Threat Management, Threat Intelligence, Malware, Vulnerability Management

Experts react to Google’s reported Windows phase-out

Many security experts are racing to the defense of Microsoft after Google reportedly decided to phase out the internal use of Windows following a successful hacker attack disclosed earlier this year.

But many in the security vendor community are questioning Google's justification for scrapping Windows platforms in place of Mac or Linux systems.

Some have argued that any operating system can fall victim to a targeted attack and just because one particular platform is less targeted than another does not make it any more secure.

Others have blamed the attack, which took advantage of a zero-day Internet Explorer (IE) 6 vulnerability, not on Microsoft, but on Google for running out-of-date versions of the popular web browser.

"First of all, Google didn't get broken into because they were running Windows," wrote Costin Raiu, director of the global research and analysis team at Kaspersky Lab. "They got hacked because they used IE6, a product that is 9 years old. Google fell victim because they didn't follow the most basic security advice we recommend for our users, which is patch and use a modern browser, like IE8 or Firefox."

Meanwhile, Dave Marcus, security research and communications manager at McAfee Avert Labs, said in a blog post that intelligence gathering and effective social engineering are all it takes to perpetrate such an attack.

"Sure, the attackers used a very effective zero-day vulnerability," he wrote. "And, certainly, they used lots of evasion techniques in delivering the payload. But the real vulnerability has not been discussed. People were the weak link."

"If determined attackers and gatherers of intelligence invest the time to get to know their targets – their behaviors, likes, dislikes, technical backgrounds, job roles, etc.– the actual exploit is trivial," Marcus added. "All they have to do is get their victims to click a link. The more they know about their targets, the more likely users will click it."

Google has not confirmed the scale-back, first reported Monday by the Financial Times, only to say it is constantly "working to improve the efficiency of our business, but we don't comment on specific operational matters."

In a brief blog post written Tuesday, Brandon LeBlanc, Windows communication manager, said the "facts don't support the assertion" that Windows is more prone to hacker attacks and malware. He cited praise from many in the research community about increased protections built into the latest versions of Internet Explorer.

He also referenced a blog post Monday from security firm Intego, which warned of a high-risk spyware application targeting Mac computers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.