Feeds

Google Chrome OS: Too secure to need security?

Confident anti-virus-less chocolateers may be repeating Apple's mistakes

Application security programs and practises

I'm not telling you my mantra...

"How often did the mantra that MacOS was immune to malware need to be repeated until the vast majority of users believed it and continue to do so, even after Apple went as far as incorporating rudimentary AV software into MacOS," Ferguson writes.

"Criminal activity extends far beyond file-based threats, encompassing social engineering, phishing, social networks and email borne threats. The palette is continually expanding and the techniques are continually evolving. To assure your customers that they will not have to deal with online cybercrime simply by switching OS is foolish to say the least," he concludes.

We put Ferguson's arguments to Google, which pointed us towards documents arguing that the security of Chrome networks doesn't rely on any one component (such as sandboxing), but rather "defence in depth", which it claims is better than existing models.

Chromebooks use the first operating system designed with this ongoing threat in mind. It uses the principle of "defense in depth" to provide multiple layers of protection, so if any one layer is bypassed, others are still in effect. So while it's still important to take precautions to protect your data, Chromebooks let you breathe just a little bit easier.

Google let the dig that it was adopting the "security arrogance" of Apple slide, perhaps wisely. While Google's re-imaging of security architectures is welcome, it is unlikely that security problems will change, much less disappear, with wider adoption of the operating system. Google has earned plaudits from the security community for the superior stability and security of its Chrome browser as compared to Firefox. However, the recent rash of Trojans infecting Android devices has drawn criticism. Eugene Kaspersky, for example, has even gone so far as to describe Android as the new Windows.

Whether Chrome OS more closely represents its browser namesake or Android in terms of security will do much to determine the overall security landscape over coming years.

A security overview of Chrome OS can be found here. Ferguson's analysis is here. ®

Eight steps to building an HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.