Don’t underestimate Google – Canadian Government Executive

NEWS

SEARCH

BusinessICTManagement
November 4, 2015

Don’t underestimate Google

Last week the Wall Street Journal, citing anonymous sources, reported that Google “plans to fold its Chrome operating system for personal computers into its Android mobile operating system.” Journalists, bloggers, and security professionals quickly jumped on the bandwagon to condemn Google for a bad decision. Some valid points were made, but overall the media frenzy has been an exercise in jumping to conclusions.

There are three rings in this circus: The Chrome operating system, Android, and the larger topic of operating system security.

The Chrome OS situation is simple. A Google spokesperson confirmed that it is not going away. Chrome OS was designed as an operating system to meet the needs of low-cost, browser-centric PCs. It makes no sense to use Windows, OS X, or a full Linux install if all the user wants is a web browser. Chromebooks have proven successful in the education sector, some people love them as a second notebook for travel, and the operating system’s superior security characteristics make it suitable for some business applications. Chrome OS is open source and the WSJ article indicates that “Google engineers will continue maintaining it.” Even if Google drops support, Acer, Asus, Dell, HP, Lenovo, and Toshiba all sell Chromebooks and have a strong incentive to take over the open source operating system.

The Android situation is more complex. This operating system was originally developed for phones and tablets. Until recently, Android’s only significant competition was Apple iOS. However, Microsoft’s strategy to turn Windows into a mobile operating system began with Windows 8 and has come to fruition. Windows 10 runs on desktop PCs, notebooks, Surface tablets (positioned as a desktop and notebook replacement), and even imported $200 tablets. This positions Windows 10 as a serious threat to Android’s market share. It makes perfect sense for Google to respond by expanding Android capabilities to include PCs.

Microsoft’s challenge was to adapt a traditional keyboard and mouse (or trackpad) operating system to function in a touchscreen environment with lower-power processors and less RAM. In this respect, Google has a significant advantage; Android was originally designed for touchscreen and a constrained computing environment. It makes perfect sense to leverage the keyboard, mouse, trackpad, and USB capabilities in Chrome OS. Google engineers are intimately familiar with them and they are already designed for lower-end devices.

Google’s spokesperson had no news to share with respect to Android. That’s not surprising given that the WSJ reported that, “The company plans to unveil its new, single operating system in 2017.” I doubt that Apple and Microsoft are going to share their 2017 strategy, even if possible details leak.

It is understandable that people familiar with the security properties of Android might believe Google is heading in the wrong direction. But it is also important to keep in mind that the WSJ article is based on information provided by anonymous sources. Important context is missing.

The topic of operating system security is complex and multidimensional. Discussions often resemble religious arguments influenced by vendor preference instead of objective security assessments. Many people are passionate about the products they buy. Also, a standard for operating system security has yet to be developed; a consensus has not even been reached on what criteria should be used.

It is easy to label Chrome OS as the most secure notebook operating system. It has a small attack surface, is automatically updated from a single source, is designed to be secure by default, but includes the least functionality. If the application is surfing the web and webmail, Chrome OS is likely the safest operating system to use. However, it has limited offline functionality and very little software can be installed.

OS X users have long touted the security virtues of Apple’s operating system, pointing to malware infection rates that approach zero and UNIX-based privilege management. OS X El Capitan, the latest release, adds features such as System Integrity Protection to prevent modification of the operating system, even by the root user. OS X has good overall security properties, but with less than a ten per cent market share, and not being the dominant operating system used in corporations and governments, OS X is a less profitable target for malware developers and other cybercriminals.

Windows has traditionally taken the brunt of attacks. Much of the reason is marketshare; criminals have a strong profit motive. But Windows also had the least mature security controls. User Account Control (UAC) helped, and Windows 10 includes several security enhancements such as better support for multi-factor authentication, data separation, and trusted application controls. Microsoft is clearly improving the product, but it is difficult for them to address one significant source of risk: user behaviour. As long as administrators continue to perform daily tasks with excessive privileges, and users click “Yes” on every UAC dialog without considering the implications, devastating compromises will continue.

iOS, Apple’s mobile operating system, has had its share of security flaws. Some developers complain bitterly that closed-source iOS has no option to run code from non-Apple sources. Unless users jailbreak their devices, Apple retains tight control of the entire ecosystem. But it is precisely that control which protects the vast majority of iOS users from malware and allows Apple to respond quickly if a malicious app slips through their vetting process.

Android, on the other hand, has not fared as well. A 2014 report by Alcatel-Lucent’s Motive Security Labs division revealed that, “in the second half of 2014 alone, there were as many Android devices infected with malware as Windows laptops.” The obvious reasons are that Google does not control the hardware and software ecosystem. Current Android devices have a check-box, “Allow installation of applications from both trusted and unknown sources.” Users are given the option of opting-out of security controls. Mobile device vendors may or may not release security updates as Google makes them available. There are also human factors; users who wish to tinker with their phone or tablet operating system usually prefer open-source Android over proprietary iOS.

