10 Things Google Needs To Remember About OS Security

Don Reisinger, eWEEK USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved,

The history of Windows security has shown that desktop operating systems are vulnerable, but there are even more potential attack strategies for an online OS. Google needs to ensure that Chrome’s defenses are prepared

5. Online is the new frontier

The hacker community is also fully aware that the future is in the cloud. It might be able to make boatloads of cash exploiting desktops today, but soon, all the money will be made online. We’ve seen a change in focus over the past few years as more hackers have targeted e-mail, social networks and other online sites. Chrome OS falls right in line with that.

6. Open source is great, but not totally secure

Chrome OS may be open source, but that doesn’t mean that Google shouldn’t worry. Open-source software has been the victim of major attacks on various occasions. To believe that open-source software will be able to fend off sophisticated attacks from determined hackers who really want to break into an operating system is ludicrous. Yes, an open-source approach might help Google patch holes sooner than with closed software, but it won’t stop the exploitation if the software isn’t developed well enough.

7. Spoofs, phishing and web attack tactics

Since Chrome OS is online, Google will need to be especially concerned about web attacks, which have quickly become an easy way for attackers to take control. Now more than ever, hackers are using spoofed e-mail addresses, phishing attacks, credentialing tricks and other techniques to exploit users while they feel safe online. Since Chrome OS is solely in the cloud, malicious hackers might ramp up their efforts in those areas.

8. Third parties don’t care as much as you do about OS security

Attention, Google: Third-party developers won’t care nearly as much about the security of your platform as you do. Microsoft knows that. Apple has made its operating system extremely closed because of it. Now it’s your turn. Unfortunately, third-party developers create software in many cases that is riddled with holes that hackers can exploit. That causes a hailstorm of trouble. Furthermore, such software might take much longer to patch. Be prepared for third-party holes, Google.

9. What about the hardware?

Another obvious concern is the safety of data on hardware, such as external hard drives or USB keys. Responding to that concern, Microsoft added its encryption service, BitLocker, to mobile drives. The software, called BitLocker To Go, encrypts portable media. Google will also need to address that problem. More people than ever are bringing important data with them wherever they go. If Google doesn’t make it simple and easy to secure that data, it can’t rely on users to do it. And who knows what could come back in that USB key?

10. Enterprises care most

If Google wants to be a major player in the operating system market, it needs to realise that it’s the enterprise, not the consumer, that will help it acquire more market share. And if it wants to capture significant market share, it will need to satisfy enterprise requirements and concerns, one of which is increasingly becoming the security of enterprise data. Unless Google can address that, it will have some serious growing pains as it brings Chrome OS to market on netbooks (a recent enterprise favorite) and possibly on desktops and notebooks.