Google says that its forthcoming Chrome operating system will be so secure that “users don’t have to deal with viruses, malware and security updates.” But Google’s claim is being met with skepticism within the Internet security world.
“I have serious doubts about their claims simply because an operating system must execute code and malware is code,” says Dave Marcus, director of security research and communications for McAfee Avert Labs.
Like the Chrome browser, Google Chrome OS will be based on an existing open-source project: Where the Chrome browser is based on the open-source Webkit project, the Chrome OS will be based on the open-source Linux kernel. It will be, Google says, a “lightweight” OS that will run on x86 or ARM processors and have a new windowing system. Furthermore, the Chrome OS will be positioned for use on netbooks, which are designed primarily for Internet use. The Android platform will remain Google’s choice for mobile devices.
Room for Improvement
“Given the sheer volume of security failures found in all of Google’s client-side applications [that] we have assessed, we find it unlikely that Google has suddenly found a silver bullet,” Hansen says.
Rights Are Critical
In designing Chrome, Google started with the assumption that the browser would be compromised. Google therefore structured its rights so that Web apps can run, but they can’t read or write files to the system. For an OS, that concept will have to be carried out across the desktop. Microsoft has wrestled with variable user privileges within Windows, while Linux users, for the most part, operate just fine with limited user privileges. Applications written for the Chrome OS might be further sandboxed so that they too have limited privileges.
In the end, it may not matter what Google does or does not do with the Chrome OS. Linux, even with commercial editions like Ubuntu and Red Hat, still holds only a relatively small percent of the OS market. Google may not make much progress beyond that. A lot will depend on the demand for new applications designed to run on the Chrome OS and the real and perceived security benefits afforded by its design.
“We urge caution against using any of Google’s products if security is paramount,” Hansen concludes.