Google Reportedly Ditching Windows 1003
Reader awyeah notes a Financial Times report that Google is ditching the use of Windows internally. Some blogs have picked up the FT piece but so far there isn't any other independent reporting of the claim, which is based on comments from anonymous Googlers. One indication of possibly hasty reporting is the note that Google "employs more than 10,000 workers internationally," whereas it's easy enough to find official word that the total exceeds 20,000. "The directive to move to other operating systems began in earnest in January, after Google's Chinese operations were hacked, and could effectively end the use of Windows at Google. ... 'We're not doing any more Windows. It is a security effort,' said one Google employee. ... New hires are now given the option of using Apple's Mac computers or PCs running the Linux operating system. 'Linux is open source and we feel good about it,' said one employee. 'Microsoft we don't feel so good about.' ... Employees wanting to stay on Windows required clearance from 'quite senior levels,' one employee said. 'Getting a new Windows machine now requires CIO approval,' said another employee."
Flamebait (Score:5, Insightful)
However, they feel pretty good about a closed-source implementation of an open source operating system on locked-in hardware? This sounds rather flamebaity and very light on facts.
Re:Flamebait (Score:5, Funny)
Re:Flamebait (Score:4, Interesting)
Really? I find it EXTREMELY useful in the music studio. I guess I missed the memo that this is not supposed to be the case.
Re:Flamebait (Score:5, Informative)
Re:Flamebait (Score:4, Interesting)
I was waiting for people to make apps using it as a DAW. The first time I saw it announced, I thought it would make an excellent control surface for a musician. It can either be used via BlueTooth or the connector as a graphical "dumb terminal" telling the music program running on a computer what dials and sliders the user has changed, or it has enough CPU to mix and do effects on some amount of music (I'd probably say at least 4 tracks at CD quality, possibly a lot more.)
No, it wouldn't replace a 48 track mixing deck with motorized faders, but it can offer a musician a lot of control for a decent price that they wouldn't have otherwise.
Re:Flamebait (Score:4, Insightful)
It's not that scary that you believe that, what's scary is that 3 others with mod points believed that.
An Ipad with a bluetooth keyboard would be a complete pain in the arse to use every day. Not to mention the tiny screen size, risk of theft and the fact that none of our software would work properly.
There is no decent alternative to outlook. Yes outlook has a lot of functionality that many business users need, a user may only need 10% of it but each user uses a different 10%. Between all the end users in a 50 person org at least 80% of all functions are used in Word, Excel, Visio, Project and Outlook. Your experiences are not typical.
Not to mention production software, ArcGIS wouldn't run, neither will Quickbooks nor will any of the other prod software we use.
What about printing?
Ipad's cant access file shares, are you seriously suggesting that everyone keeps all their work locally?
Enterprise tools (auditing, communications and collaboration, content control).
You cant even turn one on without another PC.
Finally we still have the gorilla arm problem when using the touch screen to do basic functions like open programs and scroll. Lack of multi-tasking is another big one, most users in a call centre open at least 3 programs (call tracking, inter-office IM and knowledge base).
Really, have you thought about this at all.
You cant make assumptions about office work based on your limited Ipad experience.
Re: (Score:3, Informative)
People managed to check email, schedule tasks and appointments, manage contacts and keep notes before Outlook came on the scene. There may no good one-stop alternative, but maybe that's not such a bad thing. Outlook is a bloated monster that, if running on its own, uses a horrible flat file database, and if running on a network, u
Re:Flamebait (Score:5, Insightful)
People managed to check email, schedule tasks and appointments, manage contacts and keep notes before Outlook came on the scene. There may no good one-stop alternative, but maybe that's not such a bad thing. Outlook is a bloated monster that, if running on its own, uses a horrible flat file database, and if running on a network, uses Exchange, which, when it works is great, but as anyone who has to debug it when it goes nuts knows, can be an absolute nightmare.
Sure. People used to communicate before email and mobile phones as well - that doesn't mean they did it as efficiently.
Outlook-Exchange is absurdly expensive [...]
If you seriously think Outlook+Exchange is "absurdly expensive", then you've little experience out in the real world.
Exchange might cost a piddling $100-$200 per user over 3 years. There's no shortage of professional software packages that cost over $10,000 *per user*, to say nothing of things like Oracle that cost ca. $40k per CPU socket. Heck, smoking breaks probably cost the typical employer more per year than their Exchange environment.
In context, Exchange (or, indeed, pretty much all Microsoft software) is not expensive.
For us its pure economics. With limited budgets and the need to expand, we're between a rock and a hard place, and if it means moving to a somewhat less convenient web-based mail/scheduling system, well, that's just the way it will be.
If your employer can't afford Exchange CALs, you've got much, much bigger things to be worried about.
Re:Flamebait (Score:5, Insightful)
Re:Flamebait (Score:5, Informative)
No need for online things like zimbra or gmail, the built in Mail, iCal and Address Book apps all have exchange integration, and between the three of them, cover all the functionality that Outlook does.
