Google’s Chrome OS Cited as Likely Hacker’s Vehicle

Google’s computer operating system, due to be released next year, may rank among software most targeted by hackers in 2010, according to a Dec. 29 report from the computer security company McAfee (MFE).

The Web-based operating system, dubbed Chrome, relies on a technology known as HTML 5 that’s designed to help Web applications behave like PC software. Developers use HTML 5 language to ensure that software delivers fast response times and stores information that users can access even when they’re not connected to the Internet.

Yet because sites written with HTML 5 can directly access a user’s PC online or off, they may provide a rich target for cyber attacks, McAfee said in its “2010 Threat Predictions.”

The popularity of Google’s (GOOG) software, which includes a collaboration program, business applications that compete with Microsoft’s Office suite, and other products, makes the company’s Web sites alluring to hackers who hope to infect computers with malware that can spread spam or pilfer information, says Dave Marcus, director of security research at McAfee. “When a technology is widely used and adopted, the bad guys will latch onto it before the good guys do,” he says. “Developers need to think about how [HTML 5] is going to be abused.”


Google representatives didn’t immediately respond to requests for comment. But in a July 7 blog posting about Chrome OS on its Web site, Google said that it is “completely redesigning the underlying security architecture…so that users don’t have to deal with viruses, malware, and security updates.”

Security software makers—including McAfee, its chief competitor, Symantec (SYMC), and smaller vendors—regularly release reports on what they consider emerging cyberthreats, urging vigilance on computer users and software developers.

Keen interest in emerging technologies from security researchers doesn’t always indicate impending attacks, says Pete Lindstrom, research director at Spire Security, a consulting firm. Security vendors have the potential to sell more products by promoting potential dangers that might lurk behind every mouse click. “It’s not hard to make a prediction about any new technology that has a gee-whiz feel to it,” says Lindstrom. “Popularity breeds insecurity, and new technology is never invulnerable.”

McAfee’s report also said that attacks against Adobe Systems (ADBE) software, including Acrobat image-viewing tools and Flash technology for online video and animation, would become the most common type of attack on application software in 2010. Indeed, Adobe’s software might even become a more common target than Microsoft’s (MSFT) Office suite, McAfee said. “Adobe takes the security of our products and technologies very seriously,” Adobe said in an e-mailed statement. “We use any new insights gained from the data included in the various security vendors’ threat reports as part of our ongoing work and commitment to best protect customers.”

The report also warned of increased threats against users of social networks such asFacebook and Twitter, including the use of software that shortens Web addresses in order to mask links to malicious sites.

Twitter works with and other URL-shortening Web services to block malicious links sent via those sites, Twitter said in an e-mailed statement. Facebook said in an e-mailed statement that its computer systems can detect accounts likely to be used for malicious purposes and then delete nefarious messages sent on the site. Facebook also worked with Microsoft to stem the spread of a 2008 virus that had infected Facebook users by updating Windows’ users’ PCs.

About the author