said:

You will need my root password to change permissions!

QUOTE]

And, the root password isn't stored some where on the harddrive ?

PanicX PanicX, TechSpot Ambassador, said:

You will need my root password to change permissions!

And, the root password isn't stored some where on the harddrive ?

I don't know of any operating system that would store user passwords in plain text. They all use a form of an authentication algorithm to compare a computed hash of what you type in as a password against the hash stored on the drive. If you somehow obtain a password hash, it's possible to brute force attack it with something like the now defunct L0pht crack, but any password of decent length will take months to years to crack.

This however doesn't change the fact that a root password is NOT needed to change permissions if you utilize an exploit that leverages privilege escalation.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.