Re:Flamebait (Score:4, Insightful)
Re:Flamebait (Score:4, Insightful)
> Remember, the only serious thing an iPad is good > for is serious content consumption
Bullshit. You add an accessory Bluetooth keyboard and it turns into a PC replacement that easily replaces XP for most users.
You can't zip up and send files
You can't receive and unzip files
You can't print
You can't connect any usb devices
Useless encryption
No decent audio/video/image editing
No Flash/Silverlight
No Java Applets
You can't even activate it without a PC
The only thing that's Bullshit is your idea that the average user does not need/want to do any of the above things.
Re:Flamebait (Score:5, Insightful)
You add an accessory Bluetooth keyboard and it turns into a PC replacement that easily replaces XP for most users.
Uhh.. Considering the very first thing you must do with an ipad before you can do *anything* with it is PLUG IT INTO A REAL COMPUTER, your entire premise is full of fail.
It can't be a "PC replacement" if you need to plug it into a PC in order to use it.
Re:Flamebait (Score:5, Informative)
Re:Flamebait (Score:5, Funny)
Re:Flamebait (Score:4, Insightful)
Simon.
Re:Flamebait (Score:5, Interesting)
Well, I think they're headed to ChromeOS long-term. While this particular report may be true or not since it's based on anonymous sources, Eric Schmidt himself said that this would be Google's response during the Atmosphere event. He also indicated that they're moving toward eating their own dog food at every level, and that wasin or around a discussion of ChromeOS (I'm going from memory). I took the interview as a whole to be an indication that Google wanted to move to ChromeOS and Apps for as much of the internal stuff as it could.
Here is a report of the interview: http://news.cnet.com/8301-30684_3-20002315-265.html [cnet.com]
Re:Flamebait (Score:5, Informative)
Aaaand ... after reading TFA, it confirms ChromeOS and dogfooding:
Employees said it was also an effort to run the company on Google’s own products, including its forthcoming Chrome OS, which will compete with Windows. “A lot of it is an effort to run things on Google product,” the employee said. “They want to run things on Chrome.”
Re:Flamebait (Score:4, Insightful)
Aaaand ... after reading TFA, it confirms ChromeOS,
Google is a software and software services company.
They can't substantially eliminate Windows if they want to develop software for Windows, and they can't substantially replace Macs and Windows PC-s with Chrome OS if their designers want to run Photoshop and co.
Re: (Score:3, Interesting)
Eric Schmidt must have a short memory. Wasn't he still at Sun when they tried the "eat your own dog food" approach with Solaris there?
Whatever the technical virtues of Solaris, it turned out to be a miserable environment for the kind of productivity apps your typical office droid needed to have access to. We'll see how long it takes Google to start frantically doing the back-stroke.
Re:Flamebait (Score:5, Insightful)
You can run Office on a Mac. You can run iWork on a Mac. You can run NeoOffice on a Mac. You can run OpenOffice on Linux. Gmail or Zimbra can probably do nearly everything that they'd maybe need Exchange for, but I doubt Google used Exchange in the first place. Most of their engineers will probably pick Linux, and most of their "office droids" will probably get a Mac by default. A modern Linux or MacOS X desktop is hardly an Ultra5 with Solaris 8 with nasty purple CDE pretending XEmacs is a word processor.
Re:Flamebait (Score:5, Funny)
Re:Flamebait (Score:5, Interesting)
Re: (Score:3, Insightful)
I understand the point you are trying to make but it really isn't possible to compare how Google and Sun operate. Very different companies, cultures, mindset, visions. And that's ignoring the differences in computers too.
The Backstroke (Score:5, Informative)
We'll see how long it takes Google to start frantically doing the back-stroke.
I don't think we will see Google doing a backstroke anytime soon. When you think about how badly Google was compromised, and what someone could do to them if they are every compromised like that again. What are their options.
1. Find a way to live without Microsoft and all the software that will ONLY run in a MS Environment.
or
2. Give to it, take the easy way, run MS software and just expect that you can survive any system breach no matter how badly you are compromised.
If it takes 5 years and a billion dollars, I am sure it will be worth it to Google in the long run. Also note. Google is not "talking" about switching. They are not trying to get a better price from Microsoft. They just quietly started to mandate that MS is not an option any longer.
Re:Flamebait (Score:5, Interesting)
Developers on ChromeOS? (Score:5, Insightful)
Re:Developers on ChromeOS? (Score:4, Informative)
Tell me... what IDE runs on ChromeOS? Where's the Emacs for Android? When I see that, we'll talk. Until then, I don't think that Google's going to be able to migrate it's most vital employees (engineers) to "eat their own dogfood." Might be interesting to migrate support staff, but that's not where the heart of Google is.
Well.... since ChromeOS is built on Ubuntu [computerworld.com] I'll bet that anything that runs on Ubuntu should run on ChromeOS.
