Netbooks are expected to be "the growth" area for hardware manufacturers in 2009 and beyond.
I have always said, with growth comes risk. Unfortunately, the risk in this case is to the people that use them. Because netbooks are designed to primarily use the Internet, they expose their users to everything that comes with using the Internet, including worms, viruses, cross-scripting, port scanning and e-mail scams. These are the same risks that we face with every other type of computer connected to the Internet. However, the difference is that netbooks typically have lax security, often missing firewalls and anti-virus software.
I predict that netbooks will be the new breeding ground for hackers. We will see customized viruses and worms designed for these devices, which are being marketed to unsophisticated users, people that just need connectivity to the Internet. This type of user typically does not care about security. They just want to connect, get their e-mail, surf the Internet and log off. Even though I said the risk is to the user, we all know that they communicate with the rest of us. That means we are all at risk.
Netbooks are cheap, usually selling for around $300-$500. They are lightweight at 2-3 pounds, and have a small footprint, 7"-10" square. They don't come with CD/DVD drives and use solid-state disks. They can run Windows or Linux natively, but have been hacked to run Android, Mac OS X and FreeBSD. Some of the top manufacturers include Dell, HP, Asus and MSI.
Although netbooks pose a risk to their users, and the rest of us, we will see a steady increase in sales in the next few years. My analysis of these devices is that they should not be used on the corporate network until thoroughly tested and the operating system hardened. There are just too many unknowns and the risks are too high. As security professionals, we should not impede our business partners, but we also need to be cautious and not put the rest of the organization in jeopardy either.