Ina Fried

Recent Posts by Ina Fried

Chrome OS’ Unique Approach to Security Leaves Even Experts Unsure

July 7, 2011 at 6:00 am PT

On Wednesday, a Kaspersky Labs researcher posted to a security Web site his finding that the initial Chrome OS-based computers from Samsung appeared to be using an older version of Adobe Flash, potentially putting users at risk.

Indeed, the version of Flash running on the latest stable build of Chrome OS is not the latest version of Flash.

“This doesn’t bode well for Google’s security boast,” Kaspersky’s Roel Schouwenberg said in the Securelist posting. “ChromeOS is supposed to be all about being able to trust Google to take care of security for you. Google has gone through great lengths to secure ChromeOS itself, but security doesn’t stop there. A platform needs to be properly managed if it intends on being and staying secure.”

However, a Google representative said there are indeed additional security patches applied to that version of Flash, closing the vulnerabilities corrected with more recent releases of the Adobe software.

Either way, the issue highlights the different approach Google is taking with security in its new operating system.

With most computer operating systems, the software providers are responsible for providing patches, but it is the user who decides whether to update his or her system, either manually or automatically applying the updates.

With Chrome OS, Google has changed the approach.

Chrome OS-based computers, known as Chromebooks, run software only within Google’s browser, and Google is in charge of managing the browser and its core add-ons, such as Flash.

Users are leaving the decisions of how and when to update the system to Google. That has both positive and negative implications, though Google maintains that Chrome OS is inherently more secure and eliminates the need for third-party security software.

On the downside, those who like control will feel a lack of power. In addition, the individual has little ability to take action in advance of any security measures taken by Google on behalf of all Chrome OS users.

However, Google has staked its reputation that Chrome OS will be secure, giving the company a strong incentive to quickly close holes. The operating system also has a “verified boot” system in place to check at start-up for any modifications, potentially mitigating the impact rogue code might have.

Tagged with: Adobe, Chrome, Chrome OS, Chromebooks, Flash, Kaspersky Labs, security

Another Longtime Windows Exec Heads for the Exit as 2013 Draws to a Close

December 31, 2013 at 1:03 pm PT

Veteran Microsoft Engineer Jon DeVaan Leaving After Almost 30 Years

December 30, 2013 at 1:32 pm PT

BlackBerry’s John Chen on What He Is Doing to Shake Up the Phone Maker

December 30, 2013 at 10:40 am PT

Bringing Inexpensive Mobile Access to Researchers in Antarctica

December 30, 2013 at 5:30 am PT

Investors Flock to Twitter, Like Facebook, as Year Draws to a Close

December 24, 2013 at 12:29 pm PT

Latest Video

View all videos »

Search »

You Say Goodbye and We Say Hello

Walt Mossberg and Kara Swisher in Media

The NSA and the Corrosion of Silicon Valley

Michael Dearing in Voices

You Won’t Believe All the Crazy Hardware the NSA Uses for Spying

Arik Hesseldahl in News

View all today’s news »

Uncovering a More Useful Android Lock Screen

Bonnie Cha in Product Reviews

Lenovo’s Bendy Yoga 2 Laptop Makes All the Right Moves

Lauren Goode in Product Reviews

Space Monkey Peer-to-Peer Digital Storage System Offers Better Backup

Katherine Boehret in The Digital Solution

Diabetes Data Beamed to Your Phone

Walt Mossberg in Personal Technology

Nokia Lumia 2520: A Solid Windows Tablet in Need of Apps

Bonnie Cha in Product Reviews

View all reviews »

Another gadget you don’t really need. Will not work once you get it home. New model out in 4 weeks. Battery life is too short to be of any use.

— From the fact sheet for a fake product entitled Useless Plasticbox 1.2 (an actual empty plastic box) placed in L.A.-area Best Buy stores by an artist called Plastic Jesus