On the road to operating-system glasnost

What if they wrote an operating system, and nobody logged on? In May 2005, I wrote a column called “Mad as hell, switching to Mac.” A lot of folks got mad as hell at me, but not nearly as many as those who began migrating to the SOW – Something Other than Windows – operating system. My reasons for migrating my company (and friends, and clients) to OS X were based on security issues, from malware to availability.

Then along came Core Duo. Even Walter Mossberg, The Wall Street Journal‘s geek curmudgeon, called the first generation of Apple-Intel gear the finest-engineered computer in the history of the universe (slight literary license). OS X was already considered a rock-solid platform, but with the migration to an Intel platform, suddenly the Mac was no longer just a Mac; it had entered mainstream consciousness.

Now along comes Vista. The bad news is that to take advantage of Vista’s aero look/feel and other enhancements, some serious hardware is required. That’s money. The bad news is that the reviews seem to agree: Vista is a nice, pleasant XP makeover, but is it worth the new software and licensing fees? That’s money.

The bad news is that Microsoft is trying to implement its own security. The European Union and top security firms are furious about the kernel lockout, thus allegedly keeping many third-party developers from offering Vista security products. The bad news is “who wants to migrate an enterprise to Version 1.0” of anything that can affect negatively operations and security because of unknown glitches we expect in first releases. The bad news is that Vista and the new Office are so different as to require additional employee training. That’s money.

In addition, along comes virtualization. Virtualization software for running Windows on Linux and Macs from start-up Parallels is yet another major step toward complete operating-system glasnost: the total openness of choice of operating system on single hardware platforms based on applications and operational needs rather than contrived functional availability.

Virtualization is perhaps the single greatest security tool of the third millennium. Consider this: Assuming you can budget new hardware for a pilot rollout, get Macs. Kill the old PCs (tax benefits?) and use the XP licenses on new partitions. Just for giggles (but not necessary), install Linspire Five-0. Cost: about the same as or less than a Vista-ready WinTel PC, and you get three distinct operating environments, each with its own pros and cons – such as security. Then, make four rules:

* Never touch the Internet with the Windows side of your Mac/Intel/Win/Linux/PC. You will achieve pretty decent Internet security from the Unix-based Mac/Linux side. A well-configured Google and open source desktop makes a fine additional layer of defense to Internet application server protection.

* Use only Mac Office or OpenOffice. Viruses and worms cannot (yet) migrate in OS X and Linux. Use that as a free security advantage. Are the apps 100% compatible? For superadvanced application use, this might not work. But it all is getting better.

* Use only browsers in the OS X and Linux partition. We generally don’t care if home users who access our applications are PC, Mac or Linux. We shouldn’t internally, either.

* Use only the PC/XP partition for those applications that absolutely must be Windows based.

What will you achieve? Operating-system glasnost – the opening of the desktop to operate in any domain, with increased security, letting management have a wider range of application options. A platform you can tailor to your application needs across three environments, putting the choice back into the hands of management. (You will find that in many cases only one robust environment is needed, but it’s nice to know you can do anything you want.) Cost reductions in security licensing and security application compatibility. Less reliance on the user to do things right. By removing the fertile agar environment of WinTel for all applications, the security risks will go way down.

Is this perfect? No. Is it a tradeoff? Sure. Is it doable? Yes. If you’re looking for the Vista/OS X appearance (you gotta get new hardware anyway) and to lower costs and maintain existing architectures, give this pilot a try. Then let me know how it goes.

Schwartau is a security writer, lecturer and president of Interpact, a security awareness consulting firm. He can be reached at winn@thesecurityawarenesscompany.com.