Websense Inc. sent us a pretty interesting, security-related take on the Google Inc.’s Chrome OS news today.
On Google’s official blog earlier this week, the company claimed itsnew open source OS would completely change “the underlying securityarchitecture of the OS so that users don’t have to deal with viruses,malware and security updates.”
Carl Leonard, security research manager at Websense, countered thislofty claim, saying that “all software is susceptible to issues – itjust depends on how much effort the malware author wants to go to andhow much profit can be made.”
Leonard also pointed out that security experts have alreadyuncovered vulnerabilities and issues with the Chrome browser, addingthat Google even ran a contest in which two well-known securityresearchers found 12 exploitable security flaws in the company’s NativeClient system.
“Two of the top three security threats (SQL injection, browservulnerability and rogue AV) rely on software flaws so we know that it’slikely that malware authors will be looking for flaws in the Chrome OSto take advantage of from day one,” he said.
I’d have to agree with Leonard on this point as well. The moretake-up Google’s new OS gets, the more likely users will have to dealwith viruses, malware and security updates. Well, they won’t HAVE todeal with security updates if Google doesn’t issue them, of course.
