So secure we don’t need security?

With the launch announcements of various Google Chrome netbooks, the focus of the press and security companies alike is beginning to take a closer look at the security promises made and also at some of the more, um… media friendly statements such as “users don’t have to deal with viruses, malware and security updates”.
Let’s have a look at some of the security features of Chrome OS:
1 – Get out of my playpen. Each process runs in its own sandbox, effectively this means that if an application is malicious or compromised it is unable to interact with or otherwise affect other applications or processes on the system.
2 – Always up-to-date. Automatic updating, patches or feature updates will be downloaded and installed by default, this is a mandatory process designed to stop the user from opting themselves out of security.
3 – Always start with a clean slate. When Chrome OS is started up, it will check the integrity and validity of system files and if it detects any anomaly or unauthorised change, the system will revert to the known-good state, effectively neutralising any suspect activity at every reboot. The separation of user files and system files makes this a simple and effective process.
4 – (Almost) No desktop applications. Every application in Chrome OS will run inside the browser, discrete desktop applications will simply not exist; all apps are effectively web apps. The OS does afford the possibility of browser plug-ins locally so the end user still has some influence over the operating environment. These plug-ins of course will be sandboxed. Google has recently made a Software Development Kit available for the creation of Chrome “Native Apps”
5 – Nothing to see here. No user data is stored locally on Chrome machines. All user data is stored in the cloud and encrypted, theoretically data theft by malware or intrusion is made more complex.
So, what do I think? Well, the existence of the SDK seems to demonstrate that the “sterile environment” of an out-of-the-box Chrome netbook, may be about as long lived as an untouched Android device. Of course the sandboxing technology is designed to ensure that even a bad native app can’t misbehave. Well, exploits that break out of sandboxing have already been demonstrated for Internet Explorer, for Java, for Google Android and of course for the Chrome browser (to name but a few), while the Google sandbox is effective, it is not impenetrable and to rely on it for 100% security would be short-sighted.
As regards the notion of the operating system always reverting to a known good state at reboot and the security afforded by encrypted data being stored in Google’s cloud, well surely that’s just moving the goalposts for the bad guys. For much of today’s malware, one of the primary goals is persistence. This will be much more difficult (see how I hesitate to say impossible) in the Chrome environment, so the motivation will shift. If I can infect you for one session and steal your keys, well then I’ll get what I can while I’m in there and then continue accessing your stuff in the cloud, after all I’ve got your keys now, I don’t need your PC anymore. The beauty of that for criminals is that the victim may be even more unaware than they are now that they have been compromised.
While I applaud the impressive advances in security that are apparent in Chrome OS, to a certain extent we are seeing marketing history repeat itself. How often did the mantra that MacOS was immune to malware need to be repeated until the vast majority of users believed it and continue to do so, even after Apple went as far as incorporating rudimentary AV software into MacOS?
Criminal activity extends far beyond file-based threats, encompassing social engineering, phishing, social networks and email borne threats. The palette is continually expanding and the techniques are continually evolving, to assure your customers that they will not have to deal with online cybercrime, simply by switching OS is foolish to say the least.

10 thoughts on “So secure we don’t need security?

  1. Pingback: Chrome os. ¿Estas muy seguro de no necesitar medidas de seguridad? | Blog Smartekh

  2. Pingback: Google Chrome OS: Too secure to need security? • The Register | Linux Info

  3. Pingback: Could Google Repeat Apple’s Security Blunders? | ChromeBytes

  4. Pingback: Could Google Repeat Apple's Security Blunders? | thechromesource - Google Chrome and Chrome OS News and Forum

  5. Pingback: Is Chrome OS An Impregnable Fortress? Not According to Trend Micro | TECHTECHS.CA | IT Professionals in Toronto

  6. Pingback: Is Chrome OS An Impregnable Fortress? Not According to Trend Micro | PCE Groups, LLC

  7. Pingback: Chromebook, cosi’ sicuro che non abbiamo bisogno di sicurezza ? » Italia SW

  8. Larry Seltzer

    Do you know more about the ChromeOS/Linux sandbox than I do? I’ve been trying for a while to get details on the implementation, but the Wiki and other Chromium docs are really old and still look experimental. It definitely looks to me as if the ChromeOS/Linux sandbox is in lesser shape than the Windows sandbox

    While the machine may be reset to a known-good state at bootup, have you considered that the user’s server-based state won’t? Surely it’s possible to infect the user’s state so as to create a non-persistent infection on every machine he runs on

    1. Rik Ferguson Post author

      Very vallid point Larry, there is certainly a lot more research to be done in this area before any claims of no need for security can be validated. As regards the sandbox, nope no further details, guess I should have said “may be” rather than “is”, I didn’t want to seem too negative though, overall I like the concept I’m just concerned that marketing might blind adoptees to their real risks.

  9. MigrationKing

    I truly believe that Google is on to something. If it didn’t truly scare Anti-Virus companies and their age old model of computing. They would not be complaining. Unfortunately, your time has come and as years pass by, you will either adapt or suffer a long…drawn out closure of your business.


Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.