Chrome as a browser may have plenty of users, but Chrome OS surely does not. Google hasn’t released firm numbers, but there are reports that suggest sales are in the thousands, and shipments are only in the hundreds of thousands. While that may not be good news for Google’s hardware partners Samsung and Acer, it is certainly good news for users of the operating system.
It’s practically a rule in the security world: If you have enough users, hackers will attack your platform. It’s why Microsoft has had to deal with security and anti-virus software for years, and why the spotlight is now on security and OS X. It’s why the antivirus industry has grown into a multi-billion dollar industry.
The good thing is, though, that the inverse of the rule is also true. If you don’t have enough users, hackers will largely ignore your platform aside from technological challenges by researchers. That’s why “the most secure platform around” was OS X (until recently), and why we don’t hear much about the security of Linux.
As well-respected security researcher Charlie Miller said, “Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.” For Chrome OS, it’s like living in a castle surrounded by a moat and drawbridge, on an iceberg in the middle of the ocean, holding a shotgun.
In addition, Chrome OS also has a number of redundant security features built in to the hardware and operating system itself. For example, Chrome OS has Sandboxing built in from the ground level, which forces processes like Web apps to run without knowledge of what else is going on.
Sandboxing is something that OS X is slowly adopting now, and that Windows is also planning on rolling out with the release of Windows 8. This means that Chrome OS has the upper hand already, and as an added bonus doesn’t have to deal with adopting its legacy code for new features.
Aside from Sandboxing, Chrome OS also includes security features that lock down the platform even more. It includes Verified Boot, which checks to make sure that the operating system and kernel have not been changed or corrupted. If they have been, the Chromebook will swap out for a clean, uncorrupted backup.
Then there is the natural security inherent in the Web. In layman’s term, each website exists in its own little world, independent from other websites unless the creator decides to tie the two together. This means that between tabs, there is no interaction, and that even if you open up a website with malware on it, the combination of sandboxing and isolation means no damage can be done.
The final big security feature for Chrome OS is the auto-updating, which almost merits a post of its own. When the notebook is ready to be updated, it downloads the update in the background and then lets you know when the computer needs to be restarted. Restart, and you’re done. During the update process, the computer checks to make sure that the update isn’t corrupted by an attack. These redundant layers of security make the operating system incredibly secure.
With all of these features, Chrome OS still isn’t 100 percent secure. Researchers have hacked into the system, and opened it up to attack. However, there is no reason for a hacker or malware creator to spend time finding a flaw in the OS at this point, as it will provide little return on the time investment, in part due to the redundancy in the security of the operating system, and in part due to the lack of sufficient users.
Even if a hacker did decide to hack the operating system, all that a user would need to do to solve the problem is restart the computer. Yes, there could be data loss in the interim between the malicious code running and the user hitting the restart button. But it wouldn’t be a full data-breach like what would happen if a virus got access to your Windows or OS X filesystem. On top of this, Google would eventually just release another update that would make the attack meaningless. And with Chrome OS, the updates are frequent.
Security may not seem like it would impact the day-to-day usage of the normal user, but it does. It’s a peace of mind knowing that what you are using will always be secure, and that the company behind it has promised near-absolute security. It’s even more peaceful to know that even if the worst happens, the data isn’t on the computer. That’s something you don’t really find with other platforms.
[Illustration by Hallie Bateman]