Is the Chrome OS's Security Promise Practical?

by CXOtoday Staff    Jul 09, 2009


The Chrome OS designers have promised that user will not have to deal with viruses, malware, and security updates. But security experts do not feel this is possible.

Describing Chrome as a back to basics OS, Sundar Pichai, VP (product management) and Google’s engineering director Linus Upson wrote in a blog, "We are completely redesigning the underlying security architecture of the OS so that users don’t have to deal with viruses, malware and security updates."

Carl Leonard, security research manager, of Websense EMEA, feels this is not practical.

"Google’s intention to redesign the underlying security architecture of the Chrome operating system is commendable, however all software is susceptible to issues - it just depends on how much effort the malware author wants to go to and how much profit can be made. Already we have seen vulnerabilities and issues with the Chrome browser, and Google even ran a contest in which two well-known security researchers found 12 exploitable security flaws in the company’s Native Client system," he said.

Leonard further said two of the top three security threats (SQL injection, browser vulnerability, and rogue av) rely on software flaws so it is likely that malware authors will be looking for flaws in the Chrome OS to take advantage of from day one.

Related Links:

Google Alert! Move over Microsoft, Here I Come