Re: (Score:3, Informative)
However, the main issue with Chrome OS is the vapor it's made out of.
Chrome OS isn't vapor... [getchrome.eu] It is still a beta so its not fully functional, but it is real.
Re:Developers on ChromeOS? (Score:4, Insightful)
If the developers/engineers are forced to "eat their own dogfood", we'll probably just end up with a ChromeOS that's just as bloated as Ubuntu or Windows...
Re: (Score:3, Interesting)
And, what exactly is ChromeOS? I haven't fooled with it in a couple months - but the last time I looked, ChromeOS was just a highly customized Cloud Linux.
Google may or may not be working on their own kernel, but to date, there is no indication that they are.
So, the premise that Google is moving to Mac and Linux still stands, no matter how much ChromeOS may figure into the equation.
Re: (Score:3, Insightful)
Re:Flamebait (Score:5, Insightful)
'Linux is open source and we feel good about it,' said one employee. 'Microsoft we don't feel so good about.' However, they feel pretty good about a closed-source implementation of an open source operating system on locked-in hardware? This sounds rather flamebaity and very light on facts.
I think you've missed something. Read the sentence; they look at open source as a benefit and they feel good about it (Linux). That doesn't mean that the fact that Linux is open source is the only or even the biggest reason they like it. Obviously they also feel good about Mac OS X despite the fact that it's not 100% open source. Get it?
Corporations choose what makes sense to increase their bottom line. To that end, they think Linux makes sense. The fact that Linux is open source is just icing on the cake.
Re: (Score:3, Interesting)
Sigh, badmouth Apple on Slashdot and get modded down, no matter how accurate your post may be. Oh well. I expect I'll suffer the same fate, but I'll weigh in nonetheless. I have karma to spare.
You also forgot to mention that if this shift is really for security reasons, MacOS is hardly an improvement over Windows -- in fact it may well be a downgrade. It derives most of its security through obscurity, but as competitions like pwn2own show us -- if people have a motivation they will find an exploit.
It's
Re: (Score:3, Informative)
It's the security stuff they are and are not feeling good about.
LoB
Re:Flamebait (Score:5, Funny)
yes, 10,000 extra users is practically doubling their userbase!
Re: (Score:3, Insightful)
Re:Flamebait (Score:5, Insightful)
I'm pretty sure they're apple mod douche bags.
Re:something wrong with TFA (Score:4, Informative)
windows key + r /u:domain\user application.exe
runas
return or enter key
when prompted enter your password
use a- prefix accounts within a group on the domain for local administrator access.
use normal accounts for login and day to day.
I don't care about the OS "fighting" but make sure you look at all the details first.
Bullshit (Score:4, Informative)
Re:something wrong with TFA (Score:4, Informative)
2010... (Score:5, Funny)
The year of Linux on...
Never mind.
Re:2010... (Score:5, Insightful)
The year of Linux on...
Never mind.
That may well be part of Google's intention. Microsoft and Google have long been trying to kill each other. Tech companies seemed to have a policy of trying to scorch some earth around their market -- pre-emptive strikes against companies that might move into their competitive market in the future. So, Microsoft spent large quantities of cash to kill Netscape and AOL. Google are spending much moer than they are earning on Google Docs to try to kill Microsoft's Office market. Microsoft are spending large quantities of cash to try to kill Google's search advertising market. And more recently Google are spending lots of cash to try to kill Microsoft's Windows market. Taking the pain of moving a lot of staff from one operating system to another sounds like another effort in that regard. They hit Microsoft in PR ("see, one of the world's biggest companies doesn't use Windows at all -- it's not necessary for business"), and they particularly boost Linux's desktop user base and market reputation (they also boost Apple, but Apple needs it less). Not to mention the extra 20% time that desktop Linux projects might soon be getting...
Re:2010... security maybe (Score:4, Insightful)
If they locked Windows up securely, all their employees would change operating systems anyway.
You have to get pretty draconian to stop a targeted attack like the Chinese one.
I hear Googlers enjoy having a network cable connected to their computer.
Re: (Score:3, Funny)
I dunno, I think this whole "internet" thing is kind of overhyped, at this point. It's clearly peaked in the marketplace, and public opinion is already starting to turn against it. This time next year, your precious little Internet darling is gonna be so irrelevant that it'll make Vanilla Ice look like Joel Spolsky.
I'd love to see.... (Score:5, Interesting)
.....if Microsoft employees can ditch Google.
That will be the true test of Google's influence.
Re:I'd love to see.... (Score:4, Insightful)
While I have no doubt it's accomplish-able, I wouldn't be surprised if there was some pains in a department or another.
I'm going to fucking kill Google (Score:5, Funny)
Fucking Eric Schmidt is a fucking pussy. I'm going to fucking bury that guy, I have done it before, and I will do it again. I'm going to fucking kill Google.
