Infosecurity notes that although Linux also claims viruses and other malware are not much of a threat to Linux users as executable files cannot run without the user’s explicit permission, Linux does not claim to be bullet proof and encourages users to be ‘smart’ and to apply security patches regularly.
Carl Leonard, security research manager for EMEA at Websense, said: “Google’s intention to redesign the underlying security architecture of the operating system is commendable, however all software is susceptible to issues – it just depends on how much effort the malware author wants to go to and how much profit can be made. Already we have seen vulnerabilities with the Chrome browser, and Google even ran a contest in which two well-known security researchers found 12 exploitable security flaws in the company’s Native Client System.”
He added that malware authors are likely to be looking for flaws in the Chrome OS, and he suggested it is only a matter of time before we see the first attacks on the Google Chrome OS.
According to Google, Google Chrome OS is an “open source, lightweight operating systems” and will be available in the second half of 2010. Most of the user experience will take place on the web.
No software is bulletproof
Speaking to Infosecurity, Websense's Leonard commented on Google's claims that users will not have to deal with viruses, malware and security updates: "Certainly they are interesting claims, we don’t know so much details around that yet – will that be the user involvement, what level of user interaction will have to take place? It might be that they mean that the user won’t have to deal with security updates and that that will be done automatically and silently through the system.
“What we’ve found though, is that generally, any product offering can be targeted by malware authors if it’s in the malware author’s interest, if there’s a particular uptake of user software, malware authors can utilise that software and the vulnerabilities within that software to make profits and they will focus their efforts on trying to break that software as it were.”
In other words, no software or operating system is 100% bulletproof. Leonard said that although it is true operating system such as Linux and Mac's do not see as many attacks as Windows, there is still a large amount of attacks against Macs, for example, and it is likely that if Google Chrome OS attracts enough users, that tooo will become attractive to malware authors.
“It is very difficult to create software that has no flaws at all and we know that malware authors are increasingly targeting vulnerabilities within software", Leonard told Infosecurity. "There’s still the social engineering aspect of course, malware authors attempt to install applications or Trojans, onto users’ machines by tricking the user into downloading these applications. It could also be that they address other software so that they then target the flaws and those system, which means that wherever software is being used by browsers of the web, there’s still going to be software that will be targeted and there is still going to be an desire from malware authors to make profit…”
Although few details are yet known about the Googel Chrome OS, Leonard seemed confident that the security industry will keep up to date with malware authors' attempts at exploiting the new operating system despite its security claims: "The security community [could] just adapts to whatever the new, exciting tricks that malware authors utilise - we just adapt to protect customers of the security solutions.”