Why Microsoft’s Rumored Plan For a Cloud-based OS is a Bad Idea

Photo from iStock

Photo from iStock


While Apple is busily trying to solar power the cloud and getting into the hybrid smart phones/tablets (“phablets”) market now dominated by Samsung, Microsoft has come up with an “innovative” scheme to make the upcoming Windows 9 more popular than Windows 8 by making it cloud-based.

Don’t know what the cloud is? Here’s a quick primer:

“The cloud” is an Internet-connected virtualized infrastructure that exists outside of computer hard drives. It hosts not only the data used by companies, including customer data but, increasingly, applications. The cloud (also known as computing on demand) is used in a variety of ways (there are public, community, private and hybrid clouds) and can offer a variety of resources: infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and network as a service (NaaS), making the cloud less a monolithic whole than a nebulous amalgam of services. Because it reduces cost, especially with regard to expensive data centers, increases productivity and improves customer accessibility, cloud computing has become a core technology.

So back to Microsoft. Solar power never hurt anyone. And the phablet might be a bust but that is something the market itself will decide. You’ll be out a few bucks but at the worst, you’ll end up with a phone that doesn’t actually replace your tablet. But as ideas go, a cloud-based OS is a lemon.

The reason? Sure, as CNN Money tells us, a cloud-based OS “could translate into more free space on your hard drive, fewer Windows updates and potentially cheaper computers,” but the cloud isn’t safe.

Using the cloud is like jumping into a public swimming pool: you open yourself up to everything all the other swimmers bring into the pool with them. CBS News reported last year that the CDC found public swimming pools “rife with fecal contamination.” And the nasty stuff doesn’t end with fecal matter.

Don’t stop at athletes foot; think Legionaries’ Disease, or why not go right to influenza, or even the Cryptosporidiosis parasite, which the CDC says “is one of the most frequent causes of waterborne disease among humans in the United States.” Cryptosporidiosis, if you have a compromised immune system, can kill you.

Think about these potentially deadly nasties for a minute because it will put your mind where it needs to be when considering a visit to cloud-anything. There are things on the cloud as deadly to your computer as Ebola, and far more contagious. Computers are expensive. Your documents are valuable. Your computer can become junk if you are not careful, and your documents as extinct as the Carrier Pigeon.

Yes, malicious hackers were quick to realize what fertile ground the cloud represented, and they were quick to act. Quicker than cloud providers were with cybersecurity, at any rate. As a report by research firm Solutionary put it late last year, “The cloud has become a preferred mode for malicious actors who are using cloud computing for many of the same reasons that legitimate customers are.”

Just getting on the cloud now? Malicious hackers have been there for more than five years already.

The results are about what you would expect in an industry that makes cybersecurity an afterthought.

It is indicative of the business world’s mindset that an article on ZDNet asking if the cloud really stacks up, doesn’t so much as mention security. You’ve got licensing, infrastructure, support and maintenance, and training, but nothing about cybersecurity.

And it’s not like there is no need for security. Oh boy is there a need for security.

Do you use Dropbox? Millions do. Twitter was all a-buzz recently with folks excited about increased storage on Dropbox. Some said they’d put every file they own on the cloud. Yet on June 26 of this year, NetworkWorld told us that “Trend Micro reported today through a blog post that it has observed the first instance of hackers using DropBox to host the command and control instructions for malware and botnets that have made it past corporate firewalls.”

Good times…. Yeah, not so much. Industry giant Amazon could not protect its own cloud in 2011.

The cloud is so not safe that in December 2010, the Office of Management and Budget (OMB) issued a “Cloud First” policy requiring cloud use by federal agencies whenever possible (U.S. GAO, 2012). But the federal government has also recognized the cloud’s vulnerabilities, the National Institute of Standards and Technology (NIST) observing in 2011 that the very features that draw people to the cloud “can also be at odds with traditional security models and controls” (Jansen and Grance, 2011).

These threats and vulnerabilities have prompted the National Security Telecommunications Advisory Committee (STAC) to form a subcommittee to study the intersection of national security and emergency preparedness (NS/EP) and cloud computing (NSTAC, 2011).

Want to be really scared? The cloud is so unsafe that there are actually botnets on the cloud, called botclouds. A botnet is something you might already be part of, because botnets are composed of infected computers controlled by malicious hackers. A botcloud is easy to setup and difficult to detect, and can be made up of hundreds or thousands of virtual computers.

It has been suggested that the attack on the Sony PlayStation Network was a botcloud attack.

No, the cloud isn’t safe. It never was.

Yet people treat it like some vast and friendly fantasy playground. The simple fact is that you have a far better chance of protecting the integrity of your computer than you do the cloud.

And now Microsoft wants to put your operating system – or at least part of it – on the cloud, a place you have no protection at all.

Think Microsoft can keep you safe? Think again. Much of the talk about Windows 9 is being driven by revelations from Russian pirate group/individual WZOR.

Think about it this way: the cloud is used to attack people. Just yesterday a warning was issued by “Cloud-based business software company Salesforce” that Dyre malware, a Trojan, which is used to steal data, might be used against its customers (former high-profile victims include Bank of America, Natwest, Citibank, RBS, and Ulsterbank).

And you want your operating system coming from there?

It’s not that Apple is necessarily more secure than Microsoft. As CNN reported the other day in regards to the nude celebrity photo brouhaha, “Apple confirmed to CNN Monday that it is looking into reports that its popular iCloud online data backup service may have been compromised by the hackers.”

But Microsoft ought to know better, or at least learn from Apple’s misfortune. If Microsoft is seriously considering a cloud-based OS, then maybe where innovation is concerned, Microsoft ought to just stick to copying everything Apple does.

References:

Jansen, W., Grance, T. (2011). Guidelines on Security and Privacy in Public Cloud Computing. (NIST Special Publication 800-144). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf

Hrafnkell Haraldsson


Copyright PoliticusUSA LLC 2008-2023