About the Google Chrome OS

July 13, 2009

Google has recently announced the Google Chrome Operating System, a Linux-based open source lightweight operating system that will initially be targeted at netbooks. In their announcement Google mentions that they will be "going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates. It should just work."1

Among the reasons stressed to switch over to Google Chrome is to avoid the updates. As written in their blog: "People... don't want to spend hours configuring their computers to work with every new piece of hardware, or have to worry about constant software updates."1

It will be interesting to see if Google can figure out a way to develop a system that is immune from malicious code and does not require frequent security updates. Their Chrome OS will be based on the Linux kernel but as anybody who uses Linux can already tell you there are certainly plenty of security vulnerabilities and required patching for Linux systems. See Red Hat, Ubuntu, and SUSE security advisories as examples.

As for creating a system that is virus-free, although Bruce Schneier has said that if Google takes security into account throughout the entire product, they could make for a more secure OS than ones that have been developed, he also referred to Fred Cohen's 1986 Ph.D. Thesis in stating that "It was mathematically proved decades ago that it is impossible -- not an engineering impossibility, not technologically impossible, but the 2+2=3 kind of impossible -- to create an operating system that is immune to viruses."2

There is also the other school of thought that believes that once a product attracts enough customers, it makes it worthwhile for criminals to begin attempting to exploit it. Although time will tell whether this will be a sustained trend or simply a bump in the statistics, with Mac OS X market share hitting 10 percent, there has also been an increase in the amount of malware created for the Mac OS X environment as can bee seen in the SophosLabs Macintosh Archive.3 See OSX/Tored-A, OSX/iWorkS-A, OSX/RSPlug-F, OSX/Jahlav-C, OSX/Hovdy-A for examples.

1. "Introducing the Google Chrome OS", The Official Google Blog, July 7, 2009

2. "Making an Operating System Virus Free", Schneier on Security, July 10, 2009

3. "Archive for the Macintosh Category", SophosLabs Blog, July 13, 2009