Five reasons Google Chrome OS Security Wins
Chrome OS' reliance on a password is a major security problem, but in other ways it has great security. Here's why.
Google's Chrome OS has many virtues. Based on a solid foundation of Ubuntu Linux, it uses the Chrome Web browser as its interface to any and all applications. Chrome OS is also not so much a Windows replacement, as it's an attempt to get rid of the entire traditional idea of a PC desktop. If Google is successful with this, one big reason will be its vastly improved security.
Before I go into why Chrome OS will be much more secure than Windows, I have to point out that Google has one big, honking huge security problem to fix first: it's reliance on the fatally flawed login/password model. If they can beat that problem, then Chrome is likely to be most secure 'desktop' operating system we'll have ever seen. Here's why.
First, Google accepts that it's impossible to make an absolutely secure operating system. They use a phrase to describe this design philosophy that I think every developer should have tattooed on their hands: "The perfect is the enemy of the good." In other words, Google won't waste its time on trying to find some perfect system that only exists in fantasy. Instead, Google is spending time on making the best practical security system. This is how it plays out.
1. Harden the operating system
Chrome developers are using a variety of Linux security techniques to minimize how much system access any given program will have and to reduce the number of exposed attack surfaces. In addition, Chrome OS is adopting a defense in depth (PDF Link) approach. The core idea here is that you use multiple layers of security so even if someone breaks in at one point, they're faced with yet another security barrier.
Google is using multiple methods to harden Chrome, but I'm going to glance at just two here. One, namespaces (PDF Link) is rather old. The other, cgroups (Control Groups), is quite new, but the pair have similar goals. In each, the idea is to isolate a hierarchical collection of tasks, cgroups, or a set of processes, and process trees, namespaces, from unlimited access to the system.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Laptop screen and keyboard + TV like instant on. :-)
But with netbook prices and bullet proof security... sounds like a winner.The login/password problem is difficult because the only solution is unpleasant long passwords.
Google will see this as a bar to adoption.
They could refuse dictionary words and phrases under 12 characters (maybe with a nice wizard that alters your phrase to make it better) but it would annoy a lot of users who would just use a post-it note or not use the service at all.
This also does not stop phishing.
ChromeOS is the desktop
> as it's an attempt to get rid of the entire traditional idea of a PC desktop.It seems to me that this does not get even close to what can or will happen.
ChromeOS, and others that are similar, does not get rid of the 'desktop' so much as make it portable. While one can use, say, Google as the 'cloud' for running applications there is no need for this. Consider Opera Unite where the browser is used on the desktop machine to access applications and it can serve these to others. By combining a desktop machine with a netbook that attaches back to your own desktop from anywhere in the world you will have both while maintaining control over your own data.
Lets Play the Game
Lets take this point by point1. Harden the Operating System: If it wasn't so pathetic I would probably laugh.
A) Since the majority of the operating system will be housed on a server that is running a Operating System to server up Chrome OS it now lows a single point of attack for multiple netbooks running Chrome OS. Chrome OS is for a Net Appliance there for the only real instructions during boot are to point the net book at the server to get the Operating System to run the netbook.
B)Since google uses Apache and Linux to run their servers it doesn't take rocket since to figure out how to avoid any security set by Google. Linux and Apache source code is freely available and anyone with enough knowledge of C++ will be able to read it and find the security holes.
2. Sandboxing the Operating System: Yes very effective security except it is used in conjunction with other security steps such as firewalls, user access control list, antivirus protection and other security appliances on the market. Sandboxing with in itself does not work.
3. Locking down the file system: If the first two points can be compromised what good does this do? And there is also the point that all it takes to get around the security of the Lock down is to hack GRUB and change the password. Something that is typcially taught in intro to Linux classes because some student forgets their password.
4.Secured and Automatic Updates: This is the only one I will agree with. Since the Main structure of the OS resides in the cloud therefore a server they can run updates while the user is offline. Actually probably the best idea for Chrome OS.
5. Verified Boot: This is actually quite funny. The hardware only knows what it is being told and since bios loads before the Operating System, and in the case of Chrome will probably point the netbook/pc at the server to load the operating system what is it going to verify?
Finally the entire article once again reads like a Linux fanboy cheer then an actual IT article. Outside of writing about technology and such I did not see anywhere in your bio where you have the expertise in the IT field. Do everyone a favor and go talk to the people that actually have a science degree in computers before writing fanboy cheers.