Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Default Deny VS traditional AVs
Message
<blockquote data-quote="ForgottenSeer 58943" data-source="post: 759221"><p>Linux on Chromebooks runs on a K-VM that was custom designed by Google. There won't be any escaping from that because it not only runs in isolation but there isn't any user space for it to escape to. I believe Android Apps on Chromebooks run in a Crostini and are under true isolation and untrusted mode with no user space access as well.</p><p></p><p>I am unaware of any demonstration of any Linux or Android malware circumventing the K-VM/Crostini on Chromebooks. There eventually could be something, but I highly doubt it. There is a reason Google wrote their own kernal VM and took so long to do it. Also, with verified boot, even if something crossed the isolation barrier, then the NML, then the second isolation barrier the VB would probably trigger an automatic powerwash and reimage.</p><p></p><p>Another good part - Google was the first to push meltdown/spectre mitigations, even in some cases, before the CVE came out. In other cases (like mine) they were never vulnerable due to the more recent ARM chips. I'm fully confident taking my Chromebooks anywhere, including high risk situations. It was generally thought 'almost' impossible to create an environment as secure as Chromebooks just a decade ago that wasn't a purpose designed defense department OS. HPUX, and some custom Linux Distros for govt. like Mandriva.</p><p></p><p>About the most Chromebook gets in terms of attacks are bad web pages or extensions. So the full instructions for malware removal on Chromebooks are 48 seconds. No tools, no toys, no on demand scanners.. Blah.</p><p></p><p>[MEDIA=youtube]GIj_4PHA_Rs[/MEDIA]</p></blockquote><p></p>
[QUOTE="ForgottenSeer 58943, post: 759221"] Linux on Chromebooks runs on a K-VM that was custom designed by Google. There won't be any escaping from that because it not only runs in isolation but there isn't any user space for it to escape to. I believe Android Apps on Chromebooks run in a Crostini and are under true isolation and untrusted mode with no user space access as well. I am unaware of any demonstration of any Linux or Android malware circumventing the K-VM/Crostini on Chromebooks. There eventually could be something, but I highly doubt it. There is a reason Google wrote their own kernal VM and took so long to do it. Also, with verified boot, even if something crossed the isolation barrier, then the NML, then the second isolation barrier the VB would probably trigger an automatic powerwash and reimage. Another good part - Google was the first to push meltdown/spectre mitigations, even in some cases, before the CVE came out. In other cases (like mine) they were never vulnerable due to the more recent ARM chips. I'm fully confident taking my Chromebooks anywhere, including high risk situations. It was generally thought 'almost' impossible to create an environment as secure as Chromebooks just a decade ago that wasn't a purpose designed defense department OS. HPUX, and some custom Linux Distros for govt. like Mandriva. About the most Chromebook gets in terms of attacks are bad web pages or extensions. So the full instructions for malware removal on Chromebooks are 48 seconds. No tools, no toys, no on demand scanners.. Blah. [MEDIA=youtube]GIj_4PHA_Rs[/MEDIA] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