Your friend,
Steve Ballmer
Re:I'm going to fucking kill Google (Score:5, Funny)
It looks like you are trying to kill Google.
Would you like help.
* Hire a hitman.
* Begin a smear campaing against them and sue by proxy.
* Dance around the stage getting sweaty.
IBM is headed that way too (Score:5, Interesting)
I recently left IBM, but while I was there, there was considerable effort to eliminate M$ products. Symphony was being pushed out over MS Office, and Apple netbooks were an available option in some areas. Obviously IBM has a love for Linux, and the Linux folk there are doing everything they can to make it perfectly acceptable, and usable, to use Linux internally. For all of my 4 years at IBM I used Debian and then Ubuntu on my work thinkpad (but I kept a XP partition for Visio).
Re: (Score:3, Funny)
Wow! Symphony! Now THERE'S a cutting-edge technology! I remember the helicopters buzzing Manhattan in, umm, 1990 something, proclaiming. "We're cool! We're Lotus 1-2-3 in drag because now we incor[orate a word processor and, umm, Visiterm!" Next up: "Munich has disclosed that the entire city is dumping Windows for DOS 6.0"
News at eleven.
Re:IBM is headed that way too (Score:5, Informative)
This is a new Symphony, entirely unrelated to the old product [wikipedia.org], build on top of Eclipse technologies and forked OpenOffice code.
http://symphony.lotus.com/ [lotus.com]
Re: (Score:3, Insightful)
Everying f***ing time I hear somebody say "But I HAVE to keep Windows, for Visio!", I thank my lucky stars that I never learned that damn thing. OpenOffice Draw isn't quite as slick, but for 99% of the shit people don't think OODraw can do, the reality is that they're just to willfully ignorant to learn how OODraw can do it. And, bonus, I don't have to deal with the cognitive dissonance of justifying keeping a $200 OS for the sole purpose of running one app of dubious uniqueness.
My prediction... (Score:4, Interesting)
But this is up there. For Joe and Jane Public, google is hip, trustworthy, and useful everyday.
Perhaps more than any other effort, this may influence significantly the perception of school aged people and Operating Systems. When that tipping point comes, MS is in serious trouble.
Dogfooding (Score:3, Insightful)
Even for testing/development, they can just run virtual machines.
neato (Score:4, Insightful)
Re: (Score:3, Informative)
I'm not as smart as most of you slashdotters, but this seems smart in that they can write their own security updates with Linux, as opposed to waiting for Microsoft to fix them.
Yes, but in order to do that they're also creating a budget to support the programmers doing that.
RedHat and Apple (Score:5, Funny)
On other news, RedHat announced it does not use Windows on its web servers and Apple announced that no employees use Windows Mobile phones.
Re: (Score:3, Interesting)
Actually, RedHat and Apple both tried to get some employees to use Microsoft computers and phones, so that they'd have people on staff that were familiar with the MS products. But most the employees flatly refused. The few that went along with the requests also quietly updated their resumes, and quit after a month or two. This can be really frustrating if you're seriously trying to test your equipment against the other major products on the market. ;-)
"Getting a new Windows machine ..." (Score:4, Insightful)
Employees wanting to stay on Windows required clearance from 'quite senior levels,' one employee said. 'Getting a new Windows machine now requires CIO approval,' said another employee."
So what they'll do is get a new linux machine, and install Windows as a "guest" OS in a second partition. It's not that hard these days, and google is reputed to have lots of smart people.
Similarly, my wife telecommutes half time, and is required to run Windows XP at home. She talked to the nice folks at the Apple Store, who explained how to set her Mac up to run virtual OSs, and installed XP in a virtual partition. It works fine. She has since taught a few others at work to do the same, and they're all pretty happy with being able to run a real OS at home and only fire up the Windows that they all hate when they need to do some "work". She gave me her castoff Windows box, which is sitting in the corner running Debian linux and functioning as our firewall/gateway/server machine (and no doubt still listed as another sale to a satisfied Windows customer by MS's bean counters).
And all this is nothing at very new, as far as the computer industry is concerned. Back in 1980, I had a job at a company that mostly used their big IBM mainframe, while the engineers were playing around with unix on some of those funny new "minicomputers". I'd worked on both, so I had the fun of getting together with some Amdahl folks, who delivered their unix that ran on top of VM. We installed it (over a lot of dead IBMer bodies ;-), so that the engineering staff could run their stuff on the mainframe. After a while, the big 360 machine with VM was running at least 10 different OSs simultaneously, with each group using the OS that best fit their needs. Granted, there were lots of fanboys who thought their OS was the one that everyone else should be using, but we just ignored them and went about our jobs. Now it's 30 years later, and the "personal computer" part of the industry is discovering this fantastic new idea called "virtual" computing that lets you run more than one OS at the same time ...
Re:"Getting a new Windows machine ..." (Score:4, Interesting)
"Cloud Computing" is just Timeshare 2.0.
