Did Microsoft Choose Linux Because It’s More Secure Than Windows? (Premium)

UPDATE: Microsoft contacted me regarding the premise of this story and confirmed that security had nothing to do with the decision to use Linux in its MCU. It was, as I suggested, the right tool for the job. I received the following quote:
"Microsoft is a multi-platform company, and has been for years. We chose Linux as the OS for two primary reasons: 1) the size of the OS footprint and 2) needs of our silicon partner ecosystem. The custom Linux kernel found in Azure Sphere has been optimized for an IoT environment and shared under an OSS license so that silicon partners can rapidly enable new silicon innovations. In comparison, Windows IoT runs on microprocessor units (MPUs) that have at least 100x the power of the MCU. Windows IoT is a powerful OS for traditional embedded devices such as gateways, ATM machines, Point of Sale devices, digital Signage media players, Kiosks, and new sets of embedded devices such as smart thermostats, robots, wearables etc."
--Paul

Microsoft had good reasons to choose a Linux core for its Azure Sphere OS. That it is somehow more secure than Windows was almost certainly not one of them.

But then, that's what Microsoft gets for announcing Azure Sphere at a security conference: The mainstream press naturally assumes that security is the sole focus of the announcement. And that Microsoft is implicitly---or even explicitly---claiming that only Linux was secure enough for this job.

"Microsoft turns to former rival to improve internet security," the Washington Post reports in one good example. "Microsoft ... will use software based on the Linux operating system, not its own Windows operating system, for new security features to protect Internet-connected toys and other consumer devices."

Microsoft announced three pieces to its Azure Sphere strategy this week, the Azure Sphere OS, which is indeed based on a custom Linux distribution, the ARM-based MCU (microcontroller unit), a tiny system on a chip (SoC) computer that will run the OS, and Azure Sphere Security Service, which runs on Azure, and thus is not Linux-based. Beyond this, various other Azure (and third-party) services are likewise assumed.

But Microsoft never said or inferred that Windows could not be secured adequately for this task. What it said was that "full Windows" was too "big" for these tiny embedded MCUs. And the fact that Linux needed to be customized for the security needs of this system is likewise telling. Any OS would have to be.

Another example.

"At an event on Monday, Microsoft introduced Azure Sphere, a package of products including a new design for chips that will be packed into small gadgets deployed around the world, and said it's using Linux to secure these chips," CNBC reported.

You get the idea.

But the issue here is one of perception, and when you tie in this Azure Sphere announcement to the recent turbulence in the Windows organization in Microsoft, you can see where the bad news---real or imagined---jus...