Will enterprise open source adoption trigger malware migration?

Recent reports have detailed Google’s actions to phase out the internal use of Microsoft’s operating system for security reasons following targeted attacks that the company has experienced. The targeted espionage attacks took place in January of this year and were carried out with the aim of gaining access to the Gmail accounts of Chinese human right activists.

Now as Google employees consider the option to select either Apple Macs running OS X or PCs running the open source Linux operating system, the question is whether other corporations will follow this practice.

If enterprise roll out of open source and Apple’s OS X operating system markedly increases, then will the relatively small amount of malware targeting these platforms increase by a proportionate amount?

Whether you agree with Apple CEO Steve Jobs when he talks of Windows being in “permanent decline” or not, the reality is that on balance Mac and Linux are not more secure than Windows. They’re just less targeted. For now that is.

Most would argue that Apple’s heavyweight consumer branding and advertising will always position the company’s products in the hands of the home user or the creative design field. But enterprise open source and the various “flavours” or distributions that it comes in is gaining ground fast.

The espionage Trojan that came knocking on Google’s door could easily be remodeled and re-spawned as a Linux variant of its former self.

So is this likely to become a reality and will we see a new tide of malicious content start to grow for platforms other than Windows? I spoke to Mickey Boodaei who is CEO of secure browsing services company Trusteer to get some comments on the wider implications of this story.

“Products that are widely used are more likely to be tested for security flaws and are more likely to be attacked regardless of whether they’re open source (or Apple Mac OS X) based or not. A company’s decision to adopt a platform from a security perspective should be never based on whether it’s open source or Mac or Windows. It should be based on whether you have the right tools and processes to secure the platform,” said Boodaei.

Perhaps it is no coincidence then that Trusteer does produce a security product for Mac. But Boodaei’s comments are quite even handed, so the best advice for all of us is clearly to watch what we click and, where, free security software is available for any platform (and there is plenty) that we should install that as our first move.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

This announcement being that they are dumping Microsoft Windows operating system on the grounds of security concerns.REALLY?Let’s dance, on this for a moment. Let’s suppose that Google had never used Windows in the first place. Normally, the reason to use another product is that you consider you have found something better or as a business something that does what you need and provides a better return on investment. What you don’t normally do though is tell the world, the reason is Corporate Advantage. Having been in the computer world for some time, initially early nineties, companies were ok about you telling other potential customers if they used your products. However, this changed and companies didn’t want other companies to know. One reason is what I have already mentioned, the other is in today's connected world, fear of attack, and if your enemy knows what you use and that product has security holes, then you could well be compromised. You don’t want the world to know this and you certainly don’t want the world to know you’ve been the target of what must be assumed to be a successful attack.So, why are Google doing this? Some kind of favour to the world at large saying look we are dumping Windows because we got hacked and we think that it’s got security problems. No, Google are going this out of no other reason than to try to hurt Microsoft, but that’s business. However, I think the concern here is that given that Google say they are taking action and removing Windows from their internal computers, I think the bigger concern lies in the fact that the attack has occurred, from their noisy actions it was successful, even perhaps only to a degree, but Google a company that has been allowed to stockpile the worlds information ultimately for its own gain, has lost information to an attacker. This suggests that Google weren't clever enough to secure Microsoft WIndows, yet they can produce a browser, a desktop and phone operating system and we are to trust this companies software with our lives and businesses.Google seem to the fairly laying the blame at Microsoft, but there is nothing here but marketing, just like the latest quote from the reality distortion field of Mr.Jobs, who should be grateful to Microsoft that Apple is still here.Any OS is as secure as you wish to make it, and security considerations are always trade-offs between ease-of-use and risk. There has to be balance, telling the world your competitions products are insecure is unprofessional and perhaps the true Google colours are starting to show through.
Thank you for your comments Geoff,I think you have encapsulated it with this comment:"Google are going this out of no other reason than to try to hurt Microsoft, but that’s business.I think the bigger concern lies in the fact that the attack has occurred, from their noisy actions it was successful, even perhaps only to a degree."Very thought provoking.Adrian
One of these comments is killing me, but I will not turn this into a pointless argument. Thanks for the good post.