Not Surprising, but when will MS ditch Windows? (Score:3, Insightful)
Every OS reaches an end point, not necessarily driven by only one thing.
Apple reached the end with the Apple II, Mac OS9, and moved to UNIX.
How is Microsoft going to break the legacy trail?
They are going to throw a chair through all the Windows, maybe?
How do you get rid of entrenched dispersed foe that attacks everything you do from inside your own OS?
How many tens of millions of user hours are wasted every year on WinPCs just with the security stuff, which still is NEVER enough?
My Guess: Never. They will Bleed Windows until competitors take their market share as users make the choice to abandon Windows.
It is truly a strange situation where the dominant player is also the most attacked and yet in the last 5 years nothing in security seems to change.
Re: (Score:3, Insightful)
Re:Not Surprising, but when will MS ditch Windows? (Score:4, Insightful)
Kernel aside, Windows 7 still has tremendous amounts of Legacy kruft behind it. The Registry is still just about the least secure and safe idea ever. NTFS is badly in need of modernization. The hardcoded folder hierarchies that underlie how Windows 7 handles files is amazingly archaic. I remember renaming and moving folders around willy-nilly in OS7 in 92. 18 years later, renaming a folder in Windows is just begging everything to break. They're up to about 60 control panels, since they can't re-organize any of them for fear of breaking other dependencies. When sharing a folder in Windows 7 you can share as a network folder share, a Windows Media share, or specific group shares, all with separate interaction points and methods. And have you looked through the Windows->System32 folder recently? Or how shortcuts are STILL handled?
Windows is a hugely bloated with old kruft that is holding it back from being as intelligent, usable, or spry as it could be. When Apple switched from OS9 to OSX, they wrote a compatibility layer that pretended to be OS9 within the new structure that they were creating. They created a little sandbox for the old stuff to play in, while they end-of-lifed it. Microsoft has traditionally added to their existing structures, so as not to break true backwards compatibility with old software. This can be fortunate... I recently had to replace a dying 386, and the software from the mid 80's ran fine on a new Vista machine. But at the same time this means fundamental properties of the operating system remain badly dated. Even small things like how the operating system handles changing icons remains the same terrible implementation that Windows 95 had.
Re: (Score:3, Insightful)
The biggest threat to Microsoft is currently FUD.
Just about the only thing which is likely to kill Microsoft is if they can't pry everyone off of XP which is an outdated, insecure pile of shit, which, for some reason, even people who know better seem to love. Even Vista for all its faults was better than XP, and Windows 7 is miles ahead of Vista. Things have changed quite a lot in the last 5 years, security wise and otherwise, but you're not going to see them if you don't leave an OS which is 9 years old.
Re:Not Surprising, but when will MS ditch Windows? (Score:4, Interesting)
You're modded funny, I think, because the treat (as manifest by FUD) is big.
Microsoft is pushing to get people off XP and onto 7 because, frankly, there's little incentive to go to 7 over something else if your internal policy has been "let's stick with XP and Office 2003 and wait for the next big release". Guess what? Moving from XP and O2003 to Linux (whether GNOME or KDE or something else) with OpenOffice is a smaller jump for most people than W7 and o2k7. And that's the problem Microsoft is facing.
Skepticism warranted? (Score:5, Informative)
Google's Windows-only software (Score:5, Interesting)
So Google employees don't use the client software they themselves produce, considering that a lot of it is still Windows-only?
I would be particularly curious about Google's own GTalk client...
Not a big suprise (Score:5, Interesting)
It has always surprised me how few companies run linux on the desktop. I have personal converted about 30 in the last 10 years, all of which were mom and pop places with less than 100 seats. Google using Chrome would not surprise me. 90% of the office desktop users dont need more than a browser, office platform, and maybe e-mail assuming the company does not have a web based e-mail. I have heard many geeks say it is not ready for the desktop based on a list of reasons but the general office user has such a small software need that it fits nicely..
The last company I migrated over to linux was a rush job. They needed it done in a short window before the inspection of there licences. I set up 1 server with home directory shares in both NFS and Samba, ldap, dns, printers, and DHCP. There were 3 desktop configs, 1) for users that had with firefox, OpenOffice, and google chat. 2) for managers that had that plus planner, and Dia. 3) was for upper management that had everything from the first two plus a few specialized things that one VP seemed to think he needed like bit torrent and an RSS feed reader.
Everyone got the basics like a calculator, archive manager, Notepad, etc.
All in all they run smooth, easy access to pen drives etc. Windows Laptops could be pointed at the server and after logging in would get the users home directory allowing them to easily move data between there laptop and the desktop. The remote home directories and ldap logins meant that users could login at any desktop and do there work. All the desktops were the same for a given group so if one failed it was simply replaced and a new image installed (Totalling about 45 min install time) Top this off with no viruses, spy ware, or bot software and the desktops were locked down with only a couple of open ports. So far every company I have done this for has loved the setup.
