Got a free Chromebook - true/false no need for anti-virus?

[kyphysics]

I usually use a regular laptop with Windows. I got a free Chromebook recently and have never used one before.

Thought about givign it away, but feel I could probably just use it myself for on-the-go web browsing.

Read online you don't need anti-virus for a Chromebook. The stated reason was that few viruses target Chromebooks and something about sandboxing.

Question:

Is this considered sound advice. I'm not at all computer literate on these topics. Even if "few" malware/viruses target Chromebooks, doesn't that STILL leave you open to attacks from those rare strains that do? Or, is it so rare as to make it not worth buying anti-virus? And, lastly, does sandboxing 100% protest your Chromebook from attack/malware?

Feel free to talk to me/explain things like I'm a 3rd Grader! Pretty tech illiterate!

ETA: Anyone know if a pawn shop or something like that would buy one of these for decent cash, btw?

 

[FactChecker]

Chromebook was designed from the start with a much stronger defense (sandbox, etc.) against malware and has a much smaller set of applications for a hacker to attack. That makes it much less vulnerable to malware even if it was attacked as much as Windows is. See https://www.cnet.com/news/how-google-chromebooks-became-the-go-to-laptop-for-security-experts/ and https://support.google.com/chromebook/answer/3438631

 

[Dr Transport]

always get anti-virus protection on your machines.

 

[anorlunda]

always get anti-virus protection on your machines.

That's what the marketing department of antivirus products want us to believe.

I like to remember deer whistles. "Put a deer whistle on the bumper of your car and you'll never collide with a deer." So if I had a deer whistle and never hit a deer, does that mean I would have hit one with no whistle?

 

[Dr Transport]

That's what the marketing department of antivirus products want us to believe.

If you touch the internet in any way shape or form, just assume you have been compromised. Better to spend a few $$ and have some piece of mind (nothing is completely fool-proof) than have personal info stolen and hacked from you.

 

[anorlunda]

Better to spend a few $$ and have some piece of mind (nothing is completely fool-proof) than have personal info stolen and hacked from you.

Are you willing to pay your $ to anyone anywhere without proof that it buys you security? If yes, then I have a new invention that you may be interested in.

If you touch the internet in any way shape or form, just assume you have been compromised.

I can support that, but spending my money to buy something does not make me change that assumption.

Unconditional endorsement of products that cost money makes people vulnerable to scams.

 

[mathman]

There are good free anti-virus programs available (minor annoyance - they frequently ask you to upgrade for a fee). I use AVG. Avant is also good. Malwarebytes is also useful in addition (I have this too).

 

[Vanadium 50]

It is true that a Chromebook is more secure than many other popular alternatives. Does that mean there is zero value to an anti-virus? Probably not. Does that mean a given anti-virus is worth the money? That depends.

I'd be more worried about a firewall. I get an attack roughly every three seconds.

 

[anorlunda]

Anti-virus programs need special privileges to run. They might not operate at all on Chromebook. Would you have Chromebook deliberately open up OS vulnerabilities just to make it possible to run an anti-virus software?

Here's one example of the special privileges antivirus programs use. Malware could use the same thing.

Some antivirus software programs, such as Norton AntiVirus, enable a script-blocking feature, which tries to block all calls made by scripts to system objects (such as the Windows file system object) that the antivirus software deems unsafe.

If you start a script as part of post-agent processing, then this antivirus feature might cause unexpected results. If you run antivirus software with a script-blocking feature on the computer where Oracle BI Scheduler is installed, then disable the script-blocking feature to prevent the software from unexpectedly blocking agent script calls.

 

[kyphysics]

There are good free anti-virus programs available (minor annoyance - they frequently ask you to upgrade for a fee). I use AVG. Avant is also good. Malwarebytes is also useful in addition (I have this too).

Actually, this brings up another question:

Can you actually download stuff on a Chromebook?

I thought they were used mainly for browsing the web, email, and using Google "office"-type products (Sheets, Docs, etc.).

I thought you couldn't download and run programs, no?

 

[kyphysics]

Anti-virus programs need special privileges to run. They might not operate at all on Chromebook. Would you have Chromebook deliberately open up OS vulnerabilities just to make it possible to run an anti-virus software?

Here's one example of the special privileges antivirus programs use. Malware could use the same thing.

Thanks for the interesting/enlightening posts, anorlunda.

Not sure I even want to keep the Chromebook now (it was a free product I got for renewing my contract with my internet provider). :)

a.) IF I kept it AND considered anti-virus of some type, is there one you'd recommend for a Chromebook? Or, do you think it's just not needed basically?

b.) ***question for anyone*** I still have it SEALED in the packaging it came with. Do you think I could sell it at "new" price value with it still being sealed?

If it's a super pain to use and not safe, then I think I'd rather just sell it.

 

[Vanadium 50]

Who said it was not safe?

 

[FactChecker]

Android apps run on a chromebook.

 

[anorlunda]

If it's a super pain to use and not safe, then I think I'd rather just sell it.

No, I think we said the opposite.

Android apps run on a chromebook.

Yes, and that confuses me. What is the difference between an app and a software package? Do apps run in a sandbox that restricts their access to the hardware and other software?

Take Norton antivirus for example. Can it's full functionality be delivered as an app? It certainly seems that the full functionality of Norton includes interfering with the freedom of other software on that machine, or inserting itself as a man in the middle between other software and TCP/IP. Can an app do that? Could a firewall be delivered as an app? Can an OS patch be delivered as an app?

 

[FactChecker]

One Chromebook "show-stopper" for me is that all Google products are Single-Sign On (SSO). That is, your password for opening the Chromebook is the same as your gmail password (also Youtube, Google Play, etc.). Changing one, changes them all. I have a personal security policy of using a completely separate, hard to guess, password for my email. I suppose that I can connect to a gmail account that I really don't use, but I have not thought out all the consequences.

 

[anorlunda]

That is, your password for opening the Chromebook is the same as your gmail password (also Youtube, Google Play, etc.). Changing one, changes them all. I have a personal security policy of using a completely separate, hard to guess, password for my email.

I'll second that. I have the same policy, and I was forced to violate that when I got a Chromebook. I really don't see why they can't fix it to allow a separate password for device unlock.

 

[kyphysics]

No, I think we said the opposite.

Okay, thanks for the feedback.

To be clear, you're saying you'd personally NOT use antivirus with Chromebook - nothing at all? And, someone mentioned a firewall. Is a firewall only available via anti-virus?

One Chromebook "show-stopper" for me is that all Google products are Single-Sign On (SSO). That is, your password for opening the Chromebook is the same as your gmail password (also Youtube, Google Play, etc.). Changing one, changes them all. I have a personal security policy of using a completely separate, hard to guess, password for my email. I suppose that I can connect to a gmail account that I really don't use, but I have not thought out all the consequences.

I don't mind that. I use Google Drive, Gmail, YouTube, etc. Same password for everything. Makes it simple.

The thing I actually think feels weird is when sites let you login with Facebook. For whatever reason, THAT feels more weird than all Google products using the same password.

 

[kyphysics]

I guess I cuold use the thing as a web browser at free WiFi places and NEVER log into anything with a password (bank account, email, Facebook, etc.). I could just treat it like my cell phone that I occasionally use free WiFi with at STarbucks.

I suppose that I can connect to a gmail account that I really don't use, but I have not thought out all the consequences.

What about creating a burner Google ID? I think everyone has a burner email, no? For anonymity and spam redirecting, no?

 

[anorlunda]

To be clear, you're saying you'd personally NOT use antivirus with Chromebook - nothing at all? And, someone mentioned a firewall. Is a firewall only available via anti-virus?

I use my Chromebook as it came from the factory. Nothing added, no apps, no changes in settings. Aside from that password complaint, it works well and I have no regrets.

 

[kyphysics]

I use my Chromebook as it came from the factory. Nothing added, no apps, no changes in settings. Aside from that password complaint, it works well and I have no regrets.

Gotcha.

Sort off-topic, but would you feel the same way about Apple products. I was always told you don't need to buy anti-virus with Apple products.

 

[anorlunda]

The only Apple product I own is an iPad. As far as I know, there is no antivirus or firewall available for that. I have installed apps on my iPad, but not on my Chromebook.

Avast offers an iPad product, but the things it does seem pretty marginal.
https://www.avast.com/en-us/free-ios-security

Edit: My idea of the ideal secure computer is one that comes with all software in ROM, and which cannot be altered without physical access to my machine with a soldering iron. Unfortunately, security professionals say that computers that cannot get security patches are not acceptable.

Chromebook does accept updates to ChromeOS. Security pundit Stewart Baker, repeatedly skewers computer companies for refusing to admit that the OS update mechanism is a threat vector.

In the days before Windows, I had a machine from HP that came with no DOS, no Windows, no Unix, no hard disk, but it did have Microsoft Works pre-installed in ROM (word processor, spreadsheet, database). I loved that machine, and I would love to be able to buy one like it today.

Double Edit: I should also mention that after reading several reviews that say that the built-in antivirus and firewall in Windows 10 are very good, I dropped third party products. As far as I know, my Windows 10 computer has never been infected with malware.

 

[FactChecker]

What about creating a burner Google ID? I think everyone has a burner email, no? For anonymity and spam redirecting, no?

