Original URL: http://www.theregister.co.uk/2011/05/27/google_chrome_os_security/

Google Chrome OS: Too secure to need security?

Confident anti-virus-less chocolateers may be repeating Apple's mistakes

By John Leyden

Posted in Cloud, 27th May 2011 11:49 GMT

A leading security researcher has warned that Google risks repeating Apple's mistakes on security with its new Chrome OS.

Google Chrome OS is a Linux-based operating system designed to work exclusively with web applications. Chrome netbooks running the new OS will be available from Google's partners Samsung and Acer from June. In a launch announcement, Google boasted of an end to patching and anti-virus updates woes.

Chromebooks have many layers of security built in so there is no anti-virus software to buy and maintain. Even more importantly, you won't spend hours fighting your computer to set it up and keep it up to date.

Rik Ferguson, a security consultant at Trend Micro, criticised this line as marketing rhetoric. Google risks repeating the security mistakes of Apple, he warns.

Security features of Chrome OS include process sandboxing (so any app is unable to interfere with other apps on a system), automatic updating and a reversion to the last known good state if any problems are detected. This latter feature is possible because user files are stored in the cloud (and encrypted), with only system files held locally.

In addition, every application in Chrome OS will run inside the browser, with only (sandboxes) browser plug-ins running locally.

However this sterile environment is unlikely to last long, not least because Google has created a a Software Development Kit that allows the creation of Chrome "native apps", according to Ferguson, who reckons this open the door towards the creation of malware.

Sandboxing technology ought to prevent any bad apps that are created getting out of their play pen. But Ferguson warns that sandboxing technology is no panacea for security woes.

"Exploits that break out of sandboxing have already been demonstrated for Internet Explorer, for Java, for Google Android and of course for the Chrome browser (to name but a few), while the Google sandbox is effective, it is not impenetrable and to rely on it for 100 per cent security would be short-sighted," he said.

Rebooting laptops and storing data in the cloud is just "moving the goalposts" for scammers, Ferguson further argues. Instead of stealing data on a compromised device, the motivation will shift towards swiping authentication keys. "If I can infect you for one session and steal your keys, well then I'll get what I can while I'm in there and then continue accessing your stuff in the cloud; after all I've got your keys now, I don't need your PC anymore," Ferguson writes.

Ferguson praises Google for its engineering work but questions its apparent suggestion that switching OSes is a "silver bullet" capable of killing off the modern myriad of security woes. He draws a comparison between Google's claim that Chrome needs no anti-virus and similar claims in the past by Apple.

I'm not telling you my mantra...

"How often did the mantra that MacOS was immune to malware need to be repeated until the vast majority of users believed it and continue to do so, even after Apple went as far as incorporating rudimentary AV software into MacOS," Ferguson writes.

"Criminal activity extends far beyond file-based threats, encompassing social engineering, phishing, social networks and email borne threats. The palette is continually expanding and the techniques are continually evolving. To assure your customers that they will not have to deal with online cybercrime simply by switching OS is foolish to say the least," he concludes.

We put Ferguson's arguments to Google, which pointed us towards documents arguing that the security of Chrome networks doesn't rely on any one component (such as sandboxing), but rather "defence in depth", which it claims is better than existing models.

Chromebooks use the first operating system designed with this ongoing threat in mind. It uses the principle of "defense in depth" to provide multiple layers of protection, so if any one layer is bypassed, others are still in effect. So while it's still important to take precautions to protect your data, Chromebooks let you breathe just a little bit easier.

Google let the dig that it was adopting the "security arrogance" of Apple slide, perhaps wisely. While Google's re-imaging of security architectures is welcome, it is unlikely that security problems will change, much less disappear, with wider adoption of the operating system. Google has earned plaudits from the security community for the superior stability and security of its Chrome browser as compared to Firefox. However, the recent rash of Trojans infecting Android devices has drawn criticism. Eugene Kaspersky, for example, has even gone so far as to describe Android as the new Windows.

Whether Chrome OS more closely represents its browser namesake or Android in terms of security will do much to determine the overall security landscape over coming years.

A security overview of Chrome OS can be found here. Ferguson's analysis is here. ®