Re: (Score:3, Informative)
Financials (Score:3, Insightful)
I wonder what Google uses for an accounting package?
Very hard to find accounting programs that do not require Windows OS.
Re:Financials (Score:5, Informative)
Do you see now why that won't be a problem for Google?
Re:Financials (Score:5, Interesting)
I wonder what Google uses for an accounting package? Very hard to find accounting programs that do not require Windows OS.
Corporate accounting? General ledger, accounts payable, that sort of thing? No company of Google's size would do that with a Windows-based application. They would likely do accounting with SAP or Oracle, probably running in a Unix environment of some kind. Both of these have web UIs nowadays, so all the employees who need access can use any OS they want.
Desktop Administration? (Score:3, Interesting)
Most developers I know make poor system administrators, so it's hard to believe they take a completely laissez-faire approach to desktop management. Also, Google Docs seems like a really poor substitute for file shares on an enterprise NOS and directory service -- it's the "cloud" equivalent of a peer-to-peer LAN network when it comes to security structures.
Windows has little use on the desktop. (Score:4, Insightful)
As a network/systems administrator, Windows has little to no use left on the desktop any longer.
Compared to alternatives (and there are many!) common Windows machines on the desktops are costly and relatively expensive to maintain (in terms of manpower and infrastructure): you've got complex SUS arrangements (due to in-house app compatibility, usually), AD (same reasons, as well as work flow) and malware contentions - just for starters. Compare that to pointing all workstations at (say) a local Ubuntu LTS repository cache or updating from Apple. A lot can be said about Windows ACLs and its other underpinnings, but keeping things secure while allowing users to work is not one of them.
Additionally, the time and (domain) knowledge required to roll a minimalist Linux distro vs. a minimalist, locked-down Windows install (ie a 'thinclient image') is significantly different. With one, you've got a maintainable minimalist system that uses negligible resources to update; the other is pretty much a custom hack which will require significant efforts to update. I'll let you figure which is which.
The average user uses no more than 3 or 4 applications in a large environment, from what I've seen. There aren't many people who multi-role: they've got their own world and aside from a web browser, might touch one or two apps on a given day. For these apps, you've got things like Citrix Presentation Server or Windows Server 2008 remote applications. Centralize the common stuff when you can, so it's easier to maintain, update, etc.
As for Google, my experience has been (with the technical crowd) that those actually developing for Open Source type environments, having your development environment be similar to your production environment is a wee bit helpful. Aside form things like Picasa, I can't see much of a need for Windows; indeed, there's likely not even a preference for Windows at Google, short of the occasional mathematician. The yuppie post-graduate degreed geek seems to prefer Apple.
Re:I call bullshit. (Score:4, Informative)
They probably use this one [wikipedia.org].
Re: (Score:3, Informative)
I have spoken with 4 Google employees, all who have given the same information.
They are moving to Mac or Linux, employee's option.
Exceptions are only given on a case-by-case basis.
Re:MACS???!?! (Score:5, Funny)
Macs are only more susceptible to spearfishing because the monitor and body are one. Ram a spear through that and the whole machine is gone. With most windows machines, spearfishers go for the bright monitor but since the real guts of the machine is in a seperate body, it just requires replacing an ever-cheaper monitor.
Re:MACS???!?! (Score:4, Insightful)
Macs are IMO a WORSE security risk than Windows when dealing with spearphishing and other forms of targeted attacks.
How could this be true? If the system is more secure, and the user is a constant, then it's no worse "when dealing with [...] targeted attacks".
Security updates are rare.
That's not an argument by itself. When's the last time you updated the walls of your house? If it ain't insecure, don't update it.
By the way, I'm no Apple fan. I just think your arguments are ridiculous.
Re:MACS???!?! (Score:4, Informative)
Except OS X isn't more secure. That's why it's always the first gone at pwn2own competitions.
Re:MACS???!?! (Score:4, Funny)
That's because the hackers want a Mac, not some lame old Windows box.
Re: (Score:3, Insightful)
Perhaps it's easier to find a exploit for a Mac then Windows, there just aren't enough Mac's in the world to make developing one worthwhile outside a competition.
Re:MACS???!?! (Score:5, Informative)
That's because the hackers want a Mac, not some lame old Windows box.
Sorry, but the contestants do not decide the order in which they attack the target computers. They are allocated timeslots randomly to each system. The Mac fails first because they haven't implemented some of the basic security precautions that the other operating systems have.
Re: (Score:3, Insightful)
It's first gone at pwn2own competitions because it's what people want to own. Duh!
Re:MACS???!?! (Score:5, Informative)
OS X has all the nice overflows, poor to no memory protection, problems with users ect that most consumer quality OS face.
Actually not really. It's not as prone to buffer overruns as C++ or C would be, thanks to Objective-C used to write most apps.
Also with Snow Leopard, it has fairly good memory protection at this point.