I think you are right. In fact, I realized that I DO have a burner gmail that I use when I bring up the Chrome browser in Windows 10 and when I go to Youtube. The big difference is that I would need to make the Chromebook password something that I can remember easily so I can get into the Chromebook. I would have much better security if I activated the two-factor authentication that they advise.

 

[kyphysics]

Double Edit: I should also mention that after reading several reviews that say that the built-in antivirus and firewall in Windows 10 are very good, I dropped third party products. As far as I know, my Windows 10 computer has never been infected with malware.

Woah, really?!

I still use Avast for my Windows based computers. Haven't noticed any virus activity except ONE weird incident I posted about a few months ago.

...on firewalls...is there one built into a Chromebook already? Or, not needed?

 

[kyphysics]

Edit: My idea of the ideal secure computer is one that comes with all software in ROM, and which cannot be altered without physical access to my machine with a soldering iron. Unfortunately, security professionals say that computers that cannot get security patches are not acceptable.

The patches part makes sense, I think.

In the end, I am only guessing some super clever criminal with lots of time on their hands will figure out a way to even get around THAT ideal situation you list.

Kind of an interesting question, though. Can you have a computer design 100% safe?

 

[Dr Transport]

Kind of an interesting question, though. Can you have a computer design 100% safe?

Never let it touch the internet...

 

[FactChecker]

Can you have a computer design 100% safe?

In classified areas, the computers are disconnected from any external network. Any software or data that is brought in is processed in a long procedure of scans. All the electrical lines to phones or external networks are kept a specified distance from the computers. etc. etc.

 

[OCR]

The thing I actually think feels weird is when sites let you login with Facebook.

Lol. . . do you feel weird now ? .

.

 

[kyphysics]

1.) Don't trurst Mark Zuckerberg on privacy and data issues.
2.) Don't like how FB inserts itself everywhere as a login. I know Google does it too.

I trust FB less.

 

[OCR]

1.) Don't trurst Mark Zuckerberg on privacy and data issues.
2.) Don't like how FB inserts itself everywhere as a login. I know Google does it too.

✔ .

.

 

[DrClaude]

Kind of an interesting question, though. Can you have a computer design 100% safe?

Never let it touch the internet...

For those of us who worked with computers before the Internet, this sounds extremely naïve!

Any method of exchanging information with other computers, including floppy disks and thumb drives, poses an infection risk. For a recent example:

https://news.yahoo.com/revealed-how...i-stuxnet-cyber-attack-on-iran-160026018.html

An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive.

 

[FactChecker]

For those of us who worked with computers before the Internet, this sounds extremely naïve!

Where security is the top priority, complete disconnection from the internet is the usual policy. And yes, it really is a pain.

Any method of exchanging information with other computers, including floppy disks and thumb drives, poses an infection risk.

The permission to put new software/data on a computer system can be restricted to system administrators. They can follow procedures that include scanning the incoming software/data on an unclassified computer before it is moved onto the classified system.

PS. Although this level of security can be achieved, it is still not perfect and it is not practical except in the most extreme cases.

 

[anorlunda]

I thought it was a prerequisite of computer security that bad guys have no physical access to the machines.

Of course that leaves the risk of insider actions, but even those can be restricted. One facility I saw put a dab of concrete in all USB ports to assure they would never be used.

That is why upstream supply chain risks are so worrisome. If a bad guy has access to your hardware before you take delivery of it, how would you know?

 

[FactChecker]

Apparently, you can also run Linux apps on Chromebook, including LibreOffice and GIMP.
https://www.computerworld.com/article/3328838/best-linux-apps-for-chromebooks.html

 

[Dr Transport]

We didn't use concrete, we had security seals and if one got broken (and we had to check them every day as part of the security audit at the end of the day) everyone who walked into that room during the day got called back to be interrogated and it wasn't pretty, clearances and employment status were in jeopardy.

And leave it to our best and brightest aerospace engineers and rocket scientists to put super old games on a stand alone computer at a major research lab. That reminds me of the time I hacked together a script to mess with one of the guys. He typed on a keyboard like it was an IBM manual, I mean really hard, and he broke keyboards pretty regularly. So I wrote a script to open up a command prompt when he logged in and when he started typing the command prompt came to the from of the screen and yelled "OW, *** stop hitting me, that hurts". The good old days, I'd get fired for that now.

 

[MikeeMiracle]

Once you get to super secretive / national security stuff you can't just disconnect a computer from a network / internet and do nothing else, you have to secure the entire area. Theer are methods involving monitoring the power usage of the affected PC, picking up magnetic signals from the wires in the CPU, making the screen flicker in a way which is not noticable by humans but can be picked up by security camera's etc. A mobile phone near the computer can pick up these signals.

In a truly secure environment no mobiles or electronics devices with any sensors should get anywhere near the secure PC. In my last work place we had to leave our phones with security on arrival and collect them at the end of the day.