Mac OS X and Linux are no Magic Security Bullet for Google

Where things get a bit weird, however, is Google's alleged decision that Mac OS X is a good alternative. Though Apple likes to trumpet the security of its platform, the reality is quite different. Mac OS X is easy, even fun to exploit. Safari, too, is "easy pickings" for hackers.

Even when Mac OS X does implement exploit mitigation techniques, these implementations are often weak or flawed. Apple also lacks an equivalent to Microsoft's secure development methodologies, an omission criticized by security researchers. Apple is beginning to take security more seriously, but it still lags behind other vendors.

The result of all this is that any hacker wanting to attack a company that uses Mac OS X is going to have an easier job than if they were attacking a company that uses Windows 7. Depending on the distribution and configuration, Linux too may represent a softer target than Redmond's offerings. Mac OS X and Linux would certainly leave the company less exposed to the bulk, non-specific attacks (though keeping systems patched and filtering e-mail already handles that problem pretty effectively), but as a defense against the next Aurora-like attack, the decision is a very strange one indeed.

The decision to specifically target particular companies also makes it easier for the attackers to encourage a victim to visit a malicious webpage (or read a malicious PDF, open a malicious e-mail, etc.). It's easy to dismiss e-mails that are obviously fraudulent—e-mails telling you about the iTunes purchases you haven't made, the Fedex deliveries that you haven't ordered—but when an e-mail arrives with your name, or address, or other personal information, it's a lot harder to ignore.

It's these properties that make the Google attack unusual, and it's these properties that make switching platforms ineffective. Worse than ineffective: if this is the kind of threat that Google is concerned with, Windows 7 is one of the safer operating systems to use.