One day in April, David Green, the president of a party supply firm in Oklahoma, needed to authorize a bank transfer. Green's company has a policy about online banking: Never do it on a Windows machine. But according to an account by tech security reporter Brian Krebs, Green was home sick and didn't have access to his company Mac. So he used his Windows PC at home to log in to his firm's bank account.
Can you see where this is going? Green's kids use that Windows computer to browse the Web and play games, and it was pretty thoroughly infected by malware. When Green entered his company's banking password, the computer sent the credentials to far-off crooks. A few days later, they logged in to the account and stole $98,000. Green's firm is now scrambling to recover the money.
What does this story tell us? You could say it proves that Windows isn't safe for work. As Krebs notes, Windows is the main target of thieves who are trying to steal banking passwords; if you're on any other system, their malware simply won't run. Indeed, this is true for most malicious software. Operation Aurora, the attack by Chinese hackers that targeted Google and other tech companies last year, exploited a security hole in Windows versions of Internet Explorer. At Google, the flaw was reportedly activated when an employee in China clicked on a Web link he received in an instant message. When Internet Explorer loaded up the site, the code made its way into Google's network, eventually infecting key computers at the company's California headquarters.
Now, according to the Financial Times, Google is phasing out Windows for its workers and encouraging everyone to use Mac or Linux machines instead. The message here seems clear: If even Google's employees—some of the most sophisticated computer users in the world—can't be trusted to use Windows safely, how can anyone?
But that's the wrong way to think about what happened to David Green and to Google. The problem with Windows isn't that it has a lot of security holes; the problem is that it doesn't have a very good security plan. And though Apple partisans would disagree, this is true of the Mac, too. Both operating systems were designed to run any program at any time without much user consultation. Not only that, but both Windows and the Mac OS give applications access to most parts of the computer—the file system, the Internet—as pretty much a default condition of being invoked. It's no wonder our machines are overrun with bad code. They're practically begging for it.
Fortunately, the days of such open access are coming to an end. Modern operating systems designed for the Web age—like the iPhone OS, Android, and Google's upcoming Chrome OS—were built from the ground up with security in mind. These operating systems include many specific measures to make it much more difficult for hackers to run unauthorized code. As the world switches over to these new operating systems, we might find that malware will become a much smaller problem.
To understand what makes these new operating systems more secure, consider how the typical Windows computer works. Need a new program? All you have to do is download it from the Web and install. Sure, the OS will ask you if you're sure you want to go ahead, but we're all trained to mindlessly click past the warnings. Over time, as you download lots of different apps from all over the Web, you collect a pile of digital junk. At any given moment, you've got dozens of programs that you don't know about running simultaneously, and they're all free to ruin your machine (or your life) whenever they'd like. That's part of the reason why your computer appears to slow down after years of use—it's clogged with junk. Eventually you've got to buy a new machine or reinstall your OS in order to get it working right again.
This problem is not specific to Windows. We rarely hear about malware infecting the Mac, but that's mainly because only around 5 percent of computers in the world are running the Mac OS. Hackers attack Windows for the same reason that robbers target banks—that's where the money is. But there isn't much inherent in the Mac's design that makes it less vulnerable to attack. Macs have the same installation process as Windows computers—they'll run anything you find online, and once the program is running, it can do almost anything. Macs can be—and are—infected by bad stuff, and if lots of individuals and companies follow Google's lead and adopt the OS, surely the attackers will follow.