tsJensen

A quest for software excellence...

Google’s Folly

If you leave your door unlocked and someone enters your house for nefarious purposes, can you blame your lock manufacturer? Will you switch to a new brand of lock? Or if you open the door and pickup the the strange package you weren’t expecting from your doorstep, take it into your home and open it, do you sue the contractor or architect who built your house when it explodes? Do you declare your house to be unsafe and abandon it to live in a shed?

Well, it seems that if you’re Google, you do.

PC World reports today that Google has announced by leak that they will abandon Windows, blaming Microsoft for the Chinese invasion they suffered in January. Anyone with the slightest bit of brains knows this is an economic and political stunt and has nothing to do with security. The Trojan that Google claims allowed the Chinese hackers into their computers was, according to Symantec, entirely preventable.

Now, five months later we learn that rather than admitting the embarrassing fact that they either left the door unlocked (had un-patched machines) or invited the hackers in (opened attachments on vulnerable machines), Google is announcing that they will toss out their rival’s OS to spite their own face. Instead they will jump on the Linux for the Desktop and Mac OS bandwagon.

That’s fine. It’s a free country. But Google is just as big a target now as they were then and any honest security expert will tell you that Linux and Mac OS vulnerabilities exist and are ripe for exploitation. When Google is attacked again after having put its head in the sand, who will it blame then?

The bottom line is that you cannot blame your security failures on the lock manufacturer or the contractor who built your house if you’re not even willing to lock the door or question the anonymous package left at your doorstep. This is Google’s folly. They have opted for an effectively placed marketing jab against an opponent while leaving their left flank exposed for another Chinese hack attack. When it comes, will they blame the President of the United States or the Secretary General of the U.N.? Or will Google take responsibility for its own security?