One day in April, David Green, the president of a party supply firm in Oklahoma, needed to authorize a bank transfer. Green’s company has a policy about online banking: Never do it on a Windows machine. But according to an account by tech security reporter Brian Krebs, Green was home sick and didn’t have access to his company Mac. So he used his Windows PC at home to log in to his firm’s bank account.
Can you see where this is going? Green’s kids use that Windows computer to browse the Web and play games, and it was pretty thoroughly infected by malware. When Green entered his company’s banking password, the computer sent the credentials to far-off crooks. A few days later, they logged in to the account and stole $98,000. Green’s firm is now scrambling to recover the money.
What does this story tell us? You could say it proves that Windows isn’t safe for work. As Krebs notes, Windows is the main target of thieves who are trying to steal banking passwords; if you’re on any other system, their malware simply won’t run. Indeed, this is true for most malicious software. Operation Aurora, the attack by Chinese hackers that targeted Google and other tech companies last year, exploited a security hole in Windows versions of Internet Explorer. At Google, the flaw was reportedly activated when an employee in China clicked on a Web link he received in an instant message. When Internet Explorer loaded up the site, the code made its way into Google’s network, eventually infecting key computers at the company’s California headquarters.
Now, according to the Financial Times, Google is phasing out Windows for its workers and encouraging everyone to use Mac or Linux machines instead. The message here seems clear: If even Google’s employees—some of the most sophisticated computer users in the world—can’t be trusted to use Windows safely, how can anyone?
But that’s the wrong way to think about what happened to David Green and to Google. The problem with Windows isn’t that it has a lot of security holes; the problem is that it doesn’t have a very good security plan. And though Apple partisans would disagree, this is true of the Mac, too. Both operating systems were designed to run any program at any time without much user consultation. Not only that, but both Windows and the Mac OS give applications access to most parts of the computer—the file system, the Internet—as pretty much a default condition of being invoked. It’s no wonder our machines are overrun with bad code. They’re practically begging for it.
Fortunately, the days of such open access are coming to an end. Modern operating systems designed for the Web age—like the iPhone OS, Android, and Google’s upcoming Chrome OS—were built from the ground up with security in mind. These operating systems include many specific measures to make it much more difficult for hackers to run unauthorized code. As the world switches over to these new operating systems, we might find that malware will become a much smaller problem.
To understand what makes these new operating systems more secure, consider how the typical Windows computer works. Need a new program? All you have to do is download it from the Web and install. Sure, the OS will ask you if you’re sure you want to go ahead, but we’re all trained to mindlessly click past the warnings. Over time, as you download lots of different apps from all over the Web, you collect a pile of digital junk. At any given moment, you’ve got dozens of programs that you don’t know about running simultaneously, and they’re all free to ruin your machine (or your life) whenever they’d like. That’s part of the reason why your computer appears to slow down after years of use—it’s clogged with junk. Eventually you’ve got to buy a new machine or reinstall your OS in order to get it working right again.
This problem is not specific to Windows. We rarely hear about malware infecting the Mac, but that’s mainly because only around 5 percent of computers in the world are running the Mac OS. Hackers attack Windows for the same reason that robbers target banks—that’s where the money is. But there isn’t much inherent in the Mac’s design that makes it less vulnerable to attack. Macs have the same installation process as Windows computers—they’ll run anything you find online, and once the program is running, it can do almost anything. Macs can be—and are—infected by bad stuff, and if lots of individuals and companies follow Google’s lead and adopt the OS, surely the attackers will follow.
Modern operating systems take a completely different approach to security. “A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user,” says the developer manual for Google’s mobile OS. That’s a long-winded way of saying that Android restricts programs from performing a whole lot of actions. An app running on Android has access to only a certain subset of files and hardware functions. The app must also declare its intentions beforehand; a user gives the app certain permissions when it runs, and the app can’t extend beyond those permissions. This makes it more difficult for a program to act as a Trojan horse—to pretend to be innocuous but later turn malicious.
The iPhone OS (which is also the operating system for iPads and the iPod Touch) and Google’s Chrome OS work similarly. The term for this security method is “sandboxing“—every app on the system runs in its own restricted sandbox, and it’s barred both from playing in other sandboxes and from having free rein on the playground.
Sandboxing doesn’t make an operating system impenetrable. Researchers have demonstrated ways to infect the iPhone through a malicious Web page, and they’re set to show a potential major vulnerability in Android at the Defcon security conference in July. * [Update, June 4: A Google spokesman points out that the researchers’ attack works only if they somehow get “root level” access to a user’s phone, which is not easy to do from afar.] But these OSes have several other ways to prevent bad stuff from infecting your machine. They all provide apps through a central repository—the App Store in the iPhone, Android Market, and Chrome OS’s Web Store—and they restrict background apps, meaning that apps you’re not actively using have very limited permissions on the system. This makes it much more difficult for some secret app to be doing stuff without your knowledge. All these operating systems also have a much better updating and backup model than their desktop counterparts. They stay up-to-date virtually automatically, and they ensure that your data is backed up to another computer or, in Google’s case, to the Web. This reduces the damage that an errant program may cause.
While these new operating systems don’t offer perfect security, they are an improvement over today’s standard—the difference between Android and Windows is the difference between having a lock on your door that could be picked and keeping your door unlocked. There are obvious downsides to the sandbox model, however. A computer that prevents apps from doing what they like may also prevent you, the user, from doing what you like. This is especially true in the case of the iPhone. The stuff that makes the iPhone OS safe is also what allows Apple to arbitrarily decide what you can and can’t do with your phone. Want an app that shows you pictures of sexy women? Sorry, Steve Jobs won’t let that fly, even if it poses no danger to your phone. Chrome OS, on the other hand, has a nice way to deal with the restrictions that come with enhanced security: There will be a hardware switch on the computer to enable “developer” mode; hit the switch and you can do whatever you like.
Also note this caveat that goes along with every advance in computer security: Nothing keeps attackers at bay for long. “Every measure that security vendors come up with will be worked around by the hackers,” says Joe Stewart, the director of malware research at the computer security firm SecureWorks. “Any time a programmer makes a single mistake, that’s an opportunity for exploitation.” He adds that even if we manage to fix holes in our computers, the people using the machines will still be vulnerable—no computer in the world can stop a user from accidentally giving out his Social Security number to people who claim to be legit.
Still, from now on I’m doing my online banking on the iPad. I may not be able to download any programs that Steve Jobs finds objectionable, but at least I don’t have to worry that somebody’s going to steal my password.
Correction, June 4, 2010: This article originally reported that researchers were set to reveal a “major” vulnerability in Google’s Android OS. While the researchers have found an Android vulnerability, it works only if a hacker somehow gets “root level” access to a user’s phone, which is not easy to do from afar. (Return to the corrected sentence.)