If Google stops trusting Windows, can Windows users trust Google?
The story at the Financial Times is that Google has quietly stopped allowing their internal users – developers, testers, etc – to use Windows operating systems. Allegedly this is because they can’t trust the operating system after the “Aurora” attack earlier this year, in which systems at Google (and other companies) were compromised to steal credentials, email and source code.
Others have already pointed out that this makes little sense – for various reasons:
- The attack was performed through a Trojan – that mostly means that human weaknesses were as much a part of the vulnerability as any technical issues. [I don’t see Google getting rid of people as a result]
- The attack used multiple points of entry, including PDF files and Internet Explorer bugs – with the IE flaws being reliably exploited (and a reliable exploit is needed if a Trojan is to be successful) only in IE6.
- The penetration through IE6 – the only operating system component under attack – was successful because the systems were not only running an outdated browser with outdated protection (IE6), but also because the users were running as unprotected administrators. [Again, I don’t see Google getting rid of those users, or requiring staff to not be Administrator on their own systems]
Me, I’d like to think that this is just a bogus story – all operating systems have flaws, and when you’re protecting against an attack that is targeted against your company, rather than scattershot against an operating system at random companies, the protection afforded by running a non-majority OS is pretty much wiped out. In addition, a managed installation of Windows (i.e. a domain) provides for far greater corporate control that can be used in instances of attack to tighten security settings, or to monitor more closely the configuration and activities of those systems. Other operating systems just don’t have that level of manageability. So it seems likely that this is just some bluster on the part of the “Anyone but Microsoft” crowd, than actual corporate policy.
Or it could just be that Google wants its employees to run the Google Chrome OS more, or perhaps even that Google wants to spread its bets across different platforms – all of these would be good reasons.
But the question in my title remains – if Google does stop trusting Windows, and stop using Windows, what does that mean for Windows users? It would mean that testing of Google’s sites and applications under Windows would be an afterthought, rather than a focus. Instead of Windows being present in some part at all stages of development, Windows would be another Quality Assurance step - “now that we’ve built it, does it work on Windows without too many problems?”
It’s totally up to Google as to whether they wish to make that happen – certainly, if they see the bulk of their user-base coming from systems other than Windows, it would make sense to focus on those. But if you’re a Windows user, I hope this story makes you anticipate this as a possible behaviour, and one that could leave you without access to the Google resources – apps, documents, storage, email – upon which you rely.
So, what can you do?
Plan your exit strategy. How will you migrate your data away, and what will be your alternate applications? Or will you switch operating systems to follow Google? How will you decide when the time has come to make that change?
Of course, you can extend this discussion – what is your plan, Apple users, for when you have to choose between Apple and Adobe? That one may come sooner than any Google / Windows split.