I was asked to comment on Google Chrome OS (operating system): specifically, on the security model that is being proposed, and on the privacy issues associated with running an operating system in the cloud. You can find the article by Orestis Bastounis of Computeract!ve here: http://www.computeractive.co.uk/computeractive/news/2254227/google-unveils-chrome
It's difficult to speak authoritatively about Chrome OS so far ahead of the projected launch date: last time I was tempted to do that, I was talking about OS X, and that came out looking very different to the specs I was originally looking at. However, it’s an interesting idea, and if you’re happy to go with Google’s “everything over the web” model, it could be viable. Not so much from a technical point of view – I’d want to see much more detail before I’d talk about technical/security viability – but because it would make Google more accountable than they are at the moment.
I would imagine that Google is hoping to have people relying on them for more than the OS. In fact, though, this looks more like a Linux-based restricted/restrictive shell than a complete new operating system, in a way that will probably resemble the way that earlier versions of Window were an operating environment that sat on top of what was essentially MS-DOS). There’s nothing wrong with that approach in principle: there’ve been other moves in the same direction, but Google may actually carry it off.
At least they’re admitting that “the best is the enemy of the good”, which suggests that they’ll go for a reasonably safe completed product rather than waiting forever for the 100% answer that doesn’t exist, or providing an imperfect solution and claiming that it’s perfect.
From that point of view, it might be good to have Google take responsibility across the board. Whether they can actually sustain protection for a monoculture any better than Microsoft is another question… Providing a “safe” GUI to access applications from other sources (especially open source apps, which can range from safe but highly restrictive to “let the buyer beware” and all points between) is going to be tough. (Of course, this is a problem MS also face.)
However, I don’t think they’re running an operating system in the cloud. They’re proposing a multi-layered system with secure defaults, starting from a hardened OS with sandboxing, restricted functionality, and a protected kernel. (See http://sites.google.com/a/chromium.org/dev/chromium-os/chromiumos-design-docs/security-overview.) I don’t hate any of what they’re proposing in principle, but it will be most effective in the context of APIs to Google’s own applications. And that begs a whole lot of questions about what functionality people want and will be able to get, interoperability and so on. Are people willing to accept a closed system in exchange for perceived security? The iPhone is pretty rich in approved apps, but people still jailbreak.
There are certainly security issues around cloudy computing, and they’re not confined to privacy. In my book, they generally centre around:
But it's too early to say how far these issues will affect Chrome OS.
By the way, Randy blogged on Chrome OS a while ago: http://www.eset.com/threat-center/blog/2009/11/16/google-to-launch-%e2%80%9cbob%e2%80%9d
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, ESET