With the launch announcements of various Google Chrome netbooks, the focus of the press and security companies alike is beginning to take a closer look at the security promises made and also at some of the more ’media friendly‘ statements such as, “…users don’t have to deal with viruses, malware and security updates”.
Let’s have a look at some of the security features of Chrome OS:
1 – Get out of my playpen. Each process runs in its own sandbox. Effectively this means that if an application is malicious or compromised, it is unable to interact with or otherwise affect other applications or processes on the system.
2 – Always up-to-date. Automatic updating, patches or feature updates will be downloaded and installed by default. This is a mandatory process designed to stop the user from opting themselves out of security.
3 – Always start with a clean slate. When Chrome OS is started up, it will check the integrity and validity of system files; if it detects any anomaly or unauthorized change, the system will revert to the known-good state, effectively neutralizing any suspect activity at every reboot. The separation of user files and system files makes this a simple and effective process.
4 – (Almost) No desktop applications. Every application in Chrome OS will run inside the browser; discrete desktop applications will simply not exist; all apps are effectively web apps. The OS does afford the possibility of browser plug-ins locally so the end user still has some influence over the operating environment. These plug-ins of course will be sandboxed. Google has recently made a Software Development Kit available for the creation of Chrome “Native Apps”
5 – Nothing to see here. No user data is stored locally on Chrome OS machines. All user data is stored in the cloud and encrypted; theoretically data theft by malware or intrusion is made more complex.
So, what do I think? Well, the existence of the SDK seems to demonstrate that the “sterile environment” of an out-of-the-box Chrome netbook may be about as long lived as an untouched Android device. Of course the sandboxing technology is designed to ensure that even a bad native app can’t misbehave. Well, exploits that break out of sandboxing have already been demonstrated for Internet Explorer, for Java, for Google Android and of course, for the Chrome browser (to name but a few). While the Google sandbox is effective, it is not impenetrable, and to rely on it for 100% security would be short-sighted.
Regarding the notion of the operating system always reverting to a known good state at reboot and the security afforded by encrypted data being stored in Google’s cloud, surely that’s just moving the goalposts for the bad guys. For much of today’s malware, one of the primary goals is persistence. This will be much more difficult ( I hesitate to say impossible) in the Chrome OS environment, so the motivation will shift. If I can infect you for one session and steal your keys, well then I’ll get what I can while I’m in there and then continue accessing your stuff in the cloud. After all I’ve got your keys now, I don’t need your PC anymore. The beauty of that for criminals is that the victim may be even more unaware than they are now that they have been compromised.
While I applaud the impressive advances in security that are apparent in Chrome OS, to a certain extent we are seeing marketing history repeat itself. How often did the mantra that MacOS was immune to malware need to be repeated until the vast majority of users believed it and continue to do so, even after Apple went as far as incorporating rudimentary AV software into MacOS?
Criminal activity extends far beyond file-based threats, encompassing social engineering, phishing, social networks and email borne threats. The palette is continually expanding and the techniques are continually evolving, to assure your customers that they will not have to deal with online cybercrime if they simply switch to a new OS is foolish, to say the least.
Ed. note: Trend Micro would like to know what you think about this. We enthusiastically invite your comments and we will read every one of them. For very detailed information: