Last week, Google announced its new Chrome operating system amidst fanfare and excitement throughout the blogosphere. The new operating system is an open-source, Linux-based OS initially targeted at netbooks. I’ve not looked at the Chrome OS up close, but I have no reason to doubt the veracity of their claims of elegance and simplicity, but there’s one claim that Google is making that deserves a response. According to Google’s announcement, they are “completely redesigning the underlying security architecture of the OS so that users don’t have to deal with viruses, malware and security updates.”

Absolute nonsense. The announcement was written by Google’s Engineering Director, but it sounds more like it was written by their Marketing Director. No security expert in his or her right mind would claim that any operating system, open source or otherwise, is completely bullet-proof and immune to malware. It’s just not gonna happen. We’ve heard the same claim from Apple for years, but the fact is, the Mac is not immune to malware any more than a Chrome system, or for that matter, a Windows system. There are fewer Mac intrusions, but it is certainly possible for penetrate one and it is certainly possible for a hacker to create a Mac virus. There are more Windows machines, so opportunistic hackers simply realize that there is more economic incentive to attack those instead. The same principle applies to Chrome. How many people, in reality, will roll out the Chrome OS over the next few months? In the big picture, it’s likely to be a fraction of a percent of all PC users. As a result, the greatest protection afforded users of Chrome OS will be security through obscurity. Hackers just won’t be paying attention to it.

Beyond that, it’s simply impossible to create a foolproof operating system that is immune to all viruses. It is possible to make an OS more secure, and it’s done all the time. Some hardware firewall devices run on “hardened” OS platforms that are exceedingly difficult to penetrate. But to make one that is absolutely secure? Foolproof, and user-friendly to boot? Impossible. For one thing, malware writers are constantly at work, constantly innovating, and constantly looking for new vulnerabilities that weren’t considered by the OS’s engineers. That’s why patches and security updates are a good thing–because it’s not possible to consider absolutely every possible vulnerability at the get-go. For Chrome to say that users “won’t have to deal with” security updates frankly is a frightening thought. Nuisance though it may be, security updates are what keeps us a step ahead of the bad guys.