IT Jobs
Experts disagree on Google Chrome security claims
Can they improve on Windows' insecurity?
By Grant Gross, IDG News Service
Published: 18:19 GMT, 08 July 09
Google has claimed that users of its forthcoming Chrome OS will no longer have to worry about viruses, malware and security updates, but security experts disagree on whether the company can deliver on those promises.
Google said in a blog post that it was "going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates." An operating system should "just work," the company said.
Bruce Schneier, the chief security technology officer at BT, scoffed at Google's promise. "It's an idiotic claim," Schneier wrote in an email. "It was mathematically proved decades ago that it is impossible - not an engineering impossibility, not technologically impossible, but the 2+2=3 kind of impossible - to create an operating system that is immune to viruses."
Google plug-in turns Microsoft IE into Chrome
Redesigning an operating system from scratch, "[taking] security into account all the way up and down," could make for a more secure OS than ones that have been developed so far, Schneier said. But that's different from Google's promise that users won't have to deal with viruses or malware, he added.
Other security experts suggested that it's possible for Google to at least make a more secure and user-friendly operating system.
"Operating system vendors can do a much better job of hiding security from the users - taking care of changes without forcing outages and reboots and managing the security of all the other applications installed on top of the OS," said Alan Paller, research director at the SANS Institute, a cybersecurity training organisation.
"Google is all about the user experience, so perhaps they learned from the mistakes of the earlier, less-user-friendly OS providers."
Brian Chess, cofounder and chief security officer at cybersecurity vendor Fortify Software, said he's optimistic that Google seems to be making security a priority as it develops the Chrome OS.
"With the caveat that nothing out there is going to be 100 percent secure, and new systems... are going to have more problems than code that's been battle-tested for a long time, I think the Google guys are right," Chess said. "They could make a system that is significantly better from a security standpoint than the systems most people use today."
Google has a chance to start over from a user expectation point of view, Chess said. The company has several research projects focused on cybersecurity, he noted.
Google could, for example, make top security a default setting in the OS, instead of requiring users to change their setting to make their OS more secure, he said. And Google could build in safeguards that stop users from downloading a virus when they click on a link in an e-mail, he added.
"From a security standpoint, this is a great day," Chess said. "The question is, is the system going to be able to do a reasonable job of defending itself even in the face of a certain amount of user error? I think they've got a pretty good shot at it."
Add your commentComments
nola | Published: 18:13 GMT, 09 July 2009
"But that's different from Google's promise that users won't have to deal with viruses or malware, he added." I don't see how those two rather loose statements couldn't be more or less identical from a practical perspective "It was mathematically proved decades ago that it is impossible ... to create an operating system that is immune to viruses." I severely doubt that. What mathematical proof are they referring to here?
Eyes Open | Published: 13:56 GMT, 09 July 2009
No new operating system can address the weakest link -- the user. Time and again, end users prove themselves to be the better fool when presented with a supposedly foolproof system. As long as end users interact with systems, OSes will be vulnerable to atack. And never underestimate the guile and cunning of vandal-minded/theft-motivated malware experimenters. Cheap thrills and ill-gotten gains have always brought out the best efforts of people to do their worst.
DanTe | Published: 13:00 GMT, 09 July 2009
So what's the difference between Chrome and Linux? Anyone?
JJP | Published: 09:41 GMT, 09 July 2009
Chrome is to Google the same what is Bing for Microsoft. Just wait and see
Getnikar Antakoff | Published: 08:30 GMT, 09 July 2009
Just get Linux, and make sure root's password is good.
JOHNNY69 | Published: 06:17 GMT, 09 July 2009
I smell a new beginning about to be launched! I don't want to get too excited yet, but if I was Microsoft I would be "Sweating Blue Bullets". Microsoft ..... paybacks are Hell. We have been stuck in the Microsoft loop too long. Change, and good change, is on the horizon.
Guitar Bob | Published: 03:26 GMT, 09 July 2009
I think a more user-friendly and secure OS can be built--providing the developer cares more about the user and good, tight code than about a continuous marketing cycle. However, I do not think that any OS can be completely secure because there is a fundamental conflict between security and ease of use/freedom of communication. Good luck to Chrome OS! Regards,