The ‘big news’ of today has been Google’s new OS – which will be aimed at netbooks and desktop PCs. The OS will be essentially use Google Chrome with a new front end, built on top of a Linux kernel.
Will it take off? Personally, I highly doubt that it will get that much adoption outside of the community of people who already use an ‘alternative’ operating system. I have no doubt that a lot of people will buy netbooks or pre-built PCs with it already installed, but, just like with the Linpus Linux powered netbooks, as soon as Joe User realizes it won’t easily run their favourite windows applications, he’ll be taking it straight back to the shop.
The reason I’m posting about this, is because of a statement made on Google’s blog: “the operating systems that browsers run on were designed in an era when there was no web […] we are going back to the basics and completely redesigning the underlying security architecture of the OS to ensure that users don’t have to deal with viruses, malware and security updates”.
The security argument really annoys me. Malicious code can run on Linux too – spend enough time on a Linux user’s forum and you’re bound to encounter somebody telling you to wget something dangerous, or suggesting you forkbomb / rm -f yourself. It may be easier to attack a Windows PC, but if there were enough targets running Linux, script kiddies would turn to that instead. Also, if somehow a Linux variant became the most popular OS, I’m willing to bet that the majority of users would make some silly configuration choices – the root user may not be the default user on most distros, but I know plenty of so-called geeks who run as root because they can’t be bothered to type sudo.
Even assuming Google’s OS is so locked down that it’s somehow impervious to traditional malware and virus attacks, what does that really mean? Advertising the OS as ‘secure’ will just give users a false sense of confidence. The attackers will just continue doing what they always have done – learning new skills and picking new targets. Instead of targeting the desktop, they’ll target the web application. They’ve already done that with malicious Facebook applications and Twitter worms. It doesn’t matter what platform you’re accessing a site from if the site itself is vulnerable.
I don’t mean to defend Windows here, and I’m sure that Google didn’t mean their no ‘viruses, malware, and security updates’ statement in quite the way I’ve seen some people interpreting it on various forums around the web. I just fear that some people see using Linux as meaning “I am 100% Secure!”, without thinking about how when you’re using the Internet, a huge amount of the time your private data is being handled by computers elsewhere in the world, that you don’t own.