Skip to main content

Do Chromebooks need antivirus protection?

The supervisor handed Jim a Chromebook and said: "Take this home with you and use it to send me updates. We want to minimize the number of visits to the office—anything you can do from home helps keep this place safer. When the pandemic is over, I'd like to have it back in one piece, if possible."

Jim is great at his job, but his reputation with technology skills is somewhat lacking. This should be an interesting experiment.

The Chromebook Jim's supervisor hands him is a low-level laptop running ChromeOS. Because of the minimum hardware requirements for ChromeOS, these laptops are usually a lot cheaper than those running Windows or macOS. Bonus: Chromebooks are user-friendly, so folks with less technical savvy can still navigate with ease.

Not all jobs allow for working from home (WFH)—some have to visit clients or building sites. But for those who can, a Chromebook can be an ideal solution for employers to hand out. They are cheap, fast, and as long as you don't need any complex or specific software to run on them, they can be used for any web-based and administrative tasks, such as reading and sending email, creating progress reports, and preparing information for the billing department.

Chromebook security

Chromebooks are supposed to come with sufficient, built-in security. But is that really true? Can you use a Chromebook without having to think twice about general cybersecurity and anti-malware protection in particular? Or do you need Chromebook antivirus? Let's have a look first at which security features are pre-packed in ChromeOS.

The built-in security features of ChromeOS include:

  • Automatic updating: This is a good feature. No argument there. But it says nothing about the frequency of updates or about how fast updates will become available to counter zero-day vulnerabilities.
  • Sandboxing: Sandboxing is a method to limit the impact of an infection. The idea is that when you close an app or website, the related infection will be gone. While this might be true in most cases, it's wishful thinking to believe malware authors would be unable to "escape" the sandbox.
  • Verified boot: This is a check done when the system starts up to verify that it hasn't been tampered with. But this check does not work when the system is set to Developer Mode.
  • Encryption: This is an excellent feature that prevents criminals from retrieving data from a compromised, stolen or lost laptop, but it does not protect the system against malware.
  • Recovery: Recovery is an option that you can use to restore the Chromebook to a previous state. While this could get rid of malware, it might also delete important data in the process.

While Chromebooks have several built-in security features, none of them are full-proof. The danger is minimized by design, but any motivated cybercriminal could find their way around the checks put in place.

Additional Chromebook security risks

There are some additional arguments that could be made against using a Chromebook antivirus program. Chromebooks can download and run Android apps in emulated mode, which increases their security risk. But additional security protocols should prevent this feature from being exploited. These include the following:

  • The Play Store and Web Store both check the apps before they are admitted. While this may stop many blatant forms of malware, we find a fair amount of adware and potentially unwanted programs in these stores every day. And now and then, more malicious security threats make their way into the Play Store. And then there is the fact that many users will be tempted to install apps that are not available in the Play or Web Stores (yet).
  • Administrator permissions for malware are impossible to get on a Chromebook. While this is true, it does not mean that malware can't get nasty without these permissions. As we have discussed in our blog on how Chromebooks can and do get infected, there are many examples of malware for Chromebooks that are annoying enough without the need to be elevated.
  • Chromebooks are not interesting for malware authors. Again, this may have been true at some point, but the more Chromebooks are out there, the bigger their target audience and the more appealing to focus on that group.

All in all, Chromebook virus protection may not be necessary yet, but there is plenty of malware going around that could ruin your Chromebook experience.

Beware of trusting the OS too much

As we have heard in the past (Macs don't get infected!), some platforms have reputations for being safer even when the truth is the opposite. For example, this year, Mac malware outpaced Windows malware 2:1.

Windows machines still dominate the market share and tend to have more security vulnerabilities, which have for years made them the bigger and easier target for hackers. But as Apple's computers have grown in popularity, hackers appear to be focusing more of their attention on the versions of macOS that power them. There is a good chance that with the growing popularity of ChromeOS-based systems, the same will happen in that field.

And the browser

And let's not forget the weak spot of any OS: its browser. Just the other day, Google removed 106 extensions that were found spying on users. These extensions were all published by the same criminals and were found illegally collecting sensitive user data as part of a massive global surveillance campaign.

Awake Security, which disclosed the findings late last week, said the malicious browser add-ons were tied back to a single Internet domain registrar, GalComm.

This campaign and the Chrome extensions involved performed operations such as taking screenshots of the victim device, loading malware, reading the clipboard, and actively harvesting tokens and user input.

Our advice is that the malware out there today is obtrusive enough to warrant installing extra protection on any device, including a Chromebook. As Chromebooks gain in popularity, cybercriminals will look to profit from them, too. Better to be safe and prepared than to be caught asleep at the laptop.

Stay safe, everyone!

The post Do Chromebooks need antivirus protection? appeared first on Malwarebytes Labs.



from Malwarebytes Labs full article here

Popular posts from this blog

BlackArch Linux - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. It contains over 1800 security and hacking tools. Here is the complete list of tools in the BlackArch Linux: 0d1n : Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. 0trace :  A hop enumeration tool. 3proxy : Tiny free proxy server. 3proxy-win32 : Tiny free proxy server. 42zip : Recursive Zip archive bomb. a2sv : Auto Scanning to SSL Vulnerability. abcd : ActionScript ByteCode Disassembler. acccheck : A password dictionary attack tool that targets windows authentication via the SMB protocol. ace : Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface ad-ldap-enum : A LDAP based Active Directory user and grou...

Mobile Security Framework (MobSF) - An All-In-One Mobile Application Security Assessment Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. Screenshots: Static Analysis - Android Static Analysis - iOS Dynamic Analysis - Android APK Web API Viewer Requirements: Mac: Install Git Install Python 3.6 - 3.7 (3.8 is not supported) macOS Catalina users must uninstall existing python3 and install the one from Python.org . After installation, go to /Applications/Python 3.7/ and run Install Certificates.command and Update Shell Profile.command Install JDK 8+ ...

Maltrail - Malicious Traffic Detection System

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. https://ift.tt/1O9qs2Q for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in the discovery of unknown threats (e.g. new malware). Requirements: To properly run the Maltrail, Python 2.6.x or 2.7.x is required, together with pcapy (e.g. sudo apt-get install python-pcapy). There are no other requirements, other than to run the Sensor component with the administrative/root privileges. The following (black)lists (i.e. feeds) are being ...