From a security perspective, the Android of today might be the worst choice for a notebook or desktop operating system. But what if Google’s plan includes leveraging Chrome OS to make Android more secure?  Google developed Android and it has a poor security reputation. Google developed Chrome OS and it has the smallest attack surface of any OS delivered on a notebook. The company undoubtedly learned a lot from both operating systems and watching their competition. It is fine to maintain a healthy level of skepticism, but when it comes to the future of Android don’t underestimate Google.

About this author

Eric Jacksch

Eric Jacksch

Eric Jacksch is a leading cybersecurity analyst with over 20 years of practical security experience. He has consulted to some of the world's largest banks, governments, automakers, insurance companies and postal organizations. Eric is a regular columnist for IT in Canada and was a regular columnist for Monitor Magazine and has contributed to several other publications.

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Business
 
Canadian Government Executive Media (CGE) and CATAAlliance , Canada’s one voice for...
 
Water is essential to sustain all forms of life and more...
 
Security professionals have an obligation to communicate risks and recommendations to...
 
During the past decade, the international university-level student population in Canada...
 
Professionals, managers, and executives in the cost estimation industry can gain...
 
Canadian Government Executive kicked off its CGE Leadership Series for 2017...
 
A new study from the Conference Board of Canada gives our...
 
As the 5th largest agricultural exporter on the planet, Canada plays...
 
In this episode, hear more about how Canada is a prime...
 
In the recent June issue, we published a captivating piece by...
 
The October issue of Canadian Government Executive on Focusing on Customer...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Please to view this Content. (Not a member? Join Today! )...
 
Executive compensation is considered to be a central component of corporate...
 
Open source was established around the ethos of sharing and collaboration....
 
In December last year, a privately owned aerial drone crashed into...
 
By Gregory Richards A recent study by McKinsey Global Institute suggests...
 
Last week the Wall Street Journal, citing anonymous sources, reported that...
 
Written by Donald Farmer Too often, we base Business Intelligence today...
 
Written By Chris Brown To deliver results that senior executives value,...
 
Written By Jason McNaught Contrary to what you may have heard,...
 
Written by  Gail Vallance Barrington Anyone who has commissioned a program...
 
“Public institutions are the cornerstone of our democratic system” is the...
 
Please to view this Content. (Not a member? Join Today! )...
 
A neuromarketing study examines exactly how much life direct mail continues...
 
As one of the U.S. Defense Department’s largest acquisition organizations, Program...
 
Many people say that managing projects is all about managing people...
 
Some of us can only dream of being 20 years old...
 
“With SMARTnership, we have to look into communication, being trustworthy, convincing...
 
Wreaths are placed at the naming ceremony for the new Canadian...
 
Barry Shepherd, the principal surveyor and client support manager for Central...
 
In 2012, the province of Prince Edward Island held a business...
 
The challenges city leaders now face require creativity and innovation. Many...
 
Depending on how you count, 10-20 percent of all Canadian public...
 
In a 2011 white paper published by the Internal Federation of...
 
For the last few years, governments around the world have been...
 
Compensation is often raised as a key tool that can either...
 
The Canadian mining industry is responsible for over 4.5 percent of...
 
Governments throughout Canada are facing a number of challenges, from reducing...
 
Since its founding, Canada has looked either east to Europe or...
 
It is a good management practice to review programs and activities...
 
Few things catalyze infrastructure faster than a major international sporting event....
 
What can you say about the future of long range public...
 
In Canada, it seems like any discussion of copyright quickly turns...
 
We live in a time when physical and digital infrastructures built...
 
How are leaders responding to a competitive and economic environment unlike...
 
We live in times of significant demographic and technological transition across...
 
Public-private partnerships (P3s) have become increasingly important in Canada at both...
 
Les citoyens souhaitent expliquer aux politiciens et aux décideurs ce qu’ils...
 
The need for better accountability has led Treasury Board to enforce...
 
It begs the question: Are federal real property professionals ready to...
 
With an annual deficit of $36.2 billion, the federal government is...
 
It now appears that Canada will emerge earlier than expected from...
 
Strong portfolio management is increasingly important in today’s interconnected world....
 
Early in 2011, the National Quality Institute (NQI) board of governors...
 
The Public Service Modernization Act, which came into force in 2005,...
 
In the current economic climate, the finance function role in the...
 
We live in exciting times: an unprecedented level of innovation is...
 
Saskatchewan’s oil and gas sector is booming, and the amount of...
 
The Economic Action Plan showed how much can be achieved when...
 
Public Works and Government Services Canada has a new and innovative...
 
Citizens may not always look forward to applying and paying for...
 
Maintaining and investing in water and waste water treatment facilities, roads,...
 
Stakeholders and media are currently focusing substantial attention on executive compensation....
 
The spectre of wrongdoing within a department can send chills down...
 
Il n’y a pas si longtemps, les Beatles chantaient : «...
 
The Beatles once sang, “You say you want a revolution? Well,...
 
An idea – that’s where it all starts. Entrepreneurs travel a...
 
Please to view this Content. (Not a member? Join Today! )...
 
Quote of the week politicians provide the energy generated by ideology,...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
Canadian Government Executive Media (CGE) and CATAAlliance , Canada’s one voice for...

Member Login

Forgot Password?

Join Us

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.