Google's Chrome OS Cited as Likely Hacker Vehicle

I wonder why McAfee is the company that predicts that ...

And considering that Google intends to provide on-the-fly security updates, plus it's a Linux and does not need anti-virus, I guess a threat emerges. HTML 5 is nothing more than a new form of the Web language, and is already implemented partially in modern browsers all over.

Mrk

 

I don't see where the shock is in the article. Did anyone really ever think hackers WOULDN'T set their sights on anything "cloud-based"? Hell, I'm far more worried about the terms "Google" and Operating system" being used together than I am about hackers breaking into and wreaking havoc on cloud services. I KNOW hackers will do that, it's a simple matter of time. What I DON'T know is what Google, whose business is search and data, will implement into this OS to keep said business booming.

 

Should be easy enough to find out. The OS will be open-source with a Linux kernel the last time I checked.

 

I am really looking forward to Chrome OS, just the idea is great, I do exactly that, I use a browser for 99% time, 1% for the rest like explorer. I am also looking for playing games online, which is in testing right now, playing any game on any PC like Crysis on a 100$ notebook just sounds excellent, though multiplayer might be a problem due to ping. As for security I trust Google, I have nothing to hide, it seem to me, that I will have to face a hard decision in 2015, Chrome OS or Win 9?!

 

Adobe products were also cited due to an as yet unpatched exploit due Patch Tuesday

 

Since you're an "expert" I'll just assume you phrased this incorrectly. There's a difference between not needed an Anti-Virus and not being popular enough to warrant writing viruses for.

Mac, anyone?

 

You'll never win that argument with Linux users (No, that was not a personal shot at you, Mrkvonic). They've used that mantra until they've been blue in the face. "But the repositories" is the next thing you'd hear. Yeah, provided people don't let their guard down and let an infected file/program in the repository (which, IIRC, HAS happened once), and, the users don't mind waiting until devs decide to add in the newest versions of files and programs to them instead of running off to another website to grab them, then sure, you're okay.

I would imagine even the most cocky Linux user quietly sat in a corner and wept when Mac started getting hit. Anyway, on-topic, I am still completely unconvinced anything "web-based", especially security products, is asking for anything but trouble. Poke fun at me, point and laugh for not being "with the times"...I'll be sitting here with a giant soda and bucket of popcorn when the sh** hits the fan.

 

Not to start the infamous Linux virus argument, but the market share has little, if anything, to do with why there is no virus problem on Linux (and other Unix-like OS's). The Unix OS's are designed differently than Windows, and thus are *much* more immune to viruses. And let's remember that writing a virus is not hard -- any half-way competent programmer can do it. Therefore, one must ask why, after 17 years, has there been no viable Linux virus in the wild? And don't say no one cares enough to try, as there have indeed been hundreds of viruses written that target Linux, but none of them have ever spread in the wild. Why not? (Please note, I am talking strictly viruses here, and not all forms of "malware").

Those who throw the market share argument out there are usually people who have zero experience on a Unix OS and are basing their perception completely on how insecure Windows is. They think all other OS's must have the same weaknesses. Well, they don't.

While Windows is decently designed now, in the early days it was a disaster, and it has taken M$ over a decade to overcome this, and they still aren't there.

You're probably talking about the Fedora breach that happened in, IIRC, 2008. Someone breached it and uploaded a rogue SSH package. The breach was discovered almost immediately and precautions were took. Most of the time the fact that all packages are signed with GPG keys makes such breaches a waste of time for the intruder (since his packages will not install on the victim's machine due to a key mismatch). That is, unless the intruder hacks the box that contains the private key, which he did in the case of Fedora! This is why the keys must be protected at all costs (Fedora now is taking extra measures to protect the key). But again, these sorts of breaches on the official repositories are extremely rare, hard to do, and easy to detect.

Mac has gotten hit by a couple of trojans, one of which came in a pirated torrent. Another one was a fake plug-in that tried to install on certain websites. Both of these attacks require user interaction (and stupidity) and are thus not viruses. Heck, even ubuntu had a trojan incident a couple of weeks ago where someone uploaded a rogue screensaver to gnome-look.org. Again, this takes user interaction and is a reminder why it is always best to use the official repos. But, again, still not a virus in sight.

 

Because computing security involves tons of factors beyond just the technical merits of the operating system?

If everything else was equal for Windows and Linux, then your argument would make good sense. But they aren't, and unfortunately your argument thus becomes shallow and ignorant. If you don't want to start the "infamous Linux virus argument", then why not refrain from posting inaccurate and already-debunked claims?

 

elapsed, I'm gonna write a full article on this, so thank you for the spice.

Now, on the subject:

Seriously, you don't need AV on Windows even, so why would you need it on Linux or Mac? As to popularity, you do realize that 70% of all world computer infrastructure runs on Linux? There are several reasons why malware is SOOOOO overrated in general, more so on Linux, but I'll save the arguments for the article, which you can agree with or not. The combination of signed repos, availability of software, limited account, default file permissions, and possibly other factors, all make the virus deal such a boring, uninteresting thing.

The same applies for Windows. SuRun, and you're good. Nothing else needed.

Mrk

 

Chrono, my point was that both are not immune to a successful attack, though many would have us believe so. Your two cases you spoke of prove just that. I never gave the attacks a term like "virus". It doesn't matter what kind of attack it was, an attack is just that, an attack.

@ Mrkvonic: When using the "popularity" argument, most of us I'm sure meant it towards the home user, not infrastructure. Though you can be certain the bad guys are making attempts on that 70% every day. Just because it's more difficult doesn't mean they won't try, and, nothing is secure forever.

About the lack of need for an AV, well, SuRun, default privileges on Linux, all those are fine. However, get a mental picture of your average user. Now, who among those in your mental visual are likely to have SuRun going? Were you able to count them with your hands? I was. And, with Linux, all it takes is someone tiring of entering a password every time they want to change something, you know, impatient Joe, and goodbye user, hello permanent root.

We can make all the security arguments we want about the need or lack of need of security, or, the "built-in" security of this or that OS. But, all it takes is an impatient user or a determined bad guy, and all those arguments become moot. All that being said, I look forward to your articles, as I do all of them.