“Chromebooks have many layers of security built in so there is no anti-virus software to buy and maintain. Even more importantly, you won’t spend hours fighting your computer to set it up and keep it up to date,” Google proudly proclaimed.
To the consumers, this statement sounds exciting; for online security companies, not so much. Trend Micro’s security consultant Rik Ferguson disagrees with Google’s take on anti-virus software, stating that it risks repeating the same security mistakes Apple he claimed to have made.
The Chromebook will run on Google Chrome OS, which touts many security features, including process sandboxing (preventing apps from interfering with each other), automatic updating, and a reversion to the most-recent safe state when problems are detected. Also, every app that runs on Chrome OS will run in the browser, except for browser plug-ins. This is where Ferguson says the problem begins, as Google has offered a Chrome OS SDK to develop native apps, which could become a gateway to malware.
Ferguson also suggests that sandboxing is not an assurance that bad apps would infiltrate the rest of the computer, which he says has been disproven in a number of browsers and software. He also worries that storing every data to the cloud (as the Chromebook does not have a hard disk) would simply shift the focus of scammers from obtaining data on a compromised device to stealing authentication keys.
“If I can infect you for one session and steal your keys, well then I’ll get what I can while I’m in there and then continue accessing your stuff in the cloud; after all, I’ve go your keys now, I don’t need your PC anymore,” Ferguson adds.
He stresses that people should not consider his statements as black propaganda, but rather a friendly reminder that attackers are as innovative as manufacturers.
Source: The Register
No comments:
Post a Comment