Google should add an antivirus for Chrome OS and Windows with all the data you've collected from VirusTotal

969 views
Skip to first unread message

Jason S

unread,
Jun 13, 2013, 10:01:33 PM6/13/13
to chromium-...@chromium.org
Make Google an essential brand name for every computer by creating an antivirus and expand your market share.

Mike Frysinger

unread,
Jun 13, 2013, 11:20:38 PM6/13/13
to dotx...@gmail.com, Chromium OS discuss
short answer: there is no need for antivirus in ChromeOS.  as for Windows, that doesn't interest us.

long answer: please check out our security documents:
-mike


On Thu, Jun 13, 2013 at 10:01 PM, Jason S <dotx...@gmail.com> wrote:
Make Google an essential brand name for every computer by creating an antivirus and expand your market share.

--
--
Chromium OS discuss mailing list: chromium-...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
 
 
 

John Scott

unread,
Jul 21, 2013, 8:42:29 PM7/21/13
to chromium-...@chromium.org, dotx...@gmail.com
This sounds a awful lot like Apple. In denial until things heat up and users actually are infected. I have heard plenty of arguments from the likes of Google, Apple and even Microsoft at one time. But no OS is totally secure and without holes. Do we have to wait like the Android phone users before at least have some basic security software? 

Don Garrett

unread,
Jul 21, 2013, 9:12:34 PM7/21/13
to scott...@gmail.com, Chromium OS discuss, dotx...@gmail.com
If you can find a security hole, we'll pay you for it (and fix it).

We also hold annual contests with larger rewards.

It's not that we believe that there are no security holes, it's that we believe a virus scanner isn't a useful security solution for Chrome OS. Everything that we've come up with that does seem useful, is already there, though some of it depends on specialized firmware and hardware in ChromeOS devices, and so isn't available in ChromiumOS.



--
--
Chromium OS discuss mailing list: chromium-...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=en
 
 
 



--
Don

Rob Meijer

unread,
Jul 22, 2013, 2:00:24 AM7/22/13
to scott...@gmail.com, chromium-...@chromium.org, dotx...@gmail.com
I
​ really hope that ChromeOS will manage to keep true to its principles and Google won't allow the AV industries Fear, Uncertainty & Doubt (FUD) marketing machine ​or clueless compliance rules force it to brake its security model. Security is all about the size of the trusted code-base. Smaller trusted-code-base means higher security. ChromeOS should continue to reduce the size of the trusted code-base. Increase privilege separation  facilities within the browser so different web-apps run as different processes that are unable (at the OS level) to access each-others mutable state etc, maybe fix the kernel so drivers and file-systems, etc run in user-space, etc.
Just have a look on Android what privileges AV software requires.  Than look at the size of the AV software itself. By adding AV software you are increasing the size of the trusted code-base and thus are making the underlying fundamental problem worse. 
Basically AV software is a relic not very much unlike city walls. City walls used to be a good idea for a while, but at one point in time they stopped being effective. Fortunately at that time there apparently was no powerful city-wall industry FUD marketing machine or dogmatic misguided industry compliance rules that warranted that the guilds required cities with walls around them, otherwise we'dd all be living in city domes now. 




--

Rob Meijer

unread,
Jul 22, 2013, 7:49:10 AM7/22/13
to John Scott, chromium-...@chromium.org, dotx...@gmail.com
My point is that AV does not provide 'as much security as possible', AV software uses evil (an abundance of additional trusted code) to fight evil (an OS with an abundance of trusted code).  Its a medicine that temporarily eases the symptoms, but in fact has a relatively high toxicity level. Its better to try to fix the original problem.  I think with the Rogue apps on android,  AV has managed to get a foothold due to the laxness of Google. Google could have simply taken the Bitfrost (OLPC) approach by making use of the concept of mutually exclusive permissions. Or Google could have integrated the functionality of the excellent little App 'App permission watcher' (that happens to run without any special privileges) . 

Instead of protecting the system "FROM" running potential malware the way that AV tries (and fails)  to do ,  modern security should be focused on protecting the system WHILE running potential malware. To do this, the system must be designed according to the principle of least authority, a principle that when carried to its logical consequence should  exclude the notion of granting any process sufficient privileges to even remotely enable it to distinguish malware from benign software. In other words, opening up a least authority system to AV vendors does not only not make the system more secure, it opens a wide hole for malware creators to crawl trough. 

Android kinda proofs my point. Just have a look in the play store at the available AV software and what privileges it requires. If you want to educate users,  than an even slightly educated android user should not dare to risk installing any software that requires the set of privileges that this AV software requires. In fact, AV software is probably the only type of software that needs these privileges while not being malware itself.  So rather than opening up to AV software, if Google would have taken the Bitrost mutually exclusive permissions approach, than conversely there would have been neither a need nor a possibility to install AV software.



On 22 July 2013 12:14, John Scott <scott...@gmail.com> wrote:
Rob, I agree the fear mongers of the AV security industry are not helping in terms of adding to the hysteria. But it does not mean their are not security issues out there. Ask anyone like myself who has spent plenty of hours fixing family and friends PC's and even a couple Mac's by cleansing them of malware. Of course the operating systems that rely on a closed application ecosystem such as IOS, Android, Chrome OS and Windows RT to some extent have far less potential issues as all of them are better controlled and have less user meddling. But as we have seen with Android and some rogue apps. Malware can find its way. I do not want to see so much third party junk security either. I certainly appreciated starting up my Chromebook and not spending time uninstalling countless trial software and security trial software that only made my new PC seem like a old PC. I hope Google does continue down the path of allowing third party security applications though. Because as annoying as they are to you and me. Some users do require as much security as possible. I wished more people got involved in these forums and learned what NOT to do on the internet. I have always advocated for more education of PC users then more security suites that have now become so intrusive in monitoring everything from passwords, to every aspect of a PC or Mac for that matter. As my conversation with Don went. I don't use AV software myself, rather believing a better educated user can do more then any security suite to protect your computer. However, we have many developing nations using computers like Chromebooks, and rogue Windows versions that are more susceptible to malware.  So the choice becomes to dumb down computer devices so that users cannot allow malware to install. Or add so much protection through applications or software that make it harder for users to circumvent. I do not like either choice myself. 
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages