Tom Chmielarski, resident security expert: Google began a move away from Windows on the desktop earlier this year, according to a report by the Financial Times. This change is reportedly driven by security concerns and by Google's desire to use its own products, including Chromium, the upcoming Linux OS from Google.
Before considering the ramifications of this shift, however, let's consider Google itself. Google is atypical of many organizations and is not necessarily a good reference model for your organization; they have very large Linux server farms and the experience and tools that go with that, as well as a large number of qualified Linux support personnel. They have also developed two Linux-based OSes (Android and Chromium OS). It is worth noting that Chromium OS has an emphasis on Web-based computing.
Rather than speculating too much on Google's motivations, which I do not know, let's consider the following questions:
- Will it make a difference to change operating systems?
- And, by extension, is that kind of transition something you should consider for your organization?
The debate regarding Linux versus Mac OS X versus Windows is a heated one, and I won't solve it here. I will emphasize, however, that workstation security depends on far more than the security of the OS itself. As for an operating system comparison, Windows has the largest market share of OSes, the old argument goes, and is therefore the most attacked. This means the vulnerabilities within the various Windows versions are more likely to be uncovered and used.
Linux and OS X both have security problems of their own, though. Apple, from a straightforward numbers perspective, has had more security vulnerabilities in 2010 than Microsoft. However, the use of vulnerabilities as a numerical indicator of security is much debated as well.
Security of the desktop is important as the desktops are an entry point to your organization and frequently contain sensitive data. (Chromium's emphasis on Web services, such as Google Docs, might help shift more of that sensitive material to centralized servers that are, in theory, more secure.) At a high level, the security of those endpoints depends on several factors including:
- How secure is the underlying OS?
- How securely is the OS configured?
- How well is the OS managed to prevent configuration drift and ensure patches are applied?
- How secure are the applications running on that OS?
- What privileges do users, and user-space applications, have to modify the operating system?
- How prone are your users to make poor security decisions?
The choice of operating system (Linux/OS X/Windows) only pertains to the first two items in this list, although they are two very important considerations. This leaves us with configuration management, user rights management and application security. Basic systems management of Windows desktops is relatively easy, and your typical IT person can do it or pick it up with a little reading. The complexity of Windows administration is somewhat deceptive, though, since it's much easier to get basic management functions working (WSUS, for example) than it is to do the configuration and management reliably and securely.
Linux management is trickier, and the number of subject matter experts available to hire is much smaller. Does your organization have the tools and skill sets required to securely manage Linux workstations? Given the normal IT emphasis of "more with less" and "do it yesterday," it's not surprising that many organizations have poor systems management practices and barely any asset management.
Limiting user rights -- not letting everyone have local administration rights -- is an important security precaution. This model is fairly common in the Linux world. Windows deployments, however, frequently give every user local administrative rights, which means malware is more easily able to install itself. Windows Vista and Windows 7 offer improved user account control features, but they are too frequently ignored in lieu of the convenience of letting everyone have complete control of their own desktop.
The security of the application is much less important if it doesn't have the ability to modify the OS or access the data stored on that system. Adobe's recent announcement that Adobe Reader will use sandboxing to control access to the OS is an example of an (attacked) application vendor's response to security problems.
User education, which is mostly non-technical, is another important consideration. You're not likely to succeed in securing the workstations if your users are prone to respond to 419 scams, open email attachments from people they don't know, and install random software from the Internet.
To determine if a move to Linux or Mac OS X is right for you, consider your ability to manage and otherwise support Linux desktops. You'll also need to ensure your applications and users can function in a Linux environment.
Lastly, as I noted above, a shift to cloud computing, if you assume the cloud itself is secure, has a security benefit of removing some sensitive data from that endpoint. If, however, an attacker gains user credentials by compromising the endpoint and monitoring user activity, then that benefit is largely negated.
This was first published in August 2010