Will Google’s OS Make the Desktop Safe?

Google says that its forthcoming Chrome operating system will be so secure that “users don’t have to deal with viruses, malware and security updates.” But Google’s claim is being met with skepticism within the Internet security world.

“I have serious doubts about their claims simply because an operating system must execute code and malware is code,” says Dave Marcus, director of security research and communications for McAfee Avert Labs.

Like the Chrome browser, Google Chrome OS will be based on an existing open-source project: Where the Chrome browser is based on the open-source Webkit project, the Chrome OS will be based on the open-source Linux kernel. It will be, Google says, a “lightweight” OS that will run on x86 or ARM processors and have a new windowing system. Furthermore, the Chrome OS will be positioned for use on netbooks, which are designed primarily for Internet use. The Android platform will remain Google’s choice for mobile devices.

Room for Improvement

With its Chrome browser, Google did attempt to rethink the browser. It created a new JavaScript virtual machine, V8, arguing that JavaScript today does much more than enable online novelties. JavaScript now runs applications, such as those built by Google itself. Among the optimizations introduced in the V8 engine is a new way of interpreting JavaScript source code so that it runs as machine code within the CPU. Thanks to another optimization, V8 also knows where the JavaScript pointers are, eliminating the need for repeated searches. But while V8 optimized performance, the Chrome browser hasn’t eliminated the JavaScript threat landscape.

“Malware takes on many forms, including JavaScript malware, which Google’s Chrome is still vulnerable to,” says Robert Hansen, CEO of SecTheory. At last summer’s Black Hat USA security conference, Hansen and Tom Stracener of Cenzic presented a talk showing how they were able to exploit Google Gadgets; they even coined the phrase Gmalware (for Gmodules-based malware) to describe this new class of vulnerabilities.

“Given the sheer volume of security failures found in all of Google’s client-side applications [that] we have assessed, we find it unlikely that Google has suddenly found a silver bullet,” Hansen says.

Rights Are Critical

In designing Chrome, Google started with the assumption that the browser would be compromised. Google therefore structured its rights so that Web apps can run, but they can’t read or write files to the system. For an OS, that concept will have to be carried out across the desktop. Microsoft has wrestled with variable user privileges within Windows, while Linux users, for the most part, operate just fine with limited user privileges. Applications written for the Chrome OS might be further sandboxed so that they too have limited privileges.

A serious unknown is Google’s privacy policy. When the Chrome browser debuted last fall, Google claimed it owned all the content displayed on its browser, but the company quickly backed away from that policy. Google does still collect data entered into the browser’s address bar and search fields, so it’ll be interesting to see what the company chooses to collect from its new OS.

In the end, it may not matter what Google does or does not do with the Chrome OS. Linux, even with commercial editions like Ubuntu and Red Hat, still holds only a relatively small percent of the OS market. Google may not make much progress beyond that. A lot will depend on the demand for new applications designed to run on the Chrome OS and the real and perceived security benefits afforded by its design.

“We urge caution against using any of Google’s products if security is paramount,” Hansen concludes.