Recently, Malwarebytes announced an antivirus for Chromebooks (through its Android app). But here’s the thing: that’s complete bullshit. You don’t need an antivirus on Chrome OS; I don’t care how they try to sell it.
See, Chromebooks (Note: this applies to Chrome OS in general, but for the sake of simplicity we will continue to use the term “Chromebook”) are inherently secure. That’s one of their biggest selling points—they’re impervious to viruses. To put it simply, viruses on Chrome OS don’t exist. So what’s Malwarebytes selling point? Since Chromebooks can run Android apps, they have the same vulnerabilities as Android devices.
Give me a break. That’s not even remotely true.
Why Chromebooks Don’t Need Antivirus
Like we said earlier, there is no such thing as a virus for Chrome OS. There are several reasons for this, but the main one is because of sandboxing. Every tab you open—be those in the Chrome browser or a standalone web app—runs in a virtual sandbox. That means if the system identifies an infected page, the “infection” only exists within that tab; it has no way of making its way to the rest of the system. And when you close that tab, the sandbox is killed with it. Thus, no infection.
If by some wild chance a type of malware comes along that finds a way out of this sandbox, Verified Boot continues to protect the system. Every time a Chromebook starts up, it checks the integrity of the operating system. If it detects an anomaly—which means any system modification—it will repair itself. The only exception here is if you’ve enabled Developer Mode, which disables Verified Boot and allows modifications to the system. This, of course, isn’t recommended for the majority of users.
Past that, Chromebooks get regular updates, bringing security fixes with each one.
The Malwarebytes Argument
While admitting that Chromebooks are inherently secure, Malwarebytes also somehow claims that they “can still get infected.” This is presumably by Android apps because the version of software it’s marketing for Chromebooks is its Android app. The thing is, Android apps also run in a separate container (sandbox), so anything that happens within the Android environment can’t hurt the rest of the OS.
So, I guess Malwarebytes’ thinking goes something like this: if there are trojans and malware on Android, you can have those same issues on Chrome OS! And while I’m ready to admit they’re not technically wrong, that also doesn’t make them right. You don’t need an antivirus on Android any more than you need one on Chrome OS. In fact, you need one even less on the latter.
Google does a pretty good job of keeping malware out of the Play Store by using Google Play Protect. It scans every app that comes into Google Play for potential threats, then blocks anything that throws up a red flag. It’s not a perfect system—like any similar solution, some threats still make it through, though those are uncommon.
And really, when it comes to Android viruses/trojans/malware, there’s a common thread: third-party app stores. More often than not, users are getting malicious apps from unmonitored app stores or even ones that promote piracy by offering paid apps for free—those types of stores are just asking for trouble. You know, the kind that uses legitimate apps like PayPal to steal money from you. The bad stuff.
All that is to say one thing: if you don’t use third-party app stores on your Chromebook (or Android device!), guess what? There’s a very small chance you’ll ever need an antivirus. Very small. To make matters even simpler, you can’t install third-party app stores (or any other application) on a Chromebook without first enabling Developer Mode—sideloading of applications is blocked by default on Chrome OS for security purposes. In other words, Chromebooks are inherently protected against most Android threats by default, and it takes quite a bit of additional work before you can bypass this protection.
Okay, So Does Malwarebytes Do Anything on Chrome OS?
Well, yes and no. It does offer “virus protection” that scans every new Android app installed for any malicious intent. But that’s what pretty much every antivirus on Android does. The good news is that Malwarebytes at least detected the test virus I installed from Google Play to verify it worked.
Beyond that, Malwarebytes offers a “security audit” that checks your device’s settings for any potential security risks—all of which are Android related.
For example, it will let you know if you have Developer Options enabled in the Android settings menu on your Chromebook, but it won’t alert you if your device is in Developer Mode which is a far more insecure setting on Chrome OS machines because it effectively disables most of Chrome OS’ biggest security features. Why? Because it’s running in a sandbox that can’t see the rest of the operating system!
Similarly, it will tell you that your device has “unsecured Android settings” if you’re not using a PIN, Pattern, or Password—options that aren’t even available in Android’s settings on Chromebooks because Chrome OS itself handles those things. But again, Malwarebytes can’t see that, because it’s an Android app and runs in a separate container, segregated from the rest of the operating system.
Plus, it’s just funny that it shows trivial settings like “Device encryption” and “Google Play Protect,” both of which are enabled by default on all Android devices and Chromebooks. Hell, encryption can’t even be disabled on modern devices. It’s just placebo bullshit.
How to Stay Safe on Your Chromebook
As we’ve already established, Chromebooks are pretty dang secure right out of the box, so it’s not that difficult to keep your ‘book safe. Still, we have a guide on making sure your Chromebook is as secure as possible.
Outside of the options found in that article, the same rules apply here as on Android, especially when it comes to malware:
- Be smart. Just pay attention to what you’re installing. Google Play Protect does a good job of keeping most malware out of the Play Store, but as I said earlier, some things do get through. So make sure the app you’re installing is legit—read the comments, check the developer, etc.
- Keep Developer Mode disabled. Most users have no reason to ever enable Developer Mode on their Chromebooks, but if you happen to run across a reason to consider it, think long and hard before you make that leap—this will dramatically decrease your Chromebook’s security.
- Keep your Chromebook updated. If you get an update, install it. It’s that simple.
While an antivirus app on a Chromebook may sound like a good idea, it’s just unnecessary. But the good news is that if you insist on using one, it’s probably not going to hurt anything. Sometimes I guess that security blanket is just an unfortunate must.