And the users are more partitioned off, because there are no programs that demand you run as admin the way you find Windows programs that flake out... not to mention no open ports by default.
Wrong, here's why in this case (Score:3, Insightful)
Sorry if this is trollish, but Macs are IMO a WORSE security risk than Windows when dealing with spearphishing and other forms of targeted attacks.
Why do you think this?
From an overall security standpoint, you have:
No open ports by default.
Users who do not run as admin to run any software
Now consider targeted attacks as you mentioned. You start out with a more secure base that makes it harder to infect the system beyond a simple cleaning. Now if you are really concerned about security, what do you do?
Simp
Re: (Score:3, Informative)
Macs have been offered at Google all along - all that appears to have changed here is the elimination of Windows as an option.
Re:MACS???!?! (Score:5, Insightful)
This old myth has never been true.
Apache is more popular than the Windows web server, yet gets hacked less, which completely debunks the idea that being a market leader is the only reason Microsoft products are so shockingly vulnerable to attacks.
OS X is a GUI shell on a BSD layer on a Mach engine. Like any flavor of *nix, it was designed from the ground up to live safely in networked, multi-user environments.
It's an order of magnitude harder to hack than a Windows box, because of superior design. This has been demonstrated over and over for nearly a decade now, yet the MS fanboys continue with the silly drumbeat that Macs are only enjoying security via obscurity.
Re: (Score:3, Insightful)
Re:MACS???!?! (Score:5, Insightful)
Actually, since all platforms are hacked at the conference, it shows that the Mac is the biggest prize.
More to the point, the weakness exploited was in Safari (in all but one case) and required user intervention in all cases. For Windows, systems were compromised in ways requiring no user interaction.
So it does actually show that a Mac is harder to "pwn". It's not like the time of pwn2own means anything--the hackers have all prepared their exploits and practiced them for months in advance.
Re:I want to see the long term results of this... (Score:5, Insightful)
Windows, if administered right? There are new critical flaws found almost daily. Windows can be locked down pretty tight if you remove the network cable though. I don't think Windows has yet earned the security ratings that various *NIXes have. If I'm wrong, please show me.
I had a Linux machine I put up get hacked once though... I set up a machine for someone and told them explicitly, "CHANGE THE PASSWORD!" He agreed to. He didn't and it was compromised within two days. After that, though, it was all good. Linux seems trivial to lock down but perhaps it is because it is less of a target... or perhaps not. Time will tell. But the nice thing about Linux is that there are so many of them. Find a flaw in one, it may not apply to others and even if it does, it might require some tweaks to make the exploit work as needed. The point here is that even though machines could be compromised "as easily" it couldn't as easily be done using a massive wave of self-replicating exploits where compromised machines go on the attack automatically searching for more vulnerable machines to infect. The DNA of Linux has very healthy variations while Windows is a pygmy village just waiting for someone to kill them with the next "common cold."
Re:I want to see the long term results of this... (Score:5, Interesting)
Unpatched 5% (11 of 217 Secunia advisories)
That's the important part. Linux always has more vulnerabilities publicly found and fixed due to it being open source, a process which leads to a more secure system -- wouldn't you rather have a vulnerability found and fixed, or even found and marked "unpatched" on Securina, than found and exploited (hidden) elsewhere?
And even more important is what those unpatched vulnerabilities actually are:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
This is in the CIFS code, which presumably can be disabled. Should be fixed, but how many Linux systems actually need to defend themselves against local DoS attacks?
Tony Griffiths has reported a vulnerability in the Linux Kernel, which can be exploited malicious, local users to cause a DoS (Denial of Service).
Another local DoS. And another, and another... Yawn. Let's skip to the good stuff:
An error in the DRM (Direct Rendering Manager) drivers due to insufficient DMA lock checking can be exploited to crash the X server or modify video output.
Modifying video output could be very bad, but also very hard to exploit in a way to make it worse than rickrolling you. And again, local.
A race condition within the handling of "/proc/.../cmdline" may disclose the content of environment variables of spawning processes.
In other words, there's a race condition (hard to exploit) which may disclose sensitive information in your environment variables to other procesess you run. I honestly can't think of a single case where this would reveal anything exploitable. Clearly, it should be fixed, but right now, you're welcome to my environment variables.
A race condition within the memory management can be exploited to disclose the content of random physical memory pages.
That could be very, very bad, but also very difficult to exploit. Again, local.
The vulnerability is caused due to an unspecified error within the ide-cd SG_IO functionality. This allows a user with read-only access to bypass these permissions and perform write and erase operations on media in a drive.
So, in other words, anyone who uses an IDE CD-RW drive is vulnerable. Otherwise, you need a lightning-quick exploit to grab someone's blank media and burn something evil to it. I'm quaking in my boots.
The problem is caused due to signedness errors which can lead to integer overflows in the XDR decode functions in kNFSd. This can be exploited by sending packets with a write request larger than 2^31, causing the system to crash.
