Beruflich Dokumente
Kultur Dokumente
Operatingsystemcomparison:TheWindowsOSsecuritydebate
SearchMidmarketSecurity
The security debate between Linux, Mac OS X and Windows got even more heated when Google ended its internal use of Windows. Tom Chmielarski explains when an
organization may (or may not) be ready for a change in operating systems.
http://searchmidmarketsecurity.techtarget.com/tip/OperatingsystemcomparisonTheWindowsOSsecuritydebate
1/6
27/7/2016
Operatingsystemcomparison:TheWindowsOSsecuritydebate
u
c
s
o
i
n
2
SearchMidmarketSecurity.com reader: Google made some waves when they began ending internal use
of Windows. Why was that the case, and will the shift in operating system make a difference? Can you
do a quick operating systems comparison?
Sign in for existing members
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
corporate email address
Continue Reading
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact
TechTarget at 275 Grove Street, Newton, MA.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the
Privacy Policy.
http://searchmidmarketsecurity.techtarget.com/tip/OperatingsystemcomparisonTheWindowsOSsecuritydebate
2/6
27/7/2016
Operatingsystemcomparison:TheWindowsOSsecuritydebate
Tom Chmielarski, resident security expert: Google began a move away from Windows on the desktop earlier this year, according to a report by the
Financial Times. This change is reportedly driven by security concerns and by Google's desire to use its own products, including Chromium, the
upcoming Linux OS from Google.
Before considering the ramifications of this shift, however, let's consider Google itself. Google is atypical of many organizations and is not
necessarily a good reference model for your organization; they have very large Linux server farms and the experience and tools that go with that, as
well as a large number of qualified Linux support personnel. They have also developed two Linux-based OSes (Android and Chromium OS). It is
worth noting that Chromium OS has an emphasis on Web-based computing.
Rather than speculating too much on Google's motivations, which I do not know, let's consider the following questions:
Will it make a difference to change operating systems?
And, by extension, is that kind of transition something you should consider for your organization?
The debate regarding Linux versus Mac OS X versus Windows is a heated one, and I won't solve it here. I will emphasize, however, that workstation
security depends on far more than the security of the OS itself. As for an operating system comparison, Windows has the largest market share of
OSes, the old argument goes, and is therefore the most attacked. This means the vulnerabilities within the various Windows versions are more likely
to be uncovered and used.
Linux and OS X both have security problems of their own, though. Apple, from a straightforward numbers perspective, has had more security
vulnerabilities in 2010 than Microsoft. However, the use of vulnerabilities as a numerical indicator of security is much debated as well.
Security of the desktop is important as the desktops are an entry point to your organization and frequently contain sensitive data. (Chromium's
emphasis on Web services, such as Google Docs, might help shift more of that sensitive material to centralized servers that are, in theory, more
secure.) At a high level, the security of those endpoints depends on several factors including:
How secure is the underlying OS?
How securely is the OS configured?
How well is the OS managed to prevent configuration drift and ensure patches are applied?
How secure are the applications running on that OS?
What privileges do users, and user-space applications, have to modify the operating system?
How prone are your users to make poor security decisions?
The choice of operating system (Linux/OS X/Windows) only pertains to the first two items in this list, although they are two very important
considerations. This leaves us with configuration management, user rights management and application security. Basic systems management of
Windows desktops is relatively easy, and your typical IT person can do it or pick it up with a little reading. The complexity of Windows administration
is somewhat deceptive, though, since it's much easier to get basic management functions working ( WSUS, for example) than it is to do the
configuration and management reliably and securely.
http://searchmidmarketsecurity.techtarget.com/tip/OperatingsystemcomparisonTheWindowsOSsecuritydebate
3/6
27/7/2016
Operatingsystemcomparison:TheWindowsOSsecuritydebate
Linux management is trickier, and the number of subject matter experts available to hire is much smaller. Does your organization have the tools and
skill sets required to securely manage Linux workstations? Given the normal IT emphasis of "more with less" and "do it yesterday," it's not surprising
that many organizations have poor systems management practices and barely any asset management.
Limiting user rights -- not letting everyone have local administration rights -- is an important security precaution. This model is fairly common in the
Linux world. Windows deployments, however, frequently give every user local administrative rights, which means malware is more easily able to
install itself. Windows Vista and Windows 7 offer improved user account control features, but they are too frequently ignored in lieu of the
convenience of letting everyone have complete control of their own desktop.
The security of the application is much less important if it doesn't have the ability to modify the OS or access the data stored on that system.
Adobe's recent announcement that Adobe Reader will use sandboxing to control access to the OS is an example of an (attacked) application
vendor's response to security problems.
User education, which is mostly non-technical, is another important consideration. You're not likely to succeed in securing the workstations if your
users are prone to respond to 419 scams, open email attachments from people they don't know, and install random software from the Internet.
To determine if a move to Linux or Mac OS X is right for you, consider your ability to manage and otherwise support Linux desktops. You'll also need
to ensure your applications and users can function in a Linux environment.
Lastly, as I noted above, a shift to cloud computing, if you assume the cloud itself is secure, has a security benefit of removing some sensitive data
from that endpoint. If, however, an attacker gains user credentials by compromising the endpoint and monitoring user activity, then that benefit is
largely negated.
NEWS
EVALUATE
MAN A GE
PR O BL EM S OLV E
2
2
2
2
Load More
z 1comment
Oldest5
Shareyourcomment
http://searchmidmarketsecurity.techtarget.com/tip/OperatingsystemcomparisonTheWindowsOSsecuritydebate
4/6
27/7/2016
Operatingsystemcomparison:TheWindowsOSsecuritydebate
Register or Login
E-Mail
email@techtarget.com
Username / Password
Username
Password
Comment
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the
United States. Privacy
-ADS BY GOOGLE
SECURITY
CLOUD SECURITY
NETWORKING
CIO
CONSUMERIZATION
ENTERPRISE DESKTOP
COMPUTER WEEKLY
SearchSecurity
Experts say NIST deprecating SMS 2FA is long overdue
http://searchmidmarketsecurity.techtarget.com/tip/OperatingsystemcomparisonTheWindowsOSsecuritydebate
5/6
27/7/2016
Operatingsystemcomparison:TheWindowsOSsecuritydebate
America's National Institute for Standards and Technology is advising the deprecation of using SMS-based two-factor ...
Building an effective application security program can be daunting. Sean Martin talks with experts about the best first steps ...
About Us
Contact Us
Corporate Site
Events
Guides
Experts
Privacy Policy
Reprints
Opinions
Advertisers
Archive
Photo Stories
Business Partners
Site Map
Media Kit
E-Products
Videos
All Rights Reserved,
Copyright 2009 - 2016, TechTarget
http://searchmidmarketsecurity.techtarget.com/tip/OperatingsystemcomparisonTheWindowsOSsecuritydebate
6/6