06 December 2015

Windows needs to be kicked off the K-12 bus. Immediately.

School districts throughout America are issuing 1 to 1 mobile devices to students in secondary (grades 6-12) education to meet various requirements related to the common core. We will put aside the debate associated with this regulatory mess and focus in on the technology itself. Some districts have been issuing iOS, some Android devices but the main battle today appears to be between Chromebooks and Windows. Google and Microsoft are fortifying their lines for the battle with Chrome OS beginning to pull ahead with over 50% of all device purchases in 2015.

Since Chrome OS is the newcomer, there is no end of articles questioning whether we can trust Google and dictating what a district loses if they pick Google. What you will not find are articles saying, "why would any school district put the security nightmare of Windows in the hands of students?"

Until now, that is.

The security and confidentiality of students and their families should be the top priority of every district. If it is a choice between safety or education, skip the latter until the former is nearly guaranteed. Knowing what we know about the malware mess of the Windows operating system, there should not need to be any further reason to select something else.

Thanks to "zero day attacks" through their countless security holes, Microsoft is continuously patching their software. This means school districts handing Windows devices to students will need to have some way to apply these patches on a regular basis and "re-image" (wipe and re-create) the hardware at least annually. Districts also must create elaborate firewalls and filters along with a full Active Directory network to manage it. They will also need to put a far more robust network to handle all of the additional traffic and build out multiple networks to handle trusted versus guest-only access rather than having all student traffic outside the primary trusted network. Then you need a vastly larger technical staff to manage all of these functions, to develop and maintain the device image, to test all of the patches before issuing them, to create a help desk team available in each school to handle the much larger support needs of the devices and so on. Yes. Windows is an expensive choice.


Even if you successfully do this your students will still not be safe. In our testing we found example links served up by the Bing for Education web page on a district network for the VLC player, a video program used by many districts. This link search result would take the student to a page where malware would be installed on their Windows device without any assistance from the student. This despite a network that had all of the appropriate filters. This is not anyone's fault - certainly not the district. According to PC Magazine, in 2015 Windows sales represent less than 3% of all cellular equipped devices. Despite that small percentage, Windows had 80% of all malware infections and is expected to reach 90% before 2016. We already know from the corporate world that a combination of using Windows and Internet Explorer on a mobile device makes blocking malware a nearly impossible task.

It does not matter how good your firewalls are, how good your antivirus is or how often you re-image student devices: If you are running Windows a certain percentage will be infected. If you are issuing these to all students then you can expect a certain number to infect their family networks. As some districts have discovered, a certain percentage will then infect the school network. This is just the nature of running Windows. We sometimes have no choice in the corporate world since the applications we need to run may only exist on Windows.

Secondary education is not training students to build a domain controller. They are not showing students how to write C# code in Visual Studio. What they are doing is trying to replace paper and books. They are trying to give new opportunities for improving education. The goal of educating at a secondary level requires handing students nothing more than a fast running and secure web browser since all basic applications can be done in the cloud.

Yes, some will argue that Google might be collecting student data. However, to focus on that is to ignore that Microsoft is doing the same thing with Windows 10. We also know that Microsoft has outright misled consumers on a variety of issues - whether it is their hacking of Hotmail accounts, OneDrive's "unlimited" plan or their decision to abandon support for versions of Internet Explorer that they had guaranteed. Regardless of whether we trust Microsoft or Google (it is a safe bet that they can both be trusted equally), we know for certain that using Windows guarantees that a certain percentage of students will be infected by malware and their confidential data shared with criminals.

Then there is the issue of hacking possibilities when providing Windows technology to teenagers. Developmentally, secondary education is the age when humans start pushing boundaries and questioning authority. These are the years when white and black hat hackers are born. This does not mean that these students intend to create havoc on the school network. I have complete faith in teachers and students to find the right path and 99+% of them will make the right choices. But. There is always that fraction of a percentage. And it only takes one. Giving him or her an operating system that can run just about every hacking program in the world is probably not a great idea.

You might think I despise Windows. Not the case at all. I genuinely believe Windows 10 is the best desktop operating system ever created. (Sorry, Apple.) However, handing Windows mobile devices to students is a very expensive and silly liability that no school district should choose. There are numerous better choices on the market today and no reason to risk placing criminal activity at the fingertips of students.