Skip to main content

Digital Lifestyle > News

Thu, 09 Jul 2009 Google OS - users will still need to be aware of viruses, malware, security updates

Security experts disagree on whether the Google OS can live up to the company's promises

Grant Gross

  • Email to a friend
  • Print this article
  • Bookmark this page
  • RSS feed

Google, while announcing its new Chrome operating system late Tuesday, said users would no longer have to worry about viruses, malware and security updates, but security experts disagreed on whether Google can deliver on those promises.

Google said in a blog post that it was "going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates." An operating system should "just work," the company said.

Question of the day!

Mark Hattersley
Editor in Chief

Do you share your creations online?

Question of the day!

Do you share your creations online?

% of Macworld readers agree with you

Yes
TBC
No
TBC

What do you create and how do you share it?

124 characters remaining

Follow the conversation at @TabletChat

paintings & illustrations, mostly, which i upload to flickr.RT @fragmentedm

I draw manga/anime characters. I also do graphic design and photography.RT @spialelo

Yes. I usually put them up on my #deviantart account for feedback on how to improve.RT @spialelo

Bruce Schneier, the chief security technology officer at BT, scoffed at Google's promise. "It's an idiotic claim," Schneier wrote in an email.

"It was mathematically proved decades ago that it is impossible - not an engineering impossibility, not technologically impossible, but the 2+2=3 kind of impossible -- to create an operating system that is immune to viruses."

Redesigning an operating system from scratch, "[taking] security into account all the way up and down," could make for a more secure OS than ones that have been developed so far, Schneier said. But that's different from Google's promise that users won't have to deal with viruses or malware, he added.

Other security experts suggested that it's possible for Google to at least make a more secure and user-friendly operating system.

"Operating system vendors can do a much better job of hiding security from the users -- taking care of changes without forcing outages and reboots and managing the security of all the other applications installed on top of the OS," said Alan Paller, research director at the SANS Institute, a cybersecurity training organization.

Google user experience

"Google is all about the user experience, so perhaps they learned from the mistakes of the earlier, less-user-friendly OS providers."

Brian Chess, cofounder and chief security officer at cybersecurity vendor Fortify Software, said he's optimistic that Google seems to be making security a priority as it develops the Chrome OS.

"With the caveat that nothing out there is going to be 100 percent secure, and new systems ... are going to have more problems than code that's been battle-tested for a long time, I think the Google guys are right," Chess said. "They could make a system that is significantly better from a security standpoint than the systems most people use today."

Google has a chance to start over from a user expectation point of view, Chess said. The company has several research projects focused on cybersecurity, he noted.

Google could, for example, make top security a default setting in the OS, instead of requiring users to change their setting to make their OS more secure, he said. And Google could build in safeguards that stop users from downloading a virus when they click on a link in an e-mail, he added.

"From a security standpoint, this is a great day," Chess said. "The question is, is the system going to be able to do a reasonable job of defending itself even in the face of a certain amount of user error? I think they've got a pretty good shot at it."

Check out our new Macworld Mobile site.

Follow Macworld UK on twitter: www.twitter.com/macworlduk

Email A Friend

Email this article to a friend or colleague:



PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

<<prev article | back to news index | next article>>

Comments received


Michael said on Thu, 09 Jul 2009

Apple has done it with OS X. There is no reason Google cannot as well.

@Michael said on Thu, 09 Jul 2009

Stop living that old dream.

Kendall said on Thu, 09 Jul 2009

I think if they do build up from scratch then early on, viruses won't be an issue simply on the basis of security through obscurity. That will change though if it's open source (and even if not). There will also be the benefit that it's user base will be so small it'll be very difficult for a Chrome virus to propagate as well as that most people that will be running the OS will be much more tech-savvy (just like Linux users) than you're typical Windows user.

@ Kendall said on Thu, 09 Jul 2009

security thru obscurity.... er... not exactally. I think you hit it better on the "very difficult for a chrome virus to propagate". thought.

A virus that can be downloaded and operated is very hard to defend against. Users can be very stupid. :-)

But making it very hard to spread automatically, almost kills the whole effort. Almost.... but why spend all that time on a virus if you cannot spread it... :-)

Just a thought.
en

Gabriel said on Thu, 09 Jul 2009

While "malware" in the broadest sense will always be possible one way or another, Michael is correct that viruses - malicious programs which spread on their own without any user intervention - aren't possible on OS X.

Programs which require user intervention to spread are *trojans*, not viruses - making their way into the system via social engineering. Sadly, not many people understand the difference between a virus and a trojan, hence the idiotic statements from Bruce Schneier there.

I have no idea where he gets that statement from, or whose research he's supposedly referring to. Pity the person writing this article didn't, you know, ASK HIM what he was basing that statement on. "Mathematically proved decades ago" by whom? And how? If it's a decades-old statement, it's very likely based on ancient research and outdated approaches to computer security.

Baskaran said on Fri, 10 Jul 2009

Be assured that Crome OS will be a lot less vulnerable than MicroShit. Anything can be proven mathematically every time provided that the people listening to that theory has the 'capacity' to listen to the 'crap'

@Baskaran said on Fri, 10 Jul 2009

Be assured that making sweeping statements without understanding the subject appears to be your trademark.

Just a boring thought.

@Baskaran said on Mon, 13 Jul 2009

Talking of vulnerable OS's:

www.cio.com/article/485552/Researcher_Cracks_Mac_Security_in_Seconds_At_PWN_OWN_Wins_K

anon. vs article said on Mon, 13 Jul 2009

ref commentor who does not sign name.
"www.cio.com/article/485552/Researcher_Cracks_Mac_Security_in_Seconds_At_"

That comment just goes to show you do not know what you are talking about. :-) Troll alert anyone.?? :-)

en

Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.

Click here for the latest reader comments

Latest News


More news...