In other words, doesn't affect people who don't run NFS, or specifically kernel NFS (there's a userland NFS now). Oh, and you need to be on the local network.
Various functions in the IEEE 1394 driver contain integer overflows within the memory allocation scheme. This can potentially be exploited via specially crafted requests, which may cause a large amount of data to be copied into an insufficiently sized buffer.
That's probably the most serious one I've seen -- possible privilege escalation -- but what privileges do I have to have to access the raw FireWire device anyway? I bet most users can't.
So that brings it down to, what, one actually unpatched vulnerability that I'd be worried about. And it's still only local, and still a bitch to exploit.
Now let's try the Windows ones. One is a remote exploit, which can be triggered merely by convincing an Aero user to view a given image. Another is a remote exploit which may allow people to manipulate SSL-encrypted streams.
Security is not and never has been about numbers -- I only need one serious exploit.
Also worth
Re:I want to see the long term results of this... (Score:5, Informative)
No, the number of unnecessary and undesirable services automatically deployed with Windows operating systems is quite profound. The automatic sharing of the C: drive as \\hostname\c$\, for example, has been nearly impossible to turn off for even a competent systems administrator without ripping out parts of the operating system you may want.
Shall we review the security risks of the almost mandatory use of dynamic DNS associated with Active Directory? Or the very poor security models of overburdening the Kerberos server underlying Active Directory with graphical and non-security related tools which have _nothing_ to do with that absolutely critical security service, yet are mandatory with the Windows "Server" releases required to run an Active Directory server? Or the denial of service attacks possible against an Internet-exposed Exchange server because it simply cannot handle a reasonable amount of direct SMTP traffic, especially broadly distributed spambots?
The Linux boxes simply do not run all these services and have all these vulnerabilities when they come out of the box because they don't _activate_ such services without giving the owner a patch to patch their systems. And users are not forced to run "Internet Explorer", that festering cesspool of security vulnerabilities, because someone locked the software update mechanism to a web browser with too many "features" to possibly secure.
Re: (Score:3, Interesting)
The automatic sharing of the C: drive as \\hostname\c$\, for example, has been nearly impossible to turn off for even a competent systems administrator without ripping out parts of the operating system you may want.
have to disagree, most competent admins know how to search knowlegde base articles. Took all of about 8 seconds to find the KB articles that describe the registry settings in detail. eg. heres the windows 2003 one. http://support.microsoft.com/kb/816524 [microsoft.com]
Re:I want to see the long term results of this... (Score:5, Interesting)
Or the denial of service attacks possible against an Internet-exposed Exchange server because it simply cannot handle a reasonable amount of direct SMTP traffic, especially broadly distributed spambots?
That is so true. Our Exchange server was falling over at least a couple times a week, even though it was on a fresh install on good hardware and run by a competent admin. It just couldn't stand up to all the dictionary attacks and other jackassery thrown at it. I installed a FreeBSD+Postfix server in front of the Exchange server and configured it to learn which usernames were valid on the Exchange, set up Spamassassin, and let it go. We literally haven't had a single unplanned outage on Exchange since that day.
Re:I want to see the long term results of this... (Score:4, Insightful)
Anybody who runs Exchange bare ass to the outside world is out of their minds. Any kind of medium length joe job or dictionary attack will take it down. Exchange isn't the only one. An ISP I used to work for used IMail for Windows as its primary client mail server, and it too was susceptible to these attacks. We played around with a lot of parameters before we went to a Postfix-Exchange gateway. The irony was at the time we were running our Windows servers are state-of-the-art (for the time) Pentium IVs, and both Exchange and IMail could easily be overwhelmed by dictionary attacks, to the point where the two Windows servers would become hopelessly unresponsive. I built a Postfix server running on top of Linux on an old Pentium II with 256mb of RAM, and had it feed to Exchange and IMail, and that little bastard just couldn't be brought down. In part I suspect that it was the crappy databases that Exchange and IMail used, which could be overwhelmed by a large number of queries, but in part I really do suspect that Windows Server's TCP/IP layer just isn't as resilient as Linux's or BSD's.
At any rate, building a Postfix gateway from a fresh FreeBSD or Debian install takes about an hour or two, you can throw stuff like SpamAssassin on there, and it works great.
Re: (Score:3, Funny)
Update: Apparently it was just Ballmer who ditched use of Google in 2004.
Re: (Score:3, Insightful)
That explains why they have no clue about whats going on.
Re:Unsurprising (Score:4, Insightful)
"turned into a liability"
Windows has always been a shoddy liability. Unfortunately MS has an incredibly good marketing team, that can literally sell fridges to Eskimos.
Re:Um . . . OK . . . we all care because . . . (Score:4, Insightful)
No, you've got it backwards. It is Microsoft who are on a jihad against all things non-MS.
Embrace, extend, extinguish... remember?