Wednesday, June 2, 2010

Microsoft Plays Defense Against Google Windows Migration Report

Via -

With news swirling that Google is ditching the internal use of Windows over security concerns, Microsoft moved swiftly to counter-attack and defend the security posture of its flagship operating system.

Even as security experts questioned the wisdom of such a drastic Google move, Microsoft’s Brandon LeBlanc found irony in the issue, pointing to a report that Yale University had halted their move to Gmail (and their move to Google’s Google Apps for Education package) citing both security and privacy concerns.

Here’s LeBlanc on the Windows security posture:

When it comes to security, even hackers admit we’re doing a better job making our products more secure than anyone else. And it’s not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others….Microsoft makes the security of our customers a huge priority.


Other examples of industry / security experts that question the wisdom of this uncomfired report....

Costin Raiu from Kaspersky Labs:
"MacOS is no more secure than Windows 7; on the contrary, it might even be worse because of the false sense of security it provides. The right thing to do here would have been to switch to Windows 7, on x64 and use Firefox or Chrome for web browsing. Then, creating a company policy where users can't log in to the corporate network unless they have the most recent patches and their AVs up to date."
David Marcus - McAfee Labs Blog:
"What many people fail to realize is that Operation Aurora was not really about any technical issues. Sure, the attackers used a very effective zero-day vulnerability. And, certainly, they used lots of evasion techniques in delivering the payload? But the real vulnerability has not been discussed. People were the weak link....Would it make any difference if the victims were running Linux or any other operating system if an attacker builds such a sophisticated profile? Not remotely. Linux, Windows, Mac, whatever–everything has weaknesses. Especially the users of those systems."
Steve Manzuik:
"Your operating system choice does not equal security. I cannot put that any more simply than that. If your company employs experts in Linux then it makes sense to standardize on Linux. If your company employs expertise in Windows — rolling out Linux, OSX, or any other operating system is asking for problems. Obviously in Google’s specific case one could argue that they have more expertise in Linux. So the switch from Windows isn’t a security concern its common sense and makes me wonder why they would have had Windows boxes in the first place."


  1. One minor correction. I no longer work for Juniper Networks. Doing consulting now a days. :-)

  2. Corrected =) I was kinda thinking you moved on to other things, but your Linkedin stated otherwise hehehe