Recently, Malwarebytes announced an antivirus for Chromebooks (through its Android app). But here’s the thing: that’s complete bullshit. You don’t need an antivirus on Chrome OS; I don’t care how they try to sell it.
See, Chromebooks (Note: this applies to Chrome OS in general, but for the sake of simplicity we will continue to use the term “Chromebook”) are inherently secure. That’s one of their biggest selling points—they’re impervious to viruses. To put it simply, viruses on Chrome OS don’t exist. So what’s Malwarebytes selling point? Since Chromebooks can run Android apps, they have the same vulnerabilities as Android devices.
Give me a break. That’s not even remotely true.
Why Chromebooks Don’t Need Antivirus
Like we said earlier, there is no such thing as a virus for Chrome OS. There are several reasons for this, but the main one is because of sandboxing. Every tab you open—be those in the Chrome browser or a standalone web app—runs in a virtual sandbox. That means if the system identifies an infected page, the “infection” only exists within that tab; it has no way of making its way to the rest of the system. And when you close that tab, the sandbox is killed with it. Thus, no infection.
If by some wild chance a type of malware comes along that finds a way out of this sandbox, Verified Boot continues to protect the system. Every time a Chromebook starts up, it checks the integrity of the operating system. If it detects an anomaly—which means any system modification—it will repair itself. The only exception here is if you’ve enabled Developer Mode, which disables Verified Boot and allows modifications to the system. This, of course, isn’t recommended for the majority of users.
Past that, Chromebooks get regular updates, bringing security fixes with each one.
The Malwarebytes Argument
While admitting that Chromebooks are inherently secure, Malwarebytes also somehow claims that they “can still get infected.” This is presumably by Android apps because the version of software it’s marketing for Chromebooks is its Android app. The thing is, Android apps also run in a separate container (sandbox), so anything that happens within the Android environment can’t hurt the rest of the OS.