Are there Chrome OS viruses

Security Expert: Chrome OS conveys deceptive security

Rik Ferguson, Senior Security Advisor at Trend Micro, obviously praises major security advances in Chrome OS in the company blog. "But in a sense we are seeing the history of marketing repeating itself," he warns. Specifically, the security expert fears that Google users are giving Chrome OS a similar deceptive feeling of security as Apple has made with OS X for years.

Ferguson refers to Google's announcement that thanks to the secure architecture of Chrome OS, users "do not have to worry about viruses, malware and security updates." The idea is reminiscent of Apple's "Mac OS X offers all-round protection" - a mantra that the Mac Defender trojan brought under heavy fire. The Trend Micro expert therefore warns that Google Chrome OS users could lull similarly dangerous when it comes to security risks.

Because although classic malware on Chrome OS will have a comparatively difficult situation, Ferguson believes that the risks are only shifting. He points out that it may be enough for a malware to spy on access keys for cloud services for just one session. If so, an attacker could mess with the user's data stored online. "The nice thing for criminals is that the victim could be even less aware of the compromise than they are today," said the expert.

Although the Trend Micro man railed against all too blatant security promises, he also emphasized that Google is principally pursuing good protection approaches with Chrome OS. This includes, for example, that each web app is executed in its own sandbox. This is to prevent malware from interacting with other programs or processes in the operating system. But Ferguson emphasizes that tricks have already been shown with which programs can break out of a sandbox - including in the Chrome browser. Thus, the approach definitely does not offer 100 percent security.

Automatic security updates as standard and the restoration of clean operating system images if manipulation is suspected are also sensible approaches. The fact that data is not stored locally but encrypted in the cloud makes it theoretically more difficult to steal it using malware. Of course, this is exactly what leads to the above-mentioned shifting of risks. "Assuring customers that they no longer have to worry about online crime simply by changing their operating system is reckless to say the least," says Ferguson. (pte / mje)