So, allegedly, Google has told it’s employees to get off of Windows due to vulnerabilities in the operating system. That leaves then with a choice of Apple’s Mac OS X or a variant of Linux (there are other but…). It’s an interesting statement to make if it’s true. Then I stumbled across Jason Perlow’s article on why he finally moved from Windows to Linux. What’s interesting in the article is he seems convinced it was some sort of malware in Windows that caused his problem, despite not being able to find it. My guess is it probably wasn’t.
A different headline compared to the one in April where a ‘security expert’ (that’s what it says in the article) stated:
Are they [Microsoft] the model that other companies are following?
Maiffret: From an internal process in how they go about auditing their code and securing software from a technical perspective, they do have one of the best models. The area they still have room for improvement is around time lines of how long it takes for them to fix things. We see time and time again when somebody responsibly reports a security problem to Microsoft it takes many, many months, if not upwards of a year, to get these things resolved. Should there be some new zero day critical emergency, we see they are able to get something out within a couple of weeks. You look at companies like Adobe and they are where Microsoft was 10 years ago.
In what way exactly?
Maiffret: Adobe, and even Apple, is a good example. They are starting to get black eyes with people saying Adobe is a bigger worry than Microsoft is at the moment, which I agree with. As those things are happening, Adobe and Apple and other companies are starting to pay attention and care more. But a year ago, it was still very much a marketing thing. People from both companies treated it as a marketing problem. They didn't have good technical structures behind the scenes. Now they are staffing up and hiring industry notables like Window Snyder [ex-Microsoft security employee recently hired by Apple]. They've really only begun in the last six months or so taking security seriously and understanding that it impacts their business in a serious way.
And you think Apple is taking it seriously too now?
Maiffret: Oh yeah. It's even a little scarier with them because they try to market themselves as more secure than the PC, that you don't have to worry about viruses, etc. Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability. If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don't see more attacks out there compared to Microsoft is because their market share isn't near what Microsoft's is.
So Windows is more secure (according to him). There’s the key point everyone seems to forget: it’s installed on 90% of the world’s desktops. That’s around a billion machines. That’s why it suffers more infections, because nobody bothers going after the other operating systems, the market share doesn’t make it worth it. Now, I’m not Microsoft fan, but I’ve tried OS X and Linux and I keep coming back to Windows (although I’m going to give Ubuntu and Linux Mint a run again soon). So you can add that it’s also a very easy to use operating system compared to the others as well (I find).
Personally, I don’t run anti-virus software, I haven’t for at least a decade. It slows my PC down too much. I have my firewall switched off, I rely on the one built in to my router. I have no anti-spam software installed. The only time I have been infected in that time was on my work PC, which ran XP, and had anti-virus installed. The whole was in Adobe’s Acrobat Reader, they knew about it (I subsequently found out), but were very slow in releasing a patch. Even then I could have avoided it by simply not having an account with administrator permissions.
The biggest threat to security in any computer system isn’t the software, it’s the idiot using it.