Netbook security risks?

I'm typing this post on the Acer Aspire One that I've been using nonstop since Acer sent me a review unit and just read an interesting article in PC World Canada about the potential security risks associated with netbooks. The author calls netbooks a "potential security nightmare," citing a number of factors that make them a challenge for IT departments. I figured this was a worthy read since I'm pitching the use of netbooks to solve a variety of problems for Ed Tech rather than create more problems than we already have.

In fact, the article contains some good points, the most important of which relate to the use of Windows XP Home on the majority of netbooks sold (especially in the States, where Windows is especially entrenched). Not exactly known for its high security, Windows XP Home (and even XP Pro, if you can get a netbook with it installed) generally requires some sort of anti-malware software.

Minimized hardware resources force ultraportables -- and their users -- to cope with weakened system software. Most models ship with a stripped-down Linux operating system or, in some cases, Microsoft Corp.'s previous-generation operating system, Windows XP. Newer and more capable operating systems, which also tend to have the latest internal security safeguards, demand processing and storage power that ultraportables typically lack, Wolfe notes.

Ultraportables' reduced resources also limit their ability to run add-on security software, such as data encryption and anti-malware tools. With processing power, internal memory and storage space all at a premium, it can be difficult -- sometimes impossible -- to squeeze security software onto an ultraportable. "As a result, the machines are often sent out into the world with little or no protection," [says Brian Wolfe, a security analyst at Lazarus Technologies Inc., an IT consulting service in Itasca, Ill.] .

Although regular readers will know my *nix preference and even the most diehard of Windows users will usually acknowledge that there is simply less malware floating about for Linux, even my little Aspire One wasn't without its vulnerabilities. Linpus Linux (installed on the Aspire One) shipped with an older and unsecured version of Firefox (although the appropriate patch file was available on Acer website and can also be installed direct or via Fedora's repositories). While Linpus does a nice job of providing a simple dashboard for novice users, security updates are few and far between. Ubuntu, OS X, and XP/Vista users will be familiar with the frequent security updates of which they are regularly notified.

Similarly, as th author points out, "most ultraportables aren't designed to be managed centrally and therefore can't have their solid-state drives remotely wiped clean of data in the event of loss or theft." While confidentiality isn't as much of an issue for student laptops, central management utilities and easy ways to wipe and restore the laptops are very important in educational settings.

So what are we to do? These little guys are cheap and easy to use. They're perfect for little hands and work pretty darn well for adult hands, too. They're so cheap, in fact, that they are nearly disposable and a developing ecosystem just might allow them to handle a lot more textbook and educational content. I really want these things to work; they seem like an ideal solution in a lot of ways.

My first thought is to toss an updated OS onto them. At the moment, I'm creating a live USB boot drive with Fedora 10 using UNetbootin (see their Sourceforge page for details; essentially the software creates USB boot disks from Linux disk images, allowing the creation of dual boot systems without optical drives). I'll post on Monday how that works and if performance is at all acceptable with a larger distro like Fedora. If it works, then Unetbootin will also give us the tool we need for easy deployment.

The other piece of the solution is to, at least, stick with Linux on netbooks deployed in schools, using them as thin clients to a Windows Terminal Server if Windows-only applications are required. While Linpus, among other stipper distros, aren't ideal, again, the volume of malware for Linux is minuscule compared